Understanding auth() in Leaf PHP MVC

auth() is a helper function provided by Leaf’s authentication package.

When working with Leaf PHP MVC, you’ll often see something like:

auth()->user();
auth()->check();
auth()->hasRole('admin');

auth()->user();
auth()->check();
auth()->hasRole('admin');

If you’re new to Leaf, you might wonder:

What exactly is auth()?
Is it a PHP function? A session helper? Something else?

Let’s break it down in simple terms.

What Is auth()?

auth() is a helper function provided by Leaf’s authentication package.

It gives you access to Leaf’s Auth system, which handles:

• User login & logout
• Registration
• Session management
• Password hashing
• Roles & permissions
• Access control

So when you write:

auth()->id();

auth()->id();

You are calling a method from Leaf’s internal Auth class.

It is not a core PHP function.

Is auth() Just Like $_SESSION?

Short answer:
Yes — but much better and safer.

In plain PHP, you might handle login like this:

$_SESSION['user_id'] = $user['id'];

$_SESSION['user_id'] = $user['id'];

And check login like:

if (isset($_SESSION['user_id'])) {
    // user is logged in
}

if (isset($_SESSION['user_id'])) {
    // user is logged in
}

But with Leaf, you simply do:

if (auth()->check()) {
    // user is logged in
}

if (auth()->check()) {
    // user is logged in
}

Behind the scenes, Leaf still uses sessions — but it wraps everything in a clean, secure API.

So instead of managing session data manually, you use:

auth()->user();
auth()->id();
auth()->email();

auth()->user();
auth()->id();
auth()->email();

Much cleaner.

What Does auth() Actually Do?

The auth() system in Leaf handles two major concepts:

1️⃣ Authentication (Who Are You?)

This includes:

• auth()->login($email, $password)
• auth()->register([...])
• auth()->logout()
• auth()->check()

It verifies credentials, hashes passwords, and securely stores user IDs in session.

2️⃣ Authorization (What Can You Do?)

This is where roles and permissions come in.

Leaf provides built-in methods like:

auth()->createRole()
auth()->assignRole()
auth()->hasRole()
auth()->isAdmin()
auth()->hasPermission()

auth()->createRole()
auth()->assignRole()
auth()->hasRole()
auth()->isAdmin()
auth()->hasPermission()

Instead of manually creating a user_role column, Leaf manages roles using proper database relationships (roles table, pivot tables, etc.).

This is cleaner and scalable.

What Happens Internally?

When a user logs in:

1. Leaf verifies the password.
2. It stores the user’s ID in the session.
3. It regenerates the session ID (security best practice).
4. When you call auth()->user(), Leaf fetches the user from the database.

So while sessions are used internally, you never deal with them directly.

Why Use auth() Instead of Manual PHP?

Because it automatically handles:

• Password hashing
• Secure session handling
• Role relationships
• Cleaner code structure
• Better maintainability

Instead of writing repetitive login logic in every project, you use a structured system.

Simple Mental Model

Think of:

auth() = User Manager

auth() = User Manager

It manages:

• Who is logged in
• What their ID is
• What roles they have
• What permissions they have

All through a simple and readable API.

Final Thoughts

If you’re building a project in Leaf MVC — whether it’s a blog, admin panel, or member system — using auth() is the recommended way to handle users.

It keeps your code:

• Clean
• Secure
• Maintainable
• Scalable

And most importantly — it saves you from reinventing authentication every time.