The Auth Library 1.0.3 - The Easiest Auth Library for CodeIgniter

[eluser]Adam Griffiths[/eluser]
[quote author="suashi" date="1236695203"]Hi Adam,
I really appreciate your effort in making this library, but I think it still needs to grow.
Auth (authentication and authorization) is a very critical step, let's say it has to be bomb proof...

Here is some feedback:
You should remove all the checking like min and max password chars from the lib; I would do that kind of checks in a model, without throwing all the error messages with show_error() because that limits a lot the flexibility.
I see you're loading all the libraries and config twice (both in __constructor and Auth methods); you're mixing php4 and php5, and the only element of php5 is the __constructor. Just remove it, since all the library is php4 and it will work in php5, or optimize it for php5 without backward compatibility.
Since I'm paranoid about security I would filter all the input->post for XSS, apart from checking the data types:

$this->input->post('some_data', TRUE);

Take a look at Redux Auth which has been developed with security as the main idea:

http://codeigniter.com/wiki/Redux_Auth/


Anyway... I'm trying to be constructive with my comments, and I'm always open to different points of view!


Byee[/quote]

Thanks for your comments. In 1.0.2 there are no longer two constructors, just the one Auth(), so this has been fixed. Since I'm using the Auth library, there really isn't anywhere to use a model, or to filter the data for XSS, since the form validation library takes care of that.

I'll take a look at storing the login attempts in the session data, hopefully I can come up with something better, and fix some "bugs".

Thanks.