Implementing User Authentication in CodeIgniter

Implementing User Authentication in CodeIgniter

CodeIgniter is a PHP framework that can help you program faster and improve the performance of your PHP applications. It is easy to install and use and has a lot of libraries that can be used to quickly add new features to your website. One of the features that can be implemented using a library is user authentication, which will be further explained in this tutorial.

Installing a CodeIgniter PHP Authentication Library

There are a few authentication libraries available for CodeIgniter. Each of them has different a installation and setup. In this tutorial, we will use Adam Griffith’s authentication library – ag_auth. It can be downloaded here: After downloading it, upload the files and import dump.sql into the database.

In order to make authentication work, you must set up the encryption key and enable sessions to use the database to store data. This is done by editing CodeIgniter’s config file, which is located in config/config.php. Find the following line and add the key:

You can see encryption key examples here: . To enable sessions to use a database to store authentication data, go to this line in the same file:

This must be set to true.

Setting up Basic PHP Authentication

The authentication consists of three parts: registration, login and checking if the user is logged in. Let’s create pages for registration and login. First, we will create a new controller called user.php. This controller will contain the following code, which will be explained below:

As you see, the user controller extends Application instead of CI_Controller. Application is a class located in core/My_Controller.php, which extends the native CI_Controller class and contains authentication functions. This class has register and login functions, so all you have to do now is go to: to register a user and to login. Authentication templates can be found in the views/auth/pages folder.

The index function defines what will happen when the user tries to access In this case, if the user is logged in, he is redirected to the user dashboard, and if not logged in, he needs to authenticate and is redirected to the login page. The same if-else clause must be added to each controller you want to authorize access. The example controller, which can be seen only by authenticated users, will look like this:

Note that each controller that needs authentication must extend Application class instead of CI_Controller class.

Advanced PHP Authentication

Add New User Groups

User groups are a very important feature of the ag_auth authentication library. To add a new user group, go to config/ag_auth.php and find the following line:

This array represents user groups and their IDs. The important thing to note is that group IDs are sorted ascending i.e. the higher the ID the more privileges that user group has. Let’s say you want to add two user groups – writer and banner user. The array would look like this:

Writer has more privileges than user and has the higher ID, but banned user has less privileges and has lower group ID. After updating the array in the ag_auth config file, table groups in the database must also be updated.

Access Restriction by User Group

Ag_auth library enables you to control which group of authenticated users can access which part of the website. So, let’s restrict access to authors controller for basic users:

The built-in restrict function would allow access to writer and user groups with higher IDs (editor, admin).

Override Register and Login Functions

Register and login functions can be overridden – just add two functions with the same names to user controller. For example, user controller with overridden register and login functions will have the following code:

Extending Authentication Functions

Of course, the authentication library can be extended and can contain your own functions. So, if you want to create a separate function for writer registration, you would add function writer_register() to core/My_Controller.php. Then the user controller would have the following function for registration: