Bramme.net - Bram Van der Sype's online portfolio

Hello and welcome to my first tutorial in ages. Today, I’ll be explaining to you how you can create a simple login (or ‘auth’, short for authorization) library for CodeIgniter.

What functionality will our library have? Users accessing restricted pages will see a login screen if they’re not logged in, once logged in they’ll be redirected to the page where they were, or simply see a standard page. That’s about it for this tutorial, though adding things like user groups, restrictions etc… could all be added later. Maybe stuff for a later tutorial?

I’ll copy/paste bits of code from my own (simple) auth library and then explain what they do. So at the end of this tutorial you will have a working library.

For starters, let’s quickly rethink how we used to do this kind of stuff with procedural PHP. What I used to do was set a $_SESSION variable, most of the time $_SESSION[‘loggedin’] = true; or something like that. If it was false, or not set, I would check if cookies were set with the username and/or hashed password. Or I would check if the submit form was submitted. I would process that data and see if a valid user entered his/her name and password. It was then but a case to create an index page that checked for that session variable to display the login form or the actual content. Probably not the safest way, but it worked like a charm.

With CodeIgniter and the MVC approach, things aren’t that different. But, they can be a little confusing at first. I know they were for me, that’s why I’m writing this tutorial.
Before we start, let me just say I’m presuming some things:
- You have some knowledge of PHP and you grasp some basic Object Oriented PHP lingo, so you won’t have to ask “Excuse me, but what does ‘construct’ mean?”.
- Comes with the previous one: you at least know what CodeIgniter is. If you don’t know what CI is, I suggest you first go read the user guide, which is excellent by the way.
- You use a mysql database to store your users and their passwords. If you haven’t got a user table yet, but you’re planning on using one, here’s some SQL to help you create a table. It also adds a standard user, named User with the password Applepie.

CREATE TABLE `users` ( `id` int(11) NOT NULL auto_increment, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8; INSERT INTO `users` SET `username` = 'User', `password` = 'Applepie';

Okay, your still here. Your users need to login to see certain pages, so you’ll offcourse need a controller.

<?php class Admin extends Controller { function Admin() { parent::Controller(); } function index() { // Show some fancy stuff, like a dashboard // OR, just use index as a placeholder for another, 'standard', method, like so: $this->news(); } function news() { // Post some news items } } ?>

We could add some lines code to all of our methods that check for a session variable (because that’s what we’ll use here too), and then decide to display the actual page or a login view. But we’d have to repeat it in every method and if we’d have to change it, we’d have to change it in every method. That’s not very DRY, is it?

You know what we’ll do? Let’s create an additional method, which sole function will be displaying and processing the login form. If we’re not logged in, we can redirect to it. So let’s add our login method.

<?php class Admin extends Controller { function Admin() { parent::Controller(); } function index() { // Show some fancy stuff, like a dashboard // OR, just use index as a placeholder for another, 'standard', method, like so: $this->news(); } function news() { // Post some news items } function login() { $this->load->view('login'); } } ?>

and our view file could look like this:

<h2>Please log in first</h2> <form action="/index.php/admin/login" method="post"> <!-- as you can see, the action refers to the same page --> <p> <label for="username">Username: <br /> <input type="text" name="username" value="" id="username" /></label> </p> <p> <label for="password">Password: <br /> <input type="password" name="password" value="" id="password" /></label> </p> <p> <input type="submit" name="submLogin" value="Log In" /> </p> </form>

For the sake of shortness, I won’t include validation for this form, this is easy enough to figure out yourself.

So far for displaying the form, on to the next bit: processing it!

Again, for the sake of shortness, I’m not including any cookies either. If you want to store the username and password in cookies, this is easy enough to do yourself.

Let’s rewrite our login method so it can process the data from the login.

function login() { if ($this->input->post('submLogin') != FALSE) { $login = array($this->input->post('username'), $this->input->post('password')); if($this->auth->process_login($login)) { // Login successful, let's redirect. $this->auth->redirect(); } else { $data['error'] = 'Login failed, please try again'; $this->load->vars($data); } } $this->load->view('login'); }

Whoa, whoa. $this->auth? I skipped a step, don’t worry. If you would submit your form now, you’d get a pretty error saying it can’t find the process_login method or the auth library. That’s because ‘auth’ is the library we’re going to create. CI can’t know what’s not there yet. We’ll do that in a second. First, let’s change a few things:
Start with changing your login view so it looks like this.

<h2>Please log in first</h2> <?php if(isset($error)) { echo "<p>$error</p>"; } ?> <form action="/CI/index.php/admin/login" method="post"> <!-- as you can see, the action refers to the same page --> <p> <label for="username">Username: <br /> <input type="text" name="username" value="" id="username" /></label> </p> <p> <label for="passw">Password: <br /> <input type="password" name="password" value="" id="passw" /></label> </p> <p> <input type="submit" name="submLogin" value="Log In" /> </p> </form>

Now your users will see the error message if they enter a wrong username or password.

Also, let’s add the following line to your controller construct:

$this->load->library('auth');

It’ll throw an error for now because the library isn’t created yet, but we’ll do that on the next page.

Pages: 1 2 3 4