Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]Sinclair[/eluser]
You can change the Test code. It is only an example.

[eluser]Frank Rocco[/eluser]
Ok, I am looking into how hard it would be to use my existing hashed passwords from dx_auth.
I do not want the users to recreate them.

[eluser]Ben Edmunds[/eluser]
Do you know the hashing algorithm dx_auth uses?

[eluser]Kyle Short[/eluser]
Does Ion Auth support multiple group assignments per user? My application will need to allow a user to be a member of 1-N projects, and they could be assigned to different roles on each project that they have access to.

I know how I will develop this out...just curious if there is anything in Ion Auth that I should look to leverage for this aspect. BTW, everything in Ion Auth seems very straightforward (although I am not sure what the intention is in having a user belong to a single group...but I may be missing something.)

Thanks for a great library!

K

[eluser]Frank Rocco[/eluser]
[quote author="Ben Edmunds" date="1269379739"]Do you know the hashing algorithm dx_auth uses?[/quote]

Code:

/*
    * Function: _encode
    * Modified for DX_Auth
    * Original Author: FreakAuth_light 1.1
    */
    function _encode($password)
    {
        $majorsalt = $this->ci->config->item('DX_salt');
        
        // if PHP5
        if (function_exists('str_split'))
        {
            $_pass = str_split($password);
        }
        // if PHP4
        else
        {
            $_pass = array();
            if (is_string($password))
            {
                for ($i = 0; $i < strlen($password); $i++)
                {
                    array_push($_pass, $password[$i]);
                }
            }
        }

        // encrypts every single letter of the password
        foreach ($_pass as $_hashpass)
        {
            $majorsalt .= md5($_hashpass);
        }

        // encrypts the string combinations of every single encrypted letter
        // and finally returns the encrypted password
        return md5($majorsalt);
    }

I think this is it.

Thanks

[eluser]Ben Edmunds[/eluser]
Hey Frank,

That algorithm isn't even close to what Ion Auth uses...

You would have to change both of the encryption methods of Ion Auth to encrypt using that algorithm. Sorry that I don't have a better solution for you...

[eluser]Frank Rocco[/eluser]
Hi Ben,

Thanks for checking.

I may scrap and start over.

Users keep forgetting passwords, forget password does not work.
Since it is not active anymore, I do not want to spend anymore time.

I would even consider storing passwords non-encrypted so we can look them up for them.

We have to have Company Name, phone on registration.

Regards,

Frank

[eluser]Frank Rocco[/eluser]
Hi Ben,

I have some questions before I change over to your library.

1. Does the forget password work for end users?
2. Is it possible to have the program at login to see that no password is present and prompt for Company Name, Phone and new password. All would be required.

Thanks

Frank

[eluser]Ben Edmunds[/eluser]
Frank,

Yes the forget password works.

Sure you could do that. You would just try to log them in and then if there login doesn't work ask for forget password and then on the return form from that ask them to update their company name, phone, etc then use the update_user() method.

Make sense? You could re-structure that flow as well if you wanted, Ion Auth is very flexible.

[eluser]Frank Rocco[/eluser]
Hi Ben,

Is the Return Form called form the email sent from Forgot Password?
Will the edit_user insert a record if it is not there?

I forgot to ask if the register can be used by users, not just admin.

Thanks

Frank