Wrapper of Delight\Auth user authentication for Fat Free Framework powered apps.

1.1.0 2020-05-27 09:42 UTC


Wrapper of Delight\Auth user authentication for Fat Free Framework powered apps.

This repository is for personal use only. May contain hard coded Hungarian strings.

Installation / Usage

Auth3 requires dependency injector (DI) container, which is not the default behaviour of Fatfree Framework powered apps.


Auth3 uses auth3_ prefix!

For database initialization run modified version of:

Make sure your DI substitutes \DB\SQL to the F3's DB object: \DB\SQL('mysql:host=localhost;port=3306;dbname='.DBNAME, DBUSER, DBPASS)

Also needs log table: see resist\H3

Required constants

// Table name of app specific/custom user data. (string)
define('AUTH3_USERDATATABLE', 'users');

// Throttling. (bool)
define('AUTH3_THROTTLING', false);

// Invite code for registration.
define('AUTH3_INVITECODE', '');

// Use captcha code instead of invite code. If enabled and invite code is not empty, generated captcha is extended by invite code
define('AUTH3_CAPTCHA', true);

// Store email in DB and send verification email during registration
define('AUTH3_EMAIL_REQUIRED', true);

// Email verification email send from. (string)
define('AUTH3_EMAILFROM', '');

Initialize Auth3

Via DI:


Required F3 named routes

Named routes are for redirects.

  • GET @signup
  • GET @login

Defined F3 controller methods and routes

POST signupController()

Method: POST only

Required parameters:

  • POST.username: required; trimmed; cleaned silently
  • POST.password: required|min_len,1
  • POST.passwordconfirm: required|min_len,1|equalsfield,password
  • required|valid_email; trimmed; sanitized
  • POST.code: cleaned silently

On error: rerouted to @signup with flash message contains GUMP readable errors

On success: rerouted to @login with flash message

Defined F3 Hive global variables

  • (int) uid user ID, 0 for guests
  • (string) uname user name
  • (array) udata associative array of user data from custom data table
  • (Delight\Auth\Auth) auth
  • (bool) mobile

Available static helpers


Quick access role check and redirect on error with flash message.

\resist\Auth3\Auth3Helper::access($roles, $redirect = 403, string $message = 'Error');

  • If (bool)$role === true: forced to be logged in user
  • If (bool)$role === false: forced to be not logged in guest user ($f3->uid = 0)
  • If (string)$role === 'ADMIN' or any of these role names: forced to have role name
  • If (array)$role === ['ADMIN', 'MODERATOR']' or any of these role names: forced to have one of the role names
  • If (int)$redirect === 403 is integer, error page with code used; if string used (string)$redirect === '@homepage' or (string)$redirect === '/home/page' F3 routing used


\resist\Auth3\Auth3Helper::isAdmin() returns true if user has ADMIN role name



Required route:

$f3->route('GET @captcha: /captcha', '\resist\Auth3\CaptchaController->renderCaptcha');

Show image:

<img class="c-captcha" src="/captcha" alt="captcha">

Regenerate captcha image with jQuery:

<a onclick="$('.c-captcha').attr('src', '/captcha' + '?' + Math.random());">New</a>


For PhpStorm /** @used */ annotation is used for suppress unused code and entry points.