CodeIgniter Forums
Ion Auth - Lightweight Auth System based on Redux Auth 2 - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Ion Auth - Lightweight Auth System based on Redux Auth 2 (/showthread.php?tid=27435)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 10-25-2010

[eluser]Flightkid[/eluser]
Hey man thanks so much for this!!! This saves me!!!

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 10-27-2010

[eluser]woeps[/eluser]
Hi!
At first I want to congratulate and thank you for this great and powerfull but yet simple and straight forward library!! You did really great work!

During playing around and getting to know your library better, I ran into a problem:
I created a very simple login-method (i use a MY_Controller for templating purpose) and on execution of this code everything seems fine (ion_auth->message: "Logged In Successfully" and session-vars also set correctly):
Code:
function login()
        {
        $this->ion_auth->login('administrator', 'password', TRUE);
        $this->data['content'] = $this->ion_auth->messages();
        $this->output();
        }
BUT: If I check if the user is logged in on the next page/method the session_vars are gone and the user seems to be never logged in.

index-method to check if log-in worked:
Code:
function index()
        {
        if($this->ion_auth->logged_in())
            {
            $this->data['content'] = 'You are logged in!<br/>';
            }
        else
            {
            $this->data['content'] = 'You are NOT logged in!<br/>';
            }
        $this->data['content'] .= var_dump($this->ion_auth->logged_in());
        $this->data['content'] .= $this->ion_auth->messages();
        $this->output();
        }

I don't know if I missed a config or screwed up somewhere else? - I tried to solve my problem for the whole day but couldn't find a solution...
Maybe you can give me a suggestion in which way I should search for the error?

Thanks a lot!

Edit:
Okay, I just realised that my session_id changes on every reload. So this should be the problem why my data (I also tried ion_auth-independent session-data) gets lost.. right? - but I don't know where to look further?

Edit2: Damn it! - I was a fool...
Just set $config['cookie_domain'] wrong and hadn't seen the error.. :/
Thanks anyway.

BTW: Library works like a charm by now!!! Big Grin

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-03-2010

[eluser]Clooner[/eluser]
I'm using CI2 with ion auth which I used before in other projects. However now I seem to be running into an error with ion auth I did not experience before

Code:
A Database Error Occurred
Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, `groups`.`description` AS group_description, `meta`.`first_name`, `meta`.' at line 1

SELECT `users`.*, `groups`.`name` AS group, `groups`.`description` AS group_description, `meta`.`first_name`, `meta`.`last_name`, `meta`.`company`, `meta`.`phone` FROM (`users`) LEFT JOIN `meta` ON `users`.`id` = `meta`.`user_id` LEFT JOIN `groups` ON `users`.`group_id` = `groups`.`id`

Filename: .../models/ion_auth_model.php

Line Number: 650

Is this an error because I'm using CI2 or because I'm doing something wrong?

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-03-2010

[eluser]Noobigniter[/eluser]
[quote author="Jeroen Schaftenaar" date="1288820472"]Is this an error because I'm using CI2 or because I'm doing something wrong?[/quote]

on CI 1.7.2, i have this problem.

Replace in models/ion_auth_model.php , on line 621 :

Code:
$this->tables['groups'].'.name AS group',
to
Code:
$this->tables['groups'].'.name AS `group`',

and enjoy !

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-04-2010

[eluser]Andy78[/eluser]
Is it possible to add fields to the users table and change the created on and lastlogin fields to use to standard mysql DATETIME rather than int11?

What sort of modifications would I need to do to make those changes, would it have to be extensive?

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-04-2010

[eluser]Andy78[/eluser]
I'm also a little confused about $this->data as opposed to $data. Where is the $this->data array set? Can somebody explain it to me?

For example its used in the login() and in the create_user() functions but in order for me to pass additional $formdate data and data for a country selectbox to my create_user view I had to do
Code:
$data['formdate'] = $formdate;
and

Code:
$data['country'] = $this->country_model->country_select();

because
Code:
$this->data['country'] = $this->country_model->country_select();
would not work.

Here is my create_user function to make things clearer:

Code:
function create_user()
    {  
        $this->data['title'] = "Create User";
        
        $yearmin = date("Y", strtotime('-18 years'));
        $this->load->model('country_model');        
        $this->load->library('formdate');
        //set date params
        $formdate = new FormDate();
        $formdate->setLocale('nl_BE');
        $formdate->year['start'] = 1930;
        $formdate->year['end'] = $yearmin;
        $formdate->year['descend'] = true;
        $formdate->month['values'] = 'string';
        $formdate->month['selected'] = 'January';
        $formdate->day['selected'] = '1';
        
        $data['formdate'] = $formdate;
        
        $data['country'] = $this->country_model->country_select();    
              
        if ($this->ion_auth->logged_in() || $this->ion_auth->is_admin()) {
            redirect('auth', 'refresh');
        }
        
