Auth library for CodeIgniter tutorial.
Hello and welcome to my first tutorial in ages. Today, I’ll be explaining to you how you can create a simple login (or ‘auth’, short for authorization) library for CodeIgniter.
What functionality will our library have? Users accessing restricted pages will see a login screen if they’re not logged in, once logged in they’ll be redirected to the page where they were, or simply see a standard page. That’s about it for this tutorial, though adding things like user groups, restrictions etc… could all be added later. Maybe stuff for a later tutorial?
I’ll copy/paste bits of code from my own (simple) auth library and then explain what they do. So at the end of this tutorial you will have a working library. Easy as can be! Let’s do it!
For starters, let’s quickly rethink how we used to do this kind of stuff with procedural PHP. What I used to do was set a $_SESSION variable, most of the time $_SESSION[‘loggedin’] = true; or something like that. If it was false, or not set, I would check if cookies were set with the username and/or hashed password. Or I would check if the submit form was submitted. I would process that data and see if a valid user entered his/her name and password. It was then but a case to create an index page that checked for that session variable to display the login form or the actual content. Probably not the safest way, but it worked like a charm.
With CodeIgniter and the MVC approach, things aren’t that different. But, they can be a little confusing at first. I know they were for me, that’s why I’m writing this tutorial.
Before we start, let me just say I’m presuming some things:
- You have some knowledge of PHP and you grasp some basic Object Oriented PHP lingo, so you won’t have to ask “Excuse me, but what does ‘construct’ mean?”.
- Comes with the previous one: you at least know what CodeIgniter is. If you don’t know what CI is, I suggest you first go read the user guide, which is excellent by the way.
- You use a mysql database to store your users and their passwords. If you haven’t got a user table yet, but you’re planning on using one, here’s some SQL to help you create a table. It also adds a standard user, named User with the password Applepie.
CREATE TABLE `users` ( `id` int(11) NOT NULL auto_increment, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8; INSERT INTO `users` SET `username` = 'User', `password` = 'Applepie';
Okay, your still here. Your users need to login to see certain pages, so you’ll offcourse need a controller.
<?php
class Admin extends Controller {
function Admin()
{
parent::Controller();
}
function index()
{
// Show some fancy stuff, like a dashboard
// OR, just use index as a placeholder for another, 'standard', method, like so:
$this->news();
}
function news()
{
// Post some news items
}
}
?>
We could add some lines code to all of our methods that check for a session variable (because that’s what we’ll use here too), and then decide to display the actual page or a login view. But we’d have to repeat it in every method and if we’d have to change it, we’d have to change it in every method. That’s not very DRY, is it?
You know what we’ll do? Let’s create an additional method, which sole function will be displaying and processing the login form. If we’re not logged in, we can redirect to it. So let’s add our login method.
<?php
class Admin extends Controller {
function Admin()
{
parent::Controller();
}
function index()
{
// Show some fancy stuff, like a dashboard
// OR, just use index as a placeholder for another, 'standard', method, like so:
$this->news();
}
function news()
{
// Post some news items
}
function login()
{
$this->load->view('login');
}
}
?>
and our view file could look like this:
<h2>Please log in first</h2> <form action="/index.php/admin/login" method="post"> <!-- as you can see, the action refers to the same page --> <p> <label for="username">Username: <br /> <input type="text" name="username" value="" id="username" /></label> </p> <p> <label for="password">Password: <br /> <input type="password" name="password" value="" id="password" /></label> </p> <p> <input type="submit" name="submLogin" value="Log In" /> </p> </form>
For the sake of shortness, I won’t include validation for this form, this is easy enough to figure out yourself.
So far for displaying the form, on to the next bit: processing it!
Again, for the sake of shortness, I’m not including any cookies either. If you want to store the username and password in cookies, this is easy enough to do yourself.
Let’s rewrite our login method so it can process the data from the login.
function login()
{
if ($this->input->post('submLogin') != FALSE)
{
$login = array($this->input->post('username'), $this->input->post('password'));
if($this->auth->process_login($login))
{
// Login successful, let's redirect.
$this->auth->redirect();
}
else
{
$data['error'] = 'Login failed, please try again';
$this->load->vars($data);
}
}
$this->load->view('login');
}
Whoa, whoa. $this->auth? I skipped a step, don’t worry. If you would submit your form now, you’d get a pretty error saying it can’t find the process_login method or the auth library. That’s because ‘auth’ is the library we’re going to create. CI can’t know what’s not there yet. We’ll do that in a second. First, let’s change a few things:
Start with changing your login view so it looks like this.
