Tank Auth v1.0 (CI authentication library)

[eluser]Pokhara[/eluser]
Could you please give me the folder and file structure for this ?

I did put

email.php and tank_auth.php on APPLICATION/CONFIG FOLDER
auth.php and welcome.php in APPLICATION/CONTROLLER FOLDER

Thatt's all tank_auth has for the controller, now where is this /auth/login ? I can't even see login controler

[eluser]umefarooq[/eluser]
Hi just open auth controller in application/controller folder you will find login function in that auth class.

[eluser]Dinesh Shah[/eluser]
@Gromozeka

I was in the middle of writing my own auth for a project. :-) Midway, thought of searching for auth library and found DX_Auth. Played with it a bit and found too big for my needs.

Came across Tank_Auth and able to make it work in couple of hours!

I want user profile data while registering the user (e.g. First Name, Last Name), but could not find a way to put this in Tank_Auth.

Any pointers or hints?

Thanks in advance.

Edit: I came across this post. http://ellislab.com/forums/viewreply/560953/

But I am not sure if I have to add additional fields (input boxes) in my registration form and Tank_Auth will do the right thing?

I further dived in to the code. in users.php model you are calling create_profile() from create_user().

auth/register calls model/create_user with these fix four params "$username, $email, $password, $email_activation".

why not instead pass an array to model/create_user which can have 4 mandatory members and addition profile info can be passed as additional members? like -

auth.php/register

Code:

$data = array();
$data['username'] = null;
$data['email'] = "some email";
$data['password' = "some password";
$data['firstname'] = "First Name";
$data['Lastname'] = "Last Name";

$this->tank_auth->create_user($data)    // pass array from post

library/Tank_auth.php/create_user()

Code:

function create_user($data)
{
   call to model user with $data
}

Then model/users/create_user pass the additional profile info in $data to model/users/create_profile

Do you think this is correct approach?

[eluser]Dinesh Shah[/eluser]
OK So I am able to insert profile data in the user_profile table.

These are the changes done is various files. Of course I am not pro in PHP and CI so you may have to adjust the code for more general purpose use. Do let me know what you think.

controllers/auth.php in register() [line 150-159)

Code:

if (!is_null($data = $this->tank_auth->create_user(

                        $use_username ? $this->form_validation->set_value('username') : '',

                        $this->form_validation->set_value('email'),

                        $this->form_validation->set_value('password'),

                        $email_activation,
                        $profile_data = array(
                            'firstname'    => $this->form_validation->set_value('firstname'),    // need to get array index

                            'lastname'    => $this->form_validation->set_value('lastname')    // dynamically from form name

                            )
                        ))) {                                    // success

library/Tank_auth.php

Code:

function create_user($username, $email, $password, $email_activation, $profile_data)
// Added new param
    {

        if ((strlen($username) > 0) AND !$this->ci->users->is_username_available($username)) {

            $this->error = array('username' => 'auth_username_in_use');



        } elseif (!$this->ci->users->is_email_available($email)) {

            $this->error = array('email' => 'auth_email_in_use');



        } else {

            // Hash password using phpass

            $hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);

            $hashed_password = $hasher->HashPassword($password);



            $data = array(

                'username'    => $username,

                'password'    => $hashed_password,
                'email'        => $email,

                'last_ip'    => $this->ci->input->ip_address(),

            );



            if ($email_activation) {

                $data['new_email_key'] = md5(rand().microtime());

            }

            if (!is_null($res = $this->ci->users->create_user($data, $profile_data, !$email_activation))) {

                $data['user_id'] = $res['user_id'];

                $data['password'] = $password;

                unset($data['last_ip']);

                return $data;

            }

        }

        return NULL;

    }

model/users.php

Code:

function create_user($data, $profile_data = array(), $activated = TRUE)        // Added new param

    {

        $data['created'] = date('Y-m-d H:i:s');

        $data['activated'] = $activated ? 1 : 0;



        if ($this->db->insert(self::TABLE, $data)) {

            $user_id = $this->db->insert_id();

            if ($activated)    $this->create_profile($user_id, $profile_data);

            return array('user_id' => $user_id);

        }

        return NULL;

    }


    private function create_profile($user_id, $profile_data)

    {
//        print_r($profile_data);

        $this->db->set('user_id', $user_id);
        foreach($profile_data as $k => $v)
        {
            $this->db->set($k, $v);
        }

        return $this->db->insert(self::TABLE_PROFILE);

