[eluser]stuffradio[/eluser]
Which is the best one? I want something basic that I can look at and easily develop to my needs. I would make my own but I don't really understand how to do that yet with CodeIgniter.
I've made several with sessions in a procedural method of writing PHP. So if there is an example of how people do it with Code Igniter I'd be able to make my own.
[eluser]Pascal Kriete[/eluser]
As with all things, there is no 'best one'. It depends on your needs. ErkanaAuth gets the job done on very minimal code. Redux gives you more flexibily with things like user groups and password recovery. And FAL just sort of does it all. And there's a ton of others that I haven't used.
Erkana might be worth a look for you, just to get a very basic idea of how it's done.
[eluser]stuffradio[/eluser]
I can't find a download link for Erkana
[eluser]Pascal Kriete[/eluser]
Ah yes, the old site is pushing up the daisies. I thought it was in the forum post, but apparently not. Maybe Michael can get that code up again. For now, here's a version I've had for a while. I don't remember if I changed anything, it works either way:
Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* ErkanaAuth
* @author Michael Wales
* @see http://michaelwales.com/
*/
class Auth {
var $CI;
function Auth()
{
$this->CI =& get_instance();
log_message('debug', 'Authorization class initialized.');
$this->CI->load->database();
}
function try_login($condition = array())
{
$this->CI->db->select('id');
$query = $this->CI->db->getwhere('users', $condition, 1, 0);
if ($query->num_rows != 1)
{
return FALSE;
}
else
{
$row = $query->row();
$this->CI->session->set_userdata(array('user_id'=>$row->id));
return TRUE;
}
}
function logout()
{
$this->CI->session->set_userdata(array('user_id'=>FALSE));
}
function get_user($id)
{
if ($id)
{
$query = $this->CI->db->getwhere('users', array('id'=>$id), 1, 0);
if ($query->num_rows() == 1)
{
return $query->row_array();
}
else
{
return FALSE;
}
}
else
{
return FALSE;
}
}
}
// END Auth class
/* End of file Auth.php */
/* Location: ./application/libraries/Auth.php */
To use:
Code: // Login
$cond['username'] = $this->input->post('username');
$cond['password'] = $this->input->post('password');
if ($this->auth->try_login($cond) )
echo 'Login Successful';
// Logged in?
$id = $this->_CI->session->userdata('user_id');
$user = $this->_CI->auth->get_user($id);
if ($user)
echo 'Logged In!';
// Logout
$this->auth->logout();
redirect('somewhere') // suggested, to clear the cookie
[eluser]stuffradio[/eluser]
While I was waiting for a reply I started making something.
Code: <?php
if (!defined('BASEPATH')) exit('No direct script access allowed');
class Auth_model Extends Model {
function Auth_model()
{
parent::Model();
$this->CI =& get_instance();
$this->CI->load->library('session');
}
function authorize($username, $password)
{
$passhash = md5($password);
if (!isset($username) && !isset($password))
{
return false;
} else {
$this->CI->db->get_where('users', array('username' => $username , 'md5' => $passhash));
$query = $this->CI->db->get('users');
if ($query->num_rows() > 0) {
$this->CI->session->set_userdata(array('username' =>$query->username));
return $query;
} else {
return false;
}
}
}
}
Haven't done any comments yet but. Here is where I'm logging in.
Code: <?php
class Login extends Controller {
function Login()
{
parent::Controller();
$this->load->helper(array('url', 'form', 'security', 'cookie'));
$this->load->model('auth_model', '', TRUE);
}
function index()
{
$data['title'] = "PayPal Billing Manager Alpha";
$data['header'] = "PayPal Billing Manager Alpha";
$data['menu'] = array();
$this->load->view('header', $data);
$this->load->view('login_view');
$this->load->view('footer');
}
function auth()
{
$username = $this->input->post('username', TRUE);
$password = $this->input->post('password', TRUE);
$this->auth_model->authorize($username, $password);
}
}
?>
What do you think of this so far? Also I get this message:
Quote:A PHP Error was encountered
Severity: Notice
Message: Undefined property: CI_DB_mysql_result::$username
Filename: models/auth_model.php
Line Number: 24
[eluser]Pascal Kriete[/eluser]
Yup, you're on the right path. I would separate the logic out a little more and move it to a library, but what you're doing now will work.
The database get function returns a db object, what you want is the first row of that [ userguide]:
Code: $query = $this->CI->db->get('users');
$query = $query->row(); // add this
[eluser]stuffradio[/eluser]
Thanks!
