I'm trying to build an authentication system in my application, but I'm having some problems in deciding which is the best way I could acomplish what I want in CodeIgniter.
The website allows companies to manage their buildings. A company can have many buildings, and many users (when I say users I mean employees from that company).
In this website I would like two have (basically) four general kind of users.
Super Admin: This would be able to add new admins and new companies to the database, and give privileges to the rest of the admins.
Admin: This would be able to do different stuff depending on the assigned privileges.
Company Super User: This user would be created directly when an admin creates a new company. This user would be able to create new users for that company, and since s/he would have total permissions, he would be able to do everything that the other users can do.
Company User: Depending on the privileges assigned by its super user, this user would be able to do and see different data (for example, a simple user would just be able to see information from one of the many company buildings).
So, even though I've seen many authentication libraries out there for CodeIgniter, it would be nice to hear any recommendations about how I could design this "authentication role based" system, and if you particularly recommend a library that could help to accomplish this.
Appreciate!
There Are many libraries that already handle Authentication within Codeigniter, but the one I would recommend is Ion_Auth. It handles user permissions (groups) very well and I've actually done a detailed writeup outlining a good way to handle this situation with Ion_Auth.
I suggest FlexiAuth library which is a re-modified version of ion Auth, and has lot of features already built in, simply out of the box.
I've been developing a role based authentication system for Codeigniter called WolfAuth, here's the repository. It's still early days, but it sort of works. You can add roles, etc and then restrict functions and classes to particular user roles and usernames.
Use CI_aauth. I like this, this is very good from others auth.
https://github.com/kabircse/CodeIgniter-Aauth
Related
First off, I am new to Symfony, so I don't know the exact functionality of bundles like FOSUserBundle etc., as well as the terminology.
I am looking for a way to use the Symfony security component in a way that enables me to decouple a user's login credentials (say, a login name and a password, maybe the roles) from the actual user meta data (like first name, last name, groups, birth date, etc.).
The idea is that a user can login with different sets of login name/password and still be recognized as the same user (in the end that means, getting the same User object).
To me, this comes especially handy in combination with multiple authentication providers. For example, if I wanted to enable my users to login via an OAuth2 service as an alternative to logging in with their locally-hosted login name/password-combination (like StackExchange does, for instance), how would I do that?
I have read multiple pages of documentation of Symfony, e.g.:
https://symfony.com/doc/current/security.html
https://symfony.com/doc/current/security/entity_provider.html#create-your-user-entity
This latter one even says at 1) Create your User Entity, that a password is a field of User.
I have recently created just that, first I named my classes UserCredentials and UserDitails and because of the confusion of the getUser function i decided to rename UserCredentials to User. I agree with Alex Blex about the relation (manyToOne on the User side). When you decouple your login and metadata you will need to learn how to embed forms or creating your own form models, which is something I am currently working on and you might need to implement callback functions for deleting and updating entities. The more I work on my UserBundle, the more it looks like the FOSUserBundle. There is quite a bit of work of designing it to work well but it's great for learning. If you wish to inspect how the FOSUserBundle works, after you install it, you can find it in the vendor/friendsOfSymfony folder, it might provide a few answers.
how is it possible to make something like this:
Admin Creates accounts with specific username and password
then from the website the user logs in to his account and views personal account data the admin uploaded to his account.
For instance there is a client who has bought something.Then he logs in to his site account and views what he bought last week (in fact browsing specific server data)
How can that be done?With a simple script?A cms or what?
Thanks for any help!
The best answer is in google :)
Really try to search a little in google something like "user management with php" and probably you can find a huge quantity of answer.
Btw i think that to do a basic user management with php you need:
Design a database that handle user and if needed basket, and whatever you want (news, etc.).
Then the basic information you need in your database for usera management are:
Username, email, password (be sure that the password is crypted for example with md5) and the user role (admin, editor, etc).
You need to specify the user roles (i think you can use a table for it, or a file, it is only up to you to decide how roles are handled).
For track purchase of the user you must create a relation between purchases and user_id So for example you can have a table called orders where you have minimum these files item_id order_id user_id so the user can have in its dashboard a complete tracking of its history.
Then how to manage user sessions? You can use COOKIEs so if the user login succesfully you set a cookie into user browser, and then check if the cookie exist you show for example some information, if the cookie doesn't exist you show other informations.
These are the basic steps to manage users (probably many information are missing). But this is good if you want to learn something, but if you want something strong and probably more secure you can think to use a CMS and maybe only create some customization of it if needed.
You could do it with script, or cms. I think script is more suitable than cms - which would be overkill, and you would have to spend more time trying to get the cms out of the way than actually doing what you want.
