Skip to content

Simple Authorization Lib

Derek Jones edited this page Jul 5, 2012 · 23 revisions

Warning - the following code is not compatible with CodeIgniter version 1.5.3 and above - it needs updating

See: Simple Authorization Library Discussion

See also: Simple Authorization Library Thread

Suppose you have such subpage: http://www.example.com/user/messages and you want this subpage to be accessible only to authorized users. Additionally, you want the unauthorized users to be redirected to some login page if they are not logged in, and you want to store the authorized user name in a cookie, so that you can display it on all the subpages of your website depending on whether the user is logged in or not.

Then you can use Authorization lib as follows:

  • specify new authorization area in the authorization.php config file
  • load the library in the methods which you want to be accessible only to authorized users: $this->load->library('authorization', 'client_area') note the second argument - it is the name of the area that you specified in the config file.

Now you can:

  • login the user to the specified area: $this->authorization->login(342, true) first argument - user ID, second - 'Remember Me'
  • check anytime if the user is logged in using $this->authorization->is_logged_in()
  • perform authorization for a specific subpage: $this->authorization->authorize() if the user is not logged in, he will be redirected to the login page specified in the config file
  • save some user's data to the authorization cookies like this: $this->authorization->set_userdata_item('first_name, 'Bart')
  • retrieve user's data from authorization cookies like this: $this->authorization->get_userdata_item('first_name')

Library class file - Authorization.php:

<?php

class Authorization
{

var $obj;
var $area;
var $auth_cookie_name;
var $remember_cookie_name;
var $userdata_cookie_name;
var $remembered_cookie_lifetime;
var $login_page;
var $control_string;
    

/**
 * Constructor
 *
 * @access  public
 * @param   string  name of the area
*/  
function Authorization($area)
{ 
    $this->obj =& get_instance();
        
    $this->area = $area;
    $config = $this->obj->config->item($area);
        
    $this->auth_cookie_name = md5($config['auth_cookie_name']);
    $this->remember_cookie_name = md5($config['remember_cookie_name']);
    $this->userdata_cookie_name = md5($config['userdata_cookie_name']);
    $this->remembered_cookie_lifetime = $config['remembered_cookie_lifetime'];
    $this->login_page = $config['login_page'];
    $this->control_string = $config['control_string'];
}
    

/**
 * Login user
 *
 * If the 'remember me' functionality is used 
 * the lifetimes of the authorization cookies will be extended.
 *
 * @access  public
 * @param   string  ID of the user
 * @param   bool    true - use the 'remember me' functionality / 
 *                  false - do not use the 'remember me' functionality
 */        
function login($auth_id, $remember = false)
{
    $encoded_auth_cookie = $this->obj->encrypt->encode($this->control_string . $auth_id);
        
    if ($remember)
    {
        set_cookie($this->auth_cookie_name, $encoded_auth_cookie, 
            $this->remembered_cookie_lifetime, 
            $this->obj->config->item('cookie_domain'));        
        set_cookie($this->remember_cookie_name, 
            $this->obj->encrypt->encode($this->control_string), 
            $this->remembered_cookie_lifetime, 
            $this->obj->config->item('cookie_domain'));
        if (false !== ($encoded_userdata = $this->get_encoded_userdata()))
        {
            set_cookie($this->userdata_cookie_name, $encoded_userdata,  
                $this->remembered_cookie_lifetime, 
                $this->obj->config->item('cookie_domain'));
        }
    }
    else 
    {
        set_cookie($this->auth_cookie_name,$encoded_auth_cookie, 
            $this->obj->config->item('sess_expiration'), 
            $this->obj->config->item('cookie_domain'));
        if (false !== ($encoded_userdata = $this->get_encoded_userdata()))
        {
            set_cookie($this->userdata_cookie_name,$encoded_userdata,
                $this->obj->config->item('sess_expiration'), 
                $this->obj->config->item('cookie_domain'));
        }                
        delete_cookie($this->remember_cookie_name, 
            $this->obj->config->item('cookie_domain'));    
    }
}


