*EDIT: check this post for an easy auth module i made myself
I searched the internet for a “GOOD” documentation about the auth module in kohana.
Couldnt find one… (not even on the official website….). [official documentation]
The example they include in the download of kohana isnt working at all (misses classes and so on….)
So i made an simple example.
Let’s start:
I assume that u have the auth tables allready correct inserted into youre database.
(if not go to modules/auth/views/auth/install.php query should be in the php source…)
Create a file login_test.php
place it in: application/controllers
CTR-C and CTRL-V the code in that file.
Goto: youredomain.nl/login_test
<?php defined('SYSPATH') or die('No direct script access.');
/**
* Made by:
* Remorse.nl
*/
class Login_test_Controller extends Controller {
// Do not allow to run in production
const ALLOW_PRODUCTION = FALSE;
public function index()
{
//just redirect
url::redirect('login_test/login');
}
public function create()
{
echo '
Create form:
';
//get the post data
$form = $_POST;
// Create new user
$user = ORM::factory('user');
//set all the form field in the user class
//so that we can use $user->save() that inserts a new record to the db
//html form-field names must be exactly the same as the db-column names
foreach ($form as $key => $val){
$user->$key = $val;
}
//ORM::factory('role', 'login') returns orm object and get's value from colum with name=login
//$user->add makes a relation between $user and role orm model returned by ORM::factory('role', 'login')
if ($user->save() AND $user->add(ORM::factory('role', 'login')))
{
//login($username,$password)
Auth::instance()->login($form['username'], $form['password']);
//could also be like this:
//Auth::instance()->login($user, $form['password']);
// Redirect to the login page
url::redirect('login_test/login');
}
}
public function login()
{
// user is logged in....
if (Auth::instance()->logged_in())
{
echo 'u are logged in.... <a href="'.url::base().'login_test/logout">Logout</a>';
}
else
{
echo '
<a href="'.url::base().'login_test/create">Click here to create a user
Login form:
';
$form = $_POST;
if($form){
// Load the user
$user = ORM::factory('user', $form['username']);
// orm user object or $form['username'] could be used
if (Auth::instance()->login($user, $form['password']))
{
// Login successful, redirect
// or do some other things u like
url::redirect('login_test/login');
}
else
{
echo 'login_failed Invalid username or password.';
}
}
}
}
public function logout()
{
// Force a complete logout
Auth::instance()->logout(TRUE);
// Redirect back to the login page
url::redirect('login_test/login');
}
} // End Auth Controller
If you wanna know about it:
I used this .htaccess:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !index\.php
RewriteRule ^(.*)$ index.php/$1 [L]
yeah!
October 20th, 2008 on 15:46
good and really working example thx!
2 things:
1) when copy-pasting you get all those line numbers, so you have to rip them off
2) in order for this example to work properly you need to reroute all queries to index.php (via .htaccess rules for example)
October 23rd, 2008 on 12:48
For the line numbers: Click on the ‘plain text’ link above the source code and you’ll get a stripped version which is easier to copy and paste.
December 13th, 2008 on 22:10
Hey, thanks for this quick example.
Like you said, all we can find in the docs/forums is always messing with classes that I still don’t know to build forms.
I think a good way to implement security with white listing would be to create a base controller for the whole website (let say Website_Controller). That controller constructor would call a protected method that redirects to login if user is not logged in. Then, in the controllers that you don’t want to enforce login, you just override this method with no instructions in it.
Example:
class Website_Controller extends Controller{ public function __construct() { parent::__construct(); $this->_check_login(); } protected function _check_login() { if (!Auth::instance()->logged_in()) { url::redirect('user/login'); } } } class Home_Controller extends Website_Controller{ // this controller does not enforce login protected function _check_login() { // do nothing, only here to override parent } }December 20th, 2008 on 12:48
Hi,
I used your example but when creating new users the role does not get added.
It does get added when I use the supplied ‘auth_demo’, any ideas?
Regards
January 6th, 2009 on 16:31
Indeed the role will not be added.
In line 44:(
$user->add(ORM::factory(‘role’,'login’))
)
It just looks in the role table for a role with the name “login”.
Automaticly roles_users will be filled with userid and roleid.
Make sure that ‘login’ role exists in role table.
January 11th, 2009 on 17:37
I am trying to use the Auth module of kohana and it does not work!
I have done a login page, the login function is ok but after the redirect() at the other controller the session variables of Auth are not there, I use the last code
class Website_Controller etc
What it wrong?
January 19th, 2009 on 22:57
In kohana 2.3, it seems that line 44 needs to be changed in order for the row to be inserted into roles_users.
If you change
if ($user->save() AND $user->add(ORM::factory(‘role’, ‘login’)))
to
if ($user->add(ORM::factory(‘role’, ‘login’)) AND $user->save())
then it should work. I’m not quite sure why, but it works now.
January 24th, 2009 on 15:06
thanks good tutorial post more
January 26th, 2009 on 08:24
yes, $user must be saved after all changes including roles.
February 11th, 2009 on 18:59
Working on a more “easy” auth module for kohana. Stay tuned.
February 12th, 2009 on 20:45
Check it out!:
http://remorse.nl/weblog/kohana_auth_module_a_better_one/
September 25th, 2009 on 14:40
The link of your second version is dead ?
November 6th, 2009 on 00:17
Yeah the admin is changing the layout..
Please search the website for it…