On the (perhaps) not so good side, the majority of that time has been spent implementing pagination on the search results page. You would think this would be incredibly easy considering that CodeIgniter has a Pagination class. It shouldn’t take me approximately 8 hours, right? Well, apparently it does when you’re trying to use AJAX to handle your pagination. I was even perfectly willing to accept a complete hack for a solution, but alas, anything I tried to do to cobble together a fix for one issue only introduced another issue somewhere else.

Eventually jQuery came to my rescue. In the configuration for Pagination I set the base_url to ” (an empty string) so that the href on the pagination links would contain only the number for the search results. Then I set up jQuery to find all of the anchor links in my paging div, stop the normal link function, and call my function to load in the search results. The jQuery code came out like this:

$(document).ready(function(){
  $("div.paging > a").click(function(e){
    // stop normal link click
    e.preventDefault();

    $('div#search_results').load("/search/get_results/"+$(this).attr("href"));
  });
});

This is still something of a hack as I’m basically creating fake href values for the anchor tags, but whatever, it works! I can come back later and fix it. At this point hacks are okay. Speed is much more valuable than perfectly elegant code as I want to find out if my idea is solid before investing oodles of time in it.

$this->form_validation->set_rules( 'username', 'Username',
  'trim|required|callback_username_check' );

And then create a matching function like this:

function username_check( $username )
{
  // some code
}
?>

However, as this is currently implemented someone could access your function as a page at a URL like example.com/index.php/login/username_check/ if they guessed the function name. While that may not have any ill side-effects, it’s probably just as well if no one can access the function besides you.

In come private functions for controllers, which allow you to create a function like this:

function _utility()
{
  // some code
}

And if you try to access the function via a URL, like example.com/index.php/login/_utility/, you’ll get a 404 (page not found).

You probably see where I’m going with this. If you create your callbacks as private functions, no one will be able to access the callbacks as pages. It’s quite simple to do. You add an underscore before your callback function name:

function _username_check( $username )
{
  $valid_username = TRUE; // You would perform some kind of check on the field here

  if ($valid_username == FALSE)
  {
    $this->form_validation->set_message('_username_check', 'The username you have provided is not valid.');
    return FALSE;
  }
  else
  {
    return TRUE;
  }
}

And then add an underscore in your callback rule (note the two underscores after callback):

$this->form_validation->set_rules( 'username', 'Username',
  'trim|required|callback__username_check' );

Done!

At first I looked for ways that I might be able to at least run checks on pages to see if a user is logged in or not. It turns out that’s not terribly difficult (once you figure out how to do it). You need to create your own authentication controller for use with pages where you want to check if the user is logged in. Cool, that works. I could throw the log in/log out functionality in easily enough, but resetting passwords and validating email addresses would be a whole different matter.

That’s when I decided that I should start looking for a user-contributed authentication library. The CodeIgniter Wiki has a nice list of them. As I started looking through them and all their various features I realized I should come up with a list of the features that I needed to have. Here’s what I was looking for in a library:

• Good coding practices
• Good documentation
• Small number of files
• Database implementation that’s not complex
• Login using username or email address
• Emails for lost passwords
• Automatic login
• Hashing of passwords
• Maximum number of failed login attempts
• Emails for activation (nice to have)
• reCAPTCHA support (nice to have)

Not too harsh, right? Unfortunately most of the libraries ended up being too large, too simple, or completely lacking in documentation. It was hard to find a library that fit somewhere in the middle. I did find one library that might meet all of my requirements, and if not, it’s awfully close: Redux 2 (beta). It has all of the functionality I want, it doesn’t contain a crazy number of files, the database is simple and well thought out, there’s a complete sample application that makes use of the library, and more. I’m going to give it a try and comment in my next post on how well it works.

I should also mention in the course of my search I came across an excellent post on Stack Overflow regarding authentication libraries for CodeIgniter. There’s a lot of great discussion on that page and Redux was also listed there as being one of the better solutions available.