Tank Auth v1.0 (CI authentication library)

[eluser]Unknown[/eluser]
How do I allow different characters in the password? because imo it's ridiculous to restrict something like @

thanks a lot

[eluser]Gromozeka[/eluser]
[quote author="Julian Profas" date="1258489944"]How do I allow different characters in the password? because imo it's ridiculous to restrict something like @

thanks a lot[/quote]

Get rid of 'alpha_dash' validation rules for 'password' and 'new_password' fields in auth controller (lines 130, 302, 350).

[eluser]NateL[/eluser]
I've got my admin section that I'm trying to work out right now. If I've got all sorts of methods, it makes no sense to add the if/else statement to EVERY method - so instead i've added it to the constructor, like so:

Code:

class Welcome extends Controller
{
    function __construct()
    {
        parent::__construct();

        $this->load->library('tank_auth');
                if (!$this->tank_auth->is_logged_in()) {
            redirect('/auth/login/');
        } else {
            $data['user_id']    = $this->tank_auth->get_user_id();
            $data['username']    = $this->tank_auth->get_username();
        }
    }

    function index()
    {
        $this->load->view('welcome', $data);
    }
}

However, this doesn't work. How come my $data variable isn't available to index? I want the user_id and username to be available to all of my methods, but it goes against the DRY concept if I have to put that $data info in every method.

[eluser]Gromozeka[/eluser]
If you use $data in more than one method, it should be declared as a class member, right?

[eluser]NateL[/eluser]
[quote author="Gromozeka" date="1258517510"]If you use $data in more than one method, it should be declared as a class member, right?[/quote]

I'm not sure

[eluser]NiconPhantom[/eluser]
Hi Gromozeka

What you think about encrypting password with $config['encryption_key'] + userpassword together for Total Security?

[eluser]Gromozeka[/eluser]
Adding an extra-string to user password increases length of ecrypted password and you'll have to change your database allocating more space for password storing. It's cons.

And what about pros? Does it really increase security?

[eluser]NiconPhantom[/eluser]
it's good if user use simple password for example "qwerty" :-)

[eluser]Gromozeka[/eluser]
Take a look:

I've created two user accounts with the same password "qwerty". For the 1st account encrypted password is "$2a$08$C4NHB7EijY4PTFL4MqwzEOrUPW3wqr.BJcpSkUBPrnOn2opn6Am4e". For the 2nd one it's "$2a$08$dfcX.ScKGcA7utdMj53k1uGPCRKJo7ooQE7Zy68pcnYugDBe6z2de". The same password generates different records in db for different users.

How may adding a salt increase security here?

[eluser]Kink[/eluser]
Gromozeka,
Great library and i use it with success. But i have a big problem, if user don't activate 'accept cookie' in its browser, you can't access your page, you have a redirect to login_form with no message.
I don't understand why, 'cause cookies are stored in database ! So... where is the problem ?