+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Ion Auth - Lightweight Auth System based on Redux Auth 2 (/showthread.php?tid=27435)
Pages:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-05-2010
[eluser]Ben Edmunds[/eluser]
Hey Timothy,
You don't want to use stored salts if you are keeping the same db.
Do you mind posting your schema?
Thanks,
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-05-2010
[eluser]Timothy_[/eluser]
Ben,
Here is my database sql
Users
Code:
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`group_id` mediumint(8) unsigned NOT NULL,
`ip_address` char(16) NOT NULL,
`username` varchar(15) NOT NULL,
`password` varchar(40) NOT NULL,
`email` varchar(40) NOT NULL,
`activation_code` varchar(40) NOT NULL DEFAULT '0',
`forgotten_password_code` varchar(40) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=8 ;Meta
Code:
--
-- Table structure for table `meta`
--
CREATE TABLE IF NOT EXISTS `meta` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`user_id` mediumint(8) unsigned NOT NULL,
`first_name` varchar(50) NOT NULL,
`last_name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=44 ;Groups
Code:
--
-- Table structure for table `groups`
--
CREATE TABLE IF NOT EXISTS `groups` (
`id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
`description` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;I hope this helps.
Thanks,
Tim
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-05-2010
[eluser]Ben Edmunds[/eluser]
Add the following fields to your users table and see what you get:
Code:
`salt` varchar(40) DEFAULT NULL,
`remember_code` varchar(40) DEFAULT NULL,
`created_on` int(11) unsigned NOT NULL,
`last_login` int(11) unsigned DEFAULT NULL,
`active` int(1) unsigned DEFAULT NULL,Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-05-2010
[eluser]Timothy_[/eluser]
Hello Ben,
Thanks for that.
Unfortunately no luck. Same error as before.
Any other ideas?
Thanks,
Tim
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]tobefound[/eluser]
@Ben: would you care to elaborate on what the csrf_nonce() thing is exactly? I'm guessing it has to do with confining the deactivation (in this case) of a user so that it cannot happen in the feature (because of the use of flash data which only survives one request).
Thx for a great lib and many thx for refining and taking Redux Auth to where it should have in the first place!
/T
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]Ben Edmunds[/eluser]
Tim,
Just for fun comment out the extra_where code and see what happens.
tobefound,
The CSRF nounce is to protect against a csrf exploit where users could be deactivated/deleted by malicious code. So what it does is make sure the user is coming from the expected page.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]tobefound[/eluser]
@ben:
I reckoned, but wouldn't you say that this security measure should be part of the lib?
Another question: in your test controller (auth.php), when a user changes password you call $this->logout(). Not doing this and simply refreshing session data (to reflect the change if necessary), is that considered bad practise? I just think lots of users are used to staying logged in after having changed their passwords. Comments on this?
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]patie[/eluser]
Hi Ben,
ion_auth_model is only example (like controller and view) or its 'required' (like ion_auth library) ?
sorry for my poor english
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]Ben Edmunds[/eluser]
tobefound,
No not really, the library is a simple, efficient, easy way to work with user authentication. Adding CSRF, captcha and other security measures that should be a part of your website would only take away from that goal. Authentication isn't the only place you would want to worry about CSRF exploits and this example code should help you implement it everywhere it is needed on your site. You could also fairly easily create a helper for this as well.
Ion Auth - Lightweight Auth System based on Redux Auth 2 - El Forum - 05-06-2010
[eluser]Ben Edmunds[/eluser]
patie,
Yes the model is required, it is there for the library to interact with the database. The model shouldn't be referenced directly though as it all goes through the library.
The required files are the library, model, config, and at least one language.