Auth library for CodeIgniter tutorial.

Hello and welcome to my first tutorial in ages. Today, I’ll be explaining to you how you can create a simple login (or ‘auth’, short for authorization) library for CodeIgniter.

What functionality will our library have? Users accessing restricted pages will see a login screen if they’re not logged in, once logged in they’ll be redirected to the page where they were, or simply see a standard page. That’s about it for this tutorial, though adding things like user groups, restrictions etc… could all be added later. Maybe stuff for a later tutorial?

I’ll copy/paste bits of code from my own (simple) auth library and then explain what they do. So at the end of this tutorial you will have a working library.

For starters, let’s quickly rethink how we used to do this kind of stuff with procedural PHP. What I used to do was set a $_SESSION variable, most of the time $_SESSION[‘loggedin’] = true; or something like that. If it was false, or not set, I would check if cookies were set with the username and/or hashed password. Or I would check if the submit form was submitted. I would process that data and see if a valid user entered his/her name and password. It was then but a case to create an index page that checked for that session variable to display the login form or the actual content. Probably not the safest way, but it worked like a charm.

With CodeIgniter and the MVC approach, things aren’t that different. But, they can be a little confusing at first. I know they were for me, that’s why I’m writing this tutorial.
Before we start, let me just say I’m presuming some things:
- You have some knowledge of PHP and you grasp some basic Object Oriented PHP lingo, so you won’t have to ask “Excuse me, but what does ‘construct’ mean?”.
- Comes with the previous one: you at least know what CodeIgniter is. If you don’t know what CI is, I suggest you first go read the user guide, which is excellent by the way.
- You use a mysql database to store your users and their passwords. If you haven’t got a user table yet, but you’re planning on using one, here’s some SQL to help you create a table. It also adds a standard user, named User with the password Applepie.

Okay, your still here. Your users need to login to see certain pages, so you’ll offcourse need a controller.

We could add some lines code to all of our methods that check for a session variable (because that’s what we’ll use here too), and then decide to display the actual page or a login view. But we’d have to repeat it in every method and if we’d have to change it, we’d have to change it in every method. That’s not very DRY, is it?

You know what we’ll do? Let’s create an additional method, which sole function will be displaying and processing the login form. If we’re not logged in, we can redirect to it. So let’s add our login method.

and our view file could look like this:

For the sake of shortness, I won’t include validation for this form, this is easy enough to figure out yourself.

So far for displaying the form, on to the next bit: processing it!

Again, for the sake of shortness, I’m not including any cookies either. If you want to store the username and password in cookies, this is easy enough to do yourself.

Let’s rewrite our login method so it can process the data from the login.

Whoa, whoa. $this->auth? I skipped a step, don’t worry. If you would submit your form now, you’d get a pretty error saying it can’t find the process_login method or the auth library. That’s because ‘auth’ is the library we’re going to create. CI can’t know what’s not there yet. We’ll do that in a second. First, let’s change a few things:
Start with changing your login view so it looks like this.

Now your users will see the error message if they enter a wrong username or password.

Also, let’s add the following line to your controller construct:

It’ll throw an error for now because the library isn’t created yet, but we’ll do that on the next page.

Bookmark:
  • Digg
  • del.icio.us
  • StumbleUpon
  • Technorati
  • Reddit
  • TwitThis
  • Facebook
  • E-mail this story to a friend!

Pages: 1 2 3 4

24 people left their say »

  • Bramme.net

    Jul 30th 2008
    2:04 pm

    Reply

    [...] contact Bramme.net « Auth library for CodeIgniter tutorial. [...]

  • ahnShev

    Sep 2nd 2008
    5:45 pm

    Reply

    It’ll throw an error for now because the library isn’t created yet, but we’ll do that on the next page.

    Where is the ‘next page’?

  • Bram

    Sep 3rd 2008
    7:36 am

    Reply

    My bad, there’s no next page link. I’ll fix it as soon as possible! I’m at work right now and don’t have access to my editor.

  • Erik Reagan

    Sep 9th 2008
    1:25 pm

    Reply

    Thanks for the generous walkthrough and code. It was very beneficial to me and practically the last piece of the puzzle to a couple of projects. :)

  • saijin

    Sep 24th 2008
    4:21 am

    Reply

    It works like a charm, thank you very, very much..

