[eluser]Ben Edmunds[/eluser]
Hey Timothy,
You don't want to use stored salts if you are keeping the same db.
Do you mind posting your schema?
Thanks,
[eluser]Timothy_[/eluser]
Ben,
Here is my database sql
Users
Code: --
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`group_id` mediumint(8) unsigned NOT NULL,
`ip_address` char(16) NOT NULL,
`username` varchar(15) NOT NULL,
`password` varchar(40) NOT NULL,
`email` varchar(40) NOT NULL,
`activation_code` varchar(40) NOT NULL DEFAULT '0',
`forgotten_password_code` varchar(40) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=8 ;
Code: --
-- Table structure for table `meta`
--
CREATE TABLE IF NOT EXISTS `meta` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`user_id` mediumint(8) unsigned NOT NULL,
`first_name` varchar(50) NOT NULL,
`last_name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=44 ;
Code: --
-- Table structure for table `groups`
--
CREATE TABLE IF NOT EXISTS `groups` (
`id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
`description` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
I hope this helps.
Thanks,
Tim
[eluser]Ben Edmunds[/eluser]
Add the following fields to your users table and see what you get:
Code: `salt` varchar(40) DEFAULT NULL,
`remember_code` varchar(40) DEFAULT NULL,
`created_on` int(11) unsigned NOT NULL,
`last_login` int(11) unsigned DEFAULT NULL,
`active` int(1) unsigned DEFAULT NULL,
[eluser]Timothy_[/eluser]
Hello Ben,
Thanks for that.
Unfortunately no luck. Same error as before.
Any other ideas?
Thanks,
Tim
[eluser]tobefound[/eluser]
@Ben: would you care to elaborate on what the csrf_nonce() thing is exactly? I'm guessing it has to do with confining the deactivation (in this case) of a user so that it cannot happen in the feature (because of the use of flash data which only survives one request).
Thx for a great lib and many thx for refining and taking Redux Auth to where it should have in the first place!
/T
[eluser]Ben Edmunds[/eluser]
Tim,
Just for fun comment out the extra_where code and see what happens.
tobefound,
The CSRF nounce is to protect against a csrf exploit where users could be deactivated/deleted by malicious code. So what it does is make sure the user is coming from the expected page.
[eluser]tobefound[/eluser]
@ben:
I reckoned, but wouldn't you say that this security measure should be part of the lib?
Another question: in your test controller (auth.php), when a user changes password you call $this->logout(). Not doing this and simply refreshing session data (to reflect the change if necessary), is that considered bad practise? I just think lots of users are used to staying logged in after having changed their passwords. Comments on this?
[eluser]patie[/eluser]
Hi Ben,
ion_auth_model is only example (like controller and view) or its 'required' (like ion_auth library) ?
sorry for my poor english 
[eluser]Ben Edmunds[/eluser]
tobefound,
No not really, the library is a simple, efficient, easy way to work with user authentication. Adding CSRF, captcha and other security measures that should be a part of your website would only take away from that goal. Authentication isn't the only place you would want to worry about CSRF exploits and this example code should help you implement it everywhere it is needed on your site. You could also fairly easily create a helper for this as well.
[eluser]Ben Edmunds[/eluser]
patie,
Yes the model is required, it is there for the library to interact with the database. The model shouldn't be referenced directly though as it all goes through the library.
The required files are the library, model, config, and at least one language.
|
