Very simple native sessions

[eluser]Leon Stafford[/eluser]
Tonight, I had to rebuild a site which had been using FreakAuthLight(FAL) for authentication.

I realise the efforts to get FAL up and running, but since it was abandoned and since CI doesn't allow native sessions (IE ones you can set to expire when browser closes!), I wrote a simple MVC-ish implementation.

Built in a hurry, so please feel free to criticise all the flaws

1. add

Code:

session_start();

to index.php

2. add auth Model:

Code:

<?php
class Auth extends Model
{
    public $view_data = array();
    
    function Auth()
    {    
        parent::Model();
            
    }
    
    function check_admin($return_path)
    {
                
        if (isset($_POST['password']) && $_POST['username'] == "user1" && $_POST['password'] == "123456")
            {
                session_register('username');
                $_SESSION['username'] = "user1";
            }
            elseif(isset($_POST['password']) && $_POST['username'] == "user2" && $_POST['password'] == "123456")
            {
                session_register('username');
                $_SESSION['username'] = "user2";
            }
            elseif(isset($_SESSION['username']) && ($_SESSION['username'] == "user1" || $_SESSION['username'] == "user2"))
            {
                //$_SESSION['username'] //do nothnig, already registered            
            }
            
            if (!(isset($_SESSION['username']) && ($_SESSION['username'] == ("user1" || "user2"))))
            {
                $array_to_pass['return_path']         = $return_path;
                $array_to_pass['page_title']         = 'mysite | login';
                $array_to_pass['javascript']         = array(site_url("public/shared/js/somejs.js"));
                $array_to_pass['css']                 = array(site_url("public/frontend/css/common.css"));
                $view_data = array('content' => $array_to_pass);
    
                $this->load->view('my_header_plain', $view_data);
                $this->load->view('login_page');
                $this->load->view('my_footer_plain');
            }
            
            else
            {
                return TRUE;    
            }
            
    }
}

3. Then the implementation is super easy, in your controller:

Code:

$this->load->model('Auth', '', TRUE);
        
if ($this->Auth->check_admin(site_url("this_controller")."/"))
{
      //The content in your controller you want protected
}

4. Finally, in the login page, use the $content['return_path'] as the form's action to perform the validation cycle.

Obviously protecting the passwords is highly recommended in a live site!

Now, you can use sessions like a native and they will expire when the browser closes or you call an extra logout method.

[eluser]ch5i[/eluser]
Hello,

not here to criticize.
Just wanted to point out that there is a nice native session library
in the Wiki which I've been using for quite a while

br,
Thomas

[eluser]Leon Stafford[/eluser]
[quote author="ch5i" date="1244731574"]Hello,

not here to criticize.
Just wanted to point out that there is a nice native session library
in the Wiki which I've been using for quite a while

br,
Thomas[/quote]

Hi Thomas,

No, I agree, why reinvent the wheel

I knew of its existence and will check it out for next site, I just didn't have time to test another Auth module out to find out it needed customization, so just started building my own as basic as possible to get the job done.

Using FreakAuth Light left a foul taste in my mouth and really turned me off CI in general. I would prefer everyone worked on making the CI Session library actually useable than everyone start making their own implementations which are too specific / limiting.

I think as others have hinted that EllisLab guys are focused on their commercial app and have given up on CI.

Though I would love to be proven wrong on that...

[eluser]n0xie[/eluser]
[quote author="Leon Stafford" date="1244671086"]
Built in a hurry, so please feel free to criticise all the flaws
[/quote]
Well since you asked for it...

1. Using $_POST in model. Why?
2. Calling view from model. Why?
3. checking if username/pw combo is good is a different functionality then checking if user is already logged in. Why are they in the same function?
4. Most people prefer to login vs a database table.

Generally speaking you mixed and matched all sorts of concerns, responsibility, (business-) logic and (business-) rules.

It looks to me like 'plain 'ol scripted php' instead of OOP. Not that there is anything wrong with that, but it's kind of misplaced in a MVC framework...

[eluser]Leon Stafford[/eluser]
[quote author="n0xie" date="1244732908"][quote author="Leon Stafford" date="1244671086"]
Built in a hurry, so please feel free to criticise all the flaws
[/quote]
Well since you asked for it...

1. Using $_POST in model. Why?
2. Calling view from model. Why?
3. checking if username/pw combo is good is a different functionality then checking if user is already logged in. Why are they in the same function?
4. Most people prefer to login vs a database table.

Generally speaking you mixed and matched all sorts of concerns, responsibility, (business-) logic and (business-) rules.

It looks to me like 'plain 'ol scripted php' instead of OOP. Not that there is anything wrong with that, but it's kind of misplaced in a MVC framework...[/quote]

Thanks, I totally agree!

I didn't approach this with a "how can I make a really proper, safe method of authenticating", but more of a "how can I just hack something together to get this working tonight" attitude.

For me, that meant putting any code in which would get the job done and it did

I also removed rust from my motorbike's tank using baking soda, haha!