php user authentication libraries / frameworks ... what are the options?

Question

I am using PHP and the codeigniter framework for a project I am working on, and require a user login/authentication system.

For now I'd rather not use SSL (might be overkill and the fact that I am using shared hosting discourages this). I have considered using openID but decided that since my target audience is generally not technical, it might scare users away (not to mention that it requires mirroring of login information etc.). I know that I could write a hash based authentication (such as sha1) since there is no sensitive data being passed (I'd compare the level of sensitivity to that of stackoverflow).

That being said, before making a custom solution, it would be nice to know if there are any good libraries or packages out there that you have used to provide semi-secure authentication? I am new to codeigniter, but something that integrates well with it would be preferable. Any ideas? (i'm open to criticism on my approach and open to suggestions as to why I might be crazy not to just use ssl). Thanks in advance.

Update: I've looked into some of the suggestions. I am curious to try out zend-auth since it seems well supported and well built. Does anyone have experience with using zend-auth in codeigniter (is it too bulky?) and do you have a good reference on integrating it with CI? I do not need any complex authentication schemes..just a simple login/logout/password-management authorization system.

Also, dx_auth seems interesting as well, however I am worried that it is too buggy. Has anybody else had success with this?

I realized that I would also like to manage guest users (i.e. users that do not login/register) in a similar way to stackoverflow..so any suggestions that have this functionality would be great

Answer 1

check the answer: http://stackoverflow.com/questions/1106604/framework-for-administrating-users/1116855#1116855

Answer 2

I use Zend_Auth. But I work with Zend Framework in general. To what I've heard it integrates well with CI. With Zend_Auth I use a Db_Table Adapter and SHA1 with a global salt. That's enough for many purposes I think.

Answer 3

I've found dx_auth to be quite good in Codeigniter, and have used it before. It is certainly the most full featured authentication library for Codeigniter.

There were a few things i needed to do to change it, so I extended their User class with a few functions for my purposes (some of their functions don't do exactly what you might expect..). Here is a segment of some of the customizations I made:

     $CI = &get_instance();
     $CI->load->model("dx_auth/users");
     /**
     * For most things, try and use the dx_auth models, 
     * because it's already done, and some stuff is more 
     * annoying to figure out than might be expected.
     *
     * For anything site-specific, use this model instead.
     *
     */

     class UserModel extends Users {
        /**
        * Sometimes when dx_auth sucks, you have to compensate 
        * functions that return useful results.
        *
        * @param int $id id of user to check if banned
        * @return int $banned returns the result (0 or 1)
        */
       function is_banned($id) {
            $query = "SELECT banned FROM users WHERE id=".(int)$id;
            $result=$this->db->query($query);
            $row = $result->row_array();
            return $row['banned'];
       }


    }

Answer 4

Looks like this could be exactly what you're looking for, if you want to get zend-auth working in codeigniter. Please update your question again if you find zend-auth & codeigniter to be a good mix..

I've personally found hacking dx_auth to be quite a pain, especially for its lack of documentation, and I'd love to give something else a shot if it sounds promising.

Answer 5

there's also PEAR's auth component