+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Tank Auth v1.0 (CI authentication library) (/showthread.php?tid=17515)
Tank Auth v1.0 (CI authentication library) - El Forum - 08-03-2011
[eluser]JonoB[/eluser]
[quote author="cyberjunkie" date="1312415080"]I'm concerned about security, namely users changing their user id. [/quote] How does a user change their ID? It should be an auto-increment field in the db.
Tank Auth v1.0 (CI authentication library) - El Forum - 08-03-2011
[eluser]ScrewLoose[/eluser]
If you aren't on an ssl, someone could be listening in on your logins and hijack enough information to possibly read from the session data or steal the cookie altogether. If they can manage to do that, it wouldn't matter whether or not the query falls back on the password entered into the database...So, there's nothing to worry about! Even on ssl, attacks are still possible. If you are worried about injections, Tank Auth is on lockdown, so-to-speak.
Tank Auth v1.0 (CI authentication library) - El Forum - 08-03-2011
[eluser]cyberjunkie[/eluser]
[quote author="JonoB" date="1312427434"][quote author="cyberjunkie" date="1312415080"]I'm concerned about security, namely users changing their user id. [/quote] How does a user change their ID? It should be an auto-increment field in the db.[/quote]
No I mean changing via an input or cache. I'm not sure but I believe not comparing passwords is insecure.
Tank Auth v1.0 (CI authentication library) - El Forum - 08-11-2011
[eluser]knithat[/eluser]
Howdy all. First, many thanks for tank auth. I'm having a problem with error messaging on the login_form page. If I do not enter anything in the email and password fields, I get errors about entering them. If I enter an unregistered email address with a password, I get the error "Incorrect login" (next to the email input field). But if I enter a registered email address with the wrong password, I get no error. login_form simply reloads with the email address in the email field and the password field is empty but no error message is displayed.
Does anyone know where I can specify this error message or why it isn't being displayed? This is an important enough use case to be contained within the tank auth core.
Thanks!
EDIT -- I also noticed that there's a similar issue with register_form. If I try to register with an email address that is already registered, I get the same behavior as described above, i.e., page reloads without an error message displayed.
Tank Auth v1.0 (CI authentication library) - El Forum - 08-13-2011
[eluser]ScrewLoose[/eluser]
I would double-check your CSS/HTML. Tank-Auth will display an error message in your described scenario. Make sure you didn't delete the error handler on accident, inside the form, if you were customizing it. You can locate all these messages in application/language/english(or whatever)/tank_auth_lang.php
Tank Auth v1.0 (CI authentication library) - El Forum - 08-13-2011
[eluser]knithat[/eluser]
[quote author="ScrewLoose" date="1313267472"]I would double-check your CSS/HTML. Tank-Auth will display an error message in your described scenario. Make sure you didn't delete the error handler on accident, inside the form, if you were customizing it. You can locate all these messages in application/language/english(or whatever)/tank_auth_lang.php[/quote]
Thanks for the sanity check -- with your help, I figured out the issue. On the log in page, I left out:
Code:
<?php echo isset($errors[$password['name']])?$errors[$password['name']]:''; ?>and a similar omission on the registration page. Thanks a bunch!
Tank Auth v1.0 (CI authentication library) - El Forum - 02-22-2012
[eluser]Unknown[/eluser]
Hello people,
I'm having some problems showing the $message on /auth/ when people activate their account on my site.
For some reason, the flashdata that is set through _show_message, is not being displayed on my general message view, that is called on index() of auth. So index sends me to the login form instead.
Anyone familiar with this?
Tank Auth v1.0 (CI authentication library) - El Forum - 02-22-2012
[eluser]theshiftexchange[/eluser]
[quote author="tykho" date="1329927090"]Hello people,
I'm having some problems showing the $message on /auth/ when people activate their account on my site.
For some reason, the flashdata that is set through _show_message, is not being displayed on my general message view, that is called on index() of auth. So index sends me to the login form instead.
Anyone familiar with this?[/quote]
When people activate their account, the library actually 'logs them out' before returning them to the index page.
This destorys the session - and thus you lose your flash message.
The way around it is to create a new session after auth, and then set the flash message.
Tank Auth v1.0 (CI authentication library) - El Forum - 02-24-2012
[eluser]Sixer[/eluser]
Hi Gromozeka,
Could you tell me what the alphanumeric restriction is for, on the chosen password?
People like to choose more complex passwords than that.
Tank Auth v1.0 (CI authentication library) - El Forum - 03-19-2012
[eluser]Unknown[/eluser]
Hello,
I have gotten TankAuth up and running without a problem. Nice Job! I love it. However, I cannot find an example of how to use the user profile. How would I do something like this:
Code:
$this->tank_auth->get_user_profile();I see in the code how to set and delete, but no get.
What am I missing?