My OWN Auth Library

[eluser]sirwan.me[/eluser]
hi im interested in writing my own auth library.

i had a look at tank auth and few others. but dont like how all the files are scattered in so much different directories... so was wondering if I can write one file, (the library) that would include all the model code that would have been, and the libary code all in one.

so the library would also do database functions which would have been left for the model to do? ... or is that a bad idea in terms of bloated code? idk. need advice on writing a basic auth lib.

[eluser]pickupman[/eluser]
It's not a matter of bloated code, it's a matter of how you closely you interpret MVC. You could put everything in helper,plugin,or library. Whatever works for your project. Take a look at ion auth. It's a good auth library. Like you, I wanted some small and light weight. Ion Auth fit the bill. One of things I like about the library is the easy calls to remember as the model calls go through the library.

Code:

//All call start with
$this->ion_auth->

It uses the magic of PHP5 to look in the library first, and then the model if not found. Take a look as it might give some ideas on how you may want to construct yours. It's also actively developed by some great members on the boards.

[eluser]sirwan.me[/eluser]
but what is the point of making models for a library ... should a library just be a library, so basically your adding extra work just to split the code between a model and a library... I know MVC is good for splitting the code in Model View Controller, but in the case of a Library, a library should just be 1 library not further split into models to get the tasks done.

Can I just put the database interactions with the library or is that a future disaster ?

basically my point is that MVC should be left to the APP itself.. a library shouldn't have its functionality split to modules... or am i missing something ?

[eluser]Jelmer[/eluser]
Personally I try to put all kinds of data access into models. Libraries are in my view to process the information if that kind of processing is (potentially) needed in more than just one place.

You could put it all in one place, but that mostly leads to bloated classes that will become harder and harder to maintain. While seperating the different parts of such a library into multiple parts might be a little more work and a bit more uploading, it will payoff if you ever extend or fundamentally need to change how it works.
An example might be that I kept my Auth library pretty generic (only username, email, display name & password are referenced specificly), which makes sure that if I want to add fields to my user table I only have to edit the model and not the library.

Having said that, don't take it to extremes either. For instance my Caching library doesn't need a filesystem model to write and retrieve the cache files, that would be overkill. In the end where you draw the line between needing a model and putting it in the library is (of course) mostly up to you. It's a good thing to actively think about it every time you need data-access of any kind.

[eluser]sirwan.me[/eluser]
Thanks jelmer, but i think your point about keeping them in Models is future proof, is not persuasive enough... becuase I dont think it'll be that hard to maintain a library (1 file) .. for me its harder to maintain mutliple files, .. I like mvc and php frameworks, but the current Auth Libs out there are overkill ... Codeigniter has a mentality of speed and I will be creating a all in 1 file.. which is better in terms for me and anyone that wants to make things FAST.

will start coding now. thanks alot. again if I have something totally WRONG , PLEASE TELL ME .. becuase im still open to persuasion.. thanks alot for a great community.

[eluser]pickupman[/eluser]
That's one of the great aspects of this strong framework...it doesn't force you to do anything. It's like building a house. Everyone has a hammer, nails, and some wood. You could build a house a thousand different ways. CI provides the tools for you to develop/build something with ease. I think adding one file to the mix will not cause much loss in performance.

I must admit there has been a couple controllers that do something mundane that access the DB, and I just code the queries in the controller as a private method. Then I decide to start caching the queries to get a little boost, and end up creating a model in the long run.

[eluser]Jelmer[/eluser]
@sirwan.me

I didn't mean to be persuasive, just to give my opinion. And as I said, it's up to you.

I would say though that IonAuth isn't bloated in any way. I haven't used it but I did read through it for inspiration and it looks clean. It may need 4 files (Lib, Model, Language & Config), but on the whole that's not a lot for something as essential as an auth lib. It's hard to write something better from scratch, I might write the security a bit more paranoid but other than that there's little reason to write your own. And I had fun reading through it because my implementation written a while back is mostly the same principles.

[eluser]sirwan.me[/eluser]
ill use Ion Auth now, but Iv been stubborn only because the documentation is horrendous, I cant read anywhere if it has the features I need, hmm but im going to take some time out to look into this. ill report back incase any one else is interested. thanks alot

[eluser]pickupman[/eluser]
Added a CSFR/nonce token would be nice. Hopefully works out well for CI 2.0, and Ben/Phil will get it added. I agree docs could be a little better. But, with a good IDE, you can view the methods pretty easily.