Thread

Ok I see that it just increments the username when you enter a duplicate.  I just think using unique username AND email by default would makes things so much simpler than having to specify an “identity” field.  Like how Twitter does it.  Sorry gettin’ greedy.  Everything was easy to set up don’t mean to sound so critical…it really is my only complaint with the library.  I’m trying to modify it to work the way I want to will share if I find a quick/easy way to do it.

rickyracoon,

You can use the username_check and email_check methods to enforce that yourself.

So in your signup controller method use username_check and email_check as form_validation callbacks to make sure both are unique.

I just downloaded Codeigniter 2.0 and I’m working on installing Ion Auth. At the auth index, I’m getting “Unable to load the requested class: Ion_auth”

It doesn’t seem like anyone has run into this before, so I’m sure that I just haven’t configured something correctly, but I can’t figure it out.

Anyone have any pointers?

Thanks

Ben, not nearly as simple as that.  You are using $identity and $identity_column all over the place in the code…this makes it impossible to allow some users to log in with username and others to log in with email.

Has anyone managed to come up with a solution to break this restriction?  I was thinking of maybe making the $identity_column dynamically set by checking for an ‘@’ in the input.

Hi Ben,

first i would like to say thank you for this very awesome library.
It saved me lots of work and trouble. To be honest, my php knowledge is not sufficient to come up with a secure auth system.

Now i come with a performance issue / question to you:

I need to fetch the user array on each of my pages as i have a strongly personalized site. Also on each page i update a ‘meta’ field with a timestamped (last_clicked).
So i have basically:
$this->user = $this->ion_auth->get_user_array();
...
$this->ion_auth->update_user($data);

And i have some pages on my site where even another update_user() is needed.

Now, what i figured out is that ion_auth_model->update_user($data) at first fetches the user data from the database ($user = $this->get_user($id)->row();), so i have up to 3 or 4 times on a page a db access for the user.

I don’t exactly understand what the update_user function does with the user data, but i have a feeling that these checks are not needed, if only the meta data shall be updated. So is there any way, that you add an update_user_meta() function into the library?
I have added one into my controller, but it seems missing to me in the lib.

Quite a long explanation, hope i made my point clear enough.
Marco

rickyracoon,

Sorry, I didn’t completely understand what you were saying.  It definitely isn’t the easiest change and it’s been that way since the beginning with Redux 1.0.

Marco,

It makes perfect sense.  Right now the best way is to always keep the user object is a (semi) global variable that you can access from all of you’re controllers through a MY_Controller or similar.

I have some plans for an updated group of methods that will solve the optimization issues, add more logical and OOP style methods and add a bunch of needed features but haven’t had time to write them all yet.  Just know that they are coming soon.

The meta update issue will also be fixed in the new update method. 

Sorry I can’t give you any kind of timeline ATM though as my life is crazy busy right now.

Ben, thanks for the reply.  I actually was able to change the functionality to require unique email AND userid, and allow login via either.  Not sure if there is demand for this but I think its an awesome feature.  I’d be happy to share if you or anyone else is interested…but I haven’t implemented it in a way that allows you to choose between this scheme and the original scheme via config file.  Its sort of hard-coded to meet my needs but I could put some more time into making it a config option if people are interested.

Another question:

Is there a way for regular php pages outside of the Codeigniter directories to check if a user is signed in??  I’m encrypting cookies and storing session data in database for increased security - so I’m not sure if there is an easy way to sniff and find out if the user is signed in outside of the CI scope.  Or perhaps there is a way to load the CI scope into a regular PHP page?  Any thoughts on this would be appreciated.

Hi Ben, I’m new to CI so please bear with me and my problem:

I am able to view mysite.com/auth, where I am redirected to ‘auth/login.’ After I submit the form with “[email protected]” & “password” I get redirected to the same page.

Digging a little, I found that $this->form_validation->run() returns false.  I hardcoded some changes to get the example account to login, but then the is_admin() function returns false. =/ What can I do to further troubleshoot?

function login() 
    {
        $this->data['title'] = "Login";
        
        //validate form input
        $this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
        $this->form_validation->set_rules('password', 'Password', 'required');

        if ($this->form_validation->run() == true) { //check to see if the user is logging in
            //check for "remember me"

rickyracoon,

Awesome, if you write it with config options and fork the github repo there’s a good chance it’ll get integrated into the library.

There are way to import CI libraries and to read the DB sessions.  For the DB sessions outside of CI you can just read through the CI library and see how they select the session and then duplicate that logic.

Paul Huu,

You should figure out why validation is failing.  Are you inputting invalid data?

Hi, I found a problem (at least, for my app, it was a problem 😛) with loginr function (in the ion_auth_model).

If an user choose “remember me” and the really bad administrator deactivate his account, he still can do auto login. The solution I found is just to put “->where(‘active’, 1)”  in the select query at line 930. I know I could just use an _extra_where, but I think it’s more secure doing this way.

$query = $this->db->select($this->identity_column.', id, group_id')
->where($this->identity_column, get_cookie('identity'))
->where('remember_code', get_cookie('remember_code'))
->where('active', 1)
->limit(1)
->get($this->tables['users']);

I made another modification, I’m using ci encrypt class to protect the identity and remember_code cookies’ values. Maybe it’s excess protection, but, I think this couldn’t be exposed.

It’s a really good library, I was using a modified (by me) version of redux_auth, but I really liked this lib. Now I’m modifying a little this lib to works with my app, but it was so well structured that I almost have nothing to modify :cheese: .

Congratulations, and thanks for the lib.

Lucas Alves,

The remember change makes sense.  Can you fork and do a pull request please.

The identity cookie isn’t really a big deal but I’m going to be changing the remember code cookie soon to be more secure.

Thanks!

Unfortunately the firewall from my company blocks Github. 😛

Hi, I have just found your library and It works great on my app.

I have setup 3 user groups..

Admin
Members
Media Partners

Would it be possible to redirect each user group to their unique dashboard area rather than the home page?

e.g.

admins log in and are redirected to => /admin/dashboard/
members log in and are redirected to => /users/dashboard/
media partners log in and are redirected to => /media-info/dashboard/

How would I go about this in my auth controller?

Thanks, Dan