Warden

Warden is a user database auth package for the FuelPHP framework that aims to fast track development by handling the work load of authenticating and authorizing user's. Built for performance, it comes with ready-to-use models and database install tasks.

Features

• Secure BCrypt password hashing and protection against brute force attacks.
• User login/logout with "remember-me" functionality.
• HTTP Authentication.
• User ACL (roles / groups, and permissions).
• User "friendships" and profiles.
• Track information about user sign ins.
• User account password resets.
• User activation by email.
• User account locking.
• OAuth support.
• And many more!

Why use BCrypt?

• How To Safely Store A Password
• Use BCrypt Fool!
• Why You Should Use Bcrypt to Hash Stored Passwords
• Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes
• No. Use Bcrypt. Always

Installation

Dependencies

Required Packages:

• Orm
• Email

Optional:

• Fuel NinjAuth for oAuth feature (use the Warden adapter).

Download

This package follows standard installation rules.

Download Warden into your FuelPHP's packages directory.

Or

git clone -b master https://github.com/dre1080/warden.git warden

Then autoload the package in your app/config.php file.

'always_load' => array(
  'packages'  => array(
    array('warden')
  ),
)

After adding warden to your fuelphp packages stack, have a look at the warden config file to setup warden configs before adding the required tables.

Adding required tables to your database

There are two ways to add the Warden tables:

1) SQL File in warden/config/install.sql

2) Oil Task

php oil r warden help

To get a list of supported commands.

Once done, don't forget to create your roles and permissions in the roles and permissions tables, respectively; in order to be able to assign roles and permissions to users.

Usage

Check for validated login:

if (Warden::check()) {
  echo "I'm logged in :D";
} else {
  echo "Failed, I'm NOT logged in :(";
}

Getting the currently logged in user:

if (Warden::check()) {
  $current_user = Warden::current_user();
  echo $current_user->username;
}

Explicitly setting the current user:

if (($user = Model_User::find(1))) {
  Warden::set_user($user);
}

Checking for a specific role:

if (Warden::logged_in('admin')) {
  echo "Current user logged in as an admin";
}

$user = Model_User::find(2);
if (Warden::has_access(array('editor', 'moderator'), $user)) {
  echo "Hey, editor - moderator";
} else {
  echo "Fail!";
}

Checking the current user has permission for a resource:

if (Warden::can('create', 'Article')) {
  // do something
} else {
  Response::redirect('/403');
}

or the inverse:

if (Warden::cannot('create', 'Article')) {
  Response::redirect('/403');
}

It also accepts array arguments to check for multiple permissions for actions/resources:

if (Warden::can(array('destroy', 'create'), array('Project', 'Task'))) {
  // do something
}

Or if you want to throw an exception, use Warden::authorize:

try {
  Warden::authorize('create', 'Article');
} catch (\Warden\AccessDenied $ex) {
  die($ex->getMessage());
}

Log in a user by using a username or email and plain-text password:

if (Input::method() === 'POST') {
  if (Warden::authenticate(Input::post('username_or_email'), Input::post('password'))) {
    Session::set_flash('success', 'Logged in successfully');
  } else {
    Session::set_flash('error', 'Username or password invalid');
  }

  Response::redirect();
}

Log in a user using a http based authentication method:

if (($user_array = Warden::http_authenticate())) {
  echo "Welcome {$user_array['username']}";
}

Log out a user by removing the related session variables:

if (Warden::logout()) {
  echo "I'm logged out";
}

Resetting a user's password

// Sending the password token
if (($user = Model_User::find('first', array('where' => array('email' => 'myemail@warden.net'))))) {
  try {
    $user->send_reset_password_instructions();
  } catch (Exception $ex) {
    echo sprintf('Oops, something went wrong: %s', $ex->getMessage());
  }
}

// Resetting the password
try {
  if (($user = Model_User::reset_password_by_token(\Input::get('reset_password_token'), 'new_password'))) {
    echo 'Success!';
  } else {
    echo 'Not a valid user';
  }
} catch (Exception $ex) {
  // something went wrong
  echo sprintf('Oops, something went wrong: %s', $ex->getMessage());
}

Callbacks

after_set_user, after_authentication, before_logout, after_authorization

Warden::before_logout(function($user) {
  logger(\Fuel::L_INFO, 'User '.$user->id.' logging out', 'Warden::before_logout');
});

More examples are in the doc comments for each method.

Fuel-Administrator

For an example of how to use warden as an administrative interface to manage users, roles etc. Please see Fuel-Administrator by @webstone

Contributors

Creator and lead developer: Andrew Wayne (ando) @dre1080.

Special thanks to:

• @craighooghiem
• @jesseobrien
• @Tenga
• @rclanan
• @aranw
• @andreoav
• @PrimozRome
• @webstone

for contributing code, ideas and testing early versions.

Thanks also to the @fuel dev team + many who have contributed code, ideas and issues.