Welcome Guest, Not a member yet? Register   Sign In
QuickAuth Authentication Library Version 1.0.0
#1

[eluser]Dave Blencowe[/eluser]
Quote:QuickAuth is an extremely flexible and easy to use authentication library for Codeigniter

Features:

-- Login
-- Logout
-- Register
-- Restrict Users
-- Retrieve Password
-- SHA1 password encryption

In my opinion the best thing about QuickAuth is that it will accept variables posted from your controller allowing you to use any style of form that you wish, ranging from a simple HTML one through to a flash login application.

Click here to find out more about QuickAuth including links to the latest revisions.

Click here to get the code on Github.

This is my first library and I was just looking for some feedback on how I can improve it so how about it guys, what do you think?
#2

[eluser]Dam1an[/eluser]
2 Comments from me (You've already heard the rest)

1. You have a blank line after the closing PHP tag, that will cause people countless problems
2. You seem to vary the indentation... in most cases its 4 spaces, but in some it just 2, makes the code seem a bit 'sloppy'

I might have some more comments later when I actually look through it properly, although I assume its identical to when I last viewed it
#3

[eluser]Dave Blencowe[/eluser]
Yeah, I love you too Damian,
I'll sort out the whitespace now and commit the changes.
#4

[eluser]Adam Griffiths[/eluser]
You definitely need to sort your indenting out. I noticed a few times you hadn't indented your code, this makes it harder to read. Indenting is good for the soul!! I think you need to read the PHP Style Guide - this will help you format your code properly.

Is it really necessary to have an encrypt() function when all it does is return the sha1? I can understand if it was salted somehow, but it isn't.

I also noticed you used the Active Record pattern, just a note that straight queries are faster, which may be better for your library as you mention it being quick in the name.

Also you have a very primitive security features when checking the username and password of the user upon login, have you looked at the form validation library? This would provide a more secure and robust method of validation the forms.

It's good though, well done.


Thanks,
Adam
#5

[eluser]Dam1an[/eluser]
[quote author="Adam Griffiths" date="1243443175"]Is it really necessary to have an encrypt() function when all it does is return the sha1? I can understand if it was salted somehow, but it isn't.[/quote]

You should be greatful you're even getting sha1... it was originally md5 Tongue
#6

[eluser]Dave Blencowe[/eluser]
Hey Adam,

Firstly, thanks for your input.
With regards to the indentation comment it isn't entirely my fault! Big Grin It appears that Github renders the indentation differently to what I am seeing in the NEtbeans IDE so I need to go through and find out why this is before I can correct it. Thank you very much for your link the the style guide though, I will take a look on my trip to Manchester in a while.

The reason behind the separate encrypt() function was to provide an easy way for a developer to specify their own encryption without having to update it several times throughout the code although I am seriously considering adding a salt by default.

As for the active record and form validation comments I shall look in to them for the next version and probably role it out sometime in the next couple of days.

Thank you for your input though and I hope you can continue to help me improve the library over time!

David Blencowe,
#7

[eluser]Adam Griffiths[/eluser]
[quote author="Dam1an" date="1243443665"][quote author="Adam Griffiths" date="1243443175"]Is it really necessary to have an encrypt() function when all it does is return the sha1? I can understand if it was salted somehow, but it isn't.[/quote]

You should be greatful you're even getting sha1... it was originally md5 Tongue[/quote]

Oh no!

[quote author="Dave Blencowe" date="1243443765"]Hey Adam,

Firstly, thanks for your input.
With regards to the indentation comment it isn't entirely my fault! Big Grin It appears that Github renders the indentation differently to what I am seeing in the NEtbeans IDE so I need to go through and find out why this is before I can correct it. Thank you very much for your link the the style guide though, I will take a look on my trip to Manchester in a while.

The reason behind the separate encrypt() function was to provide an easy way for a developer to specify their own encryption without having to update it several times throughout the code although I am seriously considering adding a salt by default.

As for the active record and form validation comments I shall look in to them for the next version and probably role it out sometime in the next couple of days.

Thank you for your input though and I hope you can continue to help me improve the library over time!

David Blencowe,[/quote]

It's probably because you haven't used tabs all the way through. You're in the unique position that nobody is actually using this library yet, so make it secure before people start using it. Once they update after you fixed the password hashing, all their previous passwords will be busted and useless.


Thanks,
Adam
#8

[eluser]Dave Blencowe[/eluser]
[quote author="Adam Griffiths" date="1243443977"]You're in the unique position that nobody is actually using this library yet, so make it secure before people start using it. Once they update after you fixed the password hashing, all their previous passwords will be busted and useless.[/quote]

Updated and Committed,
Thanks.
#9

[eluser]Dave Blencowe[/eluser]
Ok I have now added the documentation to GITHub in it's own directory and plan on sorting out the code indentation tomorrow. Is there anymore feedback from people with things that I could change/add/remove?

--EDIT--
Account activation added
#10

[eluser]johnwbaxter[/eluser]
Hey Dave,

Just thought i'd let you know that i'm using your library for a internal app at my work, i just needed something simple that supported simple groups and most importantly saved me from some typing and thinking. Quickauth fitted the bill nicely!

Cheers!!




Theme © iAndrew 2016 - Forum software by © MyBB