Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Ion Auth - Lightweight Auth System based on Redux Auth 2
Ion Auth - Lightweight Auth System based on Redux Auth 2
  • El Forum
    Guest
  •  
#435
07-02-2010, 10:18 PM

[eluser]Sandyandi N. dela Cruz[/eluser]
Hi,

I don't know if you've already noticed a bug when updating a user using the same identity from another user.
Example:
Code:
$config['identity'] = 'email';
When I try to update user1's record with user2's email, ion_auth allows it while it should not because the email field acts like a primary key of the users table when it's set as the $config['identity'].

Now, I modified update_user() from ion_auth_model.php into this:
Code:
public function update_user($id, $data)
    {
        $user = $this->get_user($id)->row();

        $this->db->trans_begin();
        
        $email = (array_key_exists('email', $data)) ? $data['email'] : FALSE;
        $username = (array_key_exists('username', $data)) ? $data['username'] : FALSE;
        
        if ($email !== FALSE && $this->identity_column == 'email' && ($this->email_check($email) && $user->email !== $email))
        {
            $this->ion_auth->set_error('account_creation_duplicate_email');
            return FALSE;
        }
        elseif ($username !== FALSE && $this->identity_column == 'username' && ($this->username_check($username) && $user->username !== $username))
        {
            $this->ion_auth->set_error('account_creation_duplicate_username');
            return FALSE;
        }
        
        if (!empty($this->columns))
        {
            // 'user_id' = $id
            $this->db->where($this->meta_join, $id);

            foreach ($this->columns as $field)
            {
                if (is_array($data) && isset($data[$field]))
                {
                        $this->db->set($field, $data[$field]);
                        unset($data[$field]);
                }
            }

            $this->db->update($this->tables['meta']);
        }

        if (array_key_exists('username', $data) || array_key_exists('password', $data) || array_key_exists('email', $data))
        {
            if (array_key_exists('password', $data))
            {
                $data['password'] = $this->hash_password($data['password'], $user->salt);
            }

            $this->db->where($this->ion_auth->_extra_where);

            $this->db->update($this->tables['users'], $data, array('id' => $id));
        }

        if ($this->db->trans_status() === FALSE)
        {
            $this->db->trans_rollback();
            return FALSE;
        }

        $this->db->trans_commit();
        return TRUE;
    }
It now disallows duplicate identity entries just like the register() from the ion_auth_model.php


Messages In This Thread
Ion Auth - Lightweight Auth System based on Redux Auth 2 - by El Forum - 07-02-2010, 10:18 PM



Theme © iAndrew 2016 - Forum software by © MyBB