Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]Ben Edmunds[/eluser]
davidjlynch,

You don't need to use a callback for this as you can't check the password since it is encrypted. The checl_login callback that I posted is the closet you can get to that.

If you reference the example controller I have on github though you can see the other way.

If you do it the way I did in the example controller you check to see if ion_auth->login returns true and if not display ion_auth->errors() with flashdata. You can do it either way and the result is the same. So if you want to stick with the way you're doing it use the check_login callback. I'll re-post it below:

Code:

/**
* Callback method used during login
* @access public
* @param str $email The Email address
* @return bool
*/
public function _check_login($email)
{
$remember = FALSE;
if ($this->input->post('remember') == 1)
{
$remember = TRUE;
}

if ($this->ion_auth->login($email, $this->input->post('password'), $remember))
{
return TRUE;
}

$this->form_validation->set_message('_check_login', $this->ion_auth->errors());
return FALSE;
}

[eluser]ladooboy[/eluser]
Btw. The session and match user_agent is working now . I've also added some code to check if the email is already logged in, if it is remove the old session.

[eluser]InsiteFX[/eluser]
Hi Ben,

If you add Captcha, please add a number Captcha also...

Thank you
InsiteFX

[eluser]goldorak[/eluser]
First of all, thanks Ben for all the great work you have done with Phil and the Redux code.

A captcha would be a good idea, perhaps a simple math challenge

I have two questions:

-. Behaviour: The login has no effect unless I check the remember me checkbox. I went on to check what was happening bit by bit. The setup locally is to use database sessions:

Code:

$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

and $config['encryption_key'] set to something 32 chars long as suggested (should be in the README).

Well, after checking the cookies in the browser, nothing weird was found. After checking the user_data column in the ci_sessions table I found out that the last words in the column were "<p>Sesi", which corresponds to the first 4 characters of Spanish translation for $lang['login_successful']

I have gone thru all the forums at codeigniter and Google and found nothing, but commenting the 363 line of libraries\Ion_auth.php to

Code:

//$this->set_message('login_successful');

gives no error because the message in the session is not set. Now I can login whether I click on remember me or not, but closing the browser and opening it again has the same behaviour whether I chose one or the other. Could someone reproduce this issue?

-. Along the issue above, the "remember me" checkbox seems to always return a value of 1 (which is always set) instead of using the checked value of that input. At controllers\auth.php I changed the following lines from:

Code:

if ($this->input->post('remember') == 1) {
                $remember = true;
            }
            else {
                $remember = false;
            }

to:

Code:

$urlsas=$this->input->post('remember');
            if (isset($urlsas[0])) {
                $remember = true;
            }
            else {
                $remember = false;
            }

and the code at \views\auth\login.php to

Code:

<?php echo form_checkbox('remember[]', 'recuerda', FALSE);?>

Would this be a better implementation?


And one weird issue:
If I change the default public function username_check($username = '') at ion_auth_model.php to the suggested code on page 25:

Code:

public function username_check($username)
    {
        if ($this->ion_auth->username_check($username))
        {
            $this->form_validation->set_message('username_check', 'The username "'.$username.'" already exists.');
            return FALSE;
        }
        else
        {
            return TRUE;
        }
    }

Apache.exe closes unexpectedly on windows when entering the correct email and password at http://localhost/ci/index.php/auth/login.

Great community here!

[eluser]Ben Edmunds[/eluser]
goldorak,

I'll have to get back with you on the rest of this because I have to leave in a minute but the code for username_check isn't to replace the method in the library or model but to use as a form_validation callback in the controller. Don't change the library or model!

I'll get back to you on the rest of it soon or maybe someone else can in the mean time.

Thanks,

[eluser]goldorak[/eluser]
Ok, I won't.

It is only to make the remember me issue work temporarily... until we find the definite solution.

[eluser]Ben Edmunds[/eluser]
goldorak,

Change the controller all you need to, just not the library...

[eluser]patie[/eluser]
Hi,

i use your excellent ion_auth library but i want increase security of my application.

1. Encryption_key in config file (sufficient to set up this key ? nothing more?)
2. Session database

any more ideas ?

THANKS so much

[eluser]goldorak[/eluser]
Hi Ben, as I said before and haven't solved the issue yet, it is a temporary fix until we finde the solution, or else the login can only be done checking the "remember me" box

[eluser]owls[/eluser]
Bernd,

Thanks for your fix for that extra_where issue. I was getting the same errors (in English, not Deutsch ;-) ). I'll let you know if I have any problems with it.