    }

views/register_form.php

Code:

<tr>

        <td>&lt;?php echo form_label('First Name', $firstname['id']); ?&gt;</td>

        <td>&lt;?php echo form_input($firstname); ?&gt;</td>

        <td style="color: red;">&lt;?php echo form_error($firstname['name']); ?&gt;&lt;?php echo isset($errors[$firstname['name']])?$errors[$firstname['name']]:''; ?&gt;</td>

    </tr>

    <tr>

        <td>&lt;?php echo form_label('Last Name', $lastname['id']); ?&gt;</td>

        <td>&lt;?php echo form_input($lastname); ?&gt;</td>

        <td style="color: red;">&lt;?php echo form_error($lastname['name']); ?&gt;&lt;?php echo isset($errors[$lastname['name']])?$errors[$lastname['name']]:''; ?&gt;</td>

    </tr>

[eluser]Unknown[/eluser]
Installed and set this up in a local development environment. When registering, it would just hang there for the longest time then finally it would indicate success. However, no email in my inbox.

After searching these forums on how to get a gmail account to send, I found a post that suggested the 'newline' config parameter in the external email.php config file needs to be enclosed in double quotes instead of single:

Code:

$config['newline'] = "\r\n";

For me that did the trick. Just thought I'd post here in case anyone else had similar problem.

Thanks for this library. Took me forever to choose an auth library. Yours looks great to expand on.

[eluser]Fanbin[/eluser]
[quote author="NateL" date="1258510124"]I've got my admin section that I'm trying to work out right now. If I've got all sorts of methods, it makes no sense to add the if/else statement to EVERY method - so instead i've added it to the constructor, like so:

Code:

class Welcome extends Controller
{
    function __construct()
    {
        parent::__construct();

        $this->load->library('tank_auth');
                if (!$this->tank_auth->is_logged_in()) {
            redirect('/auth/login/');
        } else {
            $data['user_id']    = $this->tank_auth->get_user_id();
            $data['username']    = $this->tank_auth->get_username();
        }
    }

    function index()
    {
        $this->load->view('welcome', $data);
    }
}

However, this doesn't work. How come my $data variable isn't available to index? I want the user_id and username to be available to all of my methods, but it goes against the DRY concept if I have to put that $data info in every method.[/quote]

rewrite your __construct() function like this:

Code:

function __construct()
    {
        parent::__construct();

        $this->load->library('tank_auth');
                if (!$this->tank_auth->is_logged_in()) {
            redirect('/auth/login/');
        } else {
            $data['user_id']    = $this->tank_auth->get_user_id();
            $data['username']    = $this->tank_auth->get_username();

            $this->load->vars($data); //Yes, just add this line.

        }
    }

[eluser]moos3[/eluser]
I'm trying to figure out how to add the following function to generate a unique api key for each user. Can anyone help?

Code:

// Api Key Generator
function apiKeyGen($username,$salt){
    $encrytionToken = $this->config->item('encryption_key');
    $token = uniqid($username.$salt.$encryptionToken);
    $rand = sha512($token.mt_rand().$username.$salt);
    $apiKey = sha1($rand.$token.$username.$encryptionToken.$salt);
    return $apiKey;
}

[eluser]M4rc0[/eluser]
So I was checking this lib, and you don't save the salt on the users table.
Is there any reason for that?
Is the salt unique for each registration?

[eluser]moos3[/eluser]
I was hoping that the salt is being saved so I can use it for my api generation function that I posted last night. Anyone got ideas on this?

[eluser]dinhtrung[/eluser]
Just dive into Tank Auth. I don't know why you must store your configuration file in config/ if you have to retrieve the items manually from your Controller.
Why login($login, $password, $remember, $login_by_username, $login_by_email) when $login_by_username and $login_by_email can be config through your configuration file already??? Just login($login, $password, $remember = 0) is enough, so I just have to type login($username, $password) and that's all.
Another thing to consider is : is it necessary to have 3 models, one for user and one for login_attemps? I think Redux Auth is better to Tank_Auth because of its simplicity : only one library and one models and that's all.
For Tank_Auth using PHPass, so it is security enough, without a salt saved. The PHPass framework already has enough randoms and encrypt function for this. But it will be nicer to put the PHPass into CI plugins folder. Just copy PasswordHash.php into plugins/phpass_pi.php and run $this->load->plugin('phpass'), and that's all.