| DX Auth 1.0.6 (Authentication library) |
[eluser]Xeoncross[/eluser]
Ok, what is with the DX_salt value in the config file? I thought that it was used on user salts - but I guess not as I don't see it ANYWHERE in any of the files. So why is it even there? And why isn't a site-wide salt like that used? Code: /*
[eluser]Xeoncross[/eluser]
::BUG:: There is a bug with the default password of "hello" for the two user accounts. Depending on what OS and PHP version you have the computed crypt() and md5() hash string will be different. I just installed the system on a C2Q running WinXP and PHP 5.2.8 and it came up with a different hash so I couldn't loginto the admin account. So I dug though the system code and found out how the system makes password hashes and created a function that will generate a password for the admin account. Code: function change_password($username='admin', $new_password='hello') {If you pass this function a username and a temp password (like "hello") it will make a hash that works on your system and then you can insert that into the database row instead of the default hash in the SQL file. Then delete this function (or mark as private) so that it can't be run any longer).
[eluser]Nuu[/eluser]
Great lib. How do I change the registration email so that it does not send the password? Right now it includes the password in the clear within the mail. Thanks.
[eluser]Hartimer[/eluser]
[quote author="Nuu" date="1233764751"]Great lib. How do I change the registration email so that it does not send the password? Right now it includes the password in the clear within the mail. Thanks.[/quote] On your config folder you have dx_auth.php Change the line that says Code: config['DX_email_details'] = TRUE;to FALSE. i'm not sure if the name of the variable is correct, but it looks something like that.. Hope it helps
[eluser]Scott Boyde[/eluser]
[quote author="umefarooq" date="1233106312"]hi im trying to use the this library but facing this problem i tried to login its give me the following error Code: A Database Error Occurredtable name is missing in the query.[/quote] Did you get this sorted
[eluser]phazei[/eluser]
I've been looking at lots of different auth systems and pretty sure I'm going to go with this one. The docs is what won it over for me, really nice. I had found this review: http://stackoverflow.com/questions/34698...ry-is-best (3rd answer) Which was really informative. I was wondering though, how many of these issues have been resolved? : 1* Only lets users 'reset' a lost password (rather than letting them pick a new one upon reactivation) 2* Homebrew pseudo-event model - good intention, but misses the mark 3* Two password fields in the user table, bad style 4* Uses two separate user tables (one for 'temp' users - ambiguous and redundant) 5* Uses potentially unsafe md5 hashing 6* Failed login attempts only stored by IP, not by username - unsafe! 7* Autologin key not hashed in the database - practically as unsafe as storing passwords in cleartext! 8* Role system is a complete mess: is_admin function with hard-coded role names, is_role a complete mess, check_uri_permissions is a mess, the whole permissions table is a bad idea (a URI can change and render pages unprotected; permissions should always be stored exactly where the sensitive logic is). Dealbreaker! 9* Includes a native (poor) CAPTCHA 10* reCAPTCHA function interface is messy It's not going to make a difference on my using DX Auth, but it would be nice if some were resolved. On 1: I'm not sure how password resets work, but I hate sending a random plain text one via email. Sending a special link in the email with a one time or one day use link to reset the password on the site seems to work best. I could care less about 2-5. 6 is really simple to fix and would be nice 7 is somewhat important I don't know about 8. And 9-10 aren't very important. About the temp user table, if someone signs up and hasn't activated yet, if someone else registers does it check their username and password against the temp table as well as the main one? Any reason a second table was used rather than just putting a key in the main table for activated or not? Thanks, Adam
[eluser]Unknown[/eluser]
dexcell must be pretty busy as he hasn't posted here for over a month.... I was just implementing Redux Auth, when I saw this and I think this library works better for me. I'll post any cool tricks I use which might be handy, as well as posting my questions :-)
[eluser]phazei[/eluser]
I have a menu that is called after $this->dx_auth->logout(); It calls $this->ci->dx_auth->is_logged_in(); But when the user logs out, the is_logged_in() seems to still return true because the menu's don't change unless I hit refresh. What can I do to fix that? I made sure to select use DB for sessions, but that doesn't affect it. I know the cookies don't reflect changes till next page refresh, so it could be that, but I don't know. Help  thanks
[eluser]Nuu[/eluser]
[quote author="phazei" date="1233811022"]I have a menu that is called after $this->dx_auth->logout(); It calls $this->ci->dx_auth->is_logged_in(); But when the user logs out, the is_logged_in() seems to still return true because the menu's don't change unless I hit refresh. What can I do to fix that? I made sure to select use DB for sessions, but that doesn't affect it. I know the cookies don't reflect changes till next page refresh, so it could be that, but I don't know. Help thanks[/quote] I had this issue when I installed the base codeigniter+dx_auth. The reason why its happening is that the session record in the database was not deleted after you logout. The quick and dirty fix I did was to change the system/libraries/Session.php (line 30): var $sess_use_database = TRUE; By default it is set to FALSE and hence the session library skipped the deletion of the session row. I really hate modifying the default library code as it could mess up future upgrade but this did the trick for me. Perhaps someone more well-versed in php/codeigniter could find where the original issue is.
[eluser]hugle[/eluser]
[quote author="phazei" date="1233811022"]I have a menu that is called after $this->dx_auth->logout(); It calls $this->ci->dx_auth->is_logged_in(); But when the user logs out, the is_logged_in() seems to still return true because the menu's don't change unless I hit refresh. What can I do to fix that? I made sure to select use DB for sessions, but that doesn't affect it. I know the cookies don't reflect changes till next page refresh, so it could be that, but I don't know. Help thanks[/quote] Hi. You probably get the 'logged in menu' because it was generated before you logged the user out. Try to this: $this->dx_auth->logout(); header('Location: /'); // here you will get your page refreshed after logout. Good luck! |
| Welcome Guest, Not a member yet? Register Sign In |