<h2>Please log in first</h2>
<?php
if(isset($error))
{
echo "<p>$error</p>";
}
?>
<form action="/CI/index.php/admin/login" method="post">
<!-- as you can see, the action refers to the same page -->
<p>
<label for="username">Username: <br />
<input type="text" name="username" value="" id="username" /></label>
</p>
<p>
<label for="passw">Password: <br />
<input type="password" name="password" value="" id="passw" /></label>
</p>
<p>
<input type="submit" name="submLogin" value="Log In" />
</p>
</form>
Now your users will see the error message if they enter a wrong username or password.
Also, let’s add the following line to your controller construct:
$this->load->library('auth');
It’ll throw an error for now because the library isn’t created yet, but we’ll do that on the next page.
Bramme.net said
on Jul 30th, 2:04 pm |
[...] contact Bramme.net « Auth library for CodeIgniter tutorial. [...]
ahnShev said
on Sep 2nd, 5:45 pm |
It’ll throw an error for now because the library isn’t created yet, but we’ll do that on the next page.
Where is the ‘next page’?
Bram said
on Sep 3rd, 7:36 am |
My bad, there’s no next page link. I’ll fix it as soon as possible! I’m at work right now and don’t have access to my editor.
ahnShev said
on Sep 6th, 2:13 pm |
Thanx Bram
Erik Reagan said
on Sep 9th, 1:25 pm |
Thanks for the generous walkthrough and code. It was very beneficial to me and practically the last piece of the puzzle to a couple of projects.
saijin said
on Sep 24th, 4:21 am |
It works like a charm, thank you very, very much..
dcunited said
on Sep 25th, 1:23 pm |
A couple of security related notes:
1) Sticking the username and password in a cookie is a bad idea, I know you did not suggest it but you mentioned it and it is a major ‘no-no’. Use builtin session storage or create your own session id and send it in a cookie but please don’t put the username and password in the cookie.
2) Hashing the password is a must for security, I am glad you mentioned it. It also protects against SQL Injection robbing users passwords (SELECT username, password from users). I would highly recommend it.
Thanks for the tutorial, I am moving a site to CI and this gives me some insight into how others are creating auth within CI.
Tiago C said
on Sep 27th, 12:15 pm |
Thank you very much for the tutorial. It was a great help in developing a site I’m working on.
Although I would like to see other features implemented like user groups, restrictions, etc… Are you planing to write this tuts…?
Once again, thank you!
techdubb said
on Oct 13th, 9:52 pm |
excellent tutorial. thank you very much…
i did run into an issue however with the syntax of naming the constructor ‘__construct’ rather than the name of the class ‘Auth’. though you have it done correctly in the tutorial, the files you have for download still have ‘__construct’.
thanks again!
Ivar said
on Nov 3rd, 12:02 pm |
techdubb: That is a conflict between PHP4 and 5, the “__construct” syntax is explicitly version 5, so I expect you have 4 running on your end?
Php Cookie Redirect said
on Nov 18th, 5:47 pm |
Good site I “Stumbledupon” it today and gave it a stumble for you.. looking forward to seeing what else you have..later
kiruban said
on Nov 21st, 8:16 pm |
keep it up man! great work!
fourcs said
on Dec 5th, 3:23 am |
Any idea what could be causing me to get the error “cannot redeclare class Auth on line 3 of Auth.php” ? I haven’t altered your files at all. Thanks
Bram said
on Dec 6th, 10:38 am |
any chance you’re loading the library twice? like autoloading it and then also loading in your controller?
Could also happen if you have a model or other library called auth
Dimitar said
on Dec 19th, 3:56 pm |
Fatal error: Call to a member function on a non-object in c:\web\arsite\cms\system\application\libraries\Auth.php on line 114
this is the error that am getting when I go index.php/admin/
Dimitar said
on Dec 19th, 3:57 pm |
can you help me for the error
Bram said
on Dec 20th, 12:16 am |
I suggest you post more code over at the CodeIgniter forums. With just the error message I’m nothing.
Kristofefr said
on Dec 21st, 3:26 pm |
It works like a charm, thank you!
Although, i was wondering if it is possible to add something like:
If (logged_in) {
echo “logout link”
}
in the view file, so that i can check if the user is logged in and display links that only a logged in user i supposed to see…
Thanks again!
