+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Ion Auth - Lightweight Auth System based on Redux Auth 2 (/showthread.php?tid=27435)
Pages:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]joytopia[/eluser]
Welcome, Ben,
when there will be some changes in the English language file, please let me know and I will translate them.
Remember me
Yesterday I upgraded Ion Auth and tested the remember me function on three browsers at the same time. Just imagine: a user has a desktop computer at work, a notebook at home and a PDA or phone on the road.
As the function is user based, it cannot work properly for this purpose.
Wouldn't it be better to make it session based?
I'm not so deep inside, but wouldn't it be the simplest way to extend the CI session class and set the session cookie expire individually?
What do you think?
Best regards
Bernd
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]joytopia[/eluser]
Issue with remember me and extra where
When I ran ION AUTH on three browsers, suddenly I got errors on one browser:
Code:
A PHP Error was encountered
Severity: Notice
Message: Undefined property: Ion_auth_model::$ion_auth
Filename: models/ion_auth_model.php
Line Number: 838Code:
A PHP Error was encountered
Severity: Notice
Message: Trying to get property of non-object
Filename: models/ion_auth_model.php
Line Number: 838Code:
Ein Datenbankfehler ist aufgetreten
Error Number: 1064
Fehler in der SQL-Syntax. Bitte die korrekte Syntax im Handbuch nachschlagen bei 'id` = '8'' in Zeile 1
UPDATE `users` SET `last_login` = 1270227046 WHERE ` IS NULL AND `id` = '8'I found out, that it must have something to do with the extra_where function in the library.
So I changed it for the moment:
Code:
public function extra_where()
{
$where =& func_get_args();
//$this->_extra_where = count($where) == 1 ? $where[0] : array($where[0] => $where[1]);
$this->_extra_where = $where[0] ;
}Afterwards it worked properly, even when I changed it back again.
I could not reproduce that error, but I think it is an issue with extra_where and remember me.
Best regards
Bernd
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]Ben Edmunds[/eluser]
Bernd,
I just pushed a change to Ion Auth "remember me" functionality so the salt generated for the remember me cookie will be unique to the user but not random so that you can login and be remembered on as many browsers/computers as you want to.
Please let me know if you have any more issues.
Thanks!
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]joytopia[/eluser]
Ben,
thanks for your fast reply!
Am I right, the cookie corresponds to the user's password? Someone who gets the cookie, can login as long as the user does not change the password?
I am wondering, if this is less or even more secure than the random value.
For mobil applications it may be more secure, because I can change my password at home, where nobody can see this. Outside I stay logged in. If my phone is stolen, I have to change my password as soon as possible. Correct?
Best regards
Bernd
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]joytopia[/eluser]
It's not an issue, only a little mistake in the comment:
library:
Code:
/**
* update_user
*
* @return void
* @author Phil Sturgeon
**/
public function delete_user($id)should be
Code:
/**
* delete_user
*
* @return void
* @author Phil Sturgeon
**/
public function delete_user($id)Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]Ben Edmunds[/eluser]
Bernd,
It's not necessarily more or less secure than it was before since the password is already based off a random salt but it is more secure than saving the sessions individually specifically for the use case you described.
The only time you might have an issue with the case you described would be if you changed your password and did not login with "remember me" in which case you're remember_code would not be reset.
So I just pushed a change to reset the remember_code when the password is changed so it will force all remembered instances of the user to re-login whenever the user's password is changed.
Thanks,
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-02-2010
[eluser]Ben Edmunds[/eluser]
Bernd,
Thanks! I just pushed the fix for that comment.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-03-2010
[eluser]joytopia[/eluser]
Ben,
at the moment the cookies $identity and $remember_code are not set.
It has something to do with the db->update in private function remember_user($id).
When I take away the if statement, the cookies are set:
Line 933 ion_auth_model.php:
Code:
$this->db->update($this->tables['users'], array('remember_code' => $salt), array('id' => $id));
//if ($this->db->affected_rows() == 1)
if (true)
{
$identity = array('name' => 'identity',
...Best regards
Bernd
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-03-2010
[eluser]Ben Edmunds[/eluser]
Bernd,
I just tested it in PyroCMS and it is working.
Maybe try clearing your cookies or logging out and the try again.
Thanks,
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 04-03-2010
[eluser]joytopia[/eluser]
Ben,
now I can repruduce the issue:
When the session cookie expires(or when I delete the session cookie), the error messages come up.