Read the latest web development and design tips at Fred Wu's new blog! :-)
Poke me on GitHub

Release: [Kohana Module] Authlite, for User Authentication

Latest release: v1.2.3

Initially I was going to wait for my Layerful Framework (a transparent layering framework for Kohana) to mature before releasing its bundled modules. However, since this Authlite module can be used independently to Layerful, I am releasing it now.

What is Authlite

Authlite is a user authentication module for Kohana.

What’s the difference between Authlite and Auth?

Kohana comes with an official Auth module which does exactly what was described in the last paragraph, so why another module then?

It is because Authlite offers greater flexibilty. Please read the features outlined below to find more.


  • Legacy database compatibility
  • Configurable database columns
  • Multiple instances of Authlite
  • Does not enforce user roles
  • Auth-like syntax and usage
  • Lightweight

Legacy database compatibility

One thing that keeps me away from using Kohana’s Auth module, is that it forces us to use a password hash seed. This is okay for a brand new application, but what about the ones with legacy databases? There are a lot of existing applications use plain MD5 or SHA1 hashes, Auth makes it impossible to use these existing data.

Authlite, on the other hand, does not force developers to use any seeds at all. Like Auth, we can define the encryption method (e.g. md5, sha1) in the config file.

Configurable database columns

Further than that, the user model, username column, password column and session column are all configurable.

Multiple instances of Authlite

If your application has more than one user tables, you will struggle to make it work in Auth. In Authlite, simply have one config file for each user object, and config their user model, session key and the other variables accordingly.

Does not enforce user roles

For simple applications we often do not even want to have roles attached to our user model. In Auth, user role is mandatory, which makes things more complicated than they should be. In Authlite, roles are handled by Kohana framework itself. By using ORM model relationships, roles can be added, removed and modified very easily. A tailoured ACL (Access Control List) solution can be developed in no time.

Auth-like syntax and usage

Authlite is based on Auth, so if you’re already familiar with using Auth, you will find Authlite a breeze to use.


Even if you have never used Auth before, you will find Authlite to be extremely easy to use. :)

Usage Example

// Authlite instance
$this->authlite = Authlite::instance('authlite');

// login check
if ( ! $this->authlite->logged_in() && Router::$method != 'login')
	// assigns the user object
	$this->user = $this->authlite->get_user();


v1.2.3 [2009-02-05]

  • login() now supports non-unique usernames

v1.2.2 [2009-02-05]

  • added force_login()

v1.2.1 [2009-01-27]

  • fixed a logging bug introduced in 1.2

v1.2 [2009-01-27]

  • added add_to_ignore() and remove_from_ignore()
  • code clean up

Older versions were not tagged with version numbers, you may check out the commit history on GitHub.

To Do

  • Add configurable, optional hash seed

Source Code / Download

  • Digg
  • DZone
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • Twitter

Related posts

Tags: , , , , , , , , , ,

Comments Section

24 Responses to “Release: [Kohana Module] Authlite, for User Authentication”

Sidebar might be covered by comments ... consider it a feature! ;)
  1. 1

    Thanks for this!

  2. 2

    It will be very useful to have a tutorial on a *complete* auth system (registration, management, groups and so on…) created with your module. Anyway, thanks for the job :)

  3. 3

    Nice module Fred – very flexible especially the non-requirement of hashes.

    Any news on when your Layerful framework will be released? Either on Github or complete download? It looks interesting, however your screencast only shows Kohana integration and no Zend integration?

  4. 4

    Many thanks for your Great Job.

    Keep up da good work.


  5. 6

    Auth is too complicated for a beginner but so is Authlite. I’m not complaining. Just saying.

    Can you believe that I actually found it easier to right my own? Of course, my code must suck as I know little of php and Kohana, but still… I so wish there were more detailed instructions for your code.

  6. 8

    Thanks fred this is much better than the normal Kohana Auth.

  7. 9

    @Alexander. It’s of course easier to create your own auth if you don’t know Kohana Auth but once you’re used to it, you’d find it hard not to use.

    Search the Kohana forums and you’ll find a LOT of questions being answered there. Your questions might have already been answered.

  8. 11

    I love this module! Extremely lightweight and dead simple to implement. I’ve used Kohana’s Auth module for a few sites but I like this much better. Thanks.

  9. 12

    Is this module compatible with Kohana 2.3.4 reply me soon

  10. 13

    Hi Fred. I’m this close to getting this module to work but I’m running into a snag. I’m familiar with PHP but new to Kohana, so it could very well be something I’m doing but I can’t see it.

    I’m getting the login to work correctly. It’s hitting the database (verified the query in the Profiler) and redirecting to my Admin controller’s index action successfully but it’s not setting the session variable. So, when I check $this->authlite->logged_in(), it’s returning false. Would you – or anyone else here – be able to point out something I’m missing?

    class Admin_Controller extends Website_Controller {

    public function __construct() {



    public function index() {

    $this->profiler = new Profiler;
    $this->session = Session::instance(); // added in case it would make a difference. it did not.
    $this->authlite = Authlite::instance('authlite');

    if (!$this->authlite->logged_in()) {
    echo "not logged in";
    } else {
    /*$this->user = $this->authlite->get_user();
    echo $this->user;*/
    echo "logged in";

    public function login() {

    $this->profiler = new Profiler;

    $this->authlite = Authlite::instance('authlite');

    if ($this->authlite->logged_in()) {


    } else {

    if ($_POST) {

    $login = $this->authlite->login($_POST['username'], $_POST['password']);

    if ($login == true) {


    } else {

    echo 'login failed.';




    This is just a small personal website I’m working on to get familiar with Kohana, which is one reason I wanted to use this module. I don’t need anything fancy like roles and such. Just a way to make sure I’m the only one who can get to the admin pages. Thanks for any help you can provide.


  11. 14

    Will there be a KO3 version (soon)?


  12. 15

    Yes Authlite will be updated to work with K3 very soon. :-)

  13. 19

    Hey Fred,

    Great module! It certainly makes authorisation nice and easy.

    I’ve modded the module a little, more to my purposes, and am about to make another change, but thought I’d see if you had any thoughts.

    At the moment, logged_in() returns an ORM instance, but for example, I’m using a user model, and actually I want to return an instance, so throughout the rest of the models in my application I can do something like…


    …without having to pass the only logged-in user into all my app’s models.

    Have you ever had any thoughts this way?

    I’ll probably just extend the class, but it might be a nice addition into the core.


  14. 20

    Is it possible to have multiple clients logged in as the same user simultaneously? Will there be trouble with sessions and stuff if so?
    Thanks. Great module!

  15. 21


    thanks for your great Module.
    Do you have a tutorial or examples, how to use this Module?
    I am a beginner at the kohana framework and the standard Auth Module is not enough documented….


    Greets, Alex

  16. 22

    Please can some help with a simple tutorial/or instruction on how to set this up

  17. 23

    Hey Dave … i’ve solution
    (my english so bad)

    File: modules/authlite/classes/authlite.php
    line: 226

    if ($user->loaded)

    change for:
    if ($user->loaded())

    — it’s all!

    Thanks Michael, i started with this framework
    Good luck!

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>