September 16, 2018

published by: Yonseo

Fuel PHP Login and Auth

In this tutorial we're going to look at creating a login page and authenticating on the back end. I am using FuelPHP's framework and it comes preloaded with bootstrap.

The tools you will need are MAMP or a local server of your choice, MySQL, and a text editor.

Who is this for?

- experience working with MVC frameworks.


To start I need to insert this sql data into phpMyadmin to create a users table. I can do this manually or I can simply copy and paste this code and it will create it for me.

Create sql data for users table

CREATE TABLE IF NOT EXISTS users ( id int(11) NOT NULL AUTOINCREMENT, username varchar(255) NOT NULL, password varchar(255) NOT NULL, email varchar(255) NOT NULL, `profilefieldstext NOT NULL,groupint(11) NOT NULL,lastloginint(20) NOT NULL,loginhashvarchar(255) NOT NULL,createdatint(11) NOT NULL,updatedat` int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Create sql data for sessions table

CREATE TABLE IF NOT EXISTS sessions ( session_id varchar(40) NOT NULL, previous_id varchar(40) NOT NULL, user_agent text NOT NULL, ip_hash char(32) NOT NULL DEFAULT '', created int(10) unsigned NOT NULL DEFAULT '0', updated int(10) unsigned NOT NULL DEFAULT '0', payload longtext NOT NULL, PRIMARY KEY (session_id), UNIQUE KEY PREVIOUS (previous_id) ) ENGINE=INNODB DEFAULT CHARSET=utf8;


Configure config.php file.
Directory: fuelphp/fuel/app/config/config.php

Add random Salt. This salt should not be copied from here! Create a random set of symbols and characters. It should be unique.

image not found

Autoload auth and orm. I need this to check for authentication when a user logs in. The orm is used to write code using fuel php ORM to retrieve data from the database. Every framework has it's own ORM.

image not found

Configure auth.php file.
Directory: fuelphp/fuel/app/config/auth.php

Configure the driver to 'SimpleAuth' and add random salt.

This  salt should not be copied from here! Create a random set of symbols and characters. It should be unique.

image not found

Fuel PHP functions: Must Know

When creating a login system there are several functions you should become familiar with to better understand the way Fuel PHP works.

Because we are creating a login system these functions will be used often. Let's look at some of them to understand what they do.

Auth::check() used to check if a user is logged in

Auth::member(100) used to check is a user is an administrator. Fuel PHP has preset the numbers to match a role. This information can be found in
Directory: fuelphp/fuel/app/config/simpleauth.php

image not found

$auth = Auth::instance(); create a new authentication instance

$auth->login('email@web.com', 'password'); attempt a login using credentials

$val = Validation::forge(); create a new validation instance to use when validating data.

$val->addfield('email', 'Your email', 'required|minlength[3]|maxlength[50]');  validating user input 

$val->createuser( 'username', 'password', 'email@web.com', 1, array( 'username' => 'username', ) );  validating  a new user  

Session::setflash('error', 'Error Message!');a flash message to display errors 

Session::setflash('success', 'Success Message!');

a flash message to display success

Response::redirect('/login');  redirect to a page. In this example it will redirect me to /login page.


Fuel provides you the tools to protect your forms against CSRF attacks (Cross-site request forgery, also known as a one-click attack), by including a security token in the form, which will be validated upon form submission, and will ensure that when validated, the form was submitted by the client that has requested the form.

For security please refer to the documentation https://fuelphp.com/docs/general/security.html

and to configure the security class https://fuelphp.com/docs/classes/security.html

#fuelphp #php #code

Last edit: 0000-00-00