Bram said
on Dec 21st, 3:39 pm |
That is perfectly possible! You can use the $this->auth->logged_in() function for that. It returns TRUE or FALSE.
Annie said
on Jan 1st, 1:34 pm |
Cannot modify header information – headers already sent
Filename: libraries/Session.php
error occuring while using session ,
pls clarify
Bram said
on Jan 2nd, 12:03 am |
This is problem has nothing to do with the Auth lib. It is caused by output before you set sessions. Commonly, this can be caused by echo’ing variables from your controller, whitespace or linebreaks before your starting
I suggest you check all your controllers/models/libraries/helpers for any output (or whitespace). If the problem persists, it might be a good idea to write a post on the CodeIgniter forums.
Annie said
on Jan 2nd, 6:06 am |
thank u for reply, it caused because of whitespaces,i hav cleared it
Annie said
on Jan 2nd, 6:12 am |
$this->CI->session->userdata(‘redirected_from’), what we have to specify instead of redirect_from in the function redirect,did we have to define the location in the session.php in the library or is it is an inbuilt one in codeIgniter.
pls reply
Bram said
on Jan 2nd, 10:36 am |
You do not have to replace it, nor is it inbuilt by CodeIgniter: it’s taken care of by the Auth library: you’ll see the variable ‘redirected_from’ being set in the “restrict” function.
jinnn said
on Jan 7th, 6:30 pm |
is it suppose to be like this?
if(!isset($login))
{
return FALSE;
}
if(count($login) != 2)
{
return FALSE;
}
else
{
$username = $login[0];
$password = $login[1];
}
Ryan Yockey said
on Feb 14th, 4:19 pm |
Thanks for the tutorial. Everything worked perfectly.
batman said
on Mar 12th, 10:41 pm |
this is exactly what i’ve been looking for – many thanks!!!
something lightweight enough for me to get going, without all of the bloat of freak, redux, or auth…
txs
lc said
on Mar 24th, 1:25 am |
Thank you for the tutorial working fine but with FF, Safari and Chrome are working fine but not with IE(v.7) (I didn’t check with IE6)
How can I fix it?
Bram said
on Mar 24th, 7:31 am |
CodeIgniter works on the serverside, not client side. Which browser you’re using shouldn’t affect the system. Unless IE7 is bugging out on something in the session library. What version of CI are you using?
lc said
on Mar 24th, 9:05 am |
I’m using latest version of CI 1.7.1.
Is this issue something to do with godday server? I had a difficult time setting CI with their server.
It seems like something wrong with session. After logout, I can still access to portfolio page(news page works as expected). Also after login, I can still go back login page. This issue is only reproducible with IE7
Bram said
on Mar 24th, 9:08 am |
Hmmm, I’m not sure. I’ve heard problems before with godaddy concerning .htaccess files. You might wanna ask around on the CI forums. Maybe somebody could help there.
Also note: the session library has changed since I wrote this tutorial. I’ve been meaning to update it or write a new one, but I just didn’t get to it yet.
lc said
on Mar 24th, 10:10 pm |
After checked CI forums, I found out that many people has IE7 session issue but none of comment solve my issue
However, I change 2 lines of Auth.php and now working as expected
(tested: IE6, IE7, FF, Chrome, safari)
Auth.php
==================================================
/**
*
* This function redirects users after logging in
*
* @access public
* @return void
*/
function redirect() {
if ($this->CI->session->userdata(‘redirectedFrom’) == “”){
//if ($this->CI->session->userdata(‘redirectedFrom’) == FALSE){
…
==================================================
Auth.php
==================================================
/**
*
* Checks if a user is logged in
*
* @access public
* @return boolean
*/
function logged_in(){
if ($this->CI->session->userdata(‘loggedUser’) == “”){
//if ($this->CI->session->userdata(‘loggedUser’) == FALSE){
return FALSE;
…
==================================================
James said
on Mar 24th, 5:02 am |
You saved me loads of time… thanks a lot!
Raymond Selda said
on Apr 8th, 3:25 am |
Bram! Thank you so much for writing this tutorial! This is exactly what I need! I need to learn how to work out authentication in CI but I really avoided using auth frameworks because most of the times they’re really overwhelming and I really like writing code myself so I can better understand CI.
I already implemented your tutorial and I’m happy that it works! Keep up the good work and looking forward to your CI articles. Btw your English if fine!
