+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Which authentication plugin is best? (/showthread.php?tid=25489)
Pages:
1
2
Which authentication plugin is best? - El Forum - 12-22-2009
[eluser]Craig300[/eluser]
I have used Tank Auth library in a custom CMS and it works perfectly fine and doesn't seem to be bloated with un-necessary functions that you will never use in a million years. From that, it is pretty easy to create user management functions in an admin system using some of the built in functions (and obviously some custom coding as well).
Which authentication plugin is best? - El Forum - 12-22-2009
[eluser]Random dude[/eluser]
CodeIgniters sessions http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
appear to be very robust. I am currently studying more into security, you can tell I'm a newbie.
My current understanding is - if you can securely identify a user upon login, you can issue them a codeigniter session with a custom feild - a user_id or anything to identify them. Then build a small application to administer roles and permissions, ad call it every cms page load to determine what course to take.
I actually just saw a tutorial where someone downloads md5.js to the client and encrypts the form data - an interesting idea (I found it on goodphptutorials.com when searching for the string 'security'). So perhaps thats an alternative to using HTTPS, which I hope to start learning soon.
I'm really happy I started using codeigniter.
Which authentication plugin is best? - El Forum - 12-22-2009
[eluser]Ben Edmunds[/eluser]
You don't want to force your users to download anything.
Just say no...
Which authentication plugin is best? - El Forum - 12-22-2009
[eluser]Craig300[/eluser]
Ironically, there is a function in Tank Auth that will allow you to check whether a login session is present. You can then use this code on every page in which you need to check if a user is logged in. You can also set values into the session (user id, user level) and pull these out when and where you need them.
Which authentication plugin is best? - El Forum - 12-22-2009
[eluser]Ben Edmunds[/eluser]
I think every auth system has that.
It's usually named is_logged_in().