Thread

davidjlynch,

You don’t need to use a callback for this as you can’t check the password since it is encrypted.  The checl_login callback that I posted is the closet you can get to that.

If you reference the example controller I have on github though you can see the other way.

If you do it the way I did in the example controller you check to see if ion_auth->login returns true and if not display ion_auth->errors() with flashdata.  You can do it either way and the result is the same.  So if you want to stick with the way you’re doing it use the check_login callback.  I’ll re-post it below:

/**
* Callback method used during login
* @access public
* @param str $email The Email address
* @return bool
*/
public function _check_login($email)
{
$remember = FALSE;
if ($this->input->post('remember') == 1)
{
$remember = TRUE;
}

if ($this->ion_auth->login($email, $this->input->post('password'), $remember))
{
return TRUE;
}

$this->form_validation->set_message('_check_login', $this->ion_auth->errors());
return FALSE;
}

Btw. The session and match user_agent is working now 😊. I’ve also added some code to check if the email is already logged in, if it is remove the old session.

Hi Ben,

If you add Captcha, please add a number Captcha also…

Thank you
InsiteFX

First of all, thanks Ben for all the great work you have done with Phil and the Redux code.

A captcha would be a good idea, perhaps a simple math challenge 😉

I have two questions:

-. Behaviour: The login has no effect unless I check the remember me checkbox. I went on to check what was happening bit by bit. The setup locally is to use database sessions:

$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

and $config[‘encryption_key’] set to something 32 chars long as suggested (should be in the README).

Well, after checking the cookies in the browser, nothing weird was found. After checking the user_data column in the ci_sessions table I found out that the last words in the column were “Sesi”, which corresponds to the first 4 characters of Spanish translation for $lang[‘login_successful’]

I have gone thru all the forums at codeigniter and Google and found nothing, but commenting the 363 line of libraries\Ion_auth.php to

//$this->set_message('login_successful');

gives no error because the message in the session is not set. Now I can login whether I click on remember me or not, but closing the browser and opening it again has the same behaviour whether I chose one or the other. Could someone reproduce this issue?

-. Along the issue above, the “remember me” checkbox seems to always return a value of 1 (which is always set) instead of using the checked value of that input. At controllers\auth.php I changed the following lines from:

if ($this->input->post('remember') == 1) {
                $remember = true;
            }
            else {
                $remember = false;
            }

to:

$urlsas=$this->input->post('remember');
            if (isset($urlsas[0])) {
                $remember = true;
            }
            else {
                $remember = false;
            }

and the code at \views\auth\login.php to

<?php echo form_checkbox('remember[]', 'recuerda', FALSE);?>

Would this be a better implementation?

And one weird issue:
If I change the default   public function username_check($username = ‘’) at ion_auth_model.php to the suggested code on page 25:

public function username_check($username)
    {
        if ($this->ion_auth->username_check($username))
        {
            $this->form_validation->set_message('username_check', 'The username "'.$username.'" already exists.');
            return FALSE;
        }
        else
        {
            return TRUE;
        }
    }

Apache.exe closes unexpectedly on windows when entering the correct email and password at http://localhost/ci/index.php/auth/login.

Great community here!

goldorak,

I’ll have to get back with you on the rest of this because I have to leave in a minute but the code for username_check isn’t to replace the method in the library or model but to use as a form_validation callback in the controller.  Don’t change the library or model!

I’ll get back to you on the rest of it soon or maybe someone else can in the mean time.

Thanks,

Ok, I won’t.

It is only to make the remember me issue work temporarily… until we find the definite solution.

goldorak,

Change the controller all you need to, just not the library…

Hi,

i use your excellent ion_auth library but i want increase security of my application.

1. Encryption_key in config file (sufficient to set up this key ? nothing more?)
2. Session database

any more ideas ?

THANKS so much

Hi Ben, as I said before and haven’t solved the issue yet, it is a temporary fix until we finde the solution, or else the login can only be done checking the “remember me” box

Bernd,

Thanks for your fix for that extra_where issue. I was getting the same errors (in English, not Deutsch 😉 ). I’ll let you know if I have any problems with it.

owls,
did you use the latest version?
I thought, that Ben would have pushed that fix already.

Ben,
what about my code from May 13?
Could you find the time to have a look on it?

Best regards
Bernd

Hey Bernd,

Sorry man, been swamped.  I’m hoping to get to it Monday since I have the day off :D

Thanks,

goldorak,

Through almost 40 pages of forum posts, I haven’t seen the behavior you talk about and then when you stated that “Apache.exe” on windows crashes/terminates after sending login credentials, it makes me wonder if there isn’t something happening specific to your setup?

As for:

“and $config[‘encryption_key’] set to something 32 chars long as suggested (should be in the README).” - it is in the Codeigniter Userguide. Ben including that in the README would be just duplicating something that is already mentioned as a standard.

A lot of Ignited Code developers assume that users have read and understood a fair amount of the Userguide before using third-party libraries.

Glad you like the community and do check out your setup, in the event it is a problem located there, it could save you a lot of time.

Hi,

i use your excellent ion_auth library but i want increase security of my application.

1. Encryption_key in config file (sufficient to set up this key ? nothing more?)
2. Session database

any more ideas ?

THANKS so much

Pastie,

You can find some good points in the Codeigniter Userguide under the Security section here.

There is a very good guide on security from php.net itself which can often help when going through code here

2think: my specific setup was right locally, I followed Ben’s suggestion and setup   public function email_check($email) at controllers/auth.php and then callback_email_check at the function create_user() verifications. The errors disappeared and the check is working fine!

Now I have another challenge: I need the users to create an account by themselves, activate it by email and add the ability to the admin to “validate” that account or reject it (by email). The user is creating the account fine but How can I set the message to be viewable at the auth/login view? Right now it redirects to that page since the user cannot enter the site as validated nor activated.

I understand it is hard to document and supporting that effort would be helpfull to set in the readme URLs to where everything is explained. Since it is only a text archive, the space taken would be minimal. I solved that issue too.