Hi. I'm Ben Edmunds. This is Ion Auth.

Documentation


Ion Auth

Ion Auth is a simple and lightweight authentication library for the CodeIgniter framework


Want to learn more? Or just support my work?

I've released a book on Securing PHP Apps. It's now available on Apress:
Learn More / Buy




I've also written a version on Securing Node JS Apps. It's available on Leanpub:
Learn More/ Buy




Help and Support Contracts

If you think you've found a bug please Create an Issue.

If you're having an issue with CodeIgniter or for general help with development I recommend checking out the CodeIgniter Forums.

If you need a customization or help implementing Ion Auth into your project please Email Me for Consulting Information.

If your company would like a support contract or service agreement please Reach Out to discuss available options.



License

Ion Auth is released under the Apache License v2.0. You can read the license here: http://www.apache.org/licenses/LICENSE-2.0

Server requirements

Ion Auth 3 needs CodeIgniter 3 and PHP 5.6.
It should work on 5.3.7 as well, but we strongly advise you NOT to run such old versions of PHP, because of potential security and performance issues.
If running an old PHP version, you may need password_compat.

Installation

  1. Download the latest version: https://github.com/benedmunds/CodeIgniter-Ion-Auth/zipball/3
  2. Copy the files from this package to the correspoding folder in your application folder. For example, copy Ion_auth/config/ion_auth.php to system/application/config/ion_auth.php.
  3. You can also copy the entire directory structure into your third_party/ folder. For example, copy everything to /application/third_party/ion_auth/
  4. Run the appropriate SQL file from the /sql directory.

The default login is:

Upgrading

  1. Download the latest version: https://github.com/benedmunds/CodeIgniter-Ion-Auth/zipball/3
  2. Overwrite "libraries/ion_auth.php" and "models/ion_auth_model.php" with the new versions.
  3. Overwrite "language/*" with the news versions.
  4. Check "config/ion_auth.php" for evolution.

Upgrading from Ion Auth 2? Check the UPGRADING.md file in the package.

Loading Ion Auth

You load Ion Auth just like any other library:

$this->load->library('ion_auth');

Do make sure to load your database connection first, that can be loaded manually or autloaded.

You can also autoload the library.

Configuration Options

Ion Auth is extremely configurable.

To change configuration options simply edit the config/ion_auth.php file or pass an array when loading the library.

Tables

Hash method

Authentication options

Cookie options

Email options

Templates options

Message Delimiters


Class Function Reference

NOTE: Methods available in the model are called through the controller using PHP5 magic. You should never use ion_auth_model->method() in your applications.

login()

Logs the user into the system.

Parameters

  1. 'Identity' - string REQUIRED. Username, email or any unique value in your users table, depending on your configuration.
  2. 'Password' - string REQUIRED.
  3. 'Remember' - boolean OPTIONAL. TRUE sets the user to be remembered if enabled in the configuration.

Return

Usage

    $identity = 'ben.edmunds@gmail.com';
    $password = '12345678';
    $remember = TRUE; // remember the user
    $this->ion_auth->login($identity, $password, $remember);
  

logout()

Logs the user out of the system.

Usage

    $this->ion_auth->logout();
  

register()

Register (create) a new user.

Parameters

  1. 'Identity' - string REQUIRED. This must be the value that uniquely identifies the user when he is registered. If you chose "email" as $config['identity'] in the configuration file, you must put the email of the new user.
  2. 'Password' - string REQUIRED.
  3. 'Email' - string REQUIRED.
  4. 'Additional Data' - multidimensional array OPTIONAL.
  5. 'Group' - array OPTIONAL. If not passed the default group name set in the config will be used.

Return

Usage

    $username = 'benedmunds';
    $password = '12345678';
    $email = 'ben.edmunds@gmail.com';
    $additional_data = array(
                'first_name' => 'Ben',
                'last_name' => 'Edmunds',
                );
    $group = array('1'); // Sets user to admin.

    $this->ion_auth->register($username, $password, $email, $additional_data, $group)
  

create_user()

create_user is an alternate method for register() method.


update()

Update a user.

Parameters

  1. 'Id' - integer REQUIRED.
  2. 'Data' - multidimensional array REQUIRED.

