ErkanaAuth: A non-invasive user authentication library

[eluser]hotmeteor[/eluser]
This is great, and very helpful. Thanks Michael.

One fix I think:

Line 31, should read:

Code:

parent::Public_Controller();

Inside the Auth_Controller function. Wouldn't work for me until I added that.

[eluser]cheshirecat[/eluser]
Hi!
I'm using Erkanaauth for a few days and it's great - great in its simplicity.
But I have a small trouble in try_login(). I'm not good in PHP yet. I've made my auth methods similar to the ones found in this forum. There are two ways:

Code:

//first
$this->erkanaauth->try_login(array('username' => $username, 'password' => $password));

//and the 2nd
$this->erkanaauth->try_login(array('username' => $username), array('password' => $password));

And that's surprising me they both are not working good. In the first case the login form always redirects me to the login form - not to the admin panel, none the less username and password are good.
In the 2nd case the library checks only username - you can write everything as the password and it says it is correct. So it is not very secured ;-)

Can you please tell me how it should look like?

My admin class looks like this:

Code:

class Admin extends Controller
{
function Admin()
        {
        parent::Controller();
        $this->response = array();
        $this->load->library('Erkanaauth');
    if (!$this->erkanaauth->try_session_login() and $this->uri->segment(2) != 'login')
        {
        redirect('admin/login');
        }
        }

function login()
{
$content = '';
$rules['login'] = "required|max_length[15]|xss_clean";
$rules['passwd'] = "required|max_length[15]|xss_clean";
$this->validation->set_rules($rules);

if ($this->validation->run() == FALSE)
    {
       $content .= $this->load->view('login', NULL, True);
    }
else
    {
        $this->load->helper('security');
        $username = $this->input->post('login');
        $password = dohash($this->input->post('passwd'));
        if (!$this->erkanaauth->try_login(array('username' => $username), array('password' => $password)))
            {
            redirect('admin/login');
            }
        else
            {
            redirect('admin/index');
            }
    }
    $this->response['content'] = $content;
    $this->load->view('index', $this->response);
    }

//and then some other methods
}

[eluser]AmazingMinds[/eluser]
I've just started using the newest version of the Authlib (and CI for that matter) and though it's wickedly versatile, I am stumbling over something, which is prolly CI related..

I'm using a simple form in my view

Code:

<?echo $userName;?>

<form method="post">
Login: &lt;input type="text" size="15" name="username"&gt;<br />
Password: &lt;input type="password" size="15" name="password"&gt;<br />
&lt;input type="submit" name="login" value="login"&gt;
&lt;/form&gt;

Login stuff is processed by the following controller:

Code:

<?php

class Main extends Controller {

    function Main()
    {
        parent::Controller();
        
        // load libraries
        $this->load->library('session');
        $this->load->library('auth');
    }
    

    function index()
    {    
        if ($this->input->post('login'))
        {
            $username = $this->input->post('username');
            $password = md5($this->input->post('password'));
            $this->_check_login($username, $password);
        }
        // get userinfo
        if ($this->session->userdata('user_id') !== FALSE)
        {
                  $user = $this->auth->get_user($this->session->userdata('user_id'));
              $data['userName'] = $user->userName;        
        } else {
            $data['userName'] = 'Guest';
        }
        // load views
        $this->load->view('header', $data);
        $this->load->view('body', $data);
        $this->load->view('footer', $data);
    }
    
    
    function _check_login($username, $password) {
          $this->load->helper('security');
          $this->load->library('validation');
          if ($this->auth->try_login(array('userName'=>$username, 'password'=>$password))) {
            return TRUE;
          } else {
            $this->validation->set_message('_check_login', 'Incorrect login info.');
            return FALSE;
          }
    }

}
?>

Now, when I fill in the login/password combo and click login, the login is granted. However, it's not until I refresh the page (both in IE and FF) that the session-id is provided and I'm actually logged in. I'm getting the feeling there's something really basic that I'm doing wrong, but I just seem to miss it...

[eluser]swanky[/eluser]
Great library! Thank you, it is just what I was looking for. I have a decidedly minor improvement that I thought I'd share. I wanted to be able to choose the redirect page on a case by case basis so I made a minor edit change to the My_Controler.php code.

Code:

// This function is used to prevent a user from accessing a method if they are logged in
function _no_user_access($view = '') {
  if ($this->data->user !== FALSE) {
    redirect($view);
  }
}

So now I can put this

Code:

$this->_no_user_access('logout');

or

Code:

$this->_no_user_access('super_cool_members_only_page');

into my functions. Or just ignore the view variable altogether for a default redirect to the home page.

Hope someone else can use it too.

[eluser]Unknown[/eluser]
Here is a cut and paste version of erkanaauth

/libraries/erkanaauth.php

Code:

<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
/*****
* ErkanaAuth is an easy to use, non-invasive, use authentication library
* @author     Michael Wales
* @email      [email protected]
* @filename   auth.php
* @title      ErkanaAuth
* @url        http://www.michaelwales.com/
* @version    2.0
*****/
class Erkanaauth {

    var $db_table = 'tblUser';
    var $db_userid = 'id';
    
    var $CI;

    function __construct() {
        $this->CI =& get_instance();
        log_message('debug', 'Authorization class initialized.');

