Kyle Noland

Dallas Website Design and Development

  • About Me
  • Blog
  • Portfolio
  • Code
  • Contact

A Comprehensive Guide to Securing CodeIgniter 2.x With Ben Edmunds Ion Auth

November 29, 2012 by Kyle Noland 34 Comments

Computer Password Security

Ben Edmunds Ion Auth library for CodeIgniter is awesome. It is full featured and secure, but in my opinion the documentation is lacking in providing a real-world tutorial on how to effectively use it to provide a secure, protected area of your website which requires a successful login to access. This post will ignore the fact that to truly have a secure login system for your CodeIgniter website, you should be securing your web server with an SSL Certificate.

I prefer to keep my CodeIgniter controllers DRY. To do so, we will borrow some code from Phil Sturgeon so that we can create a hierarchy of controller inheritance, e.g. Secure_Controller extends MY_Controller, which in turn extends CI_Controller.

Step 1: Install Ion Auth

Install and configure Ion Auth according to the instructions.

Step 2: Modify your config.php file

Add the following code to the end of your config.php file, typically located at /application/config/config.php. Basically, this code tells CodeIgniter if the controller we are trying to load does not begin with CI_, we should look for and load the file from the /application/core directory.

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/*
| -------------------------------------------------------------------
|  Native Auto-load
| -------------------------------------------------------------------
|
| Nothing to do with cnfig/autoload.php, this allows PHP autoload to work
| for base controllers and some third-party libraries.
|
*/
 
function __autoload($class)
{
  if(strpos($class, 'CI_') !== 0)
  {
    @include_once( APPPATH . 'core/'. $class . EXT );
  }
}

Step 3: Create your hierarchy of controllers

I prefer to use MY_Controller to add global functions to all of my controllers. For instance, I typically add an is_post() function to MY_Controller to keep the business logic in the rest of my controllers concise. We will additionally create a Secure_Controller class. Effectively this means that any controller in your application that extends Secure_Controller will require a valid login.

PHP
1
2
3
4
5
6
7
class MY_Controller extends CI_Controller
{
  public function is_post()
  {
    return $_SERVER['REQUEST_METHOD'] == 'POST' ? TRUE : FALSE;
  }
}

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
class Secure_Controller extends MY_Controller
{
  function __construct()
  {
    parent::__construct();
 
    //
    // Require members to be logged in. If not logged in, redirect to the Ion Auth login page.
    //
    if( ! $this->ion_auth->logged_in())
    {
      redirect(base_url() . 'auth/login');
    }
}

Conclusion

So what does this Secure_Controller do? Any controller that extends Secure_Controller will invoke Secure_Controller’s constructor. The constructor checks with the Ion Auth library to see if a session variable exists for the current user, indicating a successful login. If that session variable does exist, your controller which extends Secure_Controller continues execution. If that session variable does not exist, the Secure_Controller will redirect the user to the Ion Auth login page.

That’s it. Pretty simple, right? If you have questions, leave a comment and I’ll help you out. Special thanks to Ben Edmunds and Phil Sturgeon for creating some cool, reusable CodeIgniter code.

Stay tuned for my next post on how to integrate Ion Auth with WanWizard’s DataMapper ORM.

Filed Under: Blog Tagged With: codeigniter, DataMapper ORM, IonAuth, Login, php, Security, SSL

Education

I graduated with honors from the University of North Texas with a B.S. in Computer Science in 2008 where I concentrated on software development with a heavy focus on algorithms and database design.

Recent Posts

  • Laravel Repository Pattern: A Full Base Repository Example for Laravel 4
  • Pond, Robinson & Associates
  • Christ’s Family Clinic
  • One Irving
  • What Version of Laravel 4 do I have Installed?

Tags

Authorize.net CI CMS codeigniter CSS CSS3 DataMapper DataMapper ORM Divi Donation Flash Franklin Street Properties Holt Lunsford Commercial htaccess HTML HTML5 HTTPS indextank information technology IonAuth Ion Auth jquery laravel-4 Login LoopNet MailChimp microsoft exchange 2007 MySQL nosql OOP Payment Gateway Photoshop php Quiltcraft Industries responsive routing search Security SEO Sparks SSL ssl certificate Twitter Bootstrap CSS url wordpress
  • Home
  • Portfolio
  • Code
  • Blog
  • About Me

Copyright © 2023 · Modern Portfolio Pro Theme on Genesis Framework · WordPress · Log in