I am using PHP and the codeigniter framework for a project I am working on, and require a user login/authentication system.
For now I'd rather not use SSL (might be overkill and the fact that I am using shared hosting discourages this). I have considered using openID but decided that since my target audience is generally not technical, it might scare users away (not to mention that it requires mirroring of login information etc.). I know that I could write a hash based authentication (such as sha1) since there is no sensitive data being passed (I'd compare the level of sensitivity to that of stackoverflow).
That being said, before making a custom solution, it would be nice to know if there are any good libraries or packages out there that you have used to provide semi-secure authentication? I am new to codeigniter, but something that integrates well with it would be preferable. Any ideas? (i'm open to criticism on my approach and open to suggestions as to why I might be crazy not to just use ssl). Thanks in advance.
Update: I've looked into some of the suggestions. I am curious to try out zend-auth since it seems well supported and well built. Does anyone have experience with using zend-auth in codeigniter (is it too bulky?) and do you have a good reference on integrating it with CI? I do not need any complex authentication schemes..just a simple login/logout/password-management authorization system.
Also, dx_auth seems interesting as well, however I am worried that it is too buggy. Has anybody else had success with this?
I realized that I would also like to manage guest users (i.e. users that do not login/register) in a similar way to stackoverflow..so any suggestions that have this functionality would be great
This typically involves a simple username and password check. Thus, a user who is logged in is an authenticated user. Authorization, often called access control, is how you guard access to protected resources and determine whether a user is authorized to access a particular resource.
User authentication is very common in modern web application. It is a security mechanism that is used to restrict unauthorized access to member-only areas and tools on a site. In this tutorial we'll create a simple registration and login system using the PHP and MySQL.
I use Zend_Auth. But I work with Zend Framework in general. To what I've heard it integrates well with CI. With Zend_Auth I use a Db_Table Adapter and SHA1 with a global salt. That's enough for many purposes I think.
I've found dx_auth to be quite good in Codeigniter, and have used it before. It is certainly the most full featured authentication library for Codeigniter.
There were a few things i needed to do to change it, so I extended their User class with a few functions for my purposes (some of their functions don't do exactly what you might expect..). Here is a segment of some of the customizations I made:
$CI = &get_instance();
$CI->load->model("dx_auth/users");
/**
* For most things, try and use the dx_auth models,
* because it's already done, and some stuff is more
* annoying to figure out than might be expected.
*
* For anything site-specific, use this model instead.
*
*/
class UserModel extends Users {
/**
* Sometimes when dx_auth sucks, you have to compensate
* functions that return useful results.
*
* @param int $id id of user to check if banned
* @return int $banned returns the result (0 or 1)
*/
public function is_banned($id) {
$query = "SELECT banned FROM users WHERE id=".(int)$id;
$result=$this->db->query($query);
$row = $result->row_array();
return $row['banned'];
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With