Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]ladooboy[/eluser]
Hi Ben,

Sorry for the confusion. No, I want the remember function.

It was just that the logged_in function would always be called twice on any controller, which is not optimal when you add some extra features and db queries.

But I was very tired anyway and my mind was blocked yesterday ^^.

I could do another function:

Code:

function validate_session()

which validates the user sessions with the DB details.

And on all local controllers I will do:

Code:

If (!logged_in() || !validate_session())
            redirect('auth/login');

In this way the validating will only be executed once per controller.

[eluser]Ben Edmunds[/eluser]
I really don't see how validate_session would help/be any different.

All logged_in() does is check the session data.

[eluser]ladooboy[/eluser]
Currently when you're logged in with IE and open the membership URL in Firefox it lets you access it because it thinks you're logged in(Even through I've got match_user_agent=TRUE).

So in the validate_session I will compare the session_id,email_address and user_agent from the DB with the session data.

IF any of it is different it redirects the user to login again.


Maybe I am overseing something here ?

[eluser]Ben Edmunds[/eluser]
It should be sess_match_useragent = TRUE.

[eluser]ladooboy[/eluser]
Hi Ben,

Sorry, yes I meant:

$config['sess_match_useragent'] = TRUE;

This still lets me view the member page when I use different browser. So I guess this is not working?

[eluser]davidjlynch[/eluser]
Hi Ben,

Sorry to trouble you again or anyone that can help, I am trying to validate if a password exists at login, currently you just get returned to the login page with no errors I have tried the following but with no success, can you help please;

Code:

public function password_check($password)
    {
        if ($this->ion_auth->login($password)){
            $this->form_validation->set_message('password_check', 'The password you entered does not exists.');
            return FALSE;
        } else{
            return TRUE;
        }
    }

[eluser]Ben Edmunds[/eluser]
davidjlynch,

What are you trying to check? Just that they entered something? you do that with form_validation.

If you are trying to see if it is the correct password you don't really need a callback for that, just reference my example code. Or you could make a login_check form_validation callback that runs ion_auth->login($identity,$password).

[eluser]davidjlynch[/eluser]
Hi Ben,

Yes I am trying to check if the correct password has been entered at login.

[eluser]Ben Edmunds[/eluser]
I don't really like it but we use this on PyroCMS:

Code:

/**
* Callback method used during login
* @access public
* @param str $email The Email address
* @return bool
*/
public function _check_login($email)
{
$remember = FALSE;
if ($this->input->post('remember') == 1)
{
$remember = TRUE;
}

if ($this->ion_auth->login($email, $this->input->post('password'), $remember))
{
return TRUE;
}

$this->form_validation->set_message('_check_login', $this->ion_auth->errors());
return FALSE;
}

[eluser]davidjlynch[/eluser]
Hi Ben,

I am still trying to see if the password is correct at login. You said earlier;

If you are trying to see if it is the correct password you don’t really need a callback for that, just reference my example code. Or you could make a login_check form_validation callback that runs ion_auth->login($identity,$password).

Please could you give me an example as I have been trying for 2 days without success, This is my current validation code.

Code:

$this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback_password_check_now');