CL Auth BETA v0.2.5

Newest Release: 17/08/2008

« Hide Menu

CL Auth Library

CL Auth really comes as a single library, making it easy to call auth functions anywhere in your project.

$this->cl_auth->check();

This function is your bread & butter for CL Auth. Many checks are done like Group URI permissions and valid user checks.

You can call check() in the controller constructor to protect the whole controller:

class Home extends Controller {

	function Home()
	{
		parent::Controller();

		$this->cl_auth->check();
	}
}

Or use it within an action

...

function changepassword()
{
	$this->cl_auth->check();
	
	...
}

If you have called check() within your controller constructor, there is no need to call it again in the action.

To get access to an area where check() is used, a Group URI record must exist in the database.
Examples and an explantion can be found in the URI System section.

$this->cl_auth->denyAccess();

Calling this function anywhere within your controller or views will automatically show the user a forbidden page. View can be customised in the cl_auth config file.

...

function index()
{
	if ( !this->cl_auth->isValidUser() )
	{
		$this->cl_auth->denyAccess();
	}
}

$this->cl_auth->isAdmin();

You can display important information, or protect dangerous functions with the isAdmin() function.

...
if ( $this->cl_auth->isAdmin() )
{
	// Show Users IP
	
	// Allow admin to Delete post
	
	// etc...
}

isAdmin() is only true when a user has is_admin set to 1 in their Group URI record.

$this->cl_auth->isValidUser();

This is true when a user is logged in. Admins are also treated as logged in.

...
if ( $this->cl_auth->isValidUser() )
{
	echo "Hi ".$this->cl_auth->getUsername();
}
else
{
	// Display login link
	echo anchor('auth/login', 'Login');
}

$this->cl_auth->isBanned();

Checks if current user is Banned. You won't need to use this function very often, as Banned users are checked in the check() function.

$this->cl_auth->isBanned(); // User is redirected to the "deny" page. Nothing is excuted below this line

This function will also logout() the user and clear any sessions they have. The user will also not be able to login again until the ban is removed.

$this->cl_auth->isGroup( array() );

Most of the time your pages will be controlled by the Group URI. However, you may need to identify a particular group.

You might want to give access to particular function to paid members, like subscribers.

if ( $this->cl_auth->isGroup(4) )
{
	// Group 4: Subscribers
	
	// Now have access to this function...
}

If you want to define multiple groups, you can use an array like this

if ( $this->cl_auth->isGroup( array(1, 2, 4) ) )
{
	// Group 1: Admins
	
	// Group 2: Moderators
	
	// Group 4: Subscribers
}

Remember, you don't need to define groups in your code if they already have an existing Group URI record.

$this->cl_auth->getUserID();

This will output the current users user_id from the session table.

This function was not introduced until v0.2.

// Output Users ID
echo $this->cl_auth->getUserID();

$this->cl_auth->getUsername();

Similar to getUserID() but will output the current users Username.

echo $this->cl_auth->getUsername();

$this->cl_auth->login_form();

You can use this function generates a login form that uses the login() function. The purpose of this function was to allow you to control the login process with 1 line of code.

You can change the appearance of the form by altering the view file view/auth/login_form.php.

A reference to this view can also be found in the CL Auth config file.

...

function index()
{
	$this->cl_auth->login_form(); // Output form and handle login requests
}

This function won't suit everyone, but it's there to help you get a quick start. See the login() function about creating your own.

$this->cl_auth->login( $login, $password, $remember = 'false', $captcha = '', &$validation );

Below is an example of a controller with an action called "login".

...

// Controller Action
function login()
{
	$this->load->library('validation');
	$val = $this->validation;

	$rules['username']	= "trim|required|xss_clean";
	$rules['password']	= "trim|required|xss_clean";
	$rules['captcha_code']	= "trim|xss_clean";

	$val->set_rules($rules);

	$fields['username']	= 'Username';
	$fields['password']	= 'Password';
	$fields['remember']	= 'Remember';
	$fields['captcha_code']	= 'Confirmation Code';

	$val->set_fields($fields);

	if ($val->run() === TRUE AND $this->cl_auth->login($val->username, $val->password, $val->remember, $val->captcha_code, $val))
	{
		// Success
	}
	else
	{
		// Failed: Return login form
		$this->load->view('login_form');
	}
}

You can find a more complete example on the Examples page. You can use this function with just username and password.

$this->cl_auth->login($username, $password);

$this->cl_auth->register_form();

Similar to login_form(), this function generates a register form for you.

You can customise the form by altering view/auth/register_form.php. This function works in conjunction with register().

$this->cl_auth->register_form();

$this->cl_auth->register( $val, $captcha_code = '' );

Create a new user account with this function. New users are automatically given the group_id 0 for registered users.

