CodeIgniter Forums
User Authentication Concepts - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: User Authentication Concepts (/thread-16080.html)



User Authentication Concepts - El Forum - 02-24-2009

[eluser]underskor[/eluser]
Hey lads,

Struggling to find a decent article on this. Wondering what you guys think.

Say you have a parent controller's constructor, which is where the authentication for the child controllers is done. Is the following (very general) process the best, most secure way? Note: I haven't delved very far into sessions so I apologize if anything is incorrect.

Code:
/*Login Page****************************************/
//Start session
session_start();

//Form is submitted, cred's matched to cred's in DB - login successful

//Regenerate session id to help protect against fixation
session_regenerate_id();

//Set auth level from DB
$_SESSION['auth_level'] = 'ADMIN';

/*Parent Controller****************************************/
//Start session
session_start();

//Check if session is set and auth level sufficient
if(isset($_SESSION['auth_level']) && $_SESSION['auth_level'] === 'ADMIN') {

  //Show secure content

} else {

  //Redirect to login page

}

Apologies if any of this fails to make sense. Had this New Thread page open for about 2 hours now, doing reading, trying to figure out the best way to ask what I want.

Thanks


User Authentication Concepts - El Forum - 02-24-2009

[eluser]Fr3aked0ut[/eluser]
I think you should work with cookies too, SESSIONS isn't the best way to do it.


User Authentication Concepts - El Forum - 02-24-2009

[eluser]underskor[/eluser]
Can you please elaborate? I'm not going to base my auth system around personal opinion. Smile

Thanks!


User Authentication Concepts - El Forum - 02-24-2009

[eluser]pistolPete[/eluser]
Use the sessions library provided by CI and have a look at the numerous auth libraries (e.g. at the wiki or in "ignited code").


User Authentication Concepts - El Forum - 02-24-2009

[eluser]Fr3aked0ut[/eluser]
[quote author="underskor" date="1235487552"]Can you please elaborate? I'm not going to base my auth system around personal opinion. Smile

Thanks![/quote]
I didnt really understand your issue.
Can you re-explain? thanks.