WebDev Frameworks – CodeIgniter – Part 3: Authentication
One area lacking from the CodeIgniter feature set is user authentication. This is a feature fundamental to a huge number of standard web applications, be they globe-spanning social networks or a shop front for a local business. Indeed, the majority of sites that allow any kind of user experience customisation will at some point require assigning users a username and password to allow these features to be utilised. Many sites, both global and local, now use social media connections to provide authentication which enable users to interact with the application without the need for creating a new account to maintain. This approach has the added benefit (or detrimental consequence, depending on your world view) of allowing an application to potentially interact with more of the user’s data already available through their social networking activities, creating a more personal experience. Believe it or not, however, not everyone is on Facebook, and as such the current online landscape dictates that there must be a way for users to create an account in a web application with nothing more than their email address.
From a development point of view this means having a robust and reliable authentication system is a regular requirement. CodeIgniter doesn’t attempt to fulfil this need whatsoever and the inherent silver lining in that decision is that it helps to preserve the CodeIgniter mission statement of “maximum performance, capability, and flexibility in the smallest, lightest possible package.” There is no half-hearted effort to introduce a feature to CodeIgniter which has been deemed, rightly or wrongly, as non-critical and thus risk compromising the integrity of the framework.
The cloud to this lining, therefore, is how best to implement this functionality.
Not surprisingly, we’re not the first ones to ask this question. A discussion on Stack Overflow spanning over 3 years has hammered out the finer points for us and directly resulted in the creation of a new authentication library built upon comments and recommendations from the thread. This library is called Tank Auth.
Tank Auth is a rock-solid, fully featured user authentication library for CodeIgniter. Functionality includes user registration, activation, password reset and captcha support for new users and login, logout, logging and credential management for current users, all based on a well-defined security model that integrates smoothly in to the CodeIgniter core. This is a great solution to our authentication requirements that can easily be hacked in to shape for specific requirements.
Whilst everything that is present works well, it does still have a little way to go. Account profiles (as opposed to mere account credentials) are included but not implemented in any useful way. There is no ‘role’ management or user differentiation built in. And, as with the rest of CodeIgniter, there is no backend provided whatsoever.
That’s next on our list.
WebDev Frameworks – CodeIgniter Overview
CodeIgniter is a Model-View-Controller (MVC)-based application development framework. Essentially this means that each element of an application will be split in to three distinct sections – the model, which deals with data structures; the view, which presents everything to the user; and the controller, which serves to tie the models and views together along with processing other required resources such as user input.
The defining concept behind an MVC architecture is to seperate different aspects of the application whist providing a framework to link them together. For example, since these sections will be the focus of the application’s front-end, our design team can be working away on the view components independently of the rest of the project. This enables the development team to construct the back-end (e.g. model sections) without worrying about conflicting with design changes or, conversely, without preventing the design team from working by forcing them to navigate database issues.
This approach leads to more streamlined coding both front and back. It is easy to define flexible model functions that can be recycled by numerous views. Likewise, views can be created with just presentation in mind and dynamic content can be introduced cleanly and simply by a controller. This structure has the added bonus that models and views are only loaded as they are required which helps keep page load times and resource usage to a minimum.
CodeIgniter provides a well-trimmed solution in other areas too. The first bullet-point in CodeIgniter’s official feature list, entitled “CodeIgniter is right for you if…,” states “You want a framework with a small footprint.” And it certainly delivers. The latest version available for download at the time of writing clocks in at just 3.9 MB uncompressed, positively tiny considering the features we are promised as that list continues. The default installation is also minimal: as simple as copying the files to the web server root. The software doesn’t come bogged down with loads of unnecessary code – in fact, no models are provided whatsoever – just a simple welcome controller and view ensure there exists a default index page. These are easily removed and we’re ready to create our brand new application.
Web Development Frameworks – CodeIgniter
A few moments spent with Google will reveal that a myriad of frameworks exist for content management systems (CMSs) available for use in web development. A lot of which are free to use, open source and highly hackable to specific requirements. Indeed, it would be easy to think that for every plausible project a neatly packaged solution already exists and is merely a search away.
Here at eSterling, we often find ourselves facing a unique project that doesn’t fit neatly in to any of these pre-packaged solutions. Data structures cannot always be altered due to compatibility with client software or procedure, design often doesn’t lend itself to the required templating brief, technologies are not always realistically compatible, and many other underlying requirements can be present which mean we have to start from the ground up.
However, even the most bespoke of web development projects requires a solid foundation, a way to structure growth and distribute key features whist ensuring maintainability. The vast majority of projects, no matter how niche, will require basic features such as page generation, form submission and basic database manipulation. Furthermore, these features need to be implemented in a secure and robust way to ensure the integrity of each project whilst simultaneously minimising loading times, bandwidth usage and other strains on resources.
Enter CodeIgniter. CodeIgniter is an open source, application development framework, designed to kick-start projects with a well-designed core of those basic features most sites require. Due to the fundamental nature of the tools provided it will happily exist on a variety of server configurations and requires virtually no configuration out of the box, saving headaches and that most precious of all assets, time. It is lean, modular and essentially, unlike many CMSs, it provides no front-end templates or theme (aside from an easily-deleted example welcome page) ensuring that the “default install” look is avoided.
Over the next few posts we will have a closer look at the feature-set provided by CodeIgniter, focusing on how it fulfils our needs in terms of functionality and security. There are also some areas, whilst by design, where CodeIgniter fails to address reasonably fundamental features that crop up time and again, namely user authentication and site administration, and we will see how to plug those gaps.