  • dcunited

    Sep 25th 2008
    1:23 pm

    Reply

    A couple of security related notes:

    1) Sticking the username and password in a cookie is a bad idea, I know you did not suggest it but you mentioned it and it is a major ‘no-no’. Use builtin session storage or create your own session id and send it in a cookie but please don’t put the username and password in the cookie.

    2) Hashing the password is a must for security, I am glad you mentioned it. It also protects against SQL Injection robbing users passwords (SELECT username, password from users). I would highly recommend it.

    Thanks for the tutorial, I am moving a site to CI and this gives me some insight into how others are creating auth within CI.

  • Tiago C

    Sep 27th 2008
    12:15 pm

    Reply

    Thank you very much for the tutorial. It was a great help in developing a site I’m working on.
    Although I would like to see other features implemented like user groups, restrictions, etc… Are you planing to write this tuts…?

    Once again, thank you!

  • techdubb

    Oct 13th 2008
    9:52 pm

    Reply

    excellent tutorial. thank you very much…

    i did run into an issue however with the syntax of naming the constructor ‘__construct’ rather than the name of the class ‘Auth’. though you have it done correctly in the tutorial, the files you have for download still have ‘__construct’.

    thanks again!

  • Ivar

    Nov 3rd 2008
    12:02 pm

    Reply

    techdubb: That is a conflict between PHP4 and 5, the “__construct” syntax is explicitly version 5, so I expect you have 4 running on your end?

  • Php Cookie Redirect

    Nov 18th 2008
    5:47 pm

    Reply

    Good site I “Stumbledupon” it today and gave it a stumble for you.. looking forward to seeing what else you have..later

  • kiruban

    Nov 21st 2008
    8:16 pm

    Reply

    keep it up man! great work!

  • fourcs

    Dec 5th 2008
    3:23 am

    Reply

    Any idea what could be causing me to get the error “cannot redeclare class Auth on line 3 of Auth.php” ? I haven’t altered your files at all. Thanks

  • Bram

    Dec 6th 2008
    10:38 am

    Reply

    any chance you’re loading the library twice? like autoloading it and then also loading in your controller?

    Could also happen if you have a model or other library called auth

  • Dimitar

    Dec 19th 2008
    3:56 pm

    Reply

    Fatal error: Call to a member function on a non-object in c:\web\arsite\cms\system\application\libraries\Auth.php on line 114

    this is the error that am getting when I go index.php/admin/

  • Dimitar

    Dec 19th 2008
    3:57 pm

    Reply

    can you help me for the error

  • Bram

    Dec 20th 2008
    12:16 am

    Reply

    I suggest you post more code over at the CodeIgniter forums. With just the error message I’m nothing.

  • Kristofefr

    Dec 21st 2008
    3:26 pm

    Reply

    It works like a charm, thank you!

    Although, i was wondering if it is possible to add something like:

    If (logged_in) {
    echo “logout link”
    }

    in the view file, so that i can check if the user is logged in and display links that only a logged in user i supposed to see…

    Thanks again!

  • Annie

    Jan 1st 2009
    1:34 pm

    Reply

    Cannot modify header information - headers already sent
    Filename: libraries/Session.php
    error occuring while using session ,
    pls clarify

    • Bram

      Jan 2nd 2009
      12:03 am

      Reply

      This is problem has nothing to do with the Auth lib. It is caused by output before you set sessions. Commonly, this can be caused by echo’ing variables from your controller, whitespace or linebreaks before your starting

      I suggest you check all your controllers/models/libraries/helpers for any output (or whitespace). If the problem persists, it might be a good idea to write a post on the CodeIgniter forums.

  • Annie

    Jan 2nd 2009
    6:06 am

    Reply

    thank u for reply, it caused because of whitespaces,i hav cleared it

  • Annie

    Jan 2nd 2009
    6:12 am

    Reply

    $this->CI->session->userdata(’redirected_from’), what we have to specify instead of redirect_from in the function redirect,did we have to define the location in the session.php in the library or is it is an inbuilt one in codeIgniter.
    pls reply

  • Bram

    Jan 2nd 2009
    10:36 am

    Reply

    You do not have to replace it, nor is it inbuilt by CodeIgniter: it’s taken care of by the Auth library: you’ll see the variable ‘redirected_from’ being set in the “restrict” function.

Have your say »