        //validate form input
        $this->form_validation->set_rules('name', 'Name', 'required|xss_clean');
        $this->form_validation->set_rules('username', 'Username', 'required|xss_clean');
        $this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
        $this->form_validation->set_rules('password', 'Password', 'required|min_length['.$this->config->item('min_password_length', 'ion_auth').']|max_length['.$this->config->item('max_password_length', 'ion_auth').']|matches[password_confirm]');
        $this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'required');
        $this->form_validation->set_rules('gender', 'Gender', 'required|xss_clean');
        $this->form_validation->set_rules('country', 'Country', 'trim|required');
        $this->form_validation->set_rules('day', 'Day', 'trim|required|callback_valid_country');
        $this->form_validation->set_rules('month','Month', 'trim|required');
        $this->form_validation->set_rules('year','Year', 'trim|required|callback_valid_date');

        if ($this->form_validation->run() == true) {
            $username  = $this->input->post('username');
            $email     = $this->input->post('email');
            $password  = $this->input->post('password');
            
            $additional_data = array('name' => $this->input->post('name'),
                                     'gender'  => $this->input->post('gender'),
                            'country'    => $this->input->post('country'),
                            'dateofbirth'      => $this->input->post('year') .'-'. $this->input->post('month') .'-'. $this->input->post('day'),
                               );
        }
        if ($this->form_validation->run() == true && $this->ion_auth->register($username,$password,$email,$additional_data)) { //check to see if we are creating the user
                //redirect them back to the admin page
            $this->session->set_flashdata('message', "User Created");
               redirect("auth", 'refresh');
        }
        
        else { //display the create user form
            //set the flash data error message if there is one
            $data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
            
            $this->load->view('auth/create_user', $data);
        }
        
    }


Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-04-2010

[eluser]2think[/eluser]
Andy78,

If you're coming across to Codeigniter/PHP from another programming language like I did, it can get confusing. $this merely sets the scope of the variable to the instance of this (no pun intended) Controller.

Does that make more or some sense? $this = present_Controller and subsequently, the $data array.

I'm sure there are much more knowledgeable PHP programmers on here who can explain it better.

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-04-2010

[eluser]Andy78[/eluser]
yes it does make some sense but I'm still confused as to why I couldn't add $this->data['country'] = $this->country_model->country_select();

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-06-2010

[eluser]dreamer111[/eluser]
I love Ion Auth except for the fact that it uses single iteration sha1 hashing when stores passwords.

Why single MD5, SHA1, SHA256, SHA512, SHA-3 hashing is bad?:

1) Because it's so fast. A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds. sha1 is about the same speed. And that’s without investing anything. If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you’ll be cracking those passwords at the rate of more than one per second.

2)Salts Will Not Help You - It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed.

3)SHA-1 is being retired for most government uses; the U.S. National Institute of Standards and Technology says, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010".


What to do?

Use bcrypt. Actually - use php's bcrypt implementation - crypt function (there are several different
options - best ones would be crypt_sha256, crypt_sha512 or crypt_blowfish). Imho -i'd go for crypt_sha512.

Why is it better?

Because it introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.

How to add it to Ion Auth? Easy.(read php crypt function manual first)

1) In Ion Auth config file set hash length to 16 (for crypt_sha512 variant).
2) use your weapon of choice to modify sql schema (phpmyadmin). Password field has to be extended from 40 to 123 characters.
3) Modify following functions in Ion Auth model
Code:
function hash_password_db
function hash_password

Instead of sha1 functions use something like here:

Code:
return crypt(string $password, string $salt);

where $salt variable has to be in the following format (thanks php):

Code:
$id$rounds=number$actualsalt

where:
id - type of hashing (1 - for md5, 2a for blowfish, 6 for sha512 etc)
rounds - CPU load, number of iterations. The higher the number - the higher CPU requirements. that's what makes it really hard to break. can be any number from 1000 to 999,999,999. Default 5000
$actualsalt -obviously 16 characters salt

So - for example:

Code:
return crypt($password, '$6$rounds=6000$'.$salt.'$');

You can use phpmyadmin again to add a 1-st user:

username: any
password: password
salt (16 chars): aaaaaaaaaaaaaaaa
hash (if 6000 iterations and crypt_sha512): $6$rounds=6000$aaaaaaaaaaaaaaaa$DIu5Q9s6kgfnxcDQPZZ/Xt6T5gar0eBbZShHRWp.aHbBO5nskNc2U1I6YX5aJD6GnKh43i/9EVxV2L5.jrQsw0

Yeas - that entire thing is a hash starting from $6$ and ending in Qsw0

I like Ion Auth more than any library out there for CI and I think that this should be addedd to it instead of default sha1 mechanism

Hope this helps.

Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 11-06-2010

[eluser]Markko[/eluser]
Hi! Just downloaded scirpt from git-hub and theres error in ion_auth_model.php in line 412

There's:
Code:
$this->tables['groups'].'.description AS ' $this->db->protect_identifiers('group_description')

Should be:
Code:
$this->tables['groups'].'.description AS ' . $this->db->protect_identifiers('group_description')

Thanks!