Thread

I have made an update to The Authentication Library. If everyone could please download the new Auth.php library file, it fixes a problem where the resitrct function doesn’t work properly in certain cases.

Thanks.

I mean a pre-built forum like CI for a CI built site am struggling with. Any ideas Adam?

I downloaded the Auth_Lib today in the morning just after my first post, is it the new one or should i download the new one now (evening)?

Thanks

I mean a pre-built forum like CI for a CI built site am struggling with. Any ideas Adam?

I downloaded the Auth_Lib today in the morning just after my first post, is it the new one or should i download the new one now (evening)?

Thanks

I have no idea if there’s a forum out there you can look at or use. A forum search would be the best thing to do there.

You should download the newer one from Github as I updated the library to fix a small issue.

Thanks.

Great work, this is nearly exactly what I’ve been looking for. Didn’t take much at all to modify it. thanks again.

But however, I am having a bit of issue trying to get the user_group() function to work for me.

I have modified the database entry for my user account’s group_id to 1, to make it admin, even verified that group 1 was admin in Auth.php. But it’s still not showing my username as admit when using the user_group() function in an if statement.

Is there some other setting I’m forgetting to set, possibly the sessions table CI gives the option of using?

Hey, I’ve been playing around with this library, and in short it’s wonderful!!

I’m just curious I noticed you said you were trying to use the list of recommendations from the following link:
http://stackoverflow.com/questions/346980/what-code-igniter-authentication-library-is-best/476902#476902

How many of those have you met with this library?

Hey,

These are the features I included from the list.

    1. Tiny footprint with optional test implementation (this was true for older versions, but has grown due to admin panel)
    2. Full documentation
    3. No autoloading required. Just-in-time loading of libraries for performance
    4. Language file support; no hard-coded strings
    6. Recommended TRUE random salt generation (e.g. using random.org or random.irb.hr)
    8. Login using either username or email
    11. Automatic cookie login feature
    13. Hashing of passwords
    16. Hooks into CI’s validation system
    18. Enforced strong password policy server-side, with optional client-side (Javascript) validator
    19. Enforced maximum number of failed login attempts with BEST PRACTICES countermeasures against both dictionary and DoS attacks!
    20. All database access done through prepared (bound) statements!

12 out of 20 isn’t bad!! I may add more of the features off this list if the need arises or if demand becomes great for them.

Thanks.

Awesome, how much work would be involved in separation of user and profile data. You’ll have to excuse what might seem as ‘stupid questions’ I’ve been going php for a while but I’m still just experimenting with CodeIgniter so I’m still in the process of going through the documentation and userdocs.

Also which of the ways listed on your page is the best to contact you re: hiring you for a project?

Awesome, how much work would be involved in separation of user and profile data. You’ll have to excuse what might seem as ‘stupid questions’ I’ve been going php for a while but I’m still just experimenting with CodeIgniter so I’m still in the process of going through the documentation and userdocs.

Also which of the ways listed on your page is the best to contact you re: hiring you for a project?

Well at the moment the only user data stored is username, password, email and group. So any other profile data could be added to a new table, and functions can be made in models etc to update that data.

The best way to contact me about a project is definitely email. But any of the mediums are Ok.

Thanks.

But however, I am having a bit of issue trying to get the user_group() function to work for me.

I had the same problem, I think I found the error though. In file system/application/libraries/Auth.php on line 145 you’ll find:

'group' => $row['group_id'],

Which I changed to (added “_id”):

'group_id' => $row['group_id'],

The user_group() function checks for a variable called group_id but it was initiated as group. I’m not sure which one of the two is wrong though but group_id made more sense since that is the name used for the field in the database.

But however, I am having a bit of issue trying to get the user_group() function to work for me.

I had the same problem, I think I found the error though. In file system/application/libraries/Auth.php on line 145 you’ll find:

'group' => $row['group_id'],

Which I changed to (added “_id”):

'group_id' => $row['group_id'],

The user_group() function checks for a variable called group_id but it was initiated as group. I’m not sure which one of the two is wrong though but group_id made more sense since that is the name used for the field in the database.

Yeah this is correct. I actually fixed this in the latest Github commit but was unsure where or not the XonnoX was using that or not.

Thanks.

Hmm, I downloaded my version from Github today and it had that problem. Maybe it didn’t commit right? If you check the Auth.php file on Github it still says

'group' => $row['group_id'],

.

(EDIT: Or maybe that’s just me not knowing how to browse Github, I never used it before :zip: )

I’m curious, does anyone have any thoughts on how secure this auth library is?

I’ve up till now used FreakAuth, which I’m mainly abandoning because it feels so bloated.

Unfortunatly because I’ve still got a lot to learn about security, I can’t judge much from what I see in the code. One point though, is that I see that limiting of login attempts is cookie based only, doesn’t this basically mean that it has no effect on brute force attacks?

Hmm, I downloaded my version from Github today and it had that problem. Maybe it didn’t commit right? If you check the Auth.php file on Github it still says

'group' => $row['group_id'],

.

(EDIT: Or maybe that’s just me not knowing how to browse Github, I never used it before :zip: )

Ok I just took a look at the library file and I’ve used “group” when referring to the group, so I updated the helper.

I’d suggest all users update their library file and helper.

Thanks.

Sounds good!

I seem to have run into another problem though, when logged in as admin I go to “Manage Users” and then if I try to add a user I get sent to index.php/users/add and that returns a 404 Page Not Found.

Another minor issue too (well not really an issue but still), when you log out you get the “You have been successfully logged out!” but the menu is still showing as if you’re logged in (Dashboard - Manage Users - Logout). If you click on any of them you get correctly redirected to the login though.

Sounds good!

I seem to have run into another problem though, when logged in as admin I go to “Manage Users” and then if I try to add a user I get sent to index.php/users/add and that returns a 404 Page Not Found.

Another minor issue too (well not really an issue but still), when you log out you get the “You have been successfully logged out!” but the menu is still showing as if you’re logged in (Dashboard - Manage Users - Logout). If you click on any of them you get correctly redirected to the login though.

Thanks for letting me know. I fixed the error in the view file views/auth/users/manage.php - you should dowload the new file or change the URL in that file.

Thanks.