huuray,
It’s open source so feel free dude! 😉
This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
February 10, 2010 7:00pm
Subscribe [287]#421 / Jun 14, 2010 12:08pm
huuray,
It’s open source so feel free dude! 😉
#422 / Jun 16, 2010 12:21pm
Hi !
About the Sessions and remember me function.
My remember_me function is currently not working.
Problem: Once I have ticked “Remember me” and login, then close the browser and re-open the webpage on the same browser my session(cookie)is automatically destroyed, but not the session data in the DB. How can I prevent the cookie from being destroyed once I close the browser ?
ps:
the logged_in() function wasn’t secure enough. What I did is following:
ion_auth_model
$hash = $this->hash_string($result->id.$result->password.$identity);
$this->session->set_userdata('hash',$hash);
ion_auth
public function logged_in()
{
$identity = $this->ci->config->item('identity', 'ion_auth');
if($this->ci->session->userdata($identity) && $this->ci->session->userdata('hash'))
{
$email = $this->ci->session->userdata($identity);
$sess_hash = $this->ci->session->userdata('hash');
$result = $this->ci->ion_auth_model->get_data('users','id,password',array($identity=>$email),NULL);
if($result)
{
$db_hash = $this->ci->ion_auth_model->hash_string($result->id.$result->password.$email);
if ($sess_hash == $db_hash) return TRUE; //if hash from session variable matches this hash user is logged in
}
return FALSE;
}
return FALSE;
}public function hash_string($value)
{
return sha1($value);
}I just hash the user id,password and email address and put it encrypted into session_id. Everytime he logged_in() function is run it checks by getting the DATA from the DB if the hash is matches and redirects accordingly.
#423 / Jun 17, 2010 11:37am
ladooboy,
Do you have “remember me” turned on in the config file?
If you are using database sessions I really don’t see the point in your logged_in changes. Maybe you can explain the need but it looks like your adding complexity and additional DB queries for no reason…
#424 / Jun 17, 2010 12:14pm
Yes, it’s turned on:
$config['remember_users'] = TRUE;#425 / Jun 17, 2010 12:24pm
ladooboy,
Not sure what to tell you exactly. Make sure you’re not loading or autoloading the config just the libarry, it handles the loading itself.
Troubleshoot it some and I’ll help where I can.
#426 / Jun 17, 2010 7:14pm
if (!$this->logged_in() && get_cookie('identity') && get_cookie('remember_code'))
{
$this->ci->ion_auth_model->login_remembered_user();
}Found out that the $this->logged_in() function always returns TRUE when you’re logged in(obviously). May I ask what the reason is here for checking if it’s FALSE ?
#427 / Jun 17, 2010 8:49pm
ladooboy,
That check is there so it only logs in a remembered user if they are not already logged in. There is no need to login if the user is already logged in. Make sense?
#428 / Jun 19, 2010 2:13pm
Hi Ben,
Yes, it makes sense. I’ve found the stupid problem. I had checked “Never remember History” in FF which caused the cookie removal. I’ve changed it back to remember history and it works now.
Such a stupid mistake which cost me some hours to troubleshoot.
Thanks.
#429 / Jun 20, 2010 12:10am
ladooboy,
No worries, glad you got it working.
#430 / Jun 20, 2010 7:56am
Hello Ben and others 😊
I came here with one suggestion, I think it would be correct, if we delete userdata of user, whom we just have deactivated. Otherwise it stays logged on..
Other than that, is working nicely 😊
Thanks for nice library
#431 / Jun 20, 2010 5:08pm
hugle,
If you delete, or deactivate, another user who is currently logged in nothing will happen to their session. TO affect their session immediately you would have to modify their information in the sessions table.
#432 / Jun 21, 2010 7:53pm
Hi,
What is the best way to prompt the user to change their initial password?
When I create the account I set the initial password to something that needs to be changed, like “default”. When the user first logs in with that password I want to detect that and prompt them to change it. What’s the easiest way to do this? Can I check the password set in the DB or is the best approach to create a “have they changed the pass yet” flag in the DB?
Thanks,
SP
#433 / Jun 21, 2010 10:25pm
Hi Ben,
First off thanks for an awesome Auth library
I have found a little bug when trying to update a user group and only the group, no other user data in the method user_update from ion_auth_model.php.
It gives me the following error:
You must use the SET method to update an entry
I think that happens when the method tries to update the table “meta” when the array data doesn’t contains information for that table since it only checks for the columns array not to be empty.
So i modify the if statement in line 803 of ion_auth_model.php from this:
if (!empty($this->columns))to this:
if (!empty($this->columns) && !(count(array_diff($this->columns,$data))==count($this->columns)))I also change the if from line 820 to check if the array contains the group_id field
if (array_key_exists('username', $data) || array_key_exists('password', $data) || array_key_exists('email', $data) || array_key_exists('group_id', $data))I know have it working, but i don’t know if there is a better solution for this.
Hope you understand and sorry for my bad english 😊
#434 / Jul 02, 2010 5:59am
Hi,
I need to change the fields “created_on” and “last_login” from the table users from Integer to Timestamp.
What implications can I have? I don’t use the account creation, the implication is only on the Login action?
Best Regards,
#435 / Jul 03, 2010 1:18am
Hi,
I don’t know if you’ve already noticed a bug when updating a user using the same identity from another user.
Example:
$config['identity'] = 'email';When I try to update user1’s record with user2’s email, ion_auth allows it while it should not because the email field acts like a primary key of the users table when it’s set as the $config[‘identity’].
Now, I modified update_user() from ion_auth_model.php into this:
public function update_user($id, $data)
{
$user = $this->get_user($id)->row();
$this->db->trans_begin();
$email = (array_key_exists('email', $data)) ? $data['email'] : FALSE;
$username = (array_key_exists('username', $data)) ? $data['username'] : FALSE;
if ($email !== FALSE && $this->identity_column == 'email' && ($this->email_check($email) && $user->email !== $email))
{
$this->ion_auth->set_error('account_creation_duplicate_email');
return FALSE;
}
elseif ($username !== FALSE && $this->identity_column == 'username' && ($this->username_check($username) && $user->username !== $username))
{
$this->ion_auth->set_error('account_creation_duplicate_username');
return FALSE;
}
if (!empty($this->columns))
{
// 'user_id' = $id
$this->db->where($this->meta_join, $id);
foreach ($this->columns as $field)
{
if (is_array($data) && isset($data[$field]))
{
$this->db->set($field, $data[$field]);
unset($data[$field]);
}
}
$this->db->update($this->tables['meta']);
}
if (array_key_exists('username', $data) || array_key_exists('password', $data) || array_key_exists('email', $data))
{
if (array_key_exists('password', $data))
{
$data['password'] = $this->hash_password($data['password'], $user->salt);
}
$this->db->where($this->ion_auth->_extra_where);
$this->db->update($this->tables['users'], $data, array('id' => $id));
}
if ($this->db->trans_status() === FALSE)
{
$this->db->trans_rollback();
return FALSE;
}
$this->db->trans_commit();
return TRUE;
}It now disallows duplicate identity entries just like the register() from the ion_auth_model.php