-
Notifications
You must be signed in to change notification settings - Fork 26
SEAuth Session Extension for Authorization
Hey everybody. This my my first bit of code to share, so please go easy on me ;) I was looking for something REALLY simple to do user validation / authorization. I didn't see it. So I made an extension to the Session class.
It works like this: [code]$this->session->login($username,$password); $this->session->logout(); $this->session->auth($privilege_type_needed);[/code]
[b]Login[/b] checks the user name and password, then loads the privileges in to the cookie.
[b]Logout[/b] removes all privileges
[b]Auth[/b] checks to see if the user has that privilege.
It has a config file called auth.php that needs the following: [quote][b]$user_table[/b] - The name of the database table to use for user lookup.
[b]$user_name[/b] - This is the record where the user name is stored.
[b]$password[/b] - This is the record where the user password is stored.
[b]$session_auth[/b] - This is the variable saved in the cookie that validates the user is logged in.
[b]$privilege[/b] - This is an array of boolean records to indicate if the user has permission to access various types of content.[/quote]
Here is a [b]SUPER[/b] simple login page: [code] function login(){ $data = array(); $data['user'] = $this->input->post('user'); $data['password'] = $this->input->post('password');
if ($data['user']) {
$secure = $this->session->login($data['user'],$data['password']);
if ($secure) {redirect('/authclients/admin');}
else {show_error('Bad User Name or Password');}
} else {$this->load->view('view_login');}
}
[/code]
Here is a [b]SUPER[/b] simple logout page: [code] function logout(){ $this->session->logout(); echo "logged out"; } [/code]
Here is a [b]SUPER[/b] simple admin page (with session authorization): [code] function admin(){ $user_is_admin = $this->session->auth('user_admin'); if ($user_is_admin) { $this->load->view('view_admin'); } else { show_error('Permission Denied'); } } [/code]
I threw together the program quickly over the past two hours or so and tested it. It works great so far. I like it because it doesn't add too much extra code. Just make sure the session library is loaded and you're done. I didn't feel it was significant enough to need another library (though it could be made in to one in minutes).
[code] Install instructions:
-
Install auth.php in to the /application/configs directory
-
Install MY_Session.php in to the /application/librariess directory
-
Update the config.php according to the directions in the auth.php
-
Setup the session database [/code]
[b][u]/application/config/auth.php[/u][/b] [code] <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
| /* |
|---|
| SEAuth - Session Extension for Authorization |
| ------------------------------------------------------------------- |
| This is intended as a simple way to integrate session authorization |
| in to any CodeIgniter application. |
| $this->session->login($username,$password); |
| $this->session->logout(); |
| $this->session->auth($privilege_type_needed); |
| ------------------------------------------------------------------- |
| Created by Paul R. Dillinger of CR Solutions Group S.A. |
| http://www.crsolutionsgroup.com/ |
| ------------------------------------------------------------------- |
| EXPLANATION OF VARIABLES |
| ------------------------------------------------------------------- |
| | $user_table The name of the database table to use for user lookup. | | $session_auth This is the variable saved in the cookie that | validates the user is logged in. | | $user_name This is the record where the user name is stored. | | $password This is the record where the user password is stored. | | $privilege This is an array of boolean records to indicate if the | user has permission to access this content. */
$user_table = "auth"; $session_auth = "logged_in"; $user_name = "username"; $password = "password"; $privilege = array('user_admin', 'user_member');
| /* |
|---|
| !!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
| ------------------------------------------------------------------- |
| Changes MUST be made to the application/config/config.php file |
| ------------------------------------------------------------------- |
| THE APPLICATION REQUIRES THE SESSION DATABASE AND ENCRYPTION |
| SEE THE USER GUIDE FOR MORE INFORMATION |
| http://codeigniter.com/user_guide/libraries/sessions.html |
