Thread

That’s pretty interesting. I’ve used something like that before. I’ve also done something similar to that, but more like a chmod. Your approach works pretty well for a smaller project where you’re in control of every user. But for the sake of manageability, you need to abstract it by an extra layer. In your approach, you have to set every permission for every user. Where as in mine, you setup permissions and assign them into groups. Then you can simply set what group the user belongs to and they get all the inherited permissions.

@12vunion

You sent your messages while I was writing mine!  😊

Just a third point of view!

A ha. Gotcha.

@12vunion

Yes, but if you have one user taking care of one area, you would end having as many groups as users and no inheritance in levels at all. In my app you start setting default permissions to true just to change his own password any assign only the permissions needed for that user. If you have enough users to group them in groups then I agree with you, but it still lacks inheritance to say “editor or higher in this area”, how would you mix both approaches?

Or do you focus more on explicit permissions like “can_do_x”?

How whould you apply it in a per area basis more like saying “can_read in news_area”?

Either you use it like I am and say content_type = “news_area” can_read = “1”, or you’d need a table with a ton of rules “can_read_news”, “can_edit_news”, etc. And then create an in between table that pairs user ids with permission ids (see my groups_to_roles_join table). Granted, my roles table is going to get pretty big as well.

Just thought i would post this, in the example on http://www.michaelwales.com/2007/10/erkana-codeigniter-authorization-library/ there is a error. This line

if ($this->erkanaauth->try_login(‘username’=>$username, ‘password’=>$password)) {

should be

if ($this->erkanaauth->try_login(array(‘username’=>$username, ‘password’=>$password))) {

as it wouldn’t run until i changed it. Thank you for this great library as i have been looking a authentication system and none of the others had the flexibility.

Yeah - I am aware of that error, I just haven’t went back to change it just yet.

12v:
I like your changes - I’m going to give them a more thorough review, possibly clean up the code a bit - do you mind if I merge it into the next version of ErkanaAuth?

Everyone else:
How has ErkanaAuth helped in your application development? What would you change or where has ErkanaAuth given you issues that you needed to work around? I know the role system is lacking - it wasn’t even going to be included to be honest - I’m definitely planning on focusing on this system a bit more in the future.

Future Plans:
Another library that can be loaded that will provide automatic generation of login/register/forgot password forms.
Methods to assist with user creation/registration and forgotten passwords.
Real documentation.

Please, go right ahead and use it. I’m using your code, I figured it only fair and in the spirit of things to contribute my code right back to you.

I have added in a forget password function into erkanaauth. This is as far as i got:

function forgot($condition = array(), $length)
    {        
        $this->CI->db->select($condition[0]);
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        if ($query->num_rows != 1) {
            return FALSE;
        } else {
            /*---------- Create a New Password ----------*/
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= rand( 1, 9 );
            }
            
            $data = array(
               'password' => $new
            );
            $this->CI->db->update('users', $data, $condition);
            
            mail($condition, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
    }

I can’t seem to get the mail to work. The update function works but it won’t email.

I have added in a forget password function into erkanaauth. This is as far as i got:

//old code

I can’t seem to get the mail to work. The update function works but it won’t email.

In responce to our IM conversation, here is the code I was talking about.

function forgot($condition = array(), $length)
    {        
        // Get the first and only key name in this array
        list($field)=array_keys($condition);
        
        // Use the key name to work out what to select
        $this->CI->db->select($field);

        // Use $condition[$field] to get the value
        $query = $this->CI->db->getwhere('users', $condition[$field], 1, 0);
        if ($query->num_rows != 1) {
            return FALSE;
        } else {
            /*---------- Create a New Password ----------*/
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= rand( 1, 9 );
            }
            
            $data = array(
               'password' => $new
            );

            $this->CI->db->update('users', $data, $condition);
            
            // The line below will be broken if its not an email you are sending it.
            mail($condition, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
    }

Here is the code fully working, Thanks to thepyromaniac for his time and help.

