Thread

One thing I would suggest is that when someone tries to login with an incorrect username, that you don’t report that to the user - “Username not exist.”.  The same goes for the password being wrong with the correct username supplied - “Your password was incorrect.”.  This just makes it easier for hackers by letting them know where to focus their efforts.  A better message is “Your username or password are incorrect” or something similar, for both cases.

from the language file:

/*
  It is recommended for you to change ‘auth_login_incorrect_password’ and ‘auth_login_username_not_exist’ into something vague.
  For example: Username and password do not match.
*/

😉

Yes, but the message will show up next to the field that it is true, or both depending on the case, which is easy to figure out what is going on.  There should be 1 message.

Yes, but the message will show up next to the field that it is true, or both depending on the case, which is easy to figure out what is going on.  There should be 1 message.

I show only 1 message:

$this->dx_auth->get_auth_error();

I have a wierd problem. Somehow I can’t login. I just installed the examples that came within the zip. The database connection works, cause I can register and activate.

But somehow it doesn’t find the username, giving me an ”Username not exist.“ Error. It’s the same with the example users and new registered ones.

You use “admin” and “hello” ? case-sensetiv!

jepp. Like i said, even the new account won’t work. I can even send a new password, and the email comes to my adress.

Sorry, but I’m an idiot :D

I only turned on “Login by Email” and fogot it. Damn it :D

Can you help clarify the case sensitivity of DX_Auth 1.0.6?

I have a user in the users table called john.  If I try to register a new account with John (capital J) I get the message that the username is already taken.

I have a user in the userstemp table called aaaa.  If I try to register a new account with AAAA a new record for AAAA is added to userstemp.

In the first example it appears that the username is case sensitive but in the 2nd case it’s not.  Why is there a discrepancy?

Along those same lines I have a user in userstemp called bill with email .(JavaScript must be enabled to view this email address).  If I try to register a new account with pete and email .(JavaScript must be enabled to view this email address) (same email, uppercase T) the account is accepted.  This wasn’t the result I was expecting since email addresses are case insensitive.

Would these two cases be considered bugs?

Thanks for the work on this library!  It’s saved me alot of work!

[Update]

If you open the models/dx_auth/user_temp.php file and search for check_username and check_email methods replace the db->where statements with the following:

check_username:
  $this->db->where(‘LOWER(username)=’, strtolower($username));

check_email:
  $this->db->where(‘LOWER(email)=’, strtolower($email));

Since this is a change to the lib itself you may lose changes if there’s an upgrade.

[/Update]

I have a permissions question.

I have a class View, with function Page, and I pass in a parameter to view whatever page is passed in.

I want to restrict users to certain pages but I can’t with the Uri_permissions because it doesn’t except the passed in parameter. If I give them access to /View/Page/ they can view all the pages.

Any suggestions on how to do this with DX_AUTH

Can I do this with custom_permissions? If so how… I can’t seem to find where to edit the current custom_permissions (“edit” and “delete”) or add new ones, or if it will be possible to add new ones easily when a new page is created.

I use email activation/forgot email but I see we can’t setup our own email conf.
But since the “_email” is used when sending emails then it has been easy for me to setup some conf.

my _email function looks like this now (class DX_Auth starting line ~169) :

function _email($to, $from, $subject, $message){
         $this->config->load('email');    
            
        $config['useragent'] = $this->config->item('useragent');
        $config['protocol'] = $this->config->item('protocol');
        $config['mailpath'] = $this->config->item('mailpath');
        $config['smtp_host'] = $this->config->item('smtp_host');
        $config['smtp_user'] = $this->config->item('smtp_user');
        $config['smtp_pass'] = $this->config->item('smtp_pass');
        $config['smtp_port'] = $this->config->item('smtp_port');
        $config['smtp_timeout'] = $this->config->item('smtp_timeout');
        $config['wordwrap'] = $this->config->item('wordwrap');
        $config['wrapchars'] = $this->config->item('wrapchars');
        $config['mailtype'] = $this->config->item('mailtype');
        $config['charset'] = $this->config->item('charset');
        $config['validate'] = $this->config->item('validate');
        $config['priority'] = $this->config->item('priority');
        $config['crlf'] = $this->config->item('crlf');
        $config['newline'] = $this->config->item('newline');
        $config['bcc_batch_mode'] = $this->config->item('bcc_batch_mode');
        $config['bcc_batch_size'] = $this->config->item('bcc_batch_size');        
        