        $this->CI->load->database();
    }

    /***
    Determines whether the passed condition is valid to login a user, if so - sets a session variable containing the user's ID
    * @param    $condition array    The condition to query the database for
    * @return   boolean
    ***/
    function try_login($condition = array()) {
        $query = $this->CI->db->getwhere($this->db_table, $condition, 1, 0);

        if ($query->num_rows != 1) { return FALSE; }

        $row = $query->row();
        $this->CI->session->set_userdata(array('user_id' => $row->ID, 'call_user' => $row->Login));

        return $row;
    }


    /***
    Returns an object containing user information via the user's ID
    * @param    $id integer         The user's ID
    * @return   object              Upon valid user
    * @return   FALSE               Upon invalid user
    ***/
    function get_user($id = FALSE) {
        if ($id == FALSE) $id = $this->CI->session->userdata('user_id');
        if ($id == FALSE) return FALSE;

        $condition = array(($this->db_table . '.' . $this->db_userid) => $id);

        $query = $this->CI->db->getwhere($this->db_table, $condition, 1, 0);

        $row = ($query->num_rows() == 1) ? $query->row() : FALSE;

        return $row;
    }

    /***
    Logs out a user by deleting their session variables
    * @return   null
    ***/
    function logout() {
        $this->CI->session->set_userdata(array('user_id' => FALSE));
    }
}

and /libraries/MY_Controller.php

Code:

<?php if (!defined('BASEPATH')) exit('No direct access allowed.');
/*****
  * This class provides a set of base Controller classes to be utilized with ErkanaAuth
  * @author     Michael Wales
  * @email      [email protected]
  * @filename   MY_Controller.php
  * @title      ErkanaAuth Controller Library
  * @url        http://www.michaelwales.com/
  * @version    1.0
  *****/

// Controllers accessible by everyone, regardless of login status
class Public_Controller extends Controller {
    function Public_Controller() {
        parent::Controller();
        // Get the user data, in case they are logged in
        $this->data->user = $this->erkanaauth->get_user($this->session->userdata('user_id'));
    }
    
    // This function is used to prevent a user from accessing a method if they are logged in
    function no_user_access() {
        if ($this->data->user !== FALSE) {
            redirect('');
        }
    }
}

// Controllers only accessible by logged in users
class Auth_Controller extends Public_Controller {
    function Auth_Controller() {
        parent::Public_Controller();

        //- $this->data->user = $this->erkanaauth->get_user($this->session->userdata('user_id'));
        if ($this->data->user === FALSE) {
            redirect();
            return;
        }
    }
}

// Controllers only accessible to logged in users that are admins
class Admin_Controller extends Public_Controller {
    function Admin_Controller() {
        parent::Public_Controller();

        if (($this->data->user === FALSE) || (strpos($this->data->user->Roles, 'admin') === FALSE)) {
            redirect();
            return;
        }
    }
}

and 2 examples

Code:

Class Ct2 extends Public_Controller {

    function Ct2() {
        parent::Public_Controller();

......

-------

Code:

<?
class Admin extends Admin_Controller {

  function __construct() {
        parent::Admin_Controller();
  }

  function index() {
    $this->load->view('admin/cpanel');
    return;
  }
}
?>

[eluser]halex[/eluser]
Excuse a noob (in CI and php) question:
I have:

Code:

class Comm extends Auth_Controller
{
  function Comm()
  {
    parent::Auth_Controller();
...

I get a

Code:

Call to undefined function redirect() in ...\application\libraries\MY_Controller.php on line 35

In the log file I have:

Code:

......
DEBUG - 2008-04-09 20:35:59 --> Global POST and COOKIE data sanitized
DEBUG - 2008-04-09 20:35:59 --> Language Class Initialized
DEBUG - 2008-04-09 20:35:59 --> Loader Class Initialized
DEBUG - 2008-04-09 20:35:59 --> Authorization class initialized.
DEBUG - 2008-04-09 20:35:59 --> Database Driver Class Initialized
DEBUG - 2008-04-09 20:35:59 --> Session Class Initialized
DEBUG - 2008-04-09 20:35:59 --> Controller Class Initialized

When I change Auth_ to Public_ all is OK.

[eluser]halex[/eluser]
I'm stupid, ignore my last post.
All is clear and OK.

[eluser]RunningDan[/eluser]
What is $this->data?

Code:

$this->data->user

I get this error when I request a controller that inherits Auth_controller:

A PHP Error was encountered

Severity: Notice

Message: Undefined property: Test::$data

Filename: libraries/MY_Controller.php

Line Number: 31

Line 31 is in here:

Code:

class Auth_Controller extends Public_Controller {
    function Auth_Controller() {
        ]if ($this->data->user === FALSE) {
            // The user is not logged in, send them to the homepage
            redirect('');
        }
    }
}

I don't understand what data in this context?

My controller looks like this:

Code:

<?
class Test extends Auth_Controller {
    
    function Test() {
        parent::Auth_Controller();
    }
    
    function index()
    {    
        $data['title'] = "Test protected page title";        
        $this->load->view('test', $data);
    }    
}
?>

Thanks

[eluser]Unknown[/eluser]
[quote author="RunningDan" date="1209413038"]
Line 31 is in here:

Code:

class Auth_Controller extends Public_Controller {
    function Auth_Controller() {
        ]if ($this->data->user === FALSE) {
            // The user is not logged in, send them to the homepage
            redirect('');
        }
    }
}

[/quote]

Open up your MY_Controller.php file and make the following changes:

The Auth_Controller class is missing this line in its constructor:
parent:ublic_Controller();

So it should be this:

Code:

class Auth_Controller extends Public_Controller {
    function Auth_Controller() {
        parent::Public_Controller();
        if ($this->data->user === FALSE) {
            // The user is not logged in, send them to the homepage
            redirect('');
        }
    }
}

I wasn't entirely sure about this next one, but I haven't noticed any repercussions as a result (but I haven't exactly used this library very much yet).

The Admin_Controller class has:

Code:

parent::Controller();

Instead of:

Code:

parent::Public_Controller();

[eluser]RunningDan[/eluser]
popthestack, thanks very much!