• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
flexi auth - A user authentication library for CodeIgniter

#31
[eluser]Klausch[/eluser]
And I have a bunch of more issues... hope you appreciate my input Smile

First:
It is about the email actication. When clicking the link in the activation email, the function
Code:
auth->activate_account(...)  (line 179)
is called, which is delegated to
Code:
flexi_auth_model->activate_user($user_id, $token, TRUE); (line 888)

Although the documentation of this function tells the return type is "void", it is actually the boolean result of this function which tells us whether activation was succesful or not.

However, the return value is ignored in the controller method and the caller is redirected to the index page (and from there to the login page).
I think it would be better to use the Boolean return value in a view which tells whether activation was succesful or not. And in the case of a succesful actication, offer a link to the login page.

I am about to implement this, the library class needs not to be modified for this, but the controller does. And of course I am interested in your opinion about this!

Second:
I noticed that the logout function was not working, the call to auth/logout raised an error and the session row was never deleted.
After som research I found the culprit was in the contructor of the auth controller, which I copied from the demo:

if ($this->flexi_auth->is_logged_in_via_password() && uri_string() != 'auth/logout') {

The parentheses after the call to uri_string are missing! Adding them solved the problem.


Third
I have noticed that when signin up as a new user, if the email notification does not work, the Flexi_auth->insert_user(...) function returns with FALSE at line 589, but the inserted record remains in the database. I think that in this case, it should be deleted. BEcause we have some problems with the mail server, we always have to delete the record by hand when the confirnation amil is not send.

In my opinion, the insert of the user and the sending of the email should i fact be considered as one transaction. I think on this level we cannot make use of a real DB transaction because sending the email is not a DB operation, but at least the insert should be undone when email sending fails.
For now, I will make the following modification for this in the library:

Code:
(from line 587)    $this->CI->flexi_auth_model->set_error_message('activation_email_unsuccessful', 'config');
$this->delete_user($user_id); //ADDED KVG
return FALSE;


But if you agree we should stay in sync with this because I am reluctant to edit the library itself with regards to future updates... Smile

Regards, Klaas


Messages In This Thread
flexi auth - A user authentication library for CodeIgniter - by El Forum - 09-28-2012, 02:38 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.