ErkanaAuth: A non-invasive user authentication library

[eluser]stevefink[/eluser]
Hi Michael,

Great work! I'm actually using this for a new project. I'm no where near as proficient as you are, so maybe I'm overlooking something here.

Do you think it might be okay to incorporate a 'configuration' section to your library to allow users to set their own table name? 'users' is a bit generic, and in an application such as mine it won't fly. I'm going to have to modify your code where the table is hardcoded everywhere.

Let me know what you think!

Cheers bud, awesome coding!

- sf

[eluser]Michael Wales[/eluser]
Yeah, adding in a config section near the top of the library would be optimal. When I originally released ErkanaAuth I never expected it to get the attention it has received thus far - it's really overwhelming. Unfortunately, I just haven't had the time recently to incorporate a lot of the awesome changes this community has made to it - plus, the next version will undoubtedly break any application using the current version.

Feel free to make the changes you feel are necessary and post them for everyone to see. ErkanaAuth has grown into much more than a library but more of an experiment in minimalism vs. functionality - it's interesting to see everyone's contributions and the various ways in which we tackle similar issues.

[eluser]stevefink[/eluser]
Thanks Michael. :-)

Maybe I can ask you for any suggestions here, and then I'll try to write up something and send it to you. Feel free to use it (as far as a configuration option.)

I'm currently having issues with headers using the library. I popped this code into my controller which gets loaded should the user successfully login per the following:

Code:

$this->load->library('Erkanaauth');
        if (!$this->erkanaauth->try_session_login()) {
            redirect('/login');
          }

I'm receiving a consistent error message:

ERROR - 2007-12-03 14:43:34 --> Severity: Warning --> Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/iphone_pk/system/application/models/dbmodel.php:113) /Applications/MAMP/htdocs/iphone_pk/system/helpers/url_helper.php 455

Trying to debug it, but not having much luck. Totally would appreciate your help.

Thanks man. :-)

- sf

[eluser]Michael Wales[/eluser]
Make sure there is no whitespace at the end of Erkanaauth.php (I don't think there is) - check other custom libraries you are loading as well.

[eluser]stevefink[/eluser]
Yeah, I can't for the life of me find a whitespace at the end of any of my controllers/models/views.

No matter what I do with redirect() I'm getting signaled that headers have already been sent to the browser and it's screwing up the whole application.

Fun times!

[eluser]stevefink[/eluser]
Hate to double post, but I'll include all of my code... maybe I am indeed doing something seriously stupid. So here we go. In my login controller I have the following

Login.php

Code:

function index()
    {
        $this->load->library('Erkanaauth');
        $this->load->library('validation');
        
        /* validation rules for login form */
        $rules['email'] = "trim|required|valid_email|xss_clean|callback__verify_login";
        $rules['pass'] = "trim|required|xss_clean|md5";
        
        $this->validation->set_rules($rules);
        
        if($this->validation->run() == FALSE) {
            $this->load->view('login_view');
        } else {
            redirect('/', 'refresh');    
        }
        
    }

The function which validates the login within Login.php:

Code:

function _verify_login($email)
    {
       $this->load->helper('security');
       $password = dohash($this->input->post('pass'), 'md5');
       if($this->erkanaauth->try_login(array('email' => $email, 'password' => $password ))) {
           return TRUE;
       } else {
           $this->validation->set_message('_verify_login', 'Invalid login credentials.');
           return FALSE;
       }
    }

At this point I have it set to redirect to '/' which should be my default controller set in routes.php... and here I have simple code:

Code:

function index()
    {
        $this->load->library('Erkanaauth');
        if (!$this->erkanaauth->try_session_login()) {
            redirect('/login', 'refresh');
        }

        /* We need to fetch some data to populate into the view.
           Retrieve all available CPT codes. */
        $data['cpt'] = $this->dbmodel->select_cpt_codes();
        
        /* Retrieve all patients that aren't discharged */
        $data['patients'] = $this->dbmodel->select_active_patients();
        
        /* Retrieve current date for CPT population */
        $timestamp = time();
        $data['current_date'] = date("d M Y", $timestamp);
        
        $this->load->view('landing_page_view2', $data);
    }

Thanks, I know it's a lot. Would definitely owe ya big time if you catch a stupid mistