Avoid using other libraries in own library

Thanks again for all of your answers! I really appreciate it.

I think, the authentication sub-system alone (let us forget about the access to the logging form for now) should check whether a user tries to log-in again. In this case I would log-out the old user and let the new user log-in. The corresponding events might be triggered properly, and they would be recorded within a log (if there is such) in the right sequence.

I agree with ivantcholakov.

What if your user might have two accounts, and might be switching between them. What if you, as admin, want to test permissions for users and want different accounts for testing.

While this may be considered useful in some cases, I do not want such a feature in my app - Not because I want to enforce a 1-account-per-person rule, but because it would simply make no sense. Also, I think that it would be much clearer for everyone - Okay, mostly myself - if an user had to properly log out before being able to log in again. But, @ivantcholakov, such an even system still is an epic idea! I totally need to implement that.

Right now, my (working) solution is simply to call my login function twice, once with NULL arguments, and once with the proper arguments. I did change it a little bit so it now looks like this:

PHP Code:

/**
 * Log-in an user with his given credentials. If logged in, sets session userID to the one of the user.
 * Argument: $username - Username of the user.
 * Argument: $password - Not yet hashed password of the user.
 * Argument: $message - Passed by reference, used to give back a message to the caller.
 * Return: Success boolean.
**/
function login($username, $password, &$message){        
    //Check if the user is already logged in. If he is, return success message.
    if( $this->loggedIn() ){
        $message = 'Already logged in.';
        return true;
    }
        
    //Make sure that the arguments are not NULL
    if( $username == NULL || $password == NULL){
        $message = 'There was an internal error.';
        return false;
    }
        
    //Check if the username and password match in the database. Returns -1 on failure or userID on success.
    $qr = $this->CI->cUser->matchUserPass($username, MD5($password));
        
    //Failure? Return the information.
    if($qr == -1){
        $message = 'Username or Password invalid.';
        return false;
    }
        
    //Success? Set session userID. Then, return success.
    $this->CI->session->auth_uid = $qr;
    $this->initUser();
    
    $message = 'Successfully logged in.';
    return true;
} 


I'm honestly not sure anymore how many good practices I've completely butchered with that or not. Any opinions ?

First, since no-one has mentioned it yet, read the PHP manual's entry on safe password hashing: http://php.net/manual/en/faq.passwords.php

Right, I actually read about the same problem once, but was too lazy to implement it yet. Maybe I should do that, lol.

As far as an authentication library goes, at a minimum you'll need something like isLoggedIn(), login(), and logout().

Yup, I have that right now.

In general, I would use a single controller to manage most of the authentication-related functionality, such as login, logout, and registration. Then I would probably add a simple (protected) method to MY_Controller which I could call from my other controllers when a user is required to login. This would call the authentication library's isLoggedIn() method, then redirect to the login form if the user is not logged in.

As of now, I made it so that every controller automatically includes my user system library, meaning that the isLoggedIn() function can be called from everywhere.

If you really want to use as little of the CI libraries as possible in your authentication library, your best bet would be to start by isolating the calls to CI's libraries in your library, usually by creating protected/private methods in your library which interface with the CI library. Once you've done that, you can extract those methods into an adapter class, which you can inject into your authentication library's constructor as a value in the parameter array (the optional second argument to $this->load->library()). So, you would do something like this when loading your authentication library:

PHP Code:

$this->load->library('authentication_ci_adapter');
$authParams = [
    'adapter' => $this->authentication_ci_adapter,
];
$this->load->library('authentication', $authParams); 


Oh well, that also is a way to do it I guess !



Thanks again a