Thread

The Redux Authentication System

Redux Authentication is a great CodeIgniter Auth library. It’s light, easy to use and fully featured. It’s a great choice for your new or existing project due to the power it gives to the developer.

Redux Authentication

Update :

Encryption System
Since having a discussion with a member of the CodeIgniter community (Sikkle) I decided to opt out of having the ability to choose different encryption levels. The default installation will hash the password with a file and database salt.

The idea behind this is that if a hacker gets hold of your database, their attempts at trying to bruteforce your encypted passwords will fail because the password is also hashed with another file based string.

The database salt is also dynamically generated on user registration making it virtually uncrackable (I have to say virtually, because there’s always the chance however low it may be)

I was also originally worried it might add more queries, but I’ve worked out that was not the case so seeing how everyone is paranoid about security I’ve made the most secure method the default one.

So that’s the encyption system renovated.

I’ll now work on the other features.

Ps : Thanks to Sikkle various help. I noticed lots of hits to the website. I’d love to hear your feedback 😊

Great work Popcorn,

i’ll keep looking at the progress, i think this is another realy good addition, also i have to tell the comment in the file are just great.

peavyfr : it’s realy hard to implement ONE standard solution, auth and ACL could be handle in so many way, file, database, sub-level, multiple-controller, per method etc. etc.

This little auth-acl is a great addition by the way it’s builded and trying to provide “simple” solution.

So i’ll say keep working on that one, keep us posted.

good luck !

Thanks for the comments.

Update :

I’ve finished the auto generation of the additional columns. You shouldn’t have to mess with the database now and can add fields on the fly by just adding a new line in the configuration file.

Great auth lib!

Some small bugs have occured in check_group, and probably the other checkers as well.
Now

function check_group ( $email, $table, $left)
    {
        /*
        SELECT levelde_group.title
        FROM levelde_group
        LEFT JOIN levelde_user
        ON levelde_group.id = levelde_users.group
        WHERE levelde_users.email = ''
        */
        
        $this->db->select('group.title');
        $this->db->from($table);
        $this->db->join($left, $table .'.id = '.$left.'.group', 'left');
        $this->db->where($left .'.email', $email);

        return $this->db->get();
    }

Should be (i believe)

function check_group ( $email, $table, $left)
    {
        /*
        SELECT levelde_group.title
        FROM levelde_group
        LEFT JOIN levelde_user
        ON levelde_group.id = levelde_users.group
        WHERE levelde_users.email = ''
        */
        
        $this->db->select($table.'.title'); //Added the $table here
        $this->db->from($table);
        $this->db->join($left, $table .'.id = '.$left.'.group', 'left');
        $this->db->where($left .'.email', $email);

        return $this->db->get();
    }

Thank you!

Thanks.

I just fixed that and updated the auth_lib on the site.

Glad you like it 😊

I still get the old files from your site even though the zip have been updated.

Anyway, this check_group thing. Wouldn’t it be better if it returned the group number so you can check it right away without any trouble? 😊

Why are you putting so much effort into being able to get back a password from the encrypted value? Why not just do a one way encrypt and compare against that. This is most secure.

Is this PHP 5 only?
ThanX

coldKingdom :
Well, I thought it would be more usable to do : if($this->auth->check_group($email) === ‘admin’) rather than use a integer.

louis w :
It is 1 way encryption with 2 different salts. Sorry if I didn’t make this clear before.

PedroGrilo :
It uses __construct which isn’t available in PHP4.

Oh ok.

Do you think 128 is not enough?

I do not have much experience with salts. Just trying to figure out why its to complex.

Well, this is how it works.

The Auth libs has 2 salts, a file based on (This is stored in the auth config and is static.) and the other one is generated each time a user registers and this is stored within that users row.

Now, what happens when a user registers is that the auth lib hashes the password with a unique key (salt) from both the config and the database. The advantage to this is that if a hacker breaks into your website and steals your database. He is missing the other salt (auth config salt) so his attempts at brute forcing the passwords will be nill.

So, this 2 layer security and is more secure than just running your password once through the md5 function.

The other advantage is if 2 or more users sign up with the same password they will all up end with different hashes.

Thanks for the insight. This looks like a great add on.

If i run this view file

$email = "coldKingdom";
    
if($this->auth->check_group($email) === 'Administratör')
    echo "Fungerar bra"; //Works alright
else
    echo "Fungerar inte alls"; //It's a no no :blush:

It return the second line that it didn’t work, is it suppose to work this way or am I doing something wrong?

Do you have a group column in your users table?

and

a group table configured with an id and title?

The group in the users table should match with the same id in the group table with the title : “Administratör”.

Can you also provide a sample of your database layout and I’ll try and figure this out.

Image of how it “should” work

http://img504.imageshack.us/img504/3875/29768517gu6.png

Many thanks.