At first I looked for ways that I might be able to at least run checks on pages to see if a user is logged in or not. It turns out that’s not terribly difficult (once you figure out how to do it). You need to create your own authentication controller for use with pages where you want to check if the user is logged in. Cool, that works. I could throw the log in/log out functionality in easily enough, but resetting passwords and validating email addresses would be a whole different matter.

That’s when I decided that I should start looking for a user-contributed authentication library. The CodeIgniter Wiki has a nice list of them. As I started looking through them and all their various features I realized I should come up with a list of the features that I needed to have. Here’s what I was looking for in a library:

• Good coding practices
• Good documentation
• Small number of files
• Database implementation that’s not complex
• Login using username or email address
• Emails for lost passwords
• Automatic login
• Hashing of passwords
• Maximum number of failed login attempts
• Emails for activation (nice to have)
• reCAPTCHA support (nice to have)

Not too harsh, right? Unfortunately most of the libraries ended up being too large, too simple, or completely lacking in documentation. It was hard to find a library that fit somewhere in the middle. I did find one library that might meet all of my requirements, and if not, it’s awfully close: Redux 2 (beta). It has all of the functionality I want, it doesn’t contain a crazy number of files, the database is simple and well thought out, there’s a complete sample application that makes use of the library, and more. I’m going to give it a try and comment in my next post on how well it works.

I should also mention in the course of my search I came across an excellent post on Stack Overflow regarding authentication libraries for CodeIgniter. There’s a lot of great discussion on that page and Redux was also listed there as being one of the better solutions available.