Tank Auth v1.0 (CI authentication library)

[eluser]cyberjunkie[/eluser]
In users.php I noticed the purge_na() function used to delete non-activated users.

Code:

function purge_na($expire_period = 172800)
    {
        $this->db->where('activated', 0);
        $this->db->where('UNIX_TIMESTAMP(created) <', time() - $expire_period);
        $this->db->delete($this->table_name);
        $this->db->delete($this->profile_table_name); //added by me
    }

I added the last line to also delete profile data because I add profile data immediately when a user registers.

Is this function for the the email activation expire in config?

Code:

$config['email_activation_expire'] = 60*60*24*2;

[eluser]bonjurkes[/eluser]
thanks for help about my previous question.

so here is a new question, when user decides to signup to site with twitter, he/she have to fill a form with username and email. I added a new form field there called "location".

When the person fills the form and "location" field and submits the form location row at users section stays empty.

Perhaps i should add info about this new form field about where it should be submitted. But i can't manage to find in which file i should add that new location information to save database.

[eluser]x3cu73[/eluser]
Hi all,

I just wanted to point out a bug (!?!) I think I've found in tank_auth autologin feature. For autologin, Tank_auth saves the user id and random key as cookie and md5 of their concatenation in the database. It all works fine so long as the user_id in users table and id in user_profiles table are in sync and have same value. But, since $user->id returns id of user_profile not user_id of users table, when users.user_id!=user_profiles.id... wrong user is set for autologin. I'm working on customized code of tank_auth, I'll go through the code and will confirm. I've, in the meanwhile fixed the issue by using $this->....->create_autologin(userdata('user_id) instead of what's in the code that is $this->...->create_autologin($user->id). I'll confirm it in the morning after I've got some sleep. Its 3am in India

[eluser]cyberjunkie[/eluser]
Hi x3cu73. Thank you for sharing the issue! I noticed that autologin does not work in some browsers and wanted to investigate that.

I'm looking forward to your confirmation.

[eluser]whoisinkus[/eluser]
x3cu73

You were dead on with that analysis and you saved me from hours of work tonight.

To fix the issue I changed the following lines:

Line 85 from :

Code:

$this->create_autologin($user->id);

to:

Code:

$this->create_autologin($user->user_id);

Line 390 from:

Code:

$this->ci->user_autologin->clear($user->id);

to

Code:

$this->ci->user_autologin->clear($user->user_id);

Do you do the same or similar. Anything else you caught?

I tested that out by logging in using autologin, then deleting just the ci_session cookie, closing my browser, opening back up and going back to the page. Whereas before that would have logged me in as a different user, it seems to be working as intended now.

If you found anything further please share.

Thanks again!

[eluser]x3cu73[/eluser]
whoisinkus,

Glad I could be of help.

You missed one thing. In auth controller,

Code:

public function autologin()
    {
         .....
         ......
        $this->ci->session->set_userdata(array(
                'user_id'    => $user->id,
                'username'    => $user->username,
                'email'        => $user->email,
                'status'    => STATUS_ACTIVATED,
        ));

Change this to...

Code:

public function autologin()
    {
         .....
         ......
        $this->ci->session->set_userdata(array(
                'user_id'    => $user->user_id,
                'username'    => $user->username,
                'email'        => $user->email,
                'status'    => STATUS_ACTIVATED,
        ));

[eluser]whoisinkus[/eluser]
x3cu73,

Good catch. That's in the Tank_auth library though, right?

[eluser]x3cu73[/eluser]
Yup, library, not controller..

[eluser]Dacus[/eluser]
Does anybody have any idea what is wrong with the following function from Tank Auth controller (application\controllers\auth.php):

Code:

function logout()
{
  $this->tank_auth->logout();
  $this->session->set_userdata(array('twitter_id' => '', 'facebook_id' => ''));
  $this->_show_message($this->lang->line('auth_message_logged_out'));
}

The problem is that the message passed to the _show_message() function is NEVER showed. Actually the same problem is everywhere the tank_auth->logout() function is used. After this call all messages set using _show_message() are ignored.

Later edit
I found the solution here:
http://ellislab.com/forums/viewthread/99612/

[eluser]tedroche[/eluser]
I tweaked on the purge_na function in models/tank_auth/users.php, as I am using a database other than MySQL and the function UNIX_TIMESTAMP is MySQL-specific. Rather than depending on a database-specific function, I use a PHP function to pass an ISO-8601 datetime format, with the timezone correction removed (MS SQL doesn't like that part of the 'standard' - grr).


function purge_na($expire_period = 172800)
{
$this->db->where('activated', 0);
# MySQL Specific: $this->db->where('UNIX_TIMESTAMP(created) <', time() - $expire_period);
# now creates a generic sql like WHERE created < '2011-06-15T06:15:58'
$this->db->where('created <', substr(date('c',time() - $expire_period),0,19));
$this->db->delete($this->table_name);
}

I use the same logic in can_reset_password() and reset_password() and it appears to be working fine.