+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Ion Auth - Lightweight Auth System based on Redux Auth 2 (/showthread.php?tid=27435)
Pages:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-11-2010
[eluser]Aidy[/eluser]
@design_shuffle check this out
http://benedmunds.com/ion_auth/#is_group
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-11-2010
[eluser]Lucas Alves[/eluser]
Thinking about my previous changes, and how about if an user is logged and we change his group or deactivate him. The lib is just checking the group and the user id stored in the session, so, while the session doesn't finishes, he will stay with the active and within the group that he was when he logged in.
what do you think about it?
One solution would be set the ci session expiration time with a short value, like 30 min, or 1 hour. Then, if he marked the "remember" option, when the login_remembered_user function run, it will remake the group and the active status with my previous post modification...
Another solution would be check if he's active and the group every time we run "is_group" or "logged_in". But I think it's not too good, cause it would have too many selects, and if we have some hundreds of users or a bad server it would slow down the app...
What do you think?
Sadly, I don't have access to github. I'd really like to help more...
thanks.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-11-2010
[eluser]Lucas Alves[/eluser]
My final solution to this was:
in the ion_auth model I created this methods:
Code:
public function check_session_validity()
{
$this->db->where($this->tables['users'].'.id', $this->session->userdata('user_id'));
$this->db->where($this->tables['users'].'.'.$this->identity_column, $this->session->userdata($this->identity_column));
$this->db->where($this->tables['users'].'.group_id', $this->session->userdata('group_id'));
$this->db->where($this->tables['users'].'.active', 1);
return $this->db->count_all_results($this->tables['users']) > 0;
}
public function refresh_session_data(){
$db_user_data = $this->get_user()->row();
if(empty($db_user_data)){
return FALSE;
}
if($db_user_data->active == 0){
return FALSE;
}
$this->session->set_userdata($this->identity_column, $db_user_data->{$this->identity_column});
$this->session->set_userdata('group_id', $db_user_data->group_id);
$this->session->set_userdata('group', $db_user_data->group);
return TRUE;
}and in the constructor of the library, after check remembered, I put this code
Code:
//auto-login the user if they are remembered
if (!$this->logged_in() && get_cookie('identity') && get_cookie('remember_code'))
{
$this->ci->ion_auth_model->login_remembered_user();
}
//check if the data in the session is equal to database data
elseif($this->logged_in() && !$this->ci->ion_auth_model->check_session_validity())
{
//try to refresh the session data
if(! $this->ci->ion_auth_model->refresh_session_data()){
//oh, I can't update the session. Probably the user was deactivated
$this->logout();
}
}What do you think?
As I said, I don't have access to github, but I'll try to get this friday at home...
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-11-2010
[eluser]loosetops[/eluser]
Did you couple that code with a timeout value so as not to overload the db with calls?
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-11-2010
[eluser]Paul Huu[/eluser]
Hey Ben, it turned out to be a very simple. $this->form_validation->run() always returned false because of how you loaded the 'login' view.
Code:
if (!$this->ion_auth->logged_in()) {
//redirect them to the login page
redirect('auth/login', 'refresh');
}Using $this->load->view('auth/login', 'refresh'); solved the problem for me.
Your example controller & views just didn't work right out the box for me. The other forms are broken, too, but solved in a similar fashion.
And thank you for writing this beautiful authentication library. =]
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-12-2010
[eluser]Lucas Alves[/eluser]
[quote author="loosetops" date="1281601708"]Did you couple that code with a timeout value so as not to overload the db with calls?[/quote]
The problem with change the session timeout is that if an user doesn't check "remember me", he will disconnect when the session reachs the timeout. An another problem is that if I need to deactivate an user that is logged, he will stay logged in until the session expire. And the same problem if I change the user group.
Like I'm just doing a count, I don't think it will be a problem. Another solution?
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-15-2010
[eluser]loosetops[/eluser]
You would use another "timeout" value(one specific to this requirement) and tuck it into the SESSION variable. So that if it is 1 hour, every one hour you check the db to see if the user is still enabled.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-16-2010
[eluser]Lucas Alves[/eluser]
Hmm, now I understood you. It's a good idea too, but the problem with "in real time" blocking will still bothering me
It's a requirement of my app, so... I think that some counts won't make me lose my sleep... Thank you very much.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-16-2010
[eluser]jsherk[/eluser]
@Lucas... I don't know enough about sessions (which is why I use Ion Auth), but is it possible to delete/destroy a users session whenever their group is changed and/or they are de-activated?
If this can be done, then upon changing their group, they would be automatically logged out and have to login again.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 08-16-2010
[eluser]jsherk[/eluser]
Looking for comments on ACL for CRUD ... My next application will require Access Control for Create Read Update Delete for each user on each page.
I really like Ion Auth, and wanted to brainstorm with everybody's comments/ideas on how to modify it to work in such a scenario. The ultimate goal would be to come up with a solution that is still "lightweight" enough to have the code actually included as part of Ion Auth. If it gets a little too "heavy" then alternatively it could become it's own library that uses Ion Auth as it's base.
I am no expert when it comes to Authorization and Access Control so all pointers would be helpful!
Thanks
Jeff