Another simple login library for CodeIgniter 2.X

Another simple login library for CodeIgniter 2.X - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Another simple login library for CodeIgniter 2.X (/showthread.php?tid=55859)

Another simple login library for CodeIgniter 2.X - El Forum - 11-13-2012

[eluser]costales[/eluser]
Hi! I would like to announce the release of another simple login library for CodeIgniter 2.X, based on Anthony Graddy & Alex Dunae & Hitesh Ubharani's versions.

Code: http://bazaar.launchpad.net/~costales/simplelogincodeigniter/trunk/files/7
Web: https://launchpad.net/simplelogincodeigniter
Bugs: https://bugs.launchpad.net/simplelogincodeigniter
Answers: https://answers.launchpad.net/simplelogincodeigniter

You can read the 'reference.html' file for a complete explanation and a complete example Smile

The resume is: these new methods:
is_logged Returns if the user is logged
get_data_user Returns current username or email
change_password Allow change/reset the password for an user
change_email Change the email for an user

Cheers!

Another simple login library for CodeIgniter 2.X - El Forum - 11-14-2012

[eluser]Unknown[/eluser]
Unsure where I see the code?

Another simple login library for CodeIgniter 2.X - El Forum - 11-15-2012

[eluser]costales[/eluser]
@martinez3 You can browse the trunk branch or you can download with Bazaar:

Code:
bzr branch lp:simplelogincodeigniter

Best regards Smile

Another simple login library for CodeIgniter 2.X - El Forum - 11-15-2012

[eluser]jmadsen[/eluser]
A few comments:

1) you should set up the table fields the same way you did the table to allow people to use it with their existing table

2) md5 for passwords is simply not strong enough anymore. At least give the option of using bcrypt

3) likewise, adding a salt is not very complicated

4) autologin is great - too many leave that out & always have to hack it. good feature add

5) if they are using the session table, then every set() & get() is a db call, so combine those logged_in sets with the rest

6) I guess this still works, but:

Code:
$this->CI->db->where('username', $user); 

        $query = $this->CI->db->get_where($this->user_table);

could be:

Code:
$this->CI->db->where('username', $user)b->get($this->user_table);

7) up to you, but this sets the entire user table row to the session:

Code:
$this->CI->session->set_userdata($row);

which could be just fine, or could be quite big. perhaps configurable?

8) Why are you setting a session var of "logged_in" and then not using it?

Code:
function is_logged() {

        if ($this->CI->session->userdata('username'))

            return TRUE;

        else

            return FALSE;

    }

9) This is a nice idea:

Code:
function get_data_user($param = 'username') {

        if ($param == 'username')

            return $this->CI->session->userdata('username');

        if ($param == 'email')

            return $this->CI->session->userdata('email');

        return '';

    }

but why not just let it look up ANY $param off the session? ie, (untested)

Code:
function get_data_user($param = 'username') {

        $session = $this->CI->session->userdata();

        return (empty($session[$param]))? false : $session[$param];

    }

Another simple login library for CodeIgniter 2.X - El Forum - 11-15-2012

[eluser]costales[/eluser]
@jmadsen Awesome review! Big Grin

Thank you very much!

About the changes:
1. The original library uses the username field, fork libraries are using the email field. Then I think is complicate fix this point Smile

2. Fixed.
3. Fixed.
4. That isn't my idea Tongue

It was implemented in original libraries.
5. Fixed > Removed the variable (read next point 8).
6. Fixed.
7. Fixed.
8. Fixed > It wasn't necessary.
9. I think a program could need the username and/or email, and it doesn't need an internal value as 'id' field and returns the password could be a vulnerability.

Cheers!

Another simple login library for CodeIgniter 2.X - El Forum - 11-15-2012

[eluser]jmadsen[/eluser]
Hey,

Haven't looked at changes yet, but what I had in mind for 1) was just set

Code:
private $username = 'username';

and then use

$this->username 

as your field, rather than hard-coding the field name. Then anyone can change it to suit them, just like they can do with the users table name

Another simple login library for CodeIgniter 2.X - El Forum - 11-16-2012

[eluser]costales[/eluser]
@jmadsen: Point 1 fixed! Smile

http://bazaar.launchpad.net/~costales/simplelogincodeigniter/trunk/files/7
I really appreciate your review!!
Cheers!