[eluser]ChiefChirpa[/eluser]
Disadvantages of Codeigniter:
1 - Not the most flexible (probably in large part due to PHP4 support), for instance trying to route from the database always seems a hack in Codeigniter.
2 - Missing certain things I consider core - decent form handling and auth for instance. Yes there are 3rd party libraries for these, but I really don't like relying on those for things I consider so intrinsic.
3 - Very slow development cycle, have a bug, security flaw, don't expect it to be remedied for six months.
4 - Bizarre restriction on $_GET.
5 - PHP4 support, means you have to do things like loading models, getting the CI instance, plus that the error handling is pretty poor (compare to PHP5 frameworks where they are able to use exceptions, reflection, etc and display the stack, show a snippet of the code where the error occurred... PHP4 is so old even PHP have dropped support for it...
[eluser]kirkaracha[/eluser]
Quote:The reason there is no auth module is probably because authentification is very different between applications - I have yet to see an auth library that does not make assumptions as to your database scheme or your interface style.
I really dislike the lack of a built-in authentication/ACL library. A basic library that would log people in, check if they're an admin or a registered user would cover the needs of most people. As far as the database goes, I have a table called users, with fields for usernames, passwords, and email addresses, and lots of people probably use a similar setup. A built-in library would cover the needs of most people and could be optional.
It makes even less sense now that ExpressionEngine has been rewritten in CodeIgniter, since it has the exact same feature set.
[eluser]arcreative[/eluser]
[quote author="kirkaracha" date="1266825620"] Quote:The reason there is no auth module is probably because authentification is very different between applications - I have yet to see an auth library that does not make assumptions as to your database scheme or your interface style.
I really dislike the lack of a built-in authentication/ACL library. A basic library that would log people in, check if they're an admin or a registered user would cover the needs of most people. As far as the database goes, I have a table called users, with fields for usernames, passwords, and email addresses, and lots of people probably use a similar setup. A built-in library would cover the needs of most people and could be optional.
It makes even less sense now that ExpressionEngine has been rewritten in CodeIgniter, since it has the exact same feature set.[/quote]
It's really not that hard... I built mine in less than five minutes. Simple database query: SELECT * FROM `users` WHERE `username` = $this->input->post('username') AND `password` = md5($this->input->post('password')) LIMIT 1;
Load the id into a session, and your done. You can even encrypt the cookie if you don't want them to know their user id. It even expires automatically.
[eluser]Thorpe Obazee[/eluser]
[quote author="arcreative" date="1285026537"]
It's really not that hard... I built mine in less than five minutes. Simple database query: SELECT * FROM `users` WHERE `username` = $this->input->post('username') AND `password` = md5($this->input->post('password')) LIMIT 1;[/quote]
SQL injection.
[eluser]pbreit[/eluser]
I can see not bundling authentication in the core distribution but I think it would be reasonable for there to be an authentication library distributed by EllisLabs since, as everyone knows, such a thing is required on virtually any project where you'd consider using a framework.
If you think you can develop this in 5 minutes, you're not being honest.
The biggest disadvantage I can think of is the poor support for querystrings. This forces developers to do stupid things like use POST redirects for searches.
[eluser]WanWizard[/eluser]
The main reason for it not being there is that the functional requirements for such a library are vastly different for everyone of us.
For people here that are looking for a simple system that can distinguish between public, member and admin, there are plenty of solutions around, including some real good ones, like IonAuth.
For someone developing more complex applications, these kind of systems are useless.For ExiteCMS, I needed mutliple authentication sources (local db, ldap, ad, twitter, openid, etc...), groups, roles and the ability to assign roles to groups, groups to other groups, etc. to create a task driven security system.
You will never be able to create a 'one size fits all' library, so I agree with Ellislabs not wanting to include something like this in CI.
[eluser]danmontgomery[/eluser]
Completely agree with WanWizard. The best thing about CodeIgniter as a framework is that it doesn't feel like a framework at all. Decisions like authentication are left up to each developer to do as he/she sees fit.
[eluser]arcreative[/eluser]
[quote author="bargainph" date="1285053454"][quote author="arcreative" date="1285026537"]
It's really not that hard... I built mine in less than five minutes. Simple database query: SELECT * FROM `users` WHERE `username` = $this->input->post('username') AND `password` = md5($this->input->post('password')) LIMIT 1;[/quote]
SQL injection.[/quote]
Well obviously not going to solve everyone's woes with one line... My current application is using form_validation with valid_email for username, so I don't have to worry about it. I've extended my input class to prevent SQL injection as well, but my bad for appearing careless
[eluser]arcreative[/eluser]
[quote author="WanWizard" date="1285068371"]You will never be able to create a 'one size fits all' library, so I agree with Ellislabs not wanting to include something like this in CI.[/quote]
I agree. And furthermore, I think a WAY bigger time saver would be a scaffolding generator for data entry with validation intrinsically built in. Something that would take:
$params = {
'email' : 'required|valid_email',
'fname' : 'required|maxlength[20]',
'lname' : 'required|maxlength[20]',
'address' : 'required|maxlength[30]',
'phone' : 'required'
}
$this->formclass->generate($params,callback_function);
and maybe subsequently
$this->formclass->process('database_table',$params,callback_function);
I made one yesterday and it took an atrocious amount of work for something so simple... but I need this functionality all over my site so having a library for this would be awesome.
|
