WebDev Frameworks – CodeIgniter – Part 3: Authentication

One area lacking from the CodeIgniter feature set is user authentication. This is a feature fundamental to a huge number of standard web applications, be they globe-spanning social networks or a shop front for a local business. Indeed, the majority of sites that allow any kind of user experience customisation will at some point require assigning users a username and password to allow these features to be utilised. Many sites, both global and local, now use social media connections to provide authentication which enable users to interact with the application without the need for creating a new account to maintain. This approach has the added benefit (or detrimental consequence, depending on your world view) of allowing an application to potentially interact with more of the user’s data already available through their social networking activities, creating a more personal experience. Believe it or not, however, not everyone is on Facebook, and as such the current online landscape dictates that there must be a way for users to create an account in a web application with nothing more than their email address.

From a development point of view this means having a robust and reliable authentication system is a regular requirement. CodeIgniter doesn’t attempt to fulfil this need whatsoever and the inherent silver lining in that decision is that it helps to preserve the CodeIgniter mission statement of “maximum performance, capability, and flexibility in the smallest, lightest possible package.” There is no half-hearted effort to introduce a feature to CodeIgniter which has been deemed, rightly or wrongly, as non-critical and thus risk compromising the integrity of the framework.

The cloud to this lining, therefore, is how best to implement this functionality.

Not surprisingly, we’re not the first ones to ask this question. A discussion on Stack Overflow spanning over 3 years has hammered out the finer points for us and directly resulted in the creation of a new authentication library built upon comments and recommendations from the thread. This library is called Tank Auth.

Tank Auth is a rock-solid, fully featured user authentication library for CodeIgniter. Functionality includes user registration, activation, password reset and captcha support for new users and login, logout, logging and credential management for current users, all based on a well-defined security model that integrates smoothly in to the CodeIgniter core.  This is a great solution to our authentication requirements that can easily be hacked in to shape for specific requirements.

Whilst everything that is present works well, it does still have a little way to go. Account profiles (as opposed to mere account credentials) are included but not implemented in any useful way. There is no ‘role’ management or user differentiation built in. And, as with the rest of CodeIgniter, there is no backend provided whatsoever.

That’s next on our list.