Ben Edmunds Ion Auth library for CodeIgniter is awesome. It is full featured and secure, but in my opinion the documentation is lacking in providing a real-world tutorial on how to effectively use it to provide a secure, protected area of your website which requires a successful login to access. This post will ignore the fact that to truly have a secure login system for your CodeIgniter website, you should be securing your web server with an SSL Certificate.
I prefer to keep my CodeIgniter controllers DRY. To do so, we will borrow some code from Phil Sturgeon so that we can create a hierarchy of controller inheritance, e.g. Secure_Controller extends MY_Controller, which in turn extends CI_Controller.
Step 1: Install Ion Auth
Install and configure Ion Auth according to the instructions.
Step 2: Modify your config.php file
Add the following code to the end of your config.php file, typically located at /application/config/config.php. Basically, this code tells CodeIgniter if the controller we are trying to load does not begin with CI_, we should look for and load the file from the /application/core directory.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
/* | ------------------------------------------------------------------- | Native Auto-load | ------------------------------------------------------------------- | | Nothing to do with cnfig/autoload.php, this allows PHP autoload to work | for base controllers and some third-party libraries. | */ function __autoload($class) { if(strpos($class, 'CI_') !== 0) { @include_once( APPPATH . 'core/'. $class . EXT ); } } |
Step 3: Create your hierarchy of controllers
I prefer to use MY_Controller to add global functions to all of my controllers. For instance, I typically add an is_post() function to MY_Controller to keep the business logic in the rest of my controllers concise. We will additionally create a Secure_Controller class. Effectively this means that any controller in your application that extends Secure_Controller will require a valid login.
1 2 3 4 5 6 7 |
class MY_Controller extends CI_Controller { public function is_post() { return $_SERVER['REQUEST_METHOD'] == 'POST' ? TRUE : FALSE; } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
class Secure_Controller extends MY_Controller { function __construct() { parent::__construct(); // // Require members to be logged in. If not logged in, redirect to the Ion Auth login page. // if( ! $this->ion_auth->logged_in()) { redirect(base_url() . 'auth/login'); } } |
Conclusion
So what does this Secure_Controller do? Any controller that extends Secure_Controller will invoke Secure_Controller’s constructor. The constructor checks with the Ion Auth library to see if a session variable exists for the current user, indicating a successful login. If that session variable does exist, your controller which extends Secure_Controller continues execution. If that session variable does not exist, the Secure_Controller will redirect the user to the Ion Auth login page.
That’s it. Pretty simple, right? If you have questions, leave a comment and I’ll help you out. Special thanks to Ben Edmunds and Phil Sturgeon for creating some cool, reusable CodeIgniter code.
Stay tuned for my next post on how to integrate Ion Auth with WanWizard’s DataMapper ORM.
Hi!
Thanks for a brief tutorial/info about a logical way to secure different parts of the site with ionAuth.
I AM looking forward to the next post on Datamapper with ionAuth as i am doing the same thing soon !
When is the next post coming mate?
Sorry guys, I don’t think I’m going to get around to the next article. I’ve moved on to developing in Laravel, as CodeIgniter is a dying framework. Keep using it if you need to maintain a legacy application, but I wouldn’t start any new projects in CodeIgniter.
Hi Kyle,
I’ve follow your tutorial, but i get only blank page.
Is there something wrong?
Thx for the answer.
Bro dont waste your time with this, i’ve given this crap 2 days of my life.. i’m going to try and build my own, i suggest you try and do the same… best of luck
What kind of problem are you having?
The most common cause of the “white screen of death” in CodeIgniter is extra whitespace in one of your source files, or a fatal programming error that wasn’t caught. Put some
< ?php echo "Break point 1"; exit; ?>
lines in your source until you narrow down the point at which your app fails.I have the same problem with the black page.
I’ve changed Secure_Controller for CI_Controller and i looked at the “Break point” lines…
That´silly but’s the tip of the iceberg…
i’ll keep looking.
Well, using the “silly break point” method you should now have a pretty good guess as to which part of your code is crashing. If you want to paste the code between the last “break point” that worked and the next one that didn’t I’ll try to help you debug.
Double check for missing semicolons, braces, etc.
Oh, Kely, I didnt mean that “break point” was silly… “the change i made” was the silly part/thing.