Thank you Bram!
Tip: Try body { line-height:1.5em; } for better readability.
lekshmy said
on Apr 9th, 6:49 am |
A Database Error Occurred
Error Number: 1364
Field ‘user_data’ doesn’t have a default value
INSERT INTO `ci_sessions` (`session_id`, `ip_address`, `user_agent`, `last_activity`) VALUES (’17f14ae9124b9730ed16186540dd220e’, ’192.168.0.50′, ‘Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;’, 1239254885)
please clarify this error
Bram said
on Apr 10th, 9:20 pm |
Dunno where it comes from… Is it possible that you’re using CI 1.7.x ? This tutorial was written for CI 1.6.x, with 1.7 the CI session library changed and things might not be compatible anymore.
Megges said
on Apr 15th, 10:15 am |
Wow, thats exactly what i was searching for! Thank you!
lekshmy said
on May 1st, 6:53 am |
A PHP Error was encountered
Severity: Notice
Message: fwrite() [function.fwrite]: send of 38 bytes failed with errno=32 Broken pipe
Filename: libraries/Email.php
Line Number: 1707
this error occured whhen i tried to mail some contents. can u pls clarify why its happening
Bram said
on May 1st, 9:14 am |
I don’t know what’s happening there, it seems like a problem with the Email library. Best to post your problem on the CI user forums I think.
CodeIgniter Authorization Systems said
on Jul 10th, 3:26 pm |
[...] Auth library for CodeIgniter tutorial For me personally I like this one the best. It is very simple and just enough to get started with out having tons of files to have to wade through. [...]
Em said
on Aug 1st, 1:40 pm |
That’s been very helpful. I hope to see more CI related tutorials from you.
ola said
on Aug 19th, 8:33 am |
thank you for this tutorial and i want to know what will be done if we specify user groups ??
ola said
on Aug 19th, 10:51 am |
Really i’m very passionate to know the part of user groups because the previous tutorial was very useful and so simple
Bram said
on Aug 19th, 12:12 pm |
Usergroups are currently not built in to the auth system. This is partly because I simply haven’t figured out myself how to effectively do it.
The logic behind it is: every page (or every function of your controller) has a unique ID. In a database (ideally, so you can manage it from a website) you store which usergroup has access to which id’s (or you store the opposite, which id’s they can’t access). In the restrict function of the auth library, you then need to do an additional check against the database if the user’s usergroup is allowed to that page.
Things get more complicated however when you need think of the dynamic navigation etc that will be needed: after all, you can’t have a user click a link, only to find out he’s not allowed on that page.
ola said
on Aug 19th, 4:10 pm |
thank you for your reply and hopefully continue to do that as you have a declarative way in your tutorial and i’m still waiting to be the first one read it, Good Luck
Felix said
on Apr 26th, 3:17 am |
hey Bram, awesome tutorial
one quick question, is there any possible way to autoload the auth->restrict function so you dont have to type it every time you create a function or page?
Thanks!
Bram said
on Apr 26th, 6:12 am |
You could do it with a pre_controller hook, I guess. I often use the function in my controller’s constructor, this makes that I only have to use it once per controller. I deliberately left it out though, since there could be cases where you wouldn’t need validation in one or two functions…
Regards
Felix said
on Apr 26th, 9:23 am |
hey bram, thanks for the quick reply.
I think it’s good idea to have it in the controller’s constructor too.
thanks for the great tutorial
Proiect finalizat « Klewos said
on Jun 23rd, 8:51 pm |
[...] I-am adăugat și o bibliotecă de autentificare și autorizare, în bună măsură bazată pe un excelent tutorial, însă îmbunătățită cu suport pentru roluri și utilizarea hash-urilor pentru manipularea [...]
Oxizequillime said
on Apr 1st, 9:03 am |
Никогда не слышала, заинтересовалась девушка. Где можно найти его книги?
Лави с помощью Лири отвела ее к кровати, раздела и уложила. Шатенка немного поворочалась и уснула. Выйдя из спальни, лавиэнка что-то нажала на стене, и дверь исчезла.
Попробуйте моченые корни валтака, посоветовала Барра и положила ей в тарелку какие-то мелко нарезанные белые клубни. Очень вкусно, хотя немного островато.
