Thread

I haven’t messed with this library in a very long time and I was wondering:

Is it usable? Could someone possibly list me some of the problems with it?

Cheers

Hi guys
i might be blind since 2h
but I can’t get my hands on the user and admin password available in DX auth sample data ?
can someone help ?
Thanks
Tibor

Hi guys
i might be blind since 2h
but I can’t get my hands on the user and admin password available in DX auth sample data ?
can someone help ?
Thanks
Tibor

admin/hello
user/hello

thanks for your quick help

Hi all!

I migrate user’s data from old project to a new, which I develop using CodeIgniter and dx_auth. In the old project we stored user password as md5 hash and I was surprised that just moving data from database doesn’t work. I wonder why dx_auth use such a complex way to encrypt password? Does it really help to improve security?

I imagined a situation, where an attacker can replace password field for a specific user. Not knowing what dx_auth does with md5 would prevent attacker to put correct value in password field. But if somebody can change password field in database, he also can change e-mail and just request a password change via web-site.

I just want to know is it really worthy to use such a scheme to store passwords. If it isn’t, I would rather change dx_auth to use md5 only.

Thanks in advance 😊

Take a look at this :
http://stackoverflow.com/questions/346980/what-code-igniter-authentication-library-is-best

Take a look at this :
http://stackoverflow.com/questions/346980/what-code-igniter-authentication-library-is-best

That was fast! What I learned is that md5 is salted because of “Rainbow Tables”. Now it seems more reasonable for me.

Thanks!

The thing I don’t like about DX is how it uses crypt. When I tried to set up a local development environment on my laptop I could never get the passwords from production server to work, because the production environment supported crypt with md5, whereas my local PHP that comes bundled with MAMP didn’t. I ended up rewriting a part of the code to use sha1 instead. sha1 function exists and works the same on all PHP environments, so you don’t have to worry about compatibility accross the environments.

Other than that DX_Auth is great for my needs. I’ve been using it for a year in a big social networking project. When it doesn’t have functionality that I need, I wrote my own. For example, XMLRPC to allow other non-CI apps to authenticate users as well.

hi all,

I am starting with dx_auth and i want to disable the confirmation code so i set

$config['DX_count_login_attempts'] = FALSE;
$config['DX_max_login_attempts'] = 1;

But the confirmation code keeps showing. I just want a simple username password to start with. Any suggestions??

Why not try

$config['DX_captcha_registration'] = FALSE;
$config['DX_captcha_login'] = FALSE;

me again,

Can anyone show me some examples of
Event for DX_Auth
I guess i need to use the

// This event occurs right after user login
    function user_logged_in($user_id)
    {

    }

with all the user_profile settings

kind regards,

ps: @therendStudio didn’t see your answer but i already have

// Registration
$config['DX_allow_registration'] = TRUE; 
$config['DX_captcha_registration'] = FALSE;

// Login
$config['DX_captcha_login'] = FALSE;

somehow the max attempts is still being executed/needed

I’m having a little trouble figuring out the roles and how to correctly and efficiently get them implemented into my app.

Members can log in and are able to view the uri /account/
Mods are able to log in and view the uri’s /account/ and /mod/ (but can’t modify a members account)
Admins are able to log in and view the uri’s /account/, /mod/, and /admin/ - and can modify any account.

I understand how to use is_role(array(‘admin’, ‘mod’)) - but that works with methods. I don’t want to use the is_role function on EVERY method. It makes sense to restrict entire controllers - or is there a better way?

k - Just screwin around with it some more and I finally figured out the URI permissions.

Is there a way to add a more explicit way of saying who can and cannot access specific URI’s?

For example:

This gives Mods access to the Mod panel:

/mod/

This gives Admins access to the Mod AND Admin panel:

/mod/
/admin/

And this…oops…gives EVERYone access to everything… (including the Mod and Admin panel)

/ (...just that slash)

Kinda dangerous, right?

How can I restrict the Admin controller to only Admins by using the is_admin function?

i am having a problem with

the site url.

I know the cause i added this to index.php for WP intergration

require_once './blog/wp-load.php';

so now

echo anchor($this->dx_auth->register_uri, 'Register');

doesn’t work correctly as anchor thinks mydomain.com/blog/ is my site_url. So i added a project_anchor helper and replace site_url with base_url.

Now for my question: where in the DX auth code does site_url exists???

ok major problem

$this->dx_auth->is_logged_in()

doesn’t work anymore, how can i make it work with my current setup.
Unfortunatly i must have WP installed

Please, advice