Natuurlijk! Hier is een stapsgewijze gids om een geavanceerd gebruikersauthenticatiesysteem in CodeIgniter 3.1.11 te implementeren, met focus op e-mail/wachtwoord login, sessiebeheer en basis rolgebaseerde toegangscontrole. **1. Database-ontwerp** Maak een `users` tabel met de volgende velden: ```sql CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `email` varchar(255) NOT NULL UNIQUE, `password` varchar(255) NOT NULL, `role` varchar(50) DEFAULT 'user', -- bv. admin, user `is_active` tinyint(1) DEFAULT 1, `created_at` timestamp DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`) ); ``` **2. Creëer een model voor gebruikers** Maak een modelbestand: `application/models/User_model.php` ```php <?php class User_model extends CI_Model { public function get_user_by_email($email) { return $this->db->get_where('users', ['email' => $email, 'is_active' => 1])->row(); } public function insert_user($data) { return $this->db->insert('users', $data); } public function get_user_by_id($id) { return $this->db->get_where('users', ['id' => $id])->row(); } } ?> ``` **3. Authenticatiefunctie (login)** Maak een controller: `application/controllers/Auth.php` ```php <?php defined('BASEPATH') OR exit('No direct script access allowed'); class Auth extends CI_Controller { public function __construct() { parent::__construct(); $this->load->model('User_model'); $this->load->library('session'); $this->load->helper('url'); $this->load->helper('form'); } public function login() { $this->load->view('login_form'); } public function do_login() { $email = $this->input->post('email'); $password = $this->input->post('password'); $user = $this->User_model->get_user_by_email($email); if ($user && password_verify($password, $user->password)) { // Sessie instellen $this->session->set_userdata([ 'user_id' => $user->id, 'email' => $user->email, 'role' => $user->role, 'logged_in' => TRUE ]); redirect('dashboard'); } else { $data['error'] = 'Ongeldig e-mail of wachtwoord.'; $this->load->view('login_form', $data); } } public function logout() { $this->session->sess_destroy(); redirect('auth/login'); } } ?> ``` **4. Login formulier view** `application/views/login_form.php` ```php <!DOCTYPE html> <html> <head><title>Login</title></head> <body> <h2>Inloggen</h2> <?php if(isset($error)) echo '<p style="color:red;">'.$error.'</p>'; ?> <form method="post" action="<?= base_url('auth/do_login') ?>"> <label>E-mail:</label><br> <input type="email" name="email" required><br><br> <label>Wachtwoord:</label><br> <input type="password" name="password" required><br><br> <button type="submit">Inloggen</button> </form> </body> </html> ``` **5. Sessiebeheer** - Tijdens login wordt sessie gecreëerd. - In elke beveiligde pagina controleer je of gebruiker ingelogd is: ```php if (!$this->session->userdata('logged_in')) { redirect('auth/login'); } ``` - Voor uitloggen: ```php $this->session->sess_destroy(); redirect('auth/login'); ``` **6. Rolgebaseerde toegangscontrole** Maak een helper of base controller: ```php <?php // application/helpers/auth_helper.php function check_access($allowed_roles) { $CI =& get_instance(); if (!$CI->session->userdata('logged_in')) { redirect('auth/login'); } $user_role = $CI->session->userdata('role'); if (!in_array($user_role, $allowed_roles)) { show_error('Toegang geweigerd', 403); } } ?> ``` Gebruik in controllers: ```php public function dashboard() { $this->load->helper('auth_helper'); check_access(['admin', 'user']); // alleen admin en user // rest van code } ``` **7. (Optioneel) Uitbreiding: OAuth, 2FA** - OAuth: gebruik libraries als HybridAuth of implementeer OAuth2 via externe providers. - 2FA: voeg een extra code toe na login via bijvoorbeeld Google Authenticator, opgeslagen in database. Voor 2FA kun je bijvoorbeeld een `two_factor_enabled` en `two_factor_secret` veld toevoegen in de users tabel, en na login verificatie. --- Dit geeft je een solide basis voor een geavanceerd authenticatiesysteem in CodeIgniter 3.1.11. Voor meer veiligheid kun je wachtwoorden altijd hashen met `password_hash()` en `password_verify()`, en beveilig je sessies met HTTPS en CSRF-bescherming. Heeft u nog verdere vragen of specifieke functies?

