Thread

I’ve been looking through the forums and there seem to be many Auth solutions. Could somebody please give me their opinion on which one is the best?

Thanks in advance.
RS71

I too am searching for a simple, flexible auth library.  So far I have looked at FAL and Redux.  Both seem dated or stalled in development and do not work with CI 1.7

it all depends on what your needs are, each auth library provides you with different things.

when you look in the ‘IgnitedRecord’ forum, there are auth libraries like: MeNeedz Auth, Fresh Auth, and the list goes on, those first 2 are new and were built for CI 1.7

I’ve been looking through some of the options and most of the them look to be not so well coded and seem a bit lacking features wise. Hrmm.

I’ve been looking through some of the options and most of the them look to be not so well coded and seem a bit lacking features wise. Hrmm.

That’s actually a combination you’re not very likely to find: for me most libraries which are very well coded and with a lot of features don’t really do it the way I want them to. And also take approaches that would require me to rewrite lots of their code in order to work with my application(s).

I’ve used CL_Auth for a time and switched to FreakAuth_light because I preferred to set the required user level at the top of each controller as oposed to creating a database entry for every controller/usergroup combination. In the end though, I needed more flexibility and there was no way around having to write one myself.

So I took SimpleSecureLogin as a starting point yesterday, not much is left by now but for the most trivial stuff. By now I’ve added user groups, 2 additional levels of encryption and changed much of the way the logged-in check works and the login itself works.

This is the approach I’d recommend, because if you want your auth library to intergrate well with your application you’ll either have to write it yourself or change about half the code of someone elses. The SimpleLogin library seems to be the only attempt at making something of general use without too much interpretation to make adapting it completely to your own application a lot of work.

And writing your own stuff has the additional upside of knowing every line of code very well, which makes changing something a lot easier. 😉 Which is an upside for something as important to most applications as an auth library.

FreakAuth (FAL) seems to give you the basics and so far I don’t have any complaints. It seems to work fine for me on CI 1.7

why not just put everyone’s efforts into making one single excellent solution?

It might be worth a try, though I think most people will have wildly different views on what should & shouldn’t be included in such a library. In my view such a library should only have what is really needed and nothing more, because that’s the part the developer should do him/herself.

So what should be in such a general user library:
- simple user creation function
- secure password saving
- secure login check
- secure autologin
- very simple user groups

So no views, no lost password, no profile fields, etc. Because anything more than this becomes interpretation and makes it usable only to people with the same philosophy when it comes to user management. It should be a safe & secure foundation to built your own application on, not a fully featured system. A bit like all the CodeIgniter libraries: not plug-and-play but plug-and-develop-yourself 😊

The best one? The one you made yourself. I wrote a tutorial about it a while back (just google codeigniter auth tutorial, it’ll pop up). I’m planning on writing a better, bigger one with user groups, password hashing etc in the near future.

The Auth itself and its security features are much more of a priority to me than the User Management that might accompany it. I believe we should work on a good Auth and build an optional somewhat basic modular User Management.

Seriously don’t waste your time looking.  This is an application framework, build your own.  That’s not always the case though.  The Rails world has some pretty decent options.  Django has a generator which will create the basics.  I believe some of the other PHP frameworks have genators also.  For CodeIgniter, you probably have to build your own.

That’s not to say that any of the above mentioned systems will create exactly what you need.  They simply give you a starting point.

Unfortunately, building a full user management system from scratch is a bit of work.  On the bright side, once you have build one which serves your needs, you can probably use it for future projects.

The only one I have used is Redux, and I ended up tossing it.

One other thing to keep in mind.  CI 1.7 has had big changes in form validation and session handling.  I think for that reason alone all the old membership handling systems are obsolete.

No auth library you find here will 100% satisfy what you want, but most of the are quite a good starting point if you don’t want to start from scratch.

As I have created such a library myself (see signature), I would recommend using my library because it covers all the basics and is pretty flexible. But that’s only what I think 😉

And if there is something you don’t like or that’s missing in one of the libraries you look t, just say so in the associated thread and maybe the creator of the library will fix it!

It would be nice to see some auth framework directly incorporated into CI itself.
I don’t know if this would or wouldn’t go against what CI is all about. But what I’m interested in (and what I’ve seen with CI so far) is a framework where a bunch of stuff is included out of the box (the standard “don’t reinvent the wheel” stuff) but most if not all that “stuff” is optional.

I think a basic auth/user/admin system would qualify as “don’t reinvent the wheel” stuff.

It would be nice to see some auth framework directly incorporated into CI itself.
I don’t know if this would or wouldn’t go against what CI is all about. But what I’m interested in (and what I’ve seen with CI so far) is a framework where a bunch of stuff is included out of the box (the standard “don’t reinvent the wheel” stuff) but most if not all that “stuff” is optional.

I think a basic auth/user/admin system would qualify as “don’t reinvent the wheel” stuff.

My thoughts exactly.

Again, I don’t care for user management… I’m concerned on working a secure Auth…

@waldmeister, I disagree.  In many cases, using existing libraries can be a big waste of time.  It’s better to start from scratch than waste time.  Of course some libaries are fine.  CodeIgniter is a code library itself, but CodeIgniter is also trusted and a known quality.

Edit:  Again, I’m not saying don’t use existing libraries, but I tend to stick with libraries which have been well tested and widely used.  They also need a serious force behind them.  Someone willing to keep the thing updated and fix bugs.  Even then you aren’t guaranteed that the library will work well enough.

@mrjmw, that is been discussed at length here and the consensus is always that it’s a bad idea.  Especially with such a small development team working on CI and EE.

@RS71, as a developer you should be able to write secure code.  If you can’t, then a secure Auth system might not save you.  Nobody is perfect though, just build it.

I don’t think there is a problem writing your own.  I feel the same way about blogging systems and CMS’.  Most out there just don’t do the job so you should just pick up good dev tools and write your own. 

I agree with this guy…

http://adam.blog.heroku.com/past/2008/11/4/scanty_the_blog_thats_almost_nothing/