Step 3 – Securing the admin area with Ion Auth library – first, the settings

Created at: January 30, 2015; Last update: February 4, 2015

We’ve created an admin area that looks nice. But… It is not secured. Everyone can get in there and do whatever he/she wants. So why not using a well established CodeIgniter library like Ion Auth which has great documentation?

So let’s download it from Github (https://github.com/benedmunds/CodeIgniter-Ion-Auth).

After we’ve downloaded it, we should just copy the files from the package to the corresponding directory in our application.

  • copy ion_auth.php from Ion_Auth’s config to your application/config/development
  • copy auth.php from Ion_Auth’s controllers to your application/controllers/admin (make sure the name of the file starts with uppercase)
  • from language, copy your language directory‘s files into application/language/yourlanguage (where yourlanguage is your language)
  • from Ion Auth’s libraries directory copy the files into your application/libraries directory
  • from Ion Auth’s models copy ion_auth_model.php inside your application/models directory making sure the file name starts with uppercase (Ion_auth_model.php)
  • from Ion Auth’s views directory copy the folder auth inside your application/views directory.

Of course, the library uses databases to keep its information, so let’s import into our database the ion_auth.sql file that can be found inside Ion Auth’s sql directory.

If the import went ok, you should have 4 new tables into your database: groups, login_attempts, users and users_groups

Also, some tables should be prepopulated with the first records. In our next tutorial we will create our login and logout pages.

7 thoughts on “Step 3 – Securing the admin area with Ion Auth library – first, the settings

  1. Wouter

    Great tutorial! What would you do if you need extra fields in the Users table? I’ve done that for my website, and it required quite a lot of work to establish that. I had to modify the database table, several methods in the controller and also the views. If there is an update for Ion Auth in the future, I can start all over again. Is there a way to avoid that?

    Reply
    1. avenirer Post author

      Hello, and thank you for following my tutorials. Your question assumes that the controllers and the views belong to the Ion Auth library. This isn’t true. The only thing you’d have to worry when working with Ion Auth is the library (located in libraries directory) and the model. I actually only use the Ion Auth library for authentication and group administration. I don’t think that an upgrade of the library will be so drastic as to change the tables in it, so you can at any time add new fields to it. The library won’t mind as long as you keep what it needs to work with the authentication and groups. The controller and the views are actually yours, not Ion Auth’s. So you can change them any way you like it. Also, if you want to have huge modifications made to the library, the library allows you to use hooks (http://benedmunds.com/ion_auth/#set_hook) which, intervene in the workflow of the way the library works in every important point. Never tried it, but I am sure Ben Edmunds and the great contributors to the library did a good job there too.

      Reply
  2. Leon

    Hi, I’ve just finished the whole tutorial (and did my own customisations) and was wondering if you think it’s better to put all the authentication controller methods into one controller (like the Ion Auth demo controller has done), or split the app’s authorisation controllers into categories like…
    login, user (allows user to edit their own data), users (allows admin to create edit other users), reset_password, forgot_password, activate_account…etc.
    If I put everything into one controller and then pull them out as needed, does it require more system resources (memory?) to do it this way?

    Thanks 🙂

    Reply
    1. avenirer Post author

      I would rather do it in more controllers. This way I would get more organized, even if that means “too many files”. And no, this won’t require more system resources.

      Reply
  3. Ivan

    Hi avenirer, thanks very much for these tutorials, they are awesome.

    I have a problem, I got ion_auth basics working (login, logout and that stuff) in my local server, but when I upload it to my production server I just get a blank page on every auth/whatever page.

    Any idea of what could be the problem? It seems the problem comes from loading the library with this line:
    $this->load->library(array(‘ion_auth’,’form_validation’));

    I’m new with CodeIgniter so I can’t find out where’s the problem. I’d appreciate any help.

    Thanks again.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

No spam? * Time limit is exhausted. Please reload CAPTCHA.