Return

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
          'password' => '123456789',
           );
    $this->ion_auth->update($id, $data)
  

update_user()

update_user() is an alternate method for update() method.


delete_user()

Delete a user.

Parameters

  1. 'Id' - integer REQUIRED.

Return

Usage

    $id = 12;
    $this->ion_auth->delete_user($id)
  

forgotten_password()

Resets a users password by emailing the user a reset code.

Parameters

  1. 'Identity' - string REQUIRED. (as defined in config/ion_auth.php)

Return

Usage

- this example assumes you have 'email' selected as the identity in config/ion_auth.php

    //Working code for this example is in the example Auth controller in the github repo
    function forgot_password()
    {
      $this->form_validation->set_rules('email', 'Email Address', 'required');
      if ($this->form_validation->run() == false) {
        //setup the input
        $this->data['email'] = array('name'    => 'email',
                       'id'      => 'email',
                      );
        //set any errors and display the form
        $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
        $this->load->view('auth/forgot_password', $this->data);
      }
      else {
        //run the forgotten password method to email an activation code to the user
        $forgotten = $this->ion_auth->forgotten_password($this->input->post('email'));

        if ($forgotten) { //if there were no errors
          $this->session->set_flashdata('message', $this->ion_auth->messages());
          redirect("auth/login", 'refresh'); //we should display a confirmation page here instead of the login page
        }
        else {
          $this->session->set_flashdata('message', $this->ion_auth->errors());
          redirect("auth/forgot_password", 'refresh');
        }
      }
    }
  

forgotten_password_check()

Check to see if the forgotten password code is valid.

Parameters

  1. 'Code' - string REQUIRED.

Return

Usage

    $user = $this->ion_auth->forgotten_password_check($code);
    if ($user)
    {
      //display the password reset form
    }
  

logged_in()

Check to see if a user is logged in.

Return

Usage

    if (!$this->ion_auth->logged_in())
    {
      redirect('auth/login');
    }
  

is_admin()

Check to see if the currently logged in user is an admin.

Parameters

  1. 'id' - integer OPTIONAL. If a user id is not passed the id of the currently logged in user will be used.

Return

Usage

    if (!$this->ion_auth->is_admin())
    {
      $this->session->set_flashdata('message', 'You must be an admin to view this page');
      redirect('welcome/index');
    }
  

in_group()

Check to see if a user is in a group(s).

Parameters

  1. 'Group ID or Name' - string REQUIRED. Integer or array of strings and integers.
  2. 'User ID' - integer OPTIONAL. If a user id is not passed the id of the currently logged in user will be used.
  3. 'Check All' - bool OPTIONAL. Whether to check if user is in all groups, or in any group.

Return

Usage

    # single group (by name)
    $group = 'gangstas';
    if (!$this->ion_auth->in_group($group))
    {
      $this->session->set_flashdata('message', 'You must be a gangsta to view this page');
      redirect('welcome/index');
    }

    # single group (by id)
    $group = 1;
    if (!$this->ion_auth->in_group($group))
    {
      $this->session->set_flashdata('message', 'You must be part of the group 1 to view this page');
      redirect('welcome/index');
    }

    # multiple groups (by name)
    $group = array('gangstas', 'hoodrats');
    if (!$this->ion_auth->in_group($group))
      $this->session->set_flashdata('message', 'You must be a gangsta OR a hoodrat to view this page');
      redirect('welcome/index');
    }

    # multiple groups (by id)
    $group = array(1, 2);
    if (!$this->ion_auth->in_group($group))
      $this->session->set_flashdata('message', 'You must be a part of group 1 or 2 to view this page');
      redirect('welcome/index');
    }

    # multiple groups (by id and name)
    $group = array('gangstas', 2);
    if (!$this->ion_auth->in_group($group))
      $this->session->set_flashdata('message', 'You must be a part of the gangstas or group 2');
      redirect('welcome/index');
    }

    # multiple groups (by id) and check if all exist
    $group = array(1, 2);
    if (!$this->ion_auth->in_group($group, false, true))
      $this->session->set_flashdata('message', 'You must be a part of group 1 and 2 to view this page');
      redirect('welcome/index');
    }

  

username_check()

Check to see if the username is already registered.