I continued looking at the code, and i looked for an error… it says this:
A PHP Error was encountered
Severity: Notice
Message: Undefined property: App_main::$ion_auth
Filename: core/Secure_Controller.php
Line Number: 14
Fatal error: Call to a member function logged_in() on a non-object in C:\xampp\htdocs\final\application\core\Secure_Controller.php on line 14
—————-
controller/app_main.php:
load->view(‘header’);
$this->load->view(‘message’);
echo “Break point 2″; exit;
$this->load->view(‘footer’);
}
}
?>
——————
core/Secure_Controller.php:
ion_auth->logged_in())
{
redirect(base_url() . ‘auth/login’);
}
}
}
?>
I think you’re missing the keyword this. Unless you’ve assigned the the Ion Auth library to the $ion_auth variable in your controller, you should always refer to it as $this->ion_auth
Sorry, when i said “Kely” i mean: Kyle.
Best regards!
Pablo
Kyle: some piece of code disappeared when i pasted in the reply text box….
It’s working fine!!!
solution:
Add to config/autoload.php
$autoload[‘libraries’] = array(‘Ion_auth’);
Glad you got it working!
“Stay tuned for my next post on how to integrate Ion Auth with WanWizard’s DataMapper ORM.”
so this tutorial already available? I really need to learn how to use both
Sorry, I don’t think I’m going to get around to the next article. I’ve moved on to developing in Laravel, as CodeIgniter is a dying framework. Keep using it if you need to maintain a legacy application, but I wouldn’t start any new projects in CodeIgniter.
finally something that actually works out of the box and explains why.
it’s always in the last place you look!
When will next post on “how to integrate Ion Auth with WanWizard’s DataMapper ORM” come?
Sorry, I don’t think I’m going to get around to the next article. I’ve moved on to developing in Laravel, as CodeIgniter is a dying framework. Keep using it if you need to maintain a legacy application, but I wouldn’t start any new projects in CodeIgniter.
Hello,
I’m new to a lot of this stuff, but do have a programming background. I’ve setup Ion Auth as per all the installation instructions, but I get this error:
Fatal error: Call to undefined function lang() in /application/views/auth/login.php on line 1
Any ideas as to what I’m doing wrong or missed?
Many thanks in advance!
NB.
Well I got this working but the issue I run into now is that when I use the auth controller and extend the Secure_controller then try to go to the login page it redirect breaks since theres no check to see if its on the login page.
Just curious if you had a fix for this? Could add some simple checks on the url to ignore on certain pages.
Only pages that require a successful login to be viewed should extend Secure_Controller, so in your case, the Auth controller would not extend Secure_Controller.
I usually build a Public_Controller that all of my public facing controllers extend, and a Secure_Controller that all my pages requiring a login extend.
You could add checked to the Secure_Controller to ignore certain urls, but its much easier to simply not allow your Auth and other public facing controllers to extend Secure_Controller in the first place.
Thanks a ton for utilizing some time to write “Best CodeIgniter Ion Auth Tutorial | Kyle Noland |
Dallas Website Design and Development”. Thank you yet again ,Patricia
Hi Kyle,
I am new to Ion-auth
I applied it to my project, But one thing I am not getting
That is after logging out also the back button of browser will be active,
If I press that previous page will be displayed.
I have to make my application stronger. It should not redirect to previous page.
How to do it?
Thanks and Regards,
Girish
This is simply how browsers and the internet work. You are able to use the Back button because the previous page you were on was cached by your browser. If you use the back button, then try to use one of the links on the page access some other secure area of your app, if you’ve implemented this login system I’ve written about correctly, you will be redirected back to the login page because you are no longer authenticated.
you dont seem to actually load the ion_Auth library anywhere ?
$this->load->library(‘ion_auth’);
and also how do i redirect my logged in user anywhere ?
The Ion Auth library is autoloaded. You can manually load your library if you want, but for a library that will be called on ever page load to determine if the user is logged in, I prefer to autoload and save a couple lines of code.
In this example, redirection is handled by the constructor in the Secure_Controller. You can redirect your users anywhere they need to go, but you’ll probably want to do that right after the check for authentication happens.
I’m curious as to why Step 2 is required? Is it possible to elaborate on that?
Thanks.
It is isn’t strictly required, but I prefer to autoload libraries that end up being used on nearly every page load. It saves a little repetitive code in my Controller classes.
When’s the post on datamapper + ion_auth + CI coming? Anytime soon?
how comes you don’t need to do parent::__construct in the is_post() function, sorry new to this.
Because parent::construct() calls should only be made in constructors, not methods.