        $this->ci->load->library('Email');
        $email = $this->ci->email;
        
        $email->initialize($config);
        $email->set_newline($this->config->item('newline'));

        $email->from($from);
        $email->to($to);
        $email->subject($subject);
        $email->message($message);

        return $email->send();
    }

My email conf looks like this :

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

$config['useragent'] = 'CI'; // The "user agent".
$config['protocol'] = 'smtp'; // mail, sendmail, or smtp    The mail sending protocol.
$config['mailpath'] = ''; // The server path to Sendmail.
$config['smtp_host'] = 'mySMTPServer'; // SMTP Server Address.
$config['smtp_user'] = ''; // SMTP Username.
$config['smtp_pass'] = ''; // SMTP Password.
$config['smtp_port'] = '25'; // SMTP Port.
$config['smtp_timeout'] = '5'; // SMTP Timeout (in seconds).
$config['wordwrap'] = TRUE; // TRUE or FALSE (boolean)    Enable word-wrap.
$config['wrapchars'] = 76; // Character count to wrap at.
$config['mailtype'] = 'html'; // text or html Type of mail. If you send HTML email you must send it as a complete web page. Make sure you don't have any relative links or relative image paths otherwise they will not work.
$config['charset'] = 'utf-8'; // Character set (utf-8, iso-8859-1, etc.).
$config['validate'] = FALSE; // TRUE or FALSE (boolean)    Whether to validate the email address.
$config['priority'] = 3; // 1, 2, 3, 4, 5    Email Priority. 1 = highest. 5 = lowest. 3 = normal.
$config['crlf'] = "\r\n"; // "\r\n" or "\n" or "\r" Newline character. (Use "\r\n" to comply with RFC 822).
$config['newline'] = "\r\n"; // "\r\n" or "\n" or "\r"    Newline character. (Use "\r\n" to comply with RFC 822).
$config['bcc_batch_mode'] = FALSE; // TRUE or FALSE (boolean)    Enable BCC Batch Mode.
$config['bcc_batch_size'] = 200; // Number of emails in each BCC batch.

/* End of file email.php */
/* Location: ./system/application/config/email.php */

sharing in case…
Thanks for all the work.

Hi all,

i’ve installed dx_auth on my server and i have a problem when i try to log in.
I have the message

A PHP Error was encountered

Severity: 4096

Message: Object of class stdClass could not be converted to string

Filename: libraries/Session.php

Line Number: 683
A PHP Error was encountered

Severity: Notice

Message: Object of class stdClass to string conversion

Filename: libraries/Session.php

Line Number: 683

I have these message, but i’m log in. when i logout there no error message. Do you have an idea?
It seems that the problem is in the _serialize() function…

Thank sfor your help

I found the correction of this issue

http://ellislab.com/forums/viewthread/95690/

StackOverflow user Jens Roland a pros/cons list about DX Auth here: http://stackoverflow.com/questions/346980/what-code-igniter-authentication-library-is-best , but that was back in January. It seems that there has been changes to this library since then. Have any of the issues he mentions in the cons list been addressed?

Can I do user permissions with this library?

As in, set the values for various permissions in the user’s session and have the script check permissions?

Can I do user permissions with this library?

As in, set the values for various permissions in the user’s session and have the script check permissions?

Yes.
There are many options.
There are user roles that you can check. Such as “Administrator”, “Editor”, whatever you define.
Then, each role can have various permissions which you can also check.
Like Administrators can have all permissions, an Editor may have “edit, write, save” permissions or whatever you define.

You can check by role and/or permissions for that role.

These are built in and you don’t have to save them in session, they already are.

On top of that, you can define permissions for each controller to allow access to that controller based on role/permissions or both.

Its very flexible.  Hope that helps…