Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Auth noob some advice
Auth noob some advice
  • Offline petrinze
    Newbie
  • *
  • Posts: 4
    Threads: 0
    Joined: Jan 2016
    Reputation: 1
#2
01-13-2016, 01:51 PM

Hello Psygnosis,
The Ion Auth is actually quite good, but it could be difficult for php beginners. I show you a basic auth system with the help of useful CI libraries.
Let's see the login view:


Code:
/* send the post data to the Controller called Verify_login.php
* note: If you use the form_open, you have to load the form helper in the controller which loads the login view.
<?php echo form_open('verify_login'); ?>
       <input type="text" class="email" name="username" placeholder="Username"
              value="<?php echo set_value('username'); ?>">
// if the auth fails, the set_value() will refill the input field after the controller reloads the view
       <?php echo form_error('username'); ?>
//the form_error will show the error msgs in case of the validation fails.
       <input type="password" class="password" placeholder="Password" name="password">
       <?php echo form_error('password'); ?>
           <button type="submit" name="submit" class="asd">Login</button>
           <div class="clear"></div>
       </form>


Now, the Controller called Verify_login.php:
PHP Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Verify_login extends CI_Controller
{

    public function __construct()
    {
        parent::__construct();

        $this->load->model('login_model'''TRUE);
        $this->load->helper('form');
        $this->load->library(array('session''form_validation'));
        $this->form_validation->set_error_delimiters('<div class="login-danger-mess" role="alert">''</div>');
       //the error delimiters are the html tags around the error messages. For instance, use the login danger mess
       //css class to write css rules to your error message.
    }

    public function index()
    {
        $this->form_validation->set_rules('username''Username''trim|required');
        $this->form_validation->set_rules('password''Password''trim|required|callback_admin_auth');
        //use the helpful form_validation library to. The callback_admin_auth will call the function: admin_auth
        //and if the admin_auth returns TRUE, the pw vaidation will be also true.

        if ($this->form_validation->run() == FALSE) {
            $this->load->view('login');
            //if the validation fails, then load the login view and show the validation error messages.
        } else {
        //in case of success, you will be redirected to the (for instance) the admin area.
            redirect('admin''refresh');
        }
    }

    function admin_auth($password)
    {
        $usrn $this->input->post('username');
        $username $this->security->xss_clean($usrn);

        $result $this->login_model->admin_auth($username$password);
        
        //if the admin auth method returns TRUE, set the session, put data into in. You should never put sensitive            //data to the session_array like password.

        if ($result) {
            $sess_array = array();
            foreach ($result as $row) {
                $sess_array = array(
                    'id' => $row->id,
                    'username' => $row->username
                );

                $_SESSION['admin_logged_in'] = $sess_array;
            }
            return TRUE;
        } else {
            $this->form_validation->set_message('admin_auth''Invalid username or password.');
            return false;
        }
    }



The Login_model admin_auth method:

PHP Code:
function admin_auth($username$password)
{
   //use the CI's Query Builder class, it's so helpful. For instance it allows you to write safer queries, because the
   //values are escaped automatically by the system.
    $this->db->select('id, username, password');
    $this->db->from('admin_users');
    $this->db->where('username'$username);
    $this->db->where('password'sha1($password));
    //you can find better hash algorythms than sha1, remember: it's just an example you can practice with :)
    $this->db->limit(1);

    $query $this->db->get();

    if ($query->num_rows() == 1) {
        return $query->result();
    } else {
        return false;
    }


And finally, the admin function which checks the session array, and if it's not exists, any requests will be redirected to the login view.

Code:
public function index()
{
   if (isset($_SESSION['admin_logged_in'])) {

       echo 'Hello '.$_SESSION['admin_logged_in']['username'].'!';
          
   } else {
       redirect('login', 'refresh');
   }
}

I hope it can help you, and remember: it is just an example to practice with, there are so many ways of auth. And for the sake of safety, 
you can find better hashing algorythms, and you can also validate forms with javascript too. 
PS: To use sessions, you have to set the 
$config['encryption_key'] = '';
in the application/config/config.php

Bonus:
http://jeffreybarke.net/tools/codeignite...generator/

Good luck, and tell me if you get stucked somewhere.
Reply


Messages In This Thread
Auth noob some advice - by Psygnosis - 01-13-2016, 10:15 AM
RE: Auth noob some advice - by petrinze - 01-13-2016, 01:51 PM
RE: Auth noob some advice - by donpwinston - 01-13-2016, 02:26 PM
RE: Auth noob some advice - by skunkbad - 01-13-2016, 02:45 PM
RE: Auth noob some advice - by Psygnosis - 01-14-2016, 08:02 AM



Theme © iAndrew 2016 - Forum software by © MyBB