CodeIgniter Forums
UserBundle for CI 3.x - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7)
+--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13)
+--- Thread: UserBundle for CI 3.x (/showthread.php?tid=67160)



UserBundle for CI 3.x - chrobaks - 01-23-2017

Hi all, there is a new UserBundle for CodeIgniter 3.x available.

It contains :
- Login
- Signup
- User
- Users
- Passwordforgot
- Route Authentification
- Database Entity Configuration

If you like please test it and tell me whats wrong, whats good or what
can i make better.

Here is th Github link:
https://github.com/chrobaks/CI-UserBundle/


RE: UserBundle for CI 3.x - Narf - 01-23-2017

0. It's over-engineered ... If "Bundle" comes from Symfony, it's aptly named. Smile
1. Passwordmanager::randomPassword() is not random.
2. That same method is used to generate "confirmation hashes" for forgotten passwords, which is not secure.
3. Again that method is used to create "salt" for passwords, which is simply appended to the original password ... bcrypt already has salting built-in; you're trying to be smart where you don't need to - looping back to the "over-engineered" point. Smile


RE: UserBundle for CI 3.x - Narf - 01-23-2017

Also, WTF is this doing in the "Events" forum? Moving.


RE: UserBundle for CI 3.x - chrobaks - 01-23-2017

(01-23-2017, 10:42 AM)Narf Wrote: Also, WTF is this doing in the "Events" forum? Moving.

Sorry, I'm new here. How to move the Posting? Why are you so angry ("wtf")?
Thanks for your answer.


RE: UserBundle for CI 3.x - ivantcholakov - 01-23-2017

@chrobaks

Watch for rand(), avoid using it. I've opened an issue about the password generator, but I have no time to preview other code. Generally, seek for already done and tested solutions about security. See https://github.com/paragonie whether there might be something useful.


RE: UserBundle for CI 3.x - chrobaks - 01-23-2017

(01-23-2017, 11:33 AM)ivantcholakov Wrote: @chrobaks

Watch for rand(), avoid using it. I've opened an issue about the password generator, but I have no time to preview other code. Generally, seek for already done and tested solutions about security. See https://github.com/paragonie whether there might be something useful.


Thanks ivan, you are right, i'll edit the passwordmanager with with your solution. I made that error, because i was to much in hurry, so i keep more calm!


RE: UserBundle for CI 3.x - InsiteFX - 01-23-2017

That's just Narf being his natural self.


RE: UserBundle for CI 3.x - Narf - 01-24-2017

(01-23-2017, 10:57 AM)chrobaks Wrote:
(01-23-2017, 10:42 AM)Narf Wrote: Also, WTF is this doing in the "Events" forum? Moving.

Sorry, I'm new here. How to move the Posting? Why are you so angry ("wtf")?
Thanks for your answer.

I already did move it.
And I'm not "so angry".

(01-23-2017, 02:18 PM)InsiteFX Wrote: That's just Narf being his natural self.

... and people being over-sensitive to explicit language.