Thread

4.3, so I bet that’s my problem from reading other posts.  I’ll upgrade to 5 and see what happens.

Thanks!

That did the trick.  This CI newb is getting a trial by fire.  Thanks for the quick reply!

Two bugs:

1. When I log in as non-admin, having no allowed_uri’s set I get this warning:
Severity: Warning

Message: in_array() [function.in-array]: Wrong datatype for second argument

Filename: libraries/DX_Auth.php

Line Number: 173

Resolution: In DX_Auth.php in function check_uri_permissions at around line 503 change the code to:

// Loop each roles URI permissions
                foreach ($roles_allowed_uris as $allowed_uris)
                {
                    if ($allowed_uris===NULL)
                    {
                        break;
                    }
                    
                    // Check if user allowed to access URI
                    if ($this->_array_in_array(array('/', $controller, $action), $allowed_uris))
                    {
                            $found = TRUE;
                            // Stop loop
                            break;
                    }

If allowed_uri’s is not set it skips further processing.

2. When you fix above the page gets redirected to /auth/deny. There is no such method in auth controller, so you get “404 Page Not Found”.

1. Thanks. This was reported before but i cannot produce the bug, but i will add that code 😊

2. Yes, you need to create your own function in the controller.

dexcell,

can you please update the installation instructions and change the lines:

2. Copy captcha folder into your CI folder.

to

2. Copy captcha folder into your CI folder. Make captcha folder writable by the web server.

Will do, thanks 😊

Hi,

I think this is a great library, but have I come across a few bugs. Most of them are already discussed in this topic.

When I try to login as user or as admin, with password ‘hello’ (found this in the userguide), it gives me ‘Your password was incorrect.’ I solved it by setting the admin password in the database to:

$1$i75.Do4.$l3kV.GTx/n8.GWZPEyrXm0

and the user password to:

$1$bO..IR4.$oDi44/8oYWYxzQ13ZRltu1

.. which makes

if (crypt($password, $stored_hash) === $stored_hash)

on line 885 of DX_Auth.php evaluate to true.

I am still wondering what the original hashes represented.

Keep up the good work   :lol:

Thomas

I am having serious problems with authentication.

When after login() or logout(), users are redirected to my home page, it doesn’t log them out. I, 90% of the time, have to clear my browser cache for cookies to disappear. It keeps me logged in OR it doesn’t log me in.

My site (on my local server) has links to login page or login page form but when process is finished and users are redirected, it keeps it’s old state.

Is it a bug or is it something in my code?

I just noticed weird behavior from Session class. It maybe that class that’s causing this problem.

I did print_r($this->session->userdata); at the top of my header template.

I noticed that I get following data AFTER log IN.

Array
(
    [session_id] => 85515c54daa9ee61c1fa2825ca09a4ec
    [ip_address] => 192.168.1.100
    [user_agent] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv
    [last_activity] => 1230182002
)

And I get following data AFTER log OUT

Array
(
    [session_id] => 85515c54daa9ee61c1fa2825ca09a4ec
    [ip_address] => 192.168.1.100
    [user_agent] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv
    [last_activity] => 1230182002
    [DX_user_id] => 1
    [DX_username] => admin
    [DX_role_id] => 2
    [DX_role_name] => Admin
    [DX_parent_roles_id] => Array
        (
        )

    [DX_parent_roles_name] => Array
        (
        )

    [DX_permission] => Array
        (
        )

    [DX_parent_permissions] => Array
        (
        )

    [DX_logged_in] => 1
)

This data doesn’t get refreshed (even after redirect to home page after log in and log out) until I hit refresh on the browser itself.

This same behavior happened in FireFox and Chrome.

Strange as it may sound, restarting my machine fixed it. I have no idea why this happened but it did.

Still not sure (specially now) if it was my machine & browser or CI session class (which I doubt as so many others use it)

DELETED

Hello guys, i’m gonna posting the updated version maybe tomorrow.
Added major salt option in config, and few small bug fixes.

Ah, and thank you JimmyPHP for the donation, really appreciated.

I have been following the development of your Auth library and would like to use it in a project I am working on and as a result have a few questions on implementation.

I am working on a site that will have vacation rentals that will be posted by the owners of the property, that will be able to be searched on and rented. Thus I will need to have two sets of registration. One for the owners of the property and one for the renters. The basic info collected will be the same for each (name, email, password) however the additional profile for each will be different. The owner will be able to post new properties for rent and the registered individuals will be able to, via form, rent the property.

What is your recommendation on the best way to set something like this up from the registration and auth aspects with your library? (please be patient with me as I know just enough to be dangerous!) 😊

Thanks in advance!

Quick tip if you want to add fields to the ‘user_profile’ table. Add the fields in your database, add them to your form. Then modify the ‘user_activated’ function in DX_Auth_Event.php to fire the ‘user_profile’ model’s ‘set_profile’:

function user_activated($user_id)
{
  // Load models    
  $this->ci->load->model('dx_auth/user_profile', 'user_profile');
  // Create user profile
  $this->ci->user_profile->create_profile($user_id);

  // stuff I added starts here…
  $fields = array(
    'first_name' => $_POST['first_name'],
    'last_name'  => $_POST['last_name']
  );
  $this->ci->user_profile->set_profile($user_id, $fields);
}

One big downside to adding to the user’s profile is that you can’t do email authorization, since that “extra” data isn’t stored in the ‘user_temp’ table. Any ideas on how to get around this, folks?

One big downside to adding to the user’s profile is that you can’t do email authorization, since that “extra” data isn’t stored in the ‘user_temp’ table. Any ideas on how to get around this, folks?

Adding an extra table for the profile information?
The “users” table takes care of registration and login, the “profile” table of extra information, a bit like phpBB uses te profile_data table (or something like that at least)

This would make the app more portable too I think, as the main functionality - registration and logging in - remains the same for every app, while everyone can easily extend the profile information.

Phpbb’s approach is quite interesting, as it stores even the kind of information you need to enter in the database…

It’s rather late here, and I think I’m not making myself very clear :p

Good night and Happy New Year everybody (better sooner than later…)

I don’t think in this case you need to worry about authorization. user_profile table has user_id column which joins this table to users table.

In this case, only way this profile will be created is after they activate. That in itself authorizes user. If they fake that then they are faking entire process anyways.

And about processing it, you can use $this->dx_auth->get_user_id() function to pass user ID to user_profile model. Before doing that, check if user is logged in.

I actually liked this idea of separate table. I have already changed it to store other information.

Hope this helps.

Thanks for the insight so far.

Since I am having 2 different groups of users (owners of rental property and renters) which will have 2 totally different inputs for registration, would it be better to have two dx_auth systems? dxauth1 and dxauth2. Reason being there would be 2 different profiles and also different config variables such as the deny page, login page, register page, etc.

Another example needing this type of functionality would be a job site. 2 different user groups (employers posting jobs and job seekers posting resume) with different registration needs but still interact together.

Any better ideas? Would another Auth library be better for my needs? Unfortunately, I do not have the experience to build one myself yet. I would like to stay with one that is active, up to date and has features such as forgot password, captcha, change password.

Hope this makes sense! Thanks to a great user base around Code Igniter!