FuelPHP Login & Authentication
In this tutorial we're going to look at creating a login page and authenticating on the back end. I am using FuelPHP's framework and it comes preloaded with bootstrap.
The tools you will need are MAMP or a local server of your choice, MySQL, and a text editor.
Who is this for?- experience working with MVC frameworks.
To start I need to insert this sql data into phpMyadmin to create a users table. I can do this manually or I can simply copy and paste this code and it will create it for me.Create sql data for users table
CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, `profile_fields` text NOT NULL, `group` int(11) NOT NULL, `last_login` int(20) NOT NULL, `login_hash` varchar(255) NOT NULL, `created_at` int(11) NOT NULL, `updated_at` int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Create sql data for sessions table
CREATE TABLE IF NOT EXISTS `sessions` ( `session_id` varchar(40) NOT NULL, `previous_id` varchar(40) NOT NULL, `user_agent` text NOT NULL, `ip_hash` char(32) NOT NULL DEFAULT '', `created` int(10) unsigned NOT NULL DEFAULT '0', `updated` int(10) unsigned NOT NULL DEFAULT '0', `payload` longtext NOT NULL, PRIMARY KEY (`session_id`), UNIQUE KEY `PREVIOUS` (`previous_id`) ) ENGINE=INNODB DEFAULT CHARSET=utf8;
ConfigurationConfigure config.php file.
Add random Salt. This salt should not be copied from here! Create a random set of symbols and characters. It should be unique.
Autoload auth and orm. I need this to check for authentication when a user logs in. The orm is used to write code using fuel php ORM to retrieve data from the database. Every framework has it's own ORM.
Configure auth.php file.
Configure the driver to 'SimpleAuth' and add random salt. This salt should not be copied from here! Create a random set of symbols and characters. It should be unique.
Fuel PHP functions: Must Know
When creating a login system there are several functions you should become familiar with to better understand the way Fuel PHP works. Because we are creating a login system these functions will be used often. Let's look at some of them to understand what they do.
Auth::check() used to check if a user is logged in
Auth::member(100) used to check is a user is an administrator. Fuel PHP has preset the numbers to match a role. This information can be found in
$auth = Auth::instance(); create a new authentication instance
$auth->login('email@example.com', 'password'); attempt a login using credentials
$val = Validation::forge(); create a new validation instance to use when validating data.
$val->add_field('email', 'Your email', 'required|min_length|max_length'); validating user input
$val->create_user( 'username', 'password', 'firstname.lastname@example.org', 1, array( 'username' => 'username', ) ); validating a new user
Session::set_flash('error', 'Error Message!');a flash message to display errors
Session::set_flash('success', 'Success Message!'); a flash message to display success
Response::redirect('/login'); redirect to a page. In this example it will redirect me to /login page.
Fuel provides you the tools to protect your forms against CSRF attacks (Cross-site request forgery, also known as a one-click attack), by including a security token in the form, which will be validated upon form submission, and will ensure that when validated, the form was submitted by the client that has requested the form.
For security please refer to the documentation https://fuelphp.com/docs/general/security.html
and to configure the security class https://fuelphp.com/docs/classes/security.html