[eluser]Devon Lambert[/eluser]
I am building out a modular CMS myself and I too was making use of Tank Auth, and I ALSO have used Phil's CMS as a means to understand how best to build out a modular CI cms. That being said, I did make a change in the way I handle logins. This is because Tank_Auth generally feels like better authentication than that provided in PyroCMS, sorry Phil :-).
I created the following general_login method, which is then used across both my Public and Admin Controllers. I place this method in MY_Controller:
Code:
function _generic_login($user_type = NULL)
{
if (isset($user_type)) {
$this->data->login_by_username = ($this->config->item('login_by_username', 'tank_auth') AND
$this->config->item('use_username', 'tank_auth'));
$this->data->login_by_email = $this->config->item('login_by_email', 'tank_auth');
$this->form_validation->set_rules('login', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean');
$this->form_validation->set_rules('remember', 'Remember me', 'integer');
// Get login for counting attempts to login
if ($this->config->item('login_count_attempts', 'tank_auth') AND
($login = $this->input->post('login'))) {
$login = $this->input->xss_clean($login);
} else {
$login = '';
}
$this->data->use_recaptcha = $this->config->item('use_recaptcha', 'tank_auth');
if ($this->acms_auth->is_max_login_attempts_exceeded($login)) {
if ($this->data->use_recaptcha)
$this->form_validation->set_rules('recaptcha_response_field', 'Confirmation Code', 'trim|xss_clean|required|callback__check_recaptcha');
else
$this->form_validation->set_rules('captcha', 'Confirmation Code', 'trim|xss_clean|required|callback__check_captcha');
}
$this->data->errors = array();
if ($this->form_validation->run()) { // validation ok
if ($this->acms_auth->login(
$this->form_validation->set_value('login'),
$this->form_validation->set_value('password'),
$this->form_validation->set_value('remember'),
$this->data->login_by_username,
$this->data->login_by_email)) { // success
if ($user_type === 'admin') { // We have an admin, send him/her to the dashboard
redirect('admin'); //Need to fix this
} else { // We have a regular site member, send him/her to the page they came from.
redirect($this->session->userdata('referrer'));
}
} else {
$errors = $this->acms_auth->get_error_message();
if (isset($errors['banned'])) { // banned user
$this->_show_message($this->lang->line('auth_message_banned').' '.$errors['banned']);
return;
} elseif (isset($errors['not_activated'])) { // not activated user
redirect('/auth/send_again/');
} else { // fail
foreach ($errors as $k => $v) $this->data->errors[$k] = $this->lang->line($v);
}
}
}
$this->data->show_captcha = FALSE;
if ($this->acms_auth->is_max_login_attempts_exceeded($login)) {
$this->data->show_captcha = TRUE;
if ($this->data->use_recaptcha) {
$this->data->recaptcha_html = $this->_create_recaptcha();
} else {
$this->data->captcha_html = $this->_create_captcha();
}
}
}
}
This code comes almost directly from the basic auth controller provided with the Tank Auth library. As you can see, it checks several different user scenarios before logging a user in. I like this approach as I am assuming that every user, visitor, and member of my site may try to be a little sneaky and get into the admin section of my site. Therefore, I treat a login to the admin section, just as I would treat a login to the front end.
Maybe this helps you gh0st, or maybe not but it's working for me so far. :-)
