UserAuth Mini-App Documentation
UserAuth Version 0.9.2
The use of UserAuth library is simple.
It uses Access Control Lists
(ACL) - a list (space delimited) of users and groups.
Group names are delimited with an "@".
To manage user accounts and user groups:
Login to an admin account and use the UserAuth Admin page.
Every page should validate the user in the controller with $this->userauth->check();
To use the Authenication Error Handler and avoid CI Error
If (!$this->userauth->check('', TRUE)) redirect(user/auth_error);
To restrict a controller/function to certain roles or users:
$this->authorize->set_allow('@admin @editors Suzy');
$this->authorize->set_deny('joe');
If (!$this->userauth->check('', TRUE)) {
redirect(user/auth_error);
}
For finer controls over links and pieces of content:
$role = $this->user_group_model->groups_this_user();
if ($role[0] == 'admin') { ..... }
To test if the user is logged in
$this->userauth->loggedin()Depricated Functions:
These functions have been depricated from userauth lib
These functions moved to the newly formed authorize library.
- userauth->set_allow() - now - authorize->set_allow()
- userauth->set_deny() - now - authorize->set_deny()
This function moved to the user_group_model.
- userauth->groups_this_user()
now - user_group_model->groups_this_user()
Role Based User System
Besides Authenication, there is Authorization (libraries/Authorize.php). This authorize library is based on Access Control Lists. In config/ua_config.php there are ACL lists to define a Role Based User System.
To simply validate a user's session for an unrestricted page:
$this->authorize->roleCheck();
The following will allow an ACL of ( @admin @managers @editors ), validates the user's session and provides error handling. An optional URI is used for a return from error using flash data.
$this->authorize->roleCheck('editor', $this->uri->uri_string());
For finer controls over links and pieces of content:
if ( $this->authorize->isRole('role_name') ) { ..... }
* Note - The ua_config file has examples of "Roles" defined. The install script does not create the managers, editors or members user-groups. Create groups and edit roles to your liking. If a role's ACL is defined in ua_config, the role exists for authorize lib.
Depricated Scripts:As of Code Igniter 1.4.1 the script folder is depricated but still supported. This project no longer uses a script folder. The depricated helper script, "ua_roles" should still be functional but uses a depricated API. Applications should be updated.
User Login
The view for Mini-App's Login Box is located at views/usergroups/login.php. The form's actions are handled by user/login & user/logout. An inactive login is expired as configured in config/ua_config.php
Remember Me
The sequence when logging in with "Remember Me" checked.
- the action is handled by user/login, it calls:
$this->remember_me->addRememberMe($username);
A cookie is generated with credentials encrypted and logged in a db record. When the user goes away, the session soon expires but the browser has the cookie. When such user returns, session validation at page load checks the cookie verses the db. If valid, automatic login & a new cookie is issued.
If a user logs out, Session is killed and the "Remember Me" cookie is deleted
Native_session - Flash Data
This Mini-App uses Native_session from the wiki. Native_session library uses native PHP session handling features while being api compatable with CI session.
* Note - Session Configuration in config/config.php as no affect on Native_session
The added feature in Native_session that this app uses is Flash attributes. You can set a session attribute that will persist only for the next http request. The usage is similar to the session->set_userdata($key, $value), userdata($key):
// set the flash attribute
set_flashdata($key, $value)
//get the value of the given flash attribute
flashdata($key)
//make the given flash attribute valid for one more request
keep_flashdata($key)
Front.php
Front controller of Mini-App takes static/semi-static content files and displays in a template. A file such as view/pages/filename.php appears at the url siteroot/page/filename
Note that content files should not have html, head or body tags
The following is required in config/routes.php
// route documents from view/pages folder
$route['page/:any'] = 'front/page';
This controller & template simplifies the creation of semi-static pages.
Change the index function to display your FrontPage.
Internationalization
Mini_App's User Interface and Userauth's Forms and Tables are Multi-Lingual. Cookie based user's language selection is now supported. Available languages with charactor set definitions are configurable in ua_config. A lang_dect library detects browser language.
$this->lang_detect->language();
This function returns a selected language verified against ua_config as available. Priority in the detection is as follows: Cookie, Browser exact language (i.e. "en-us"), Browser primary language (i.e. "en"), CI's config language. This function is called during userauth->check().
User selection is by the action "user/set_language/language". If no language is passed in the uri segment, language is selected according to lang_detect. If the language argument is 'detect', the cookie and session variable are nulled and lang_detect is re-negotiated at next page load. Normal language selection sets a cookie and session variable.
Current distribution has English, French, German, & Polish.
User select and browser detect can be disabled with a setting in ua_config
Mini-App's controllers & views provides an example of usage.