/**
 * Logout user
 *
 * @access  public
 */        
function logout()
{
    delete_cookie($this->auth_cookie_name, $this->obj->config->item('cookie_domain'));
    delete_cookie($this->remember_cookie_name, 
        $this->obj->config->item('cookie_domain'));
    delete_cookie($this->userdata_cookie_name, 
        $this->obj->config->item('cookie_domain'));
}


/**
 * Check if the user is logged in
 *
 * @access  public
 * @return  bool    true - user is logged in / false - user is not logged in
 */        
function is_logged_in()
{        
    if (!($auth_cookie = get_cookie($this->auth_cookie_name, true)))
    {
        return false;
    }
    if (!$this->verify_encoded_cookie($auth_cookie))
    {
        return false;
    }
    return true;
}
    
    
/**
 * Verify some encoded cookie's content
 *
 * @access  public
 * @param   string  encoded content of the cookie to be verified
 * @return  bool    true - the content is correct / false - the content is not correct
 */        
function verify_encoded_cookie($encoded_cookie)
{
    $decoded_cookie = $this->obj->encrypt->decode($encoded_cookie);
    if (!preg_match('/^' . $this->control_string . '/', $decoded_cookie))
    {
        return false;
     }
     return true;        
}
    
    
/**
 * Verify some decoded cookie's content
 *
 * @access  public
 * @param   string  decoded content of the cookie to be verified
 * @return  bool    true - the content is correct / false - the content is not correct
 */            
function verify_decoded_cookie($decoded_cookie)
{
    if (!preg_match('/^' . $this->control_string . '/', $decoded_cookie))
    {
        return false;
    }
    return true;        
}    
    
    
/**
 * Get the authorization ID
 *
 * @access  public
 * @return  string  the authorization ID of the user who is currently logged in
 */            
function get_auth_id()
{
    $decoded_cookie = $this->obj->encrypt->decode(
        get_cookie($this->auth_cookie_name, true));
    return str_replace($this->control_string, '', $decoded_cookie);
}    

    
/**
 * Authorize the user
 * 
 * If the user which is being authorized is not logged in, 
 * he will be redirected to the login page specified
 * in the authorization.php config file.
 *
 * @access  public
 */            
function authorize()
{
    if (!$this->is_logged_in())
    {
        redirect($this->login_page);
    }
        
    /* extend cookies' lifetimes */
    if (get_cookie($this->remember_cookie_name, true))
    {
        $this->login($this->get_auth_id(), true);
    }
    else 
    {
        $this->login($this->get_auth_id(), false);
    }
}
    
    
/**
 * Get the userdata array
 *
 * @access  public
 * @return  mixed   array - decoded userdata array / 
 *                  false - if the userdata does not exist or when it is incorrect
 */        
function get_decoded_userdata()
{
    if (!($encoded_userdata = get_cookie($this->userdata_cookie_name, true)))
    {
        return false;
    }
    $decoded_userdata = $this->obj->encrypt->decode($encoded_userdata);
    if (!($this->verify_decoded_cookie($decoded_userdata)))
    {
        return false;
    }
        
    return unserialize(str_replace($this->control_string, '', $decoded_userdata));
}    
    
    
/**
 * Get the userdata array
 *
 * @access  public  
 * @param   bool    true - verify the userdata cookie's content / 
 *                  false - do not verify the userdata cookie's content
 * @return  mixed   array - encoded userdata array / 
 *                  false - if the userdata does not exist or when it is incorrect
 */        
function get_encoded_userdata($verify = false)
{
    if (!($encoded_userdata = get_cookie($this->userdata_cookie_name, true)))
    {
        return false;
    }
        
    if ($verify)
    {
        if (!($this->verify_encoded_cookie($encoded_userdata)))
        {
            return false;
        }
    }
        
    return $encoded_userdata;
}        
    
    
/**
 * Get an item from the userdata array
 *
 * @access  public  
 * @param   string  the key of the item in the userdata array
 * @return  mixed   string - the value of the item / 
 *                  false - if the userdata array is incorrect or when 
 *                          the specified item does not exist
 */        
function get_userdata_item($key)
{
    $userdata = $this->get_decoded_userdata();
    if ((false !== $userdata) && isset($userdata[$key]))
    {
        return $userdata[$key];
    }
    return false;
}    