Ik help je graag met het implementeren van een geavanceerd authenticatiesysteem in CodeIgniter 3.1.11. Hier is een stapsgewijze handleiding: ## 1. Basisstructuur en configuratie ### Database Setup ```sql CREATE TABLE users ( id INT PRIMARY KEY AUTO_INCREMENT, email VARCHAR(255) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL, is_active TINYINT(1) DEFAULT 1, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE user_sessions ( id INT PRIMARY KEY AUTO_INCREMENT, user_id INT, session_token VARCHAR(255), expires_at DATETIME, FOREIGN KEY (user_id) REFERENCES users(id) ); CREATE TABLE user_roles ( id INT PRIMARY KEY AUTO_INCREMENT, user_id INT, role VARCHAR(50), FOREIGN KEY (user_id) REFERENCES users(id) ); ``` ## 2. Core Authentication Library **application/libraries/Auth.php** ```php <?php defined('BASEPATH') OR exit('No direct script access allowed'); class Auth { protected $CI; protected $user = null; public function __construct() { $this->CI =& get_instance(); $this->CI->load->database(); $this->CI->load->library('session'); $this->CI->load->helper('url'); } // Registratie functie public function register($email, $password, $additional_data = []) { $hashed_password = password_hash($password, PASSWORD_DEFAULT); $user_data = array_merge([ 'email' => $email, 'password' => $hashed_password, 'created_at' => date('Y-m-d H:i:s') ], $additional_data); $this->CI->db->insert('users', $user_data); return $this->CI->db->insert_id(); } // Login functie public function login($email, $password) { $user = $this->CI->db->get_where('users', ['email' => $email, 'is_active' => 1])->row(); if ($user && password_verify($password, $user->password)) { $this->create_session($user->id); return true; } return false; } // Sessie aanmaken private function create_session($user_id) { $session_token = bin2hex(random_bytes(32)); $expires_at = date('Y-m-d H:i:s', strtotime('+2 hours')); $session_data = [ 'user_id' => $user_id, 'session_token' => $session_token, 'expires_at' => $expires_at ]; $this->CI->db->insert('user_sessions', $session_data); $this->CI->session->set_userdata('auth_token', $session_token); } // Gebruiker ophalen public function get_user() { if ($this->user === null) { $token = $this->CI->session->userdata('auth_token'); if ($token) { $this->CI->db->where('session_token', $token); $this->CI->db->where('expires_at >', date('Y-m-d H:i:s')); $session = $this->CI->db->get('user_sessions')->row(); if ($session) { $this->user = $this->CI->db->get_where('users', ['id' => $session->user_id])->row(); } } } return $this->user; } // Check of gebruiker is ingelogd public function is_logged_in() { return $this->get_user() !== null; } // Logout functie public function logout() { $token = $this->CI->session->userdata('auth_token'); if ($token) { $this->CI->db->where('session_token', $token); $this->CI->db->delete('user_sessions'); } $this->CI->session->unset_userdata('auth_token'); $this->user = null; } // Rol-gebaseerde toegang public function has_role($role) { $user = $this->get_user(); if (!$user) return false; $this->CI->db->where('user_id', $user->id); $this->CI->db->where('role', $role); return $this->CI->db->get('user_roles')->num_rows() > 0; } } ``` ## 3. Authentication Controller **application/controllers/Auth.php** ```php <?php defined('BASEPATH') OR exit('No direct script access allowed'); class Auth extends CI_Controller { public function __construct() { parent::__construct(); $this->load->library('auth'); $this->load->library('form_validation'); } public function login() { if ($this->auth->is_logged_in()) { redirect('dashboard'); } if ($this->input->post()) { $this->form_validation->set_rules('email', 'E-mail', 'required|valid_email'); $this->form_validation->set_rules('password', 'Wachtwoord', 'required'); if ($this->form_validation->run()) { if ($this->auth->login($this->input->post('email'), $this->input->post('password'))) { redirect('dashboard'); } else { $this->session->set_flashdata('error', 'Ongeldige inloggegevens'); } } } $this->load->view('auth/login'); } public function register() { if ($this->auth->is_logged_in()) { redirect('dashboard'); } if ($this->input->post()) { $this->form_validation->set_rules('email', 'E-mail', 'required|valid_email|is_unique[users.email]'); $this->form_validation->set_rules('password', 'Wachtwoord', 'required|min_length[8]'); $this->form_validation->set_rules('password_confirm', 'Wachtwoord bevestigen', 'required|matches[password]'); if ($this->form_validation->run()) { $user_id = $this->auth->register( $this->input->post('email'), $this->input->post('password') ); if ($user_id) { $this->session->set_flashdata('success', 'Registratie succesvol! Je kunt nu inloggen.'); redirect('auth/login'); } } } $this->load->view('auth/register'); } public function logout() { $this->auth->logout(); redirect('auth/login'); } } ``` ## 4. Beveiligde Controller met RBAC **application/controllers/Dashboard.php** ```php <?php defined('BASEPATH') OR exit('No direct script access allowed'); class Dashboard extends CI_Controller { public function __construct() { parent::__construct(); $this->load->library('auth'); if (!$this->auth->is_logged_in()) { redirect('auth/login'); } } public function index() { // Alleen toegang voor gebruikers met admin rol if (!$this->auth->has_role('admin')) { show_error('Geen toegang', 403); } $data['user'] = $this->auth->get_user(); $this->load->view('dashboard/index', $data); } } ``` ## 5. Views **application/views/auth/login.php** ```html <!DOCTYPE html> <html> <head> <title>Inloggen</title> </head> <body> <?php if ($this->session->flashdata('error')): ?> <div class="error"><?= $this->session->flashdata('error') ?></div> <?php endif; ?> <form method="post"> <input type="email" name="email" placeholder="E-mail" required> <input type="password" name="password" placeholder="Wachtwoord" required> <button type="submit">Inloggen</button> </form> </body> </html> ``` ## 6. Autoload configuratie **application/config/autoload.php** ```php $autoload['libraries'] = array('database', 'session', 'auth'); $autoload['helpers'] = array('url', 'form'); ``` ## 7. Routes configuratie **application/config/routes.php** ```php $route['auth/login'] = 'auth/login'; $route['auth/register'] = 'auth/register'; $route['auth/logout'] = 'auth/logout'; $route['dashboard'] = 'dashboard/index'; ``` ## Extra beveiligingsmaatregelen: 1. **CSRF Protection**: Zet CSRF protection aan in config 2. **Password Hashing**: Gebruik altijd password_hash() 3. **Session Security**: Configureer sessiebeveiliging 4. **Input Validation**: Valideer alle gebruikersinput Dit is een solide basis voor e-mail/wachtwoord authenticatie. Voor OAuth en 2FA zou je aanvullende libraries moeten integreren zoals: - OAuth: `league/oauth2-client` - 2FA: `sonata-project/google-authenticator` Wil je dat ik deze aanvullende functies ook uitleg?