Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Authorization Question
Authorization Question
  • El Forum
    Guest
  •  
#1
11-11-2008, 01:15 PM

[eluser]Jesse Schutt[/eluser]
I'm not too sure how to ask this question, so here goes!

I am currently working on a backend/dashboard that I want to protect with a username/password login. Only a few people will need to access this area. Several of the auth systems I have looked at seem to be way more than I need. For example, I don't need to have the ability to register users through the site, so I don't want to spend the effort in that area yet.

Can you explain in plain english how this should work?

Thanks Much!

Jesse
  • El Forum
    Guest
  •  
#2
11-11-2008, 01:42 PM

[eluser]vendiddy[/eluser]
You could probably store the password in a config file.

You could store whether admin is logged in or not in the session.

In the constructor of the controller for your backend/dashboard, you can check in the session to see whether the admin is logged in or not.

If the admin is not logged in, you can use the redirect( ... ) function to redirect to the login page.
  • El Forum
    Guest
  •  
#3
11-12-2008, 11:15 AM

[eluser]Adam Griffiths[/eluser]
In regards to your comment about not needing a register function. There is nothing stopping you from removing the register function. Take my Auth library for example, if you don't need the register, just delete the function and the register view file.

If you were set on making your own system though, I would definitely use a database, flatfiles can be accessed and even if encrypted, the encryption can be broken with the right resources.

So, for example, you would just need a login function, run the username and password against the database record, return the appropriate errors if necessary, or set a few session variables on a successful login.

If you need further, clarification, just say and I will reply.
  • El Forum
    Guest
  •  
#4
11-12-2008, 01:10 PM

[eluser]Pascal Kriete[/eluser]
Hey Jesse,

Most of the time you need a those register functions to create users (even if it's just one or two). Passwords shouldn't be stored in plain text, but rather hashed (CI Blog on hashing). The register functions usually handle that for you - you don't need to write an actual frontend to register though.

Essentially how this works:
First add users to the database. All you really need is a username and a hashed version of the password.

Then when they try to log in:
1. Get the database row based on the username.
2. Hash the input password and compare it to that in the row you just grabbed.

If either of those fails - they cannot log in. If it matches - celebrate.

Hope that helps.
  • El Forum
    Guest
  •  
#5
11-12-2008, 01:31 PM

[eluser]Jesse Schutt[/eluser]
Hey Guys,

Thanks so much for the direction!

Here's what I have done...

I went through the tutorial on Bramme's website so I could get an understanding of what an auth process should look like. Then I took Adam's library and studied how to hash a password and store it in the db.

And believe it or not, it actually works!

Jesse
  • El Forum
    Guest
  •  
#6
11-12-2008, 02:01 PM

[eluser]Pascal Kriete[/eluser]
Good stuff! Glad it's working for you.




Theme © iAndrew 2016 - Forum software by © MyBB