| ------------------------------------------------------------------- |
| |-------------------------------------------------------------------------- | Encryption Key |-------------------------------------------------------------------------- | $config['encryption_key'] = ""; | | This needs a 32 digit mix of random letters and numbers for example: | 1q2W3e4R5t6Y7u8I9o0PZaXsCdVfBgNh | Do not use the one above, just make a new on. | |-------------------------------------------------------------------------- | Session Variables |-------------------------------------------------------------------------- | $config['sess_encrypt_cookie'] = TRUE; | $config['sess_use_database'] = TRUE; | $config['sess_table_name'] = 'ci_sessions'; | | ------------------------------------------------------------------- | MySQL Example for ci_sessions table below: | ------------------------------------------------------------------- |
CREATE TABLE IF NOT EXISTS ci_sessions (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
PRIMARY KEY (session_id)
);
CREATE TABLE IF NOT EXISTS auth (
id int(10) NOT NULL auto_increment,
username varchar(100) NOT NULL,
password varchar(100) NOT NULL,
user_admin bool NOT NULL default '0',
user_member bool NOT NULL default '0',
PRIMARY KEY (id)
);
| */
/* End of file auth.php / / Location: ./system/application/config/auth.php */ [/code]
[b][u]/application/libraries/My_Session.php[/u][/b] [code] <?php
| /* |
|---|
| SEAuth - Session Extension for Authorization |
| ------------------------------------------------------------------- |
| This is intended as a simple way to integrate session authorization |
| in to any CodeIgniter application. |
| $this->session->login($username,$password); |
| $this->session->logout(); |
| $this->session->auth($privilege_type_needed); |
| ------------------------------------------------------------------- |
| Created by Paul R. Dillinger of CR Solutions Group S.A. |
| http://www.crsolutionsgroup.com/ |
| ------------------------------------------------------------------- |
| */ |
| class MY_Session extends CI_Session { |
function MY_Session()
{
parent::CI_Session();
}
///////////////////////////////////////////////////////////////////////////////
// Validates username and password info then begins the session //
///////////////////////////////////////////////////////////////////////////////
function login($user,$pass)
{
if ($this->CI->config->item('sess_encrypt_cookie') == TRUE AND $this->CI->config->item('sess_use_database') == TRUE AND $this->CI->config->item('sess_table_name') != '')
{
include(APPPATH.'config/auth'.EXT);
// Call User Database $user_table
$this->CI->load->database();
$this->CI->db->where($user_name, $user);
$this->CI->db->where($password, $pass);
$query = $this->CI->db->get($user_table);
if ($query->num_rows() == 1) {
foreach ($query->result_array() as $row)
{
$userdata = array();
$userdata[$session_auth] = TRUE;
foreach ($privilege as $permission)
{
echo $permission.": ".$row[$permission]."
";
$userdata[$permission] = $row[$permission];
}
$this->set_userdata($userdata);
return true;
}
}
else
{
return false;
}
}
else
{
show_error('ENCRYPTION AND DATABASE MUST BE ENABLED - PLEASE READ /APPLICATION/CONFIG/AUTH.PHP');
return false;
}
}
///////////////////////////////////////////////////////////////////////////////
// Removes the session authorization and user name from the client //
///////////////////////////////////////////////////////////////////////////////
function logout()
{
include(APPPATH.'config/auth'.EXT);
$this->unset_userdata($session_auth);
foreach ($privilege as $remove_permission)
{
$this->unset_userdata($remove_permission);
}
}
///////////////////////////////////////////////////////////////////////////////
// Checks to see if the user is logged in and if they have access to the area//
///////////////////////////////////////////////////////////////////////////////
function auth($access)
{
if ($this->CI->config->item('sess_encrypt_cookie') == TRUE AND $this->CI->config->item('sess_use_database') == TRUE AND $this->CI->config->item('sess_table_name') != '')
{
include(APPPATH.'config/auth'.EXT);
$authorized = $this->userdata($session_auth);
if ($authorized) {
if ($this->userdata($access) == TRUE) {
return TRUE;
}
else {
return FALSE;
}
}
}
else
{
show_error('ENCRYPTION AND DATABASE MUST BE ENABLED - PLEASE READ /APPLICATION/CONFIG/AUTH.PHP');
return FALSE;
}
}
///////////////////////////////////////////////////////////////////////////////
}
[/code]
Enjoy!