Now I get this error:
Quote:Fatal error: Call to undefined method stdClass::num_rows() in C:\wamp\www\system\application\models\auth_model.php on line 24
Code: if ($query->num_rows() > 0) {
Also how should I separate the logic more?
Thanks!
[eluser]Pascal Kriete[/eluser]
Ah sorry, that was me simplifying things too much. The db object has the num_rows function, the result does not. So you can either move the $query->row() line into the if statement, or you can set it equal to $result instead of $query and then use $result->username .
As for the separation, here's the problem. Models are generally used for data, not logic. You already have some logic in your model - setting the session information - and I can almost live with that one. However, when you expand to include logged_in checks and logout functions, you will find that these don't really fit into your model. So what may end up happening is that you put the logout logic into a controller somewhere, and create a helper for the logged_in check. Later on you decide to create a "Remember me" feature and password recovery, and very quickly you have your authentication logic in 20 places. That's counterproductive - code separation is good, code fragmentation is not.
So instead, create an authentication library that you can call. At first you only need three functions. One that does the login, one that checks if a user is logged in, and one that handles the logout. Now you can call these functions anywhere, and you know exactly where the accompanying logic is. When the time comes to add an authentication feature you know exactly where to put it.
[eluser]stuffradio[/eluser]
I moved this to a library. What do you think now?
Code: <?php
if (!defined('BASEPATH')) exit('No direct script access allowed');
class Pbmauth {
function Pbmauth()
{
$this->CI =& get_instance();
$this->CI->load->library('session');
}
function authorize($username, $password)
{
$passhash = md5($password);
if (!isset($username) && !isset($password))
{
return false;
} else {
$this->CI->db->get_where('users', array('username' => $username , 'md5' => $passhash));
$query = $this->CI->db->get('users');
$result = $query->row();
if ($query->num_rows() > 0) {
$this->CI->session->set_userdata(array('username' =>$result->username));
redirect(index_page());
return $result->username;
} else {
return false;
}
}
}
function checkLogin()
{
if ($this->CI->session->userdata('username'))
{
return True;
} else {
return false;
}
}
}
[eluser]stuffradio[/eluser]
I have a feeling I'm making it too complicated. I have my header and library class too cluttered(I think?)
Library
Code: <?php
if (!defined('BASEPATH')) exit('No direct script access allowed');
class Pbmauth {
function Pbmauth()
{
$this->CI =& get_instance();
$this->CI->load->library('session');
}
function authorize($username, $password)
{
$passhash = md5($password);
if (!isset($username) && !isset($password))
{
return false;
} else {
$this->CI->db->get_where('users', array('username' => $username , 'md5' => $passhash));
$query = $this->CI->db->get('users');
$result = $query->row();
if ($query->num_rows() > 0) {
$this->CI->session->set_userdata(array('username' =>$result->username));
redirect(index_page());
return $result->username;
} else {
return false;
}
}
}
function checkLogin()
{
if ($this->CI->session->userdata('username'))
{
return True;
} else {
return false;
}
}
function destroy()
{
if ($this->CI->session->userdata('username'))
{
$this->CI->session->unset_userdata('username');
redirect(index_page());
} else {
return FALSE;
}
}
function set_permission($level)
{
if ($level > 0) {
if (!$this->acheckLogin())
{
redirect('login');
}
}
$query = $this->CI->db->get('users');
foreach($query->result() as $row):
if ($row->perm < $level)
{
$error = "You don't have permission to this page!";
return $error;
} else {
return TRUE;
}
endforeach;
}
}
Header
Code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="http://stufftutorials.net/system/application/views/style.css" media="screen" />
</head>
<body>
<div id="header">
<h1><?php echo $header; ?></h1>
<div id="menu">
<ul id="nav">
<li><?php echo anchor('home', 'Home'); ?></li>
<li><?php echo anchor('clients', 'Clients'); ?></li>
<li><?php echo anchor('support', 'Support Tickets'); ?></a></li>
<li><?php echo anchor('billing', 'Billing'); ?></li>
<li><?php echo anchor('services', 'Services'); ?></li>
<li><?php echo anchor('tools', 'Tools'); ?></li>
<?php
if ($logged_in)
{
?>
<li><?php echo anchor('login/destroy', 'Log out'); ?></li>
<?php
} else {
?>
<li><?php echo anchor('login', 'Log In'); ?></li>
<?php
}
?>
</ul>
</div>
</div>
<br />
<h2>Admin Panel</h2>
<?php if (!$permission) {
echo $permission;
exit;
} else {
}
?>
<?php if (isset($username)) { echo "Welcome ". $username; } ?>
<div id='content'>
<div id='right'>
Any suggestions?
|
