Ion Auth - Lightweight Auth System based on Redux Auth 2 |
[eluser]Lucas Alves[/eluser]
Edit: Now I read your question again. Your problem is that you probably didn't update the "columns" array in Ion_auth config file... Why don't you just walk on meta_columns array, setting the additional data using this: Code: //validation rules, if $this->form_validation->run() == true : This way, when you add or remove columns in meta table, you just need to update the ion_auth config file, with no need to change the create_user code... But, if you wanna do the way you're using this, you just need to set extra columns directly in the additional_data array, like Code: $additional_data = array('first_name' => $this->input->post('first_name'),
[eluser]martynrlee[/eluser]
Thanks Lucas, didnt think to run through the config file, like the $meta_columns solution as well. Most appreciated. Martyn.
[eluser]Rob Pomeroy[/eluser]
If I'm reading this right, the password is sent in the clear over the wire - is that right? A few years back I remember implementing an insanely paranoid login system using a javascript MD5 library to send a hashed, salted, hashed password to the web server. The salt was randomly generated by the server at the time the browser session began. This same salt was applied to the already-hashed password stored in the database, for comparision purposes. I can't quite remember the details. Anyway, the point is I was wondering if Ben and the other folks working on this had an opinion on the plaintext password issue? Assuming that SSL is not desired/available, that is.
[eluser]Ben Edmunds[/eluser]
Rob, IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript. Any halfway decent programmer can look through the JS and easily reverse engineering whatever encryption algorithm you implement. If you need a truly secure login use SSL.
[eluser]Rob Pomeroy[/eluser]
[quote author="Ben Edmunds" date="1284001974"]IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript.[/quote] Yeah, I admit this was only really covering the case of a wire sniffer, rather than a full-blown man-in-the-middle attack. Plus there's a fairly high overhead asking a browser to hash and re-hash. Now to take a good look at your library! I'll be wanting to drop in reCAPTCHA, OpenID and possibly LDAP in due course... Thanks for all you've done. If I come up with any resuable code I'll be sure to fork it.
[eluser]Ben Edmunds[/eluser]
Rob, Thanks and definitely keep me updated on your progress implementing those items.
[eluser]Bob Stein[/eluser]
Ion Auth looks great. Wish I had come across it a couple weeks ago; it would have saved me a lot of time. I'm especially impressed by how well the "groups" logic seems to have been thought out. Maybe it's just me, but as I was playing around wiht Ion Auth, I had a really hard time figuring out something really obvious, so I thought I'd post something here just in case others have the same issue: If you want to allow new users to register themselves with Ion Auth, you'll almost certainly want to require them to verify their registration by email. Yes, Ion Auth DOES come with an email confirmation function. To trigger email activation in Ion Auth, just open the ion_auth.php file located in the 'application/config' folder and scroll down to line 78. There you'll find Code: $config['email_activation'] = false; Change that to "true" and you're good to go. I'm a little surprised this is set as a config option (which is why I had such a hard time finding it). It seems like the kind of thing you'd want to pass as an option through a register()-type function, so that admins can add new users without a confirmation email if necessary. Or am I missing something?
[eluser]gscharlemann[/eluser]
Hi all I'm running into session issues with Internet Explorer (the issue described below doesn't happen in Firefox or Chrome). Here's the deal... 1. User logs in via the auth/login method in the controller. The login works and the following is printed out after a successful login: Code: ion_auth->logged_in(): session_id = d33d753b8b7769f00471dbc460c84926 Code: tracker->calendar(): start thank you
[eluser]joytopia[/eluser]
gscharlemann, give hybrid session a try: http://ellislab.com/forums/viewthread/124821/ Regards Bernd |
Welcome Guest, Not a member yet? Register Sign In |