Thread

Hello Ben!

First of all, this is a really great auth system 😊.

I’ve got a question, wondering if you can help me.
I want a user to be able to open only ONE session. So if he is logged in with firefox and tries to login with IE it should log him out from firefox and leave the IE session open.

Is there any method which would help me archiving this ?
I could maybe check if the ip address in combination with the browser exists in the database, if not login user out? Would that approach be reliable enough ? But then we know the ISP sometimes changes the ip address and the user might get kicked out randomly on ip change.

Another session issue. If the User hasn’t ticket “remember me” and closes his browser the app should automatically log him out. How would you archive this ?

Many thanks for your help in advance.

@megabyte
Maybe this will help you.
You can call any functions in the controller from the URL as long as they were not hidden as “_function”:

Basically when you do: http://www.mysite.com/controller/function/arguments you will call the following: http://www.test.com/auth/activate(23,[email protected]). This will initiate the activate method of the auth controller sending two values to the method.

You can use this if you send an activation email to a user and the user clicks on the link with the above method and arguments to activate his account.

Here from the user guide: codeigniter

Regards to the logged_in().

As far as my understanding is; when you login it saves your email address in the session. So when you visit a protected site it checks if your’re email address(or username) is in the session, which means you’re logged in, and let’s you through.

If you’re not logged in then you’re email address wouldn’t be in the session I guess.

@ladooboy

I haven’t yet tried to search in field user-data of table ci_session.
If it does not work, you could create a new field in the session table with username (or email if this is your identity field).

Then write a method:
When a user logs in, it destroys all other sessions with this identity.

HTH Bernd

Hi !

I am trying to implement a function which logs the oldest session out if the user logs in again or on a different browser.

Currently I have a Problem:

class MY_Controller extends Controller{
    public $data;
    public $load_view;
    
    
    function __construct(){            
        parent::Controller();    // Always need to call the parent Controller
    
        $this->load->library('ion_auth');

I’m loading the library in my Base_Controller. The auth_ion library has this snipped in its constructor.

if (!$this->logged_in() && get_cookie('identity') && get_cookie('remember_code'))
        {
            $this->ci->ion_auth_model->login_remembered_user();
        }

My Local Controller has:

class Welcome extends MY_Controller{
    function __construct(){
        parent::__construct();
        if(!$this->ion_auth->logged_in()) redirect('auth/login');
    }

As you can see my local controller checks if the user is logged in, if not redirect him.

With this structure it will run the Logged_in function twice on the same page.
So On my welcome controller it runs the query twice, once from the welcome controller and once from my Base_controller where I have loaded the auth library.

Any ideas how I can just run it once on each of my controller ?

It sounds like you want to turn off the “remember users” option in the config file that way they will be forced to login everytime they come to your site.

Hi Ben,

Sorry for the confusion. No, I want the remember function.

It was just that the logged_in function would always be called twice on any controller, which is not optimal when you add some extra features and db queries.

But I was very tired anyway and my mind was blocked yesterday ^^.

I could do another function:

function validate_session()

which validates the user sessions with the DB details.

And on all local controllers I will do:

If (!logged_in() || !validate_session())
            redirect('auth/login');

In this way the validating will only be executed once per controller.

I really don’t see how validate_session would help/be any different.

All logged_in() does is check the session data.

Currently when you’re logged in with IE and open the membership URL in Firefox it lets you access it because it thinks you’re logged in(Even through I’ve got match_user_agent=TRUE).

So in the validate_session I will compare the session_id,email_address and user_agent from the DB with the session data.

IF any of it is different it redirects the user to login again.

Maybe I am overseing something here ?

It should be sess_match_useragent = TRUE.

Hi Ben,

Sorry, yes I meant:

$config[‘sess_match_useragent’]  = TRUE;

This still lets me view the member page when I use different browser. So I guess this is not working?

Hi Ben,

Sorry to trouble you again or anyone that can help, I am trying to validate if a password exists at login, currently you just get returned to the login page with no errors I have tried the following but with no success, can you help please;

public function password_check($password)
    {
        if ($this->ion_auth->login($password)){
            $this->form_validation->set_message('password_check', 'The password you entered does not exists.');
            return FALSE;
        } else{
            return TRUE;
        }
    }

davidjlynch,

What are you trying to check?  Just that they entered something?  you do that with form_validation. 

If you are trying to see if it is the correct password you don’t really need a callback for that, just reference my example code.  Or you could make a login_check form_validation callback that runs ion_auth->login($identity,$password).

Hi Ben,

Yes I am trying to check if the correct password has been entered at login.

I don’t really like it but we use this on PyroCMS:

/**
* Callback method used during login
* @access public
* @param str $email The Email address
* @return bool
*/
public function _check_login($email)
{
$remember = FALSE;
if ($this->input->post('remember') == 1)
{
$remember = TRUE;
}

if ($this->ion_auth->login($email, $this->input->post('password'), $remember))
{
return TRUE;
}

$this->form_validation->set_message('_check_login', $this->ion_auth->errors());
return FALSE;
}

Hi Ben,

I am still trying to see if the password is correct at login. You said earlier;

If you are trying to see if it is the correct password you don’t really need a callback for that, just reference my example code.  Or you could make a login_check form_validation callback that runs ion_auth->login($identity,$password).

Please could you give me an example as I have been trying for 2 days without success, This is my current validation code.

$this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback_password_check_now');