Parameters

  1. 'Username' - string REQUIRED.

Return

Usage

    //This is a lame example but it works.  Usually you would use this method with form_validation.
    $username = $this->input->post('username');
    $password = $this->input->post('password');
    $email = $this->input->post('email');
    $additional_data = array(
                'first_name' => $this->input->post('first_name'),
                'last_name' => $this->input->post('last_name'),
                );
    if (!$this->ion_auth->username_check($username))
    {
      $group_name = 'users';
      $this->ion_auth->register($username, $password, $email, $additional_data, $group_name)
    }
  

email_check()

Check to see if the email is already registered.

Parameters

  1. 'Email' - string REQUIRED.

Return

Usage

    //This is a lame example but it works.  Usually you would use this method with form_validation.
    $username = $this->input->post('username');
    $password = $this->input->post('password');
    $email = $this->input->post('email');
    $additional_data = array(
                'first_name' => $this->input->post('first_name'),
                'last_name' => $this->input->post('last_name'),
                );
    if (!$this->ion_auth->email_check($email))
    {
      $group_name = 'users';
      $this->ion_auth->register($username, $password, $email, $additional_data, $group_name)
    }
  

identity_check()

Check to see if the identity is already registered.

Parameters

  1. 'Identity' - string REQUIRED.

Return

Usage

    //This is a lame example but it works.
    $user = $this->ion_auth->user();
    $data = array(
          'identity' => $this->input->post('identity'),
          'first_name' => $this->input->post('first_name'),
          'last_name' => $this->input->post('last_name'),
           );
    if ($data['identity'] === $user->username || $data['identity'] === $user->email || $this->ion_auth->identity_check($data['identity']) === FALSE)
    {
      $this->ion_auth->update_user($user->id, $data)
    }
  

is_max_login_attempts_exceeded()

If login attempt tracking is enabled, checks to see if the number of failed login attempts for this identity or ip address has been exceeded. The controller must call this method and take any necessary actions. Login attempt limits are not enforced in the library.

Parameters

  1. 'Identity' - string REQUIRED.

Return

Usage

    $identity = 'ben.edmunds@gmail.com';
    if ($this->ion_auth->is_max_login_attempts_exceeded($identity))
    {
      $this->session->set_flashdata('message', 'You have too many login attempts');
      redirect('welcome/index');
    }
  

get_attempts_num()

Returns the number of failed login attempts for this identity or ip address.

Parameters

  1. 'Identity' - string REQUIRED.

Return

Usage

    $identity = 'ben.edmunds@gmail.com';
    $num_attempts = $this->ion_auth->get_attempts_num($identity);
  

increase_login_attempts()

If login attempt tracking is enabled, records another failed login attempt for this identity or ip address. This method is automatically called during the login() method if the login failed.

Parameters

  1. 'Identity' - string REQUIRED.

Usage

    $identity = 'ben.edmunds@gmail.com';
    $password = '12345678';
    if ($this->ion_auth->login($identity, $password) == FALSE) {
      $this->ion_auth->increase_login_attempts($identity)
    }
  

clear_login_attempts()

Clears all failed login attempt records for this identity or this ip address. This method is automatically called during the login() method if the login succeded.

Parameters

  1. 'Identity' - string REQUIRED.

Usage

    $identity = 'ben.edmunds@gmail.com';
    $password = '12345678';
    if ($this->ion_auth->login($identity, $password) == TRUE) {
      $this->ion_auth->clear_login_attempts($identity)
    }
  

user()

Get a user.

Parameters

  1. 'Id' - integer OPTIONAL. If a user id is not passed the id of the currently logged in user will be used.

Return

Usage

    $user = $this->ion_auth->user()->row();
    echo $user->email;
  

users()

Get the users.

Parameters

  1. 'Group IDs, group names, or group IDs and names' - array OPTIONAL. If an array of group ids, of group names, or of group ids and names are passed (or a single group id or name) this will return the users in those groups.

