Welcome Guest, Not a member yet? Register   Sign In
suggestions about Authentication with CI
#1

[eluser]Alejus[/eluser]
Hi everybody.
I need your opinion and suggestions about the best library for use in authentication and manage of users and levels.

I´m developing a system and I was looking for some library about it, but.. I´dont know which is the most used or the better for you.

And if is posible, some example for to implement in my app. Smile

Thanks for the time to answer.

Alejus.
From Argentine.
#2

[eluser]Dam1an[/eluser]
Doesn't directly answer your question, but there's a nice comparison of the auth libraries over on stack overflow
#3

[eluser]Alejus[/eluser]
Oh thanks Dam1an, I saw it but... I dont know which is the conclusion :S

Alejus
#4

[eluser]skunkbad[/eluser]
I had looked at a few that are here in the wiki, but ended up making my own. I'm at about 1200 lines of code so far, and will probably be done within the next week or so. What are you having problems with? I can't paste 1200 lines of code here, but I might be able to describe how I took care of certain tasks related to authentication and user management.

In my auth system, failed login attempts are logged in the database in various ways (by IP, and by username/password). After X attempts, a user is blocked from trying to login for X amount of minutes. The auth system also handles password recovery by emailing a user a specially crafted link back to my site. A person who is trying to guess email addresses will also be blocked for X amount of minutes. Blocking does require a query to the database, but I couldn't think of anything else.

I created my user levels to easily adapt to up to 9 levels, and this could be extended by altering one database field. Level 1 is a standard registered user. Level 9 I call Sudo, and I have a Manager level @ 6. I wanted to leave plenty of room for custom levels. For instance, if a Manager has some special authority that other Managers don't have, he might be level 7. In my auth system, a Manager can't modify another Manager's account, but has authority to modify some details of his/her own account.

There are many other details that have gone into my auth system. I wanted to make something I could paste right into a site, and with minimal modifications, have the site customized and start programming the real functionality of the site!

blessings,
Brian
#5

[eluser]jedd[/eluser]
Alejus - this would be my suggestion also - write your own, otherwise you'll never be very happy with what you're using. Well you won't necessarily be ecstatic about having to write every change yourself, but at least you'll be motivated when you file your own bug reports into your own trac instance for you to fix.
#6

[eluser]Alejus[/eluser]
Hi Brian !
Your auth system sounds terrific !!!

I Want to try it.
I´m a newbie in CI, but I wish to learn.

I like your comments and specially your blessings.

God is present here, too.

Alejus
From Argentine
#7

[eluser]skunkbad[/eluser]
Alejus,

You might send me a message on my website, so that I have your email address. I'll send you something when I'm all done.
#8

[eluser]Dam1an[/eluser]
skunkbad, I'm assuming you will also publish it to the wiki and stick a post in Ignited Code for the rest of us to see it?
#9

[eluser]n0xie[/eluser]
@skunkbad: I'm also curious. The way you describe it, it has the same problem as most auth libraries found in the Ignited Code section: trying to do too much. Not saying that's a bad thing persé but it's usually not something I would use. I guess I'm stuck to the old UNIX mantra: do 1 thing and do it well. After studying several libraries, and not liking most of them (either too complex, too much features, too restrictive or build around a 'set' database scheme), I decided to build my own. Maybe your library can show me a few new tricks I haven't thought of. ;-)
#10

[eluser]skunkbad[/eluser]
I don't mind sharing, but it wasn't my intention to post it to the wiki until after some fine tuning is done.

Like n0xie says, it almost certainly will be more than most people need. My goal was really to build this for myself, and the thing with it is, it's really a personal thing. It does what I want it to do, and it does it the way I want it done. It also tries to be (along side CodeIgniter), a foundation for all projects, so that when I need want to start a site, I can concentrate on the important stuff.

There might be a million different solutions to the same problem, but I will know how the one I made works. I'd say that a developer should always make their own, but that would mean that all developers would need to know how to do it, and it's also not really in the spirit of CodeIgniter. I really wish CodeIgniter had a great auth system built in!




Theme © iAndrew 2016 - Forum software by © MyBB