pc_user

pc_user is a lightweight authentication library for CodeIgniter. It focuses on simplicity and security. Using the library, you are able to create users, make them log in and out and use secure user hashes for table relations. Logins can be restricted by a maximum number of login retries, it is possible to log in using a cookie and it is possible to use both email and username as login-identifier. Also, user-authentication by email is supported, and the library will give you proper error codes, which you can handle the way you want.

The library uses the cookie helper and the session library from the CodeIgniter framework. Please read below to get an overview of the features the library supports. The library is licensed as the CodeIgniter framework, making it possible to use it for free for all purposes.

Please contact me if you discover any bugs in the library, or if you have any suggestions for improvements.

Features:

• Creation of users:
  • Possibility to require user activation via email
• Login:
  • Traditional, using form
  • By cookie
  • Possibility to use either email or username as login-identifier
  • Possibility to restrict the number of failed logins within a time-period
• Logout
• Hash-identifier for each user. Makes it possible to hide the direct relations from users to other objects.
• Retrieval of user from login-identifier or user id

Requirements:

• Uses the CodeIgniter framework (1.5+), relies on the following parts of the framework:
  • Cookie Helper
  • Session Library
  • Database Library
• A database table – the required layout is in the .sql file distributed with the library

Download:

The current version is 1.1 – it was released on April 19, 2009.
The library (recommended): pc_user-1.1.zip
The library and a testsuite: pc_user-1.1-suite.zip

Usage:

$this->load->library('pc_user') Load the user library – required, if you want to use the user library in the current method. Can also be done using autoloading. This will initialize the library.

$this->pc_user->getError() Get the error caused by the most recent method used. Returns false if all methods were successful. In the following, the possible errors cast by this function is listed for each method as “Possible errors”

$this->pc_user->create($username, $email, $password, $status=1)Create a user with the minimum data required. The $status parameter makes it possible to create users with special status – it can be used for access levels (i.e. 1 for normal users, 2 for admin users). If the $requireEmail settings is false, $email can be set to false. If the $requireActivation setting is true, an activation-hash is set in the database. Returns true if successful, false otherwise.

Possible errors:
USERNAME_EMPTY
PASSWORD_EMPTY
EMAIL_EMPTY
USERNAME_EXISTS
EMAIL_EXISTS

$this->pc_user->login($identify, $password, $status=FALSE, $setCookie=FALSE)Log the user in with an identifier and a password, the optional parameter $setcookie makes it possible to set a login cookie for future automatic login. The identifier must be either a username or email – depending on the $mode option. The parameter $status is the minimum status required to be able to log in. Returns true if successful, false otherwise.

Possible errors:
TOO_MANY_RETRIES
PASSWORD_INCORRECT
TOO_LOW_STATUS
IDENTIFY_EMPTY
USER_NOT_FOUND
USER_NOT_ACTIVE

$this->pc_user->login_bycookie($status=FALSE)Log the user in, using a previously made cookie. The optional $status parameter is the minimum status required for the login to be successful. If the user is logged in using a cookie, a special flag is set (can be checked using isLoggedByCookie()). Returns true if successful, false otherwise.

Possible errors:
NO_COOKIE_SET
CORRUPT_COOKIE
TOO_LOW_STATUS

$this->pc_user->activate($identify, $act_hash)Set a user as active if the activation hash in $act_hash is equal to the activation hash made when the user was created. The parameter $identify is defined as in the login() method. Returns true if successful, false otherwise.

Possible errors:
ACTIVATION_CODE_INCORRECT
IDENTIFY_EMPTY
USER_NOT_FOUND

$this->pc_user->logout()Log the user out

$this->pc_user->isLogged()Returns true if the user is logged in, false otherwise

$this->pc_user->isLoggedByCookie()Returns true if the user is logged in using a cookie, false otherwise

$this->pc_user->exists($field, $data)Check if a record exists in the database. Checks a fieldname with a value. Usable in checking if a username is taken (ie: exists(‘username’, ‘JohnDoe’))

$this->pc_user->get($identify, $returnPass=FALSE, $requireActive=TRUE)Get user data from an identifier (the identifier must correspond to the login mode as above). The $returnPass parameter decides if the password hash should be returned (this is not recommended). If the $requireActive parameter is true, the user will only be returned if the user is active. Returns true if the user exists, false otherwise.

Possible errors:
IDENTIFY_EMPTY
USER_NOT_FOUND
USER_NOT_ACTIVE

$this->pc_user->getFromId($user_id, $returnPass=FALSE, $requireActive=TRUE)Same as $this->pc_user->get above – but the function will get a user based on the user id instead.

Possible errors:
USER_ID_EMPTY
USER_ID_DO_NOT_EXIST
USER_NOT_ACTIVE

$this->pc_user->getUserId()Returns the id of the user logged in.

$this->pc_user->getUserHash()Returns the unique user hash of the user logged in. The hash is generated on login-time, and is not stored as a reference in the user table. This makes it usable in hiding what other tables the user has a reference to.

$this->pc_user->getStatus()Returns the status of the user logged in.

$this->pc_user->getActHash()Returns the activation hash of the user logged in.

$this->pc_user->getData()Returns the data of the user logged in (as an array).

$this->pc_user->getActHash()Returns the activation hash of the user logged in.