Return

Usage

    $users = $this->ion_auth->users()->result(); // get all users
  

    $users = $this->ion_auth->users(1)->result(); // get users from group with id of '1'
  

    $users = $this->ion_auth->users('members')->result(); // get users from 'members' group
  

    $users = $this->ion_auth->users(array('admin','members'))->result(); // get users from 'admin' and 'members' group
  

    $users = $this->ion_auth->users(array('admin',4,'members'))->result(); // get users from 'admin' group, 'members' group and group with id '4'
  

    $users = $this->ion_auth->users(1)->result(); // get users from group with id of '1'
  

    $users = $this->ion_auth->users('members')->result(); // get users from 'members' group
  

    $users = $this->ion_auth->users(array('admin','members'))->result(); // get users from 'admin' and 'members' group
  

    $users = $this->ion_auth->users(array('admin',4,'members'))->result(); // get users from 'admin' group, 'members' group and group with id '4'
  

group()

Get a group.

Parameters

  1. 'Id' - integer REQUIRED.

Return

Usage

    $group_id = 2;
    $group = $this->ion_auth->group($group_id)->result();
  

groups()

Get the groups.

Return

Usage

    $groups = $this->ion_auth->groups()->result();
  

messages()

Get messages.

Return

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $messages = $this->ion_auth->messages();
      echo $messages;
    }
    else
    {
      $errors = $this->ion_auth->errors();
      echo $errors;
    }
  

messages_array()

Get messages as an array.

Return

Parameters

  1. 'Langify' - boolean OPTIONAL. TRUE means that the messages will be langified.

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $messages = $this->ion_auth->messages_array();
      foreach ($messages as $message)
      {
        echo $message;
      }
    }
    else
    {
      $errors = $this->ion_auth->errors_array();
      foreach ($errors as $error)
      {
        echo $error;
      }
    }
  

get_users_groups()

Get all groups a user is part of.

Parameters

  1. 'Id' - integer OPTIONAL. If a user id is not passed the id of the currently logged in user will be used.

Return

Usage

    $user_groups = $this->ion_auth->get_users_groups($user->id)->result();
  

add_to_group()

Add user to group

Parameters

  1. 'Group_id' - integer or array REQUIRED.
  2. 'User_id' - integer REQUIRED.

Return

Usage

        // pass an array of group ID's and user ID
        $this->ion_auth->add_to_group(array('1', '3', '6'), $user_id);

        // pass a single ID and user ID
        $this->ion_auth->add_to_group(1, $user_id);
  

remove_from_group()

Remove user from group(s)

Parameters

  1. 'Group_id' - NULL, integer or array REQUIRED. NULL will remove the user from all groups.
  2. 'User_id' - integer REQUIRED.

Return

Usage

        // pass an array of group ID's and user ID
        $this->ion_auth->remove_from_group(array('1', '3', '6'), $user_id);

        // pass a single ID and user ID
        $this->ion_auth->remove_from_group(1, $user_id);

        // pass NULL to remove user from all groups
        $this->ion_auth->remove_from_group(NULL, $user_id);
  

create_group()

Create a group

Parameters

  1. 'group_name' - string REQUIRED.
  2. 'group_description' - string.

Return

Usage

        // pass the right arguments and it's done
        $group = $this->ion_auth->create_group('new_test_group', 'This is a test description');

        if(!$group)
        {
          $view_errors = $this->ion_auth->messages();
        }
        else
        {
          $new_group_id = $group;
          // do more cool stuff
        }
  

update_group()

Update details of a group

Parameters

  1. 'group_id' - int REQUIRED.
  2. 'group_name' - string REQUIRED.
  3. 'additional_data' - array.

Return

Usage

        // source these things from anywhere you like (eg., a form)
        $group_id = 2;
        $group_name = 'test_group_changed_name';
                $additional_data = array(
                    'description' => 'New Description'
                );

        // pass the right arguments and it's done
        $group_update = $this->ion_auth->update_group($group_id, $group_name, $additional_data);

        if(!$group_update)
        {
          $view_errors = $this->ion_auth->messages();
        }
        else
        {
          // do more cool stuff
        }
  

delete_group()

Remove a group. Removes the group details from the configured 'groups' table. Users belonging to the group are stripped of this status (references to this group are removed from users_groups), but user data itself remains untouched.

Parameters

  1. 'group_id' - int REQUIRED.

