I’m a little confused, so here’s a quick question: to use this, each controller needs its own entry in the db table with appropriate permissions? So this is a benefit in the fact that you don’t have to write the code to check for login in each controller method, but a disadvantage in the fact that you have to manually do the adding to the db table (which can get tedious on large applications)?

Or do I have it all wrong?

Just an update, CL Auth Beta v0.2 is on the way with some new enhancements and documentation.

Here is a changelog of whats to come:

CL Auth Beta v0.2 Changelog
10/06/2008

Changes
* Added: last_page that the user visits into CI_Sessions
* Added: made a standard getUserID() function in CL_Auth
* Changed: isGroup() function in CL_Auth now allows an array of groups ID’s “array(1,2,3);”
* Fixed: logout() now clears userdata before the next page loads (userdata was still visible on the logout page when it was displayed).
* Fixed: If user trys to login on the logout page, instead of being redirected to the logout page (dumb) they are redirected the websites index by default.
* Fixed: denyAccess() now allows the use of group “0”.

Bugs
* isAdmin() only works if check() has been called on the page. I am looking into a fix.

Security
* Fixed: If group_id is changed in the database, it does not affect session group_id. Now group_id & username are loaded directly from the users database record to ensure reliable information.

Also new to CL Auth BETA v0.2 will have more example on how to implement the login box to your pages, how to add new fields to user_profile and how to do login checks properly.

I am also considering adding a Manage Users panel to the next release v0.3 before finally going gold.

If anyone has a chance to review v0.2 when it comes out, I’d be grateful for any suggestions made before the next release v0.3

Cool, can’t wait Do you have an ETA yet?

A manage users panel would be great indeed. Perhaps an access control panel as well.

Maxximus - 13 June 2008 08:17 AM

Cool, can’t wait Do you have an ETA yet?

A manage users panel would be great indeed. Perhaps an access control panel as well.

I plan to release v0.2 this weekend with files that allow you to upgrade from v0.1 to v0.2 (mainly database alterations). Good news is that CL Auth still manages to keep a low mysql query count by with 3-4 queries per page request, compared to FreakAuth’s 7 mysql queries.

The reason for the increase in queries is because CL Auth now includes tracks. It trackes user activity and the last page they visited within the session. I am thinking about allowing you to turn this feature “off” if you don’t need this info so it decreases the number of it back to 1-2 mysql queries.

I’ve been developing a forum for my site using the CL Auth platform so it’s been a good test for me to understand it a bit better.

Once the documentation is finished, I will release it this weekend.

A “Manage Access” panel for v0.3 sounds a good idea. I’ll let you know how that goes

Hey there FlashUK, this is a great contribution. Thanks! Looking forward to v0.2 and then to v0.3. In the meantime, I was wondering if you have a tip on where to look for adding custom fields?

I see the users.php createProfile function, that it is creating the blank profile data, that I would modify register_form to add the new fields, and new validation as necessary. But from there I am not sure if you have already built in a way to add the extra form field data to the profile, or would we do that manually somehow?

[edit]
So far I am trying to do it manually by doing the validation, etc., in a controller, and if it passes, calling

I also added a simple setProfile to the cl_auth/users.php model:

and then immediately afterwards calling register. If register() passes, I can set $data to my remaining custom field data and do a

to update the profile row just created by the register function. This is already pretty clean and readily customizable. And v0.2 improves on this process?  :-)  Oh, I am doing this in a controller and not a separate view because requirements changed and now it’s being called from Flash. I really like how this is working so far.

Very good stuff! And again many thanks for contributing it.

[edit 2]
I just realized that I was missing the validation checks username_check and email_check! So now the validation strings match and I use a check() function in my controller which calls and returns the value of $this->cl_auth->check(). I think I assumed those checks would be in the register function so that the form could be managed separately from the registration function but this works now. And with the way I am doing it (almost certainly not the best way!) I had to do an update instead of an insert on the “setProfile” code since the profile is initially set when creating the user.

All in all, it’s a clean light code base that makes sense and is good to work with. I can’t compare it much to the other auth modules because for reasons beyond me, my MAMP setup did not allow many of the Session modules to work (very strange and I didn’t have time to dig in to them), so some of the other auth modules couldn’t work, and CL_Auth worked straight away with the least fuss up front to just get it running.

Michael

I’m still trying to get a grasp on the URI method of authentication.

You say to be careful when using just “/” because it “gives global access to view any controllers that require any authentication.” What does that mean exactly? Does that mean that any controllers or methods that aren’t specified in the database will automatically get the setting for the “/”? Sorry for my ignorance!

MCrittenden - 23 June 2008 07:44 PM

I’m still trying to get a grasp on the URI method of authentication.

