Thread

Edit: Now I read your question again. Your problem is that you probably didn’t update the “columns” array in Ion_auth config file…

Why don’t you just walk on meta_columns array, setting the additional data using this:

//validation rules, if  $this->form_validation->run() == true :
$meta_columns = $this->config->item('columns', 'ion_auth');

if (! empty($meta_columns)) {
    foreach ($meta_columns as $input) {
        $form_input = $this->input->post($input);

        /*clean the data…*/

        $additional_data[$input] = $form_input;

    }

    $this->ion_auth->register($username,$password,$email,$additional_data)

// else validation == false
//...

This way, when you add or remove columns in meta table, you just need to update the ion_auth config file, with no need to change the create_user code…

But, if you wanna do the way you’re using this, you just need to set extra columns directly in the additional_data array, like

$additional_data = array('first_name' => $this->input->post('first_name'),
                         'last_name'  => $this->input->post('last_name'),
                         'address'    => $this->input->post('address')    ,
                         'company'    => $this->input->post('company'),
                         'phone'      => $this->input->post('phone1'),

                         'dog_name'      => $this->input->post('dog_name'),
                         'birthday'      => $this->input->post('birthday')
);

Thanks Lucas, didnt think to run through the config file, like the $meta_columns solution as well.

Most appreciated.

Martyn.

If I’m reading this right, the password is sent in the clear over the wire - is that right?  A few years back I remember implementing an insanely paranoid login system using a javascript MD5 library to send a hashed, salted, hashed password to the web server.  The salt was randomly generated by the server at the time the browser session began.  This same salt was applied to the already-hashed password stored in the database, for comparision purposes.  I can’t quite remember the details.

Anyway, the point is I was wondering if Ben and the other folks working on this had an opinion on the plaintext password issue?  Assuming that SSL is not desired/available, that is.

Rob,

IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript.  Any halfway decent programmer can look through the JS and easily reverse engineering whatever encryption algorithm you implement.

If you need a truly secure login use SSL.

IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript.

Yeah, I admit this was only really covering the case of a wire sniffer, rather than a full-blown man-in-the-middle attack.  Plus there’s a fairly high overhead asking a browser to hash and re-hash.

Now to take a good look at your library!  I’ll be wanting to drop in reCAPTCHA, OpenID and possibly LDAP in due course…  Thanks for all you’ve done.  If I come up with any resuable code I’ll be sure to fork it.

edit: double post (proxy cache error)

Rob,

Thanks and definitely keep me updated on your progress implementing those items.

Ion Auth looks great.  Wish I had come across it a couple weeks ago; it would have saved me a lot of time.  I’m especially impressed by how well the “groups” logic seems to have been thought out.

Maybe it’s just me, but as I was playing around wiht Ion Auth, I had a really hard time figuring out something really obvious, so I thought I’d post something here just in case others have the same issue:

If you want to allow new users to register themselves with Ion Auth, you’ll almost certainly want to require them to verify their registration by email.  Yes, Ion Auth DOES come with an email confirmation function.

To trigger email activation in Ion Auth, just open the ion_auth.php file located in the ‘application/config’ folder and scroll down to line 78.  There you’ll find

$config['email_activation'] = false;

Change that to “true” and you’re good to go.

I’m a little surprised this is set as a config option (which is why I had such a hard time finding it).  It seems like the kind of thing you’d want to pass as an option through a register()-type function, so that admins can add new users without a confirmation email if necessary. Or am I missing something?

Hi all

I’m running into session issues with Internet Explorer (the issue described below doesn’t happen in Firefox or Chrome).  Here’s the deal…

1. User logs in via the auth/login method in the controller. The login works and the following is printed out after a successful login:

ion_auth->logged_in(): session_id = d33d753b8b7769f00471dbc460c84926
ion_auth->logged_in(): identity = email
ion_auth->logged_in(): session->identity = .(JavaScript must be enabled to view this email address)
ion_auth->logged_in(): session->id = 25
ion_auth->logged_in(): session->user_id = 25
ion_auth->logged_in(): session->group_id = 2
ion_auth->logged_in(): boo? identity = 1

2. The next action the user takes is clicking a link directly below the above print out.  The “tracker” controller is loaded and defaults to the calendar() function.  The first action in tracker->calendar() calls the ion_auth->logged_in() function.  This action in some versions of IE (this doesn’t happen with my IE, but does with a few friends - we are both using IE 8.0) creates the following output:

tracker->calendar(): start
ion_auth->logged_in(): session_id = f438643a280a6bc6d993bd755543af4a
ion_auth->logged_in(): identity = email
ion_auth->logged_in(): session->identity =
ion_auth->logged_in(): session->id =
ion_auth->logged_in(): session->user_id =
ion_auth->logged_in(): session->group_id =
ion_auth->logged_in(): boo? identity =

The session information isn’t being saved correctly for some reason. I tried saving the session information into the database via the config file, but that didn’t correct the problem.  And, as I said before this flow works in Firefox and Chrome and even some installs of IE8.0.  Any suggestions on why this might be occurring or what I should look at? I’m stumped.

thank you

gscharlemann,

give hybrid session a try:

http://ellislab.com/forums/viewthread/124821/

Regards
Bernd

Bernd
Thanks! Looks to be exactly what I need. I’ll give it a go.
Greg

For one IE does not like the cookie having an underscore!
$config[‘sess_cookie_name’] = ‘cisession’;

It could also be the difference in the server and users
time.

InsiteFX

does this have oauth authentication ?

That’s left as an exercise for the user, but the code is very hackable.  It’s something I’m planning to implement but I can’t commit to any time scale.

Bernd

Hybrid Session library (http://ellislab.com/forums/viewthread/124821/) fixed the session issue I had in IE.  Thanks for the help!