WebDev Frameworks – CodeIgniter – Part 3: Authentication
One area lacking from the CodeIgniter feature set is user authentication. This is a feature fundamental to a huge number of standard web applications, be they globe-spanning social networks or a shop front for a local business. Indeed, the majority of sites that allow any kind of user experience customisation will at some point require assigning users a username and password to allow these features to be utilised. Many sites, both global and local, now use social media connections to provide authentication which enable users to interact with the application without the need for creating a new account to maintain. This approach has the added benefit (or detrimental consequence, depending on your world view) of allowing an application to potentially interact with more of the user’s data already available through their social networking activities, creating a more personal experience. Believe it or not, however, not everyone is on Facebook, and as such the current online landscape dictates that there must be a way for users to create an account in a web application with nothing more than their email address.
From a development point of view this means having a robust and reliable authentication system is a regular requirement. CodeIgniter doesn’t attempt to fulfil this need whatsoever and the inherent silver lining in that decision is that it helps to preserve the CodeIgniter mission statement of “maximum performance, capability, and flexibility in the smallest, lightest possible package.” There is no half-hearted effort to introduce a feature to CodeIgniter which has been deemed, rightly or wrongly, as non-critical and thus risk compromising the integrity of the framework.
The cloud to this lining, therefore, is how best to implement this functionality.
Not surprisingly, we’re not the first ones to ask this question. A discussion on Stack Overflow spanning over 3 years has hammered out the finer points for us and directly resulted in the creation of a new authentication library built upon comments and recommendations from the thread. This library is called Tank Auth.
Tank Auth is a rock-solid, fully featured user authentication library for CodeIgniter. Functionality includes user registration, activation, password reset and captcha support for new users and login, logout, logging and credential management for current users, all based on a well-defined security model that integrates smoothly in to the CodeIgniter core. This is a great solution to our authentication requirements that can easily be hacked in to shape for specific requirements.
Whilst everything that is present works well, it does still have a little way to go. Account profiles (as opposed to mere account credentials) are included but not implemented in any useful way. There is no ‘role’ management or user differentiation built in. And, as with the rest of CodeIgniter, there is no backend provided whatsoever.
That’s next on our list.
WebDev Frameworks – CodeIgniter Overview
CodeIgniter is a Model-View-Controller (MVC)-based application development framework. Essentially this means that each element of an application will be split in to three distinct sections – the model, which deals with data structures; the view, which presents everything to the user; and the controller, which serves to tie the models and views together along with processing other required resources such as user input.
The defining concept behind an MVC architecture is to seperate different aspects of the application whist providing a framework to link them together. For example, since these sections will be the focus of the application’s front-end, our design team can be working away on the view components independently of the rest of the project. This enables the development team to construct the back-end (e.g. model sections) without worrying about conflicting with design changes or, conversely, without preventing the design team from working by forcing them to navigate database issues.
This approach leads to more streamlined coding both front and back. It is easy to define flexible model functions that can be recycled by numerous views. Likewise, views can be created with just presentation in mind and dynamic content can be introduced cleanly and simply by a controller. This structure has the added bonus that models and views are only loaded as they are required which helps keep page load times and resource usage to a minimum.
CodeIgniter provides a well-trimmed solution in other areas too. The first bullet-point in CodeIgniter’s official feature list, entitled “CodeIgniter is right for you if…,” states “You want a framework with a small footprint.” And it certainly delivers. The latest version available for download at the time of writing clocks in at just 3.9 MB uncompressed, positively tiny considering the features we are promised as that list continues. The default installation is also minimal: as simple as copying the files to the web server root. The software doesn’t come bogged down with loads of unnecessary code – in fact, no models are provided whatsoever – just a simple welcome controller and view ensure there exists a default index page. These are easily removed and we’re ready to create our brand new application.