You say to be careful when using just “/” because it “gives global access to view any controllers that require any authentication.” What does that mean exactly? Does that mean that any controllers or methods that aren’t specified in the database will automatically get the setting for the “/”? Sorry for my ignorance!

No problem, I will clarify. The table is used for storing “URI Access” only. Say if I created a new controller “/buy_history” and hadn’t given group 0 a new entry with “/buy_history” in the URI Access table, then all registered users wouldn’t be able to see this page. However, if I have put “/” for group 0 in the URI Access table, then it would automatically grant them access to any new controllers that are created like “/buy_history”. You could also this method for Search engines (there is no search engine criteria or functions atm).
BE CAREFUL though. Say you have the controller “/admin”, if the value “/” is present for group 0 (registered users) that would grant them “Access” to view the “/admin” area.
Thats why it is better to create database entries at the controller level only, but you can also create db entries for controllers+action for greater control. e.g. “/news/comment” while still protecting other actions like “/news/edit” & “/news/delete”.

Remember, the table is used to define “Access” ONLY. You must use $this->cl_auth->isValidUser(), $this->cl_auth->isAdmin(), $this->cl_auth->getUserID() or $this->cl_auth->isGroup() to protect sections in your view files.

Also in reply to your previous question:

So this is a benefit in the fact that you don’t have to write the code to check for login in each controller method, but a disadvantage in the fact that you have to manually do the adding to the db table (which can get tedious on large applications)? ...

Think about how large your project could be. The beauty of CI is that is puts all your lovely pages into just a bunch controllers. Say if we had a E-Commerce made with CI, it would maybe only amount to 10 controllers. Now if we also had 3 types of users (0: User, 1:Admin, 2:Moderator) and we use “/” access for group 1 (Admin). Do 10 x 2 (controllers x groups) = 20. Now add 20 + 1 you get 21 db entries.

However, this number could be higher if you use the controller+action method for every single group.
The beauty is that you can quickly add or substract new groups to your system with db entries, rather than sifting through mountains of code changing each section that requires a group number + reduces the risk of coding errors if you miss something. So it saves you time, security and effort.

@michealangelo2008: Hi and thanks, I’m glad you like it You make some very good points there. I had totally forgotten to add “update” functions for the User table and for the Profile table! Using “setProfile()” to enter any extra details from the register form is a great idea!

In your [edit2], I understand what you mean. If you’re not using the cl_validation method it makes it hard to check the email or username registration. I shall add new functions which you can call in your controller for this purpose. There is functions in the models that could aid you.
Thank you for your code contribution, I shall be adding this in v0.2.

Update: I am currently writing the documentation this week and should be releasing v0.2. Also I will be adding a “Terms & Condition” field to the registration page because it is a legal requirement for the Data Protection Act. It is better to add it now rather than later. Will update again soon…

Thanks for the really nice explanation. I’m finally starting to grasp it . Still a couple questions, though.

1. So what is the is_admin section for in the URI table?

2. So when you set a something like:

are you saying that anyone AT OR ABOVE the level of a registered user can access /home/news, or just registered users (in which case you’d also have to specify that mods and admin can also access it)?

3. And if you have something like:

Does that mean that a non-registered user couldn’t access any of the site, since the global setting is admin, and you can only override it with Mods and Registered Users?

I guess my main question is, does your lib default that NO ONE can access anything, and you override that by saying “this group can access that page”? Or does it default to saying that everyone can access everything and you restrict things from there? You said:

Say if I created a new controller “/buy_history” and hadn’t given group 0 a new entry with “/buy_history” in the URI Access table, then all registered users wouldn’t be able to see this page.

which seems to mean that no one can access anything unless specified, but maybe you were talking about a case in which “/” was set to admin only or something.

I guess I don’t understand as well as I thought I did . But your idea is really intriguing to me and I’m dying to wrap my head around it and get it going for a project I’m working on. Thanks so much for your time and effort on this.

I’m finding it hard trying to explain it in a simple way XD

By default NO ONE is allowed access to anything until a record is present in the URI table.

The is_admin affects the function $this->cl_auth->isAdmin(). This is only “true” when set to 1. Example:

This is only true when (x represents group id)

are present in the URI table.

So if you an unregistered visitor who looks at a page protected by $this->cl_auth->check(). They can only see this page if:
1) They are logged in
2) A record matches their usergroup in the URI table

If the “is_admin” field is set to true, they get extra privileges which you can toggle with $this->cl_auth->isAdmin(). In this case, on the news item, you would allow admins to see a link going to the delete() function.

I hope that clears things up :o

Brilliant! Such a great feeling when it all comes together . Thanks for the info. I’ll be sure and give you a testimonial when I finish up.