function forgot($condition = array(), $length)
    {    
        /*---------- Get Key and Value array ----------*/
        list($field) = array_keys($condition);
            
        $this->CI->db->select(array($field, 'email as definatly_email'));
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        if ($query->num_rows()) {
            
            $row = $query->row();
            
            /*---------- Create a New Password ----------*/
            $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= $pattern{rand(0,35)};
            }
            
            $data = array(
               'password' => $new
            );
            $this->CI->db->update('users', $data, $condition);
            
            /*---------- Sends email to the user ----------*/
            mail($row->definatly_email, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
        return FALSE;
    }

The code is flexible, but there had to be a limit on it as whatever the condition is that the user chooses that is what the member will get emailed by, so you wouldn’t be able to use a field name like username if its not a email as it wouldn’t be able to email by that. But you can make the email field whatever you want to call it so it could be called mailuser as long as it will have a email address in it.

The password field will have to be called password aswell, could add a extra variable and let the user input it themselves when they call the forgot function, but for speed i left that out.

To use the code just call

$this->erkanaauth->forgot(array(‘email’=>$email), 8);

The 8 is the lenght of the new password.

Added the Fixes from thepyromaniac post below.

function forgot($condition = array(), $length)
    {    
        /*---------- Get Key and Value array ----------*/
        list($field) = array_keys($condition);
            
        $this->CI->db->select(array($field, 'email as definatly_email'));
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        
        if ($query->num_rows())
        {
            $row = $query->row();

            $this->load->helper('string');
            
            $data = array(
               'password' => random_string('alnum', $length)
            );
            $this->CI->db->update('users', $data, $condition);
            
            /*---------- Sends email to the user ----------*/
            mail($row->definatly_email, "New Password", "Your new password is: " . $new);
            return TRUE;
        }

    return FALSE;
    }

There ya go, use username or whatever. The same “does it exist” check will grab you their email address for use when sending em mail.

I still dont reccomend this, hopefully its the developer that gets to chose how the forgot pass works, not the user.

“I forgot my account, my special data field is active and my special data value is 1… yea thats my account alright!” >.<

Great work easylancer - I hope this additions work out for you.

Unfortunately, I’ve been giving this particular issue quite a bit of thought and I am unsure as to whether a full-scale forgotten password implementation fits within the scope of ErkanaAuth. More than likely, what you will see, is a set of methods that will assist in creating your own forgotten password functionality.

My perfect forgotten password functionality works as so, therefore my methods will be assistants in creating this functionality:
1. User enters their username and email address in form.
2. Their account receives a unique key for a 24-hour period that permits them to visit a password change page, with that unique key, and change their password.

This prevents people from entering an email address and automatically changing someone’s password. In addition, it gives the user the freedom to reassign their own password, rather than you giving them one, them coming back, and having to change it again. It’s all taken care of in one step.

I’m not trying to knock your work on this easylancer. That’s the beauty of ErkanaAuth - it’s non-invasive, which means it can be utilized and extended to make your job as easy as possible. Unfortunately, it’s not really what I am looking for in the library as a whole.

To be honest, I’m not sure if I’ll ever add forgotten password functionality to Erkana. At first glance, it seems like an appropriate fit, but when you actually use and “feel” the style of Erkana you realize it still leaves you, the developer, in total control. I fear it would be difficult to implement forgotten password without stealing some of that control from the developer.

you definitely spelled definitely wrong.

Hello, I got a problem that I can’t resolve, so I ask for your help:
This library works fine with cookie, but with session, when executing the function try_session_login(), it seems that $this->CI->session->userdata(‘user_id’) can’t retrieve data.
I changed the name of the session and users table, but as it works fine with the try_login() function (i made an echo of $this->CI->session->userdata(‘user_id’) and it is well created.
You can check Erkana library’s file of my project here : http://robby.homelinux.net/jdllbeauvais/trunk/libraries/Erkanaauth.php
and the controller here : http://robby.homelinux.net/jdllbeauvais/trunk/controllers/admin.php

thanks for your attention 😊