Quick Start Guide¶
Get Daycry Auth running in your CodeIgniter 4 application in a few minutes.
Requirements¶
- PHP 8.2 or higher
- CodeIgniter 4.4 or higher
- Composer
Installation¶
1. Install via Composer¶
2. Run Migrations¶
Creates all the required database tables:
3. Publish Configuration¶
Copies configuration files and basic route setup to your application:
Basic Configuration¶
Open app/Config/Auth.php (created by auth:setup):
<?php
namespace Config;
use Daycry\Auth\Config\Auth as BaseAuth;
class Auth extends BaseAuth
{
// Allow new user registration
public bool $allowRegistration = true;
// Default group assigned to every new user
public string $defaultGroup = 'user';
// Login with email (add 'username' to also allow username login)
public array $validFields = ['email'];
// Where to redirect after login/logout
public array $redirects = [
'register' => '/',
'login' => '/dashboard',
'logout' => 'login',
];
}
Filters¶
You do not need to register the auth filter aliases manually — they are
auto-registered by the package's Registrar (Daycry\Auth\Config\Registrar::Filters())
as soon as the package is installed. The available aliases are:
| Alias | Purpose |
|---|---|
auth |
Authenticate using the default authenticator (or one passed as an argument). |
basic-auth |
HTTP Basic authentication. |
chain |
Try each authenticator in $authenticationChain order. |
group |
Require group membership, e.g. group:admin,editor. |
permission |
Require a permission, e.g. permission:users.edit. |
gate |
Authorize via a Gate ability/policy. |
rates |
Per-IP/user rate limiting (e.g. rates:50,MINUTE). |
force-reset |
Force a password change. |
token-scope |
Require an access-token scope. |
password-age / password-confirm |
Password-age / re-confirmation gates. |
To require a specific authenticator, pass it as an argument to the auth
filter rather than using a per-authenticator alias:
// Session, Access Token, or JWT — selected via the filter argument:
$routes->group('app', ['filter' => 'auth:session'], static fn ($routes) => /* ... */);
$routes->group('api', ['filter' => 'auth:access_token'], static fn ($routes) => /* ... */);
$routes->group('jwt', ['filter' => 'auth:jwt'], static fn ($routes) => /* ... */);
With no argument, auth uses Config\Auth::$defaultAuthenticator.
Set Up Routes¶
In app/Config/Routes.php:
// Public auth routes
$routes->group('auth', ['namespace' => 'Daycry\Auth\Controllers'], static function ($routes) {
$routes->get('login', 'LoginController::loginView', ['as' => 'login']);
$routes->post('login', 'LoginController::loginAction');
$routes->get('register', 'RegisterController::registerView', ['as' => 'register']);
$routes->post('register','RegisterController::registerAction');
$routes->get('logout', 'LoginController::logoutAction', ['as' => 'logout']);
// Password reset
$routes->get('password-reset', 'PasswordResetController::requestView', ['as' => 'password-reset']);
$routes->post('password-reset', 'PasswordResetController::requestAction');
$routes->get('password-reset/message', 'PasswordResetController::messageView', ['as' => 'password-reset-message']);
$routes->get('password-reset/(:any)', 'PasswordResetController::resetView');
$routes->post('password-reset/(:any)', 'PasswordResetController::resetAction');
});
// Protected routes — must be logged in
$routes->group('dashboard', ['filter' => 'auth:session'], static function ($routes) {
$routes->get('/', 'Dashboard::index');
$routes->get('profile', 'Dashboard::profile');
});
// Admin routes — must be logged in AND in the 'admin' group
$routes->group('admin', ['filter' => 'auth:session,group:admin'], static function ($routes) {
$routes->get('/', 'Admin::index');
$routes->get('users', 'Admin::users');
});
Your First Protected Controller¶
<?php
namespace App\Controllers;
use Daycry\Auth\Controllers\BaseAuthController;
use CodeIgniter\HTTP\ResponseInterface;
class Dashboard extends BaseAuthController
{
// Required by BaseAuthController
protected function getValidationRules(): array
{
return [];
}
public function index(): ResponseInterface
{
$user = auth()->user();
$content = $this->view('dashboard/index', [
'user' => $user,
'title' => 'Dashboard',
]);
return $this->response->setBody($content);
}
}
Authentication Helpers¶
// Is the user logged in?
if (auth()->loggedIn()) { ... }
// Get the current user
$user = auth()->user();
echo $user->email;
// Check a permission
if ($user->can('posts.create')) { ... }
// Check group membership
if ($user->inGroup('admin')) { ... }
// Manual login attempt
$result = auth()->attempt([
'email' => 'user@example.com',
'password' => 'secret',
]);
if ($result->isOK()) {
return redirect()->to('/dashboard');
}
// Logout
auth()->logout();
return redirect()->route('login');
What's Working Now¶
After following these steps, your application has:
| Page | URL | Who can access |
|---|---|---|
| Login | /auth/login |
Everyone |
| Register | /auth/register |
Everyone |
| Forgot password | /auth/password-reset |
Everyone |
| Dashboard | /dashboard |
Authenticated users only |
| Admin | /admin |
admin group only |
Next Steps¶
- Configuration — Customize passwords, 2FA, JWT, lockout settings
- Filters — Add rate limiting, force-reset, permission-based access
- Authorization — Create groups and permissions
- TOTP Two-Factor Auth — Add authenticator app 2FA
- OAuth / Social Login — Google, GitHub, Microsoft login
- Device Sessions — Track and manage logins per device
Troubleshooting¶
- Migrations failed: Check your database configuration in
app/Config/Database.php - Routes 404: Verify the namespace and controller names
- Filters not working: The auth aliases auto-register via the package
Registrar; if you replacedapp/Config/Filters.phpwholesale, make sure you didn't drop the framework'sRegistrardiscovery. Select an authenticator withauth:session/auth:access_token/auth:jwt(there is no baresession/tokens/jwtalias). - Check migration status:
php spark migrate:status - Check logs:
writable/logs/