Return

Usage

        // source this from anywhere you like (eg., a form)
        $group_id = 2;

        // pass the right arguments and it's done
        $group_delete = $this->ion_auth->delete_group($group_id);

        if(!$group_delete)
        {
          $view_errors = $this->ion_auth->messages();
        }
        else
        {
          // do more cool stuff
        }
  

set_message_delimiters()

Set the message delimiters.

Parameters

  1. 'Start Delimiter' - string REQUIRED.
  2. 'End Delimiter' - string REQUIRED.

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $this->ion_auth->set_message_delimiters('<p><strong>','</strong></p>');
      $messages = $this->ion_auth->messages();
      echo $messages;
    }
    else
    {
      $this->ion_auth->set_error_delimiters('<p><strong>','</strong></p>');
      $errors = $this->ion_auth->errors();
      echo $errors;
    }
  

errors()

Get the errors.

Return

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $messages = $this->ion_auth->messages();
      echo $messages;
    }
    else
    {
      $errors = $this->ion_auth->errors();
      echo $errors;
    }
  

errors_array()

Get error messages as an array.

Return

Parameters

  1. 'Langify' - boolean OPTIONAL. TRUE means that the error messages will be langified.

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $messages = $this->ion_auth->messages_array();
      foreach ($messages as $message)
      {
        echo $message;
      }
    }
    else
    {
      $errors = $this->ion_auth->errors_array();
      foreach ($errors as $error)
      {
        echo $error;
      }
    }
  

set_error_delimiters()

Set the error delimiters.

Parameters

  1. 'Start Delimiter' - string REQUIRED.
  2. 'End Delimiter' - string REQUIRED.

Usage

    $id = 12;
    $data = array(
          'first_name' => 'Ben',
          'last_name' => 'Edmunds',
           );
    if ($this->ion_auth->update_user($id, $data))
    {
      $this->ion_auth->set_message_delimiters('<p><strong>','</strong></p>');
      $messages = $this->ion_auth->messages();
      echo $messages;
    }
    else
    {
      $this->ion_auth->set_error_delimiters('<p><strong>','</strong></p>');
      $errors = $this->ion_auth->errors();
      echo $errors;
    }
  

set_hook()

Set a single or multiple functions to be called when trigged by trigger_events(). See an example here: https://gist.github.com/657de89b26decda2b2fa

Parameters

  1. 'Event' - string REQUIRED.
  2. 'Name' - string REQUIRED.
  3. 'Class' - string REQUIRED.
  4. 'Method' - string REQUIRED.
  5. 'Arguments' - Array OPTIONAL.

Usage

  class Accounts extends CI_Controller {

    public function __construct()
    {
      parent::__construct();

      /*
        make sure we loaded ion_auth2
        The following does not need to go in __construct() it just needs to be set before
        you trigger_events().
      */
      $event = 'socialpush';
      $class = 'Accounts';
      $args = array('this is the content of the message', 'billy');

      $name = 'activate_sendmail';
      $method = 'email';
      $this->ion_auth->set_hook($event, $name, $class, $method, $args);
      $name = 'call_Twitter';
      $method = 'twitter';
      $this->ion_auth->set_hook($event, $name, $class, $method, $args);
      $name = 'call_MailChimp_API';
      $method = 'mailchimp';
      $this->ion_auth->set_hook($event, $name, $class, $method, $args);
      $name = 'call_Facebook_API';
      $method = 'facebook';
      $this->ion_auth->set_hook($event, $name, $class, $method, $args);
      $name = 'call_gPlus_API';
      $method = 'gplus';
      $this->ion_auth->set_hook($event, $name, $class, $method, $args);
    }

    public function Post_Message($one)
    {
      $this->ion_auth->trigger_events('socialpush');
    }
    public function email($content, $who)
    {
      return true;
    }
    public function twitter($content, $who)
    {
      return true;
    }
    public function mailchimp($content, $who)
    {
      return true;
    }
    public function facebook($content, $who)
    {
      return true;
    }
    public function gplus($content, $who)
    {
      return true;
    }
  }
  

trigger_events()

Call Additional functions to run that were registered with set_hook().

Parameters

  1. 'Name' - String or Array REQUIRED.

Usage

   $this->ion_auth->trigger_events('socialpush');