А что тут думать? удивилась Альмия. Я, вообще-то, жить хочу и не намерена умирать через два-три года. Да и магия вещь интересная. Для семьи тоже полезно. Ты сам подумай, как среагируют в обществе, когда узнают, что твоя дочь великий маг.
Это только малая часть войск чужаков, бросил напряженно о чем-то размышляющий фарсенский офицер.
[url=http://cotepdape.site11.com/article.php?article=128334]Калорий в день чтобы похудеть[/url]
[url=http://cotepdape.site11.com/article.php?article=320928]Грейпфрутовая диета[/url]
[url=http://cotepdape.site11.com/article.php?article=940918]Группа крови 2 положительная диета[/url]
[url=http://cotepdape.site11.com/article.php?article=416608]Лунная диета[/url]
[url=http://cotepdape.site11.com/article.php?article=942909]После гречневой диеты[/url]
[url=http://kettwicseoclud.vacau.com/article.php?article=834114]Диета долиной[/url]
[url=http://kettwicseoclud.vacau.com/article.php?article=110870]Ковальков как похудеть[/url]
[url=http://kettwicseoclud.vacau.com/article.php?article=496978]Поджелудочная железа диета[/url]
[url=http://kettwicseoclud.vacau.com/article.php?article=758110]Голливудская диета[/url]
[url=http://kettwicseoclud.vacau.com/article.php?article=901327]Диета при геморрое[/url]
[url=http://leuglasfizzto.vacau.com/article.php?article=975502]Похудеть за месяц 15 кг[/url]
[url=http://leuglasfizzto.vacau.com/article.php?article=297308]Кремлевская диета меню[/url]
[url=http://leuglasfizzto.vacau.com/article.php?article=510487]Похудеть не есть после шести[/url]
[url=http://leuglasfizzto.vacau.com/article.php?article=863145]Энерджи диет[/url]
[url=http://leuglasfizzto.vacau.com/article.php?article=841583]Похудеть на 2 кг[/url]
[url=http://noncmysqvides.vacau.com/article.php?article=441498]Похудеть здоровье малышева[/url]
[url=http://noncmysqvides.vacau.com/article.php?article=720396]Похудеть малышева[/url]
[url=http://noncmysqvides.vacau.com/article.php?article=577620]Игра похудей[/url]
[url=http://noncmysqvides.vacau.com/article.php?article=624332]Овощная диета[/url]
[url=http://noncmysqvides.vacau.com/article.php?article=910205]Как похудеть за неделю[/url]
[url=http://substertadi.vacau.com/article.php?article=39097]Диета на кашах[/url]
[url=http://substertadi.vacau.com/article.php?article=65617]Диета упражнения[/url]
[url=http://substertadi.vacau.com/category.php?category=19&page=2]Диета маргариты[/url]
[url=http://substertadi.vacau.com/article.php?article=195346]Тощая диета[/url]
[url=http://substertadi.vacau.com/article.php?article=425133]Диета для весов[/url]
[url=http://uscontuwi.comule.com/article.php?article=528196]Похудеть на 30 кг[/url]
[url=http://uscontuwi.comule.com/article.php?article=718007]Диета яичная неделя[/url]
[url=http://uscontuwi.comule.com/article.php?article=438615]Сахарный диабет 2 типа диета[/url]
[url=http://uscontuwi.comule.com/article.php?article=308960]Примерное меню диеты[/url]
[url=http://uscontuwi.comule.com/article.php?article=698803]Татьяна похудела[/url]
[url=http://winsnessvirlia.site11.com/article.php?article=854868]Диета 5 дней 5 кг[/url]
[url=http://winsnessvirlia.site11.com/article.php?article=929345]Диета[/url]
[url=http://winsnessvirlia.site11.com/article.php?article=255814]Диета андрея малахова[/url]
[url=http://winsnessvirlia.site11.com/article.php?article=206427]Похудеть с программой здоровье[/url]
[url=http://winsnessvirlia.site11.com/article.php?article=585735]Похудеть не есть после 6[/url]
hoosegent said
on Apr 9th, 4:17 am |
[url=http://veraser.if.ua]почта
[/url]
Immigration lawyer said
on May 5th, 5:46 pm |
I love the efforts you have put in this, regards for all the great blog posts.I have added your link to my blog here http://www.conveyancingquotes.info/?page_id=9 ,
Cowboy Hats said
on May 15th, 5:48 pm |
read more…
[...]just below, are some totally unrelated sites to ours, however, they are definitely worth checking out[...]…