The best option in my mind however is a framework. Seeing as how you have tagged your question php, I am going to recommend CakePHP. This will allow you to solve your problem quickly, by making a simple app based on user accounts, and also to be able to leverage existing codebase (including plugins like ACL for example). This approach will allow you to maintain structure, and develop/maintain your app more easily in the future.
I have to make a small website
where I have 7 type of users. which can login into system.
some of users have permissions to only add equipments and others can add/edit. some of them can only view.
There will be some common fields for all users adding equipments in system and some fields will be user specific.
I have to track all changes in equipments with user changing equipments.
Can any one explain what will be best way to do this job.
Way in the sense table structure for users and tracking changes in equipments and users tracking for both login and what changes done by them.
Am using php and mysql database.
I don't want to go for CMS,Frameworks. It's a small application.
It sounds like you are going to need a role-based access control system. Developing one is not really a trivial task, so as already suggested, finding a framework or ready-made class that does the job would be a worthwhile start.
However, there's plenty of information out there on how to create one. Here's a few links to get you started:
Stackoverflow
Role Based Access Control
Role-based access to pages in PHP (dead link)
Other sites
A Role-Based Access Control (RBAC) system for PHP
Fine Grained Role Based Access Control (RBAC) system
Patterns Tutorial Series (part 1): RBAC Domain Model
A search for PHP RBAC will no doubt reveal many more.
I am creating an web application and I at the point that i am starting to make backend choices. Now there are a lot of ways to go with this, so I am looking for some good points and back practices.
Some of the question i have involve:
Should i make a seperate table in the db for admin users
Should i extend make some classes to load the admin data and the normal data, or make seperate classes for the admin section
Where can i get some information on making different types of users
Just some best practices for a backend
My application is written in PHP with an MySQL database.
Keeping a separate table for admin users is nice, but only if those admin users aren't "regular" users as well - otherwise you'll step on your own toes trying to keep usernames/IDs unique but somewhat connected.
A couple things to consider:
Apache authentication (or Windows accounts on IIS) for admin users. Separate system entirely, but allows for overlap - a regular user can be a regular user, but they can't access any admin functionality until they authenticate through the browser. Works fine if you only have a couple specific kinds of user role (e.g. member & administrator only).
All users in one table, but with roles and permissions separate. This is the most flexible because you can get as granular as you need. For example, any user can "post comments," while an admin can "delete comments" and "ban users," but a moderator can only "suspend comments" and "mute users." As you add new features, it's simply a matter of implementing some new permissions & assigning them to the roles. Drupal's access control does this really well, worth a close look.
A good way to do it is to add a new field in the users table for 'rank' in order to differentiate between regular users and staff members, and possibly between the different staff member levels such as moderator, admin, etc. if you need it. Because an administrator should be able to perform all functions that a user can. Use
class Admin extends User { }
if you want to add additional functionality specific to staff members.
As for backend functions, that depends on how your site is set up. If you're using a framework, you can just add new functions to existing controllers and restrict access only to users with a certain rank.
For example, you might have a controller for ForumPost objects, but calling the ForumPost delete() function would require the user to be a forum moderator.
If you're not using a framework, you'll probably have to make your own pages for each backend function you need.
How can i manage user permission?
i need a fast method to manage users (accsess to a page or dont accsee to a page) when they login?
You may want a simple solution but it's not a simple question.
At one end you could have individual permissions for each page for each user. That gives you a lot of flexibility but it would be an administrative nightmare. At the other end you could give users access or not to the whole site. Not very flexible but very easy to administer and code for.
The first is fine-grained. The second is coarse-grained. The whole point of finding an authorization scheme is to define one that is as fine or coarse grained as you need to balance flexibility and administration/development.
Two common schemes that may be of interest to you:
Give each user a type in the database. When they log in put that type (eg User, Admin, Moderator) in the session and check that on each relevant page;
Give each user one or more roles (so someone could, say, be both an Admin and a Moderator or just one of them or neither). This requires a separate table (users and userroles) and putting probably an array in the session to indicate roles but is more flexible than (1). Role-based authorization is very common.
There are many, many variations upon these two and just as many alternatives. Various schemes can be combined.
This is why generic authorization libraries for me fall short because they have contrary needs of being broad enough to cover a large number of use cases and being coarse-grained enough to be useful for the individual user.
Implement an ACL system.
A group of users form a role
A user may belong to many roles
Privileges are defined in the application - example, create user, post article. etc
Add privileges to roles via admin interface
Before the page loads, check ACL. If user belongs to a role with the required privileges for the requested page, allow user to continue. Else redirect to access denied page.
It can be easily achieved using third party libraries like Zend_Acl
Choose a library you are comfortable working with. But the basic idea remains same.