$this->obj->load->library('validation');
$this->obj->load->library('CL_Validation');
$val = $this->cl_validation;

$rules['username'] = "trim|required|xss_clean|min_length[5]|max_length[25]|username_check|username_start|alpha_dash";
$rules['password'] = "trim|required|xss_clean|min_length[6]|matches[password_confirm]";
$rules['password_confirm'] = 'trim|required|xss_clean';
$rules['email'] = 'trim|required|xss_clean|valid_email|email_check';
$rules['captcha_code'] = 'trim|xss_clean';

$val->set_rules($rules);

$fields['username']	= 'Username';
$fields['password']	= 'Password';
$fields['password_confirm'] = 'Confirm Password';
$fields['email'] = 'Email';
$fields['captcha_code'] = 'Captcha Code';

$val->set_fields($fields);

if ( $val->run() === TRUE AND $this->cl_auth->register($val, $val->captcha_code) )
{
	// Success
}
else
{
	$this->load->view('register_form');
}

A better example can be found on the Examples page.

$this->cl_auth->forgotten_pass( $login, $val, $field );

This function allows you to submit a new password to the user via email.

You can use either a username or email address for the $login value. Pass your validation class into $val and enter the name of the form field into $field.

$this->load->library('validation');
$val = $this->validation;

$rules['forgotten_pass'] = "trim|required|xss_clean";
$val->set_rules($rules);

$fields['forgotten_pass'] = 'Forgotten Password';
$val->set_fields($fields);

if ( $val->run() === TRUE AND $this->cl_auth->($val->forgotten_pass, $val, 'forgotten_pass') )
{
	// Success
}

$this->cl_auth->reset_pass( $user_id, $key );

By default, you pass the reset key as a URI but if that fails you can display a form instead. This method seems to be very clunky and likely to be changed in the near future.

$user_id = $this->uri->segment(3);
$key = $this->uri->segment(4);

if ( !$this->cl_auth->reset_pass($user_id, $key) )
{
	$val = $this->validation;

	$rules['username'] = "trim|required|xss_clean";
	$rules['key'] = "trim|required|xss_clean";

	$val->set_rules($rules);

	$fields['username'] = 'User Id';
	$fields['key'] = 'Key';

	$val->set_fields($fields);

	if ( $val->run() AND $this->cl_auth->reset_pass($val->username, $val->key) ) // Reset Function
	{
		$this->load->view($this->config->item('CL_reset_success'));
	}
	else
	{
		$this->load->view($this->config->item('CL_reset_page'));
	}
}
else
{
	$this->load->view($this->config->item('CL_reset_success'));
}

$this->cl_auth->logout();

This will automatically logout any user that is currently logged in. It will clear their cookies and will render their DB Session to user_id 0 for extra protection.

$this->cl_auth->logout();

$this->cl_auth->activate();

If you are using email_verification on newely registered users then you will need this function. This function moves the user from the temporary table of users to the live user table.

Users who do not activate their account within 24 hours, their registration will expire and will be automatically removed. You can adjust the time required to activate by changing the CL_temp_expire setting in your CL Auth config.

Activate automatically grabs the 3rd and 4th URI Segment of your URI to pass into the function. This is mostly likely to change.

// Example URL: http://your-site/auth/activate/user_name/1234567890

$this->cl_auth->activate();

$this->cl_auth->change_password( $old_pass, $new_pass, $val );

// Protect this function
$this->cl_auth->check();

$val = $this->validation;

$rules['old_pass'] = "trim|required|xss_clean";
$rules['new_pass'] = "trim|required|matches[confirm_pass]|xss_clean";
$rules['confirm_pass'] = "trim|required|xss_clean";

$val->set_rules($rules);

$fields['old_pass'] = 'Old Password';
$fields['new_pass'] = 'New Password';
$fields['confirm_pass'] = ' Confirm New Password';

$val->set_fields($fields);

if ( $val->run() AND $this->cl_auth->change_password($val->old_pass, $val->new_pass, $val) )
{
	$this->load->view('auth/change_pass_success');
}
else
{
	$this->load->view('auth/change_pass_form');
}

$this->cl_auth->captcha();

Generate a captcha code for your forms. Once you have initiated the captcha function, you can call the values from the session flashdata.

// Create a captcha
// You must initiate this function first!
$this->cl_auth->captcha();

$this->session->flashdata('captcha_word'); // Captcha word. Use this on a form submission to check against the user input
$this->session->flashdata('captcha_time'); // Captcha time. The time the captcha was created.

echo $this->cl_auth->captcha_img; // URL of the captcha img. Use this in your view files in an <img /> tag.