Ircham Ali

Ircham Ali

Informatics Lecturer and PhD Student in Information Systems

CodeIgniter4: Login and Registration with Myth/Auth

3 minute read

Published:

Login and registration features are a crucial foundation for web applications because they determine who can access protected functionality. In this article, we continue the MyBlog project and add authentication using the myth/auth package.

Focus areas:

  • Installing myth/auth
  • Basic configuration setup in CodeIgniter 4
  • Applying login filters to the admin pages
  • Testing registration and login
  • Fixing module code snippets that may cause issues

MythAuth Registration

1. Prerequisites

Before getting started, make sure:

  • You have followed the previous article.
  • The MyBlog project is running correctly without errors.
  • Composer is installed.
  • Your PHP and CodeIgniter versions are compatible with Myth/Auth.

2. Install Myth/Auth

Run the following command from the project root:

composer require myth/auth

If it succeeds, the package will be installed and Composer autoload will be updated.

3. Basic Configuration Setup

a) Add Myth/Auth validation rules

Open app/Config/Validation.php, then add the following validation class to the $ruleSets property:

\Myth\Auth\Authentication\Passwords\ValidationRules::class,

b) Register login, role, and permission filter aliases

Open app/Config/Filters.php, then add these use statements:

use Myth\Auth\Filters\LoginFilter;
use Myth\Auth\Filters\PermissionFilter;
use Myth\Auth\Filters\RoleFilter;

Then, in the $aliases property:

public array $aliases = [
    'csrf'          => CSRF::class,
    'toolbar'       => DebugToolbar::class,
    'honeypot'      => Honeypot::class,
    'invalidchars'  => InvalidChars::class,
    'secureheaders' => SecureHeaders::class,
    'cors'          => Cors::class,
    'forcehttps'    => ForceHTTPS::class,
    'pagecache'     => PageCache::class,
    'performance'   => PerformanceMetrics::class,
    'login'         => LoginFilter::class,
    'role'          => RoleFilter::class,
    'permission'    => PermissionFilter::class,
];

c) Override Auth configuration

Do not modify files in vendor/ directly. Use application overrides instead.

Create the config file:

php spark make:config Auth

Fill in app/Config/Auth.php with:

<?php

namespace Config;

use Myth\Auth\Config\Auth as AuthConfig;

class Auth extends AuthConfig
{
    /**
     * Disable email activation during registration.
     */
    public $requireActivation = null;
}

4. Run Database Migrations

Run migrations so Myth/Auth’s default tables are created:

php spark migrate --all

Then check the database. You should see the authentication and authorization tables.

5. Apply Login Filter to Admin Pages

Route-level option (quick example)

In app/Config/Routes.php, you can apply the login filter directly to the admin route group:

$routes->group('admin', ['filter' => 'login'], function ($routes) {
    $routes->get('post', 'PostAdmin::index');
    $routes->get('post/(:segment)/preview', 'PostAdmin::preview/$1');
    $routes->add('post/new', 'PostAdmin::create');
    $routes->add('post/(:segment)/edit', 'PostAdmin::edit/$1');
    $routes->get('post/(:segment)/delete', 'PostAdmin::delete/$1');
});

Global filter option (based on URL patterns)

Or define it in app/Config/Filters.php:

public array $filters = [
    'login' => ['before' => ['admin/post', 'admin/post/*']],
];

With this pattern, admin post pages are automatically redirected to the login page if the user is not authenticated.

6. Test Registration and Login

Test steps:

  1. Visit the admin URL, for example /admin/post.
  2. Confirm you are redirected to the login page.
  3. Click register and create a new account.
  4. Log in with that account.
  5. Revisit the admin URL to ensure the filter works.

MythAuth Login

7. Fix Login/Logout Display in Navbar

Add the auth helper globally in app/Controllers/BaseController.php:

protected $helpers = ['auth'];

Then update the navbar section (for example in app/Views/admin/admin_post_list.php) to render dynamically:

<li class="nav-item">
    <?php if (logged_in()) : ?>
        <a class="nav-link" href="<?= base_url('logout') ?>">Logout</a>
    <?php else: ?>
        <a class="nav-link" href="<?= base_url('login') ?>">Login</a>
    <?php endif; ?>
</li>

8. Notes on Problematic Code and Resolutions

These adjustments help avoid issues in real practice:

  1. Migration command: Use php spark migrate --all (the correct long option form), not an ambiguous command.

  2. Filter URL coverage: The pattern admin/post/* does not include admin/post itself, so include both: admin/post and admin/post/*.

  3. Avoid editing files under vendor/: The module contains example fixes in package files (vendor/myth/auth/...). This is not recommended because changes are lost when dependencies are updated. Safer solutions:
    • Update the package to a compatible release.
    • Override configuration through files in app/Config or extension classes in app/.
  4. Registration form bug: In some CI4 + Myth/Auth version combinations, ValidatorInterface.php can throw an error during registration. A temporary hotfix is to edit:
// originally
use CodeIgniter\Entity;

// change to
use CodeIgniter\Entity\Entity;

Important note:

  • This is only a temporary fix for continued registration testing.

You May Also Enjoy