    
/**
 * Set an item in the userdata array
 *
 * @access  public  
 * @param   string  the key of the item
 * @param   string  the value of the item
 * @param   bool    true - use the 'remember me' functionality / 
 *                  false - do not use the 'remember me' functionality
 */        
function set_userdata_item($key, $value, $remember = false)
{
    if (false === ($decoded_userdata = $this->get_decoded_userdata()))
    {
        $decoded_userdata = array();
    }
        
    $decoded_userdata[$key] = $value;
    $encoded_userdata = $this->obj->encrypt->encode(
        $this->control_string . serialize(($decoded_userdata)));
    if (get_cookie($this->remember_cookie_name, true) || $remember)
    {
         set_cookie($this->userdata_cookie_name, $encoded_userdata, 
             $this->remembered_cookie_lifetime, 
             $this->obj->config->item('cookie_domain'));
    }
    else 
    {
        set_cookie($this->userdata_cookie_name, $encoded_userdata, 
            $this->obj->config->item('sess_expiration'), 
            $this->obj->config->item('cookie_domain'));
    }
}

}

?>

Library config file - authorization.php:

<?php

$obj =& get_instance();

/*
|--------------------------------------------------------------------------
| Authorization ID Cookie Name
|--------------------------------------------------------------------------
|
| Name of the cookie that stores the ID of the authorized user 
| (e.g. e-mail, some ID from DB, etc.).
| This name is later hashed using MD5 function.
|
*/
$config['client_area']['auth_cookie_name'] = 'auth_client';

/*
|--------------------------------------------------------------------------
| Remember Me Cookie Name
|--------------------------------------------------------------------------
|
| Name of the cookie that stores the information about the 'Remember Me' functionality.
| This name is later hashed using MD5 function.
|
*/
$config['client_area']['remember_cookie_name'] = 'remember_client';

/*
|--------------------------------------------------------------------------
| Userdata Cookie Name
|--------------------------------------------------------------------------
|
| Name of the cookie that stores some user defined data, 
| e.g. first name, nick or e-mail of the authorized user.
| This name is later hashed using MD5 function.
|
*/
$config['client_area']['userdata_cookie_name'] = 'userdata_client';

/*
|--------------------------------------------------------------------------
| Cookie Lifetime
|--------------------------------------------------------------------------
|
| Lifetime of the cookies (in seconds) if the 'Remember Me' functionality is used.
|
*/
$config['client_area']['remembered_cookie_lifetime'] = 365 * 24 * 60 * 60; /* 1 year */

/*
|--------------------------------------------------------------------------
| Login Page
|--------------------------------------------------------------------------
|
| The relative (to the Base Site URL) path to the login page.
|
*/
$config['client_area']['login_page'] = 'login';

/*
|--------------------------------------------------------------------------
| Control String
|--------------------------------------------------------------------------
|
| Control string used in verification of the data stored in authorization cookies. 
|
*/
$config['client_area']['control_string'] = 'control_string_client';


$config['admin_area']['auth_cookie_name'] = 'auth_admin';
$config['admin_area']['remember_cookie_name'] = 'remember_admin';
$config['admin_area']['userdata_cookie_name'] = 'userdata_admin';
$config['admin_area']['remembered_cookie_lifetime'] = 365 * 24 * 60 * 60; /* 1 year */
$config['admin_area']['login_page'] = 'admin/login';
$config['admin_area']['control_string'] = 'control_string_admin';

?>

Init Library file - init_authorization.php:

<?php

$obj =& get_instance();
$obj->load->library('encrypt');
$obj->load->helper('cookie');
$obj->load->helper('url');

if (!class_exists('Authorization'))
{
    $obj->load->config('authorization');
    require_once(BASEPATH . 'libraries/Authorization' . EXT);        
}


$obj->authorization = new Authorization($params);
$obj->ci_is_loaded[] = 'authorization';

?>

Category:Libraries::Authentication Category:Libraries::Authorization

Clone this wiki locally