Auth noob some advice - Printable Version

Auth noob some advice - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Auth noob some advice (/showthread.php?tid=64088)

Auth noob some advice - Psygnosis - 01-13-2016

Hi all,

I'm new to codeigniter and new in php framework world. xD

This is my story: I made a personal website based on bootstrap, and suddenly I thought that a login system was helpful for my needs.
So I start to first build up a login system coding in php on my own, then i destroy everything to find some good php script but I didn't find anything good (I don't want just copy & paste so understand others code sometimes need a lot of time that I don't have).
So I found out php frameworks.
After I've try a few, I decide that CodeIgniter is for me, simple, fast and synergize well and easily with bootstrap.

So here I am.

I have my nice CI app, my bootstrap website work with views and controls now and everything is good. Now, I need to build a simple auth system (registration/login/logout).
I know that CI doesn't have anything like this in its package.

Can you advice me a good tutorial or a plug-in (i read about ion auth) that I can study to make my own login system?

Thank you in advance, you are my last hope
and sorry for my bad English

RE: Auth noob some advice - petrinze - 01-13-2016

Hello Psygnosis,
The Ion Auth is actually quite good, but it could be difficult for php beginners. I show you a basic auth system with the help of useful CI libraries.
Let's see the login view:

Code:
/* send the post data to the Controller called Verify_login.php

* note: If you use the form_open, you have to load the form helper in the controller which loads the login view.

<?php echo form_open('verify_login'); ?>

        <input type="text" class="email" name="username" placeholder="Username"

               value="<?php echo set_value('username'); ?>">

// if the auth fails, the set_value() will refill the input field after the controller reloads the view

        <?php echo form_error('username'); ?>

//the form_error will show the error msgs in case of the validation fails.

        <input type="password" class="password" placeholder="Password" name="password">

        <?php echo form_error('password'); ?>

            <button type="submit" name="submit" class="asd">Login</button>

            <div class="clear"></div>

        </form>

Now, the Controller called Verify_login.php:

PHP Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Verify_login extends CI_Controller
{

    public function __construct()
    {
        parent::__construct();

        $this->load->model('login_model', '', TRUE);
        $this->load->helper('form');
        $this->load->library(array('session', 'form_validation'));
        $this->form_validation->set_error_delimiters('<div class="login-danger-mess" role="alert">', '</div>');
       //the error delimiters are the html tags around the error messages. For instance, use the login danger mess
       //css class to write css rules to your error message.
    }

    public function index()
    {
        $this->form_validation->set_rules('username', 'Username', 'trim|required');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|callback_admin_auth');
        //use the helpful form_validation library to. The callback_admin_auth will call the function: admin_auth
        //and if the admin_auth returns TRUE, the pw vaidation will be also true.

        if ($this->form_validation->run() == FALSE) {
            $this->load->view('login');
            //if the validation fails, then load the login view and show the validation error messages.
        } else {
        //in case of success, you will be redirected to the (for instance) the admin area.
            redirect('admin', 'refresh');
        }
    }

    function admin_auth($password)
    {
        $usrn = $this->input->post('username');
        $username = $this->security->xss_clean($usrn);

        $result = $this->login_model->admin_auth($username, $password);
        
        //if the admin auth method returns TRUE, set the session, put data into in. You should never put sensitive            //data to the session_array like password.

        if ($result) {
            $sess_array = array();
            foreach ($result as $row) {
                $sess_array = array(
                    'id' => $row->id,
                    'username' => $row->username
                );

                $_SESSION['admin_logged_in'] = $sess_array;
            }
            return TRUE;
        } else {
            $this->form_validation->set_message('admin_auth', 'Invalid username or password.');
            return false;
        }
    }

} 

The Login_model admin_auth method:

PHP Code:
function admin_auth($username, $password)
{
   //use the CI's Query Builder class, it's so helpful. For instance it allows you to write safer queries, because the
   //values are escaped automatically by the system.
    $this->db->select('id, username, password');
    $this->db->from('admin_users');
    $this->db->where('username', $username);
    $this->db->where('password', sha1($password));
    //you can find better hash algorythms than sha1, remember: it's just an example you can practice with :)
    $this->db->limit(1);

    $query = $this->db->get();

    if ($query->num_rows() == 1) {
        return $query->result();
    } else {
        return false;
    }
} 

And finally, the admin function which checks the session array, and if it's not exists, any requests will be redirected to the login view.

Code:
public function index()

{

    if (isset($_SESSION['admin_logged_in'])) {

        echo 'Hello '.$_SESSION['admin_logged_in']['username'].'!';

    } else {

        redirect('login', 'refresh');

    }

}

I hope it can help you, and remember: it is just an example to practice with, there are so many ways of auth. And for the sake of safety,
you can find better hashing algorythms, and you can also validate forms with javascript too.
PS: To use sessions, you have to set the
$config['encryption_key'] = '';
in the application/config/config.php

Bonus:
http://jeffreybarke.net/tools/codeigniter-encryption-key-generator/

Good luck, and tell me if you get stucked somewhere.

RE: Auth noob some advice - donpwinston - 01-13-2016

Your tube has many. Some of the better ones use old versions of CI but they are still useful. Search youtube for "Code Igniter From Scratch." They have a small login example.

RE: Auth noob some advice - skunkbad - 01-13-2016

I made one called Community Auth. I think it's easy to use. Take a look. Links below:

RE: Auth noob some advice - Psygnosis - 01-14-2016

Thank you all,
For now I've tried Ion Auth with no result =(
I just make a copy of my app, install all the files as the author said, rename
models/ion_auth_model.php => models/Ion_auth_model.php
controllers/auth.php => controllers/Auth.php
upload the sql to the db
and if I point to localhost/app/index.php/Auth or localhost/app/auth i have 404 =(
I'd just like to see how it works for studing =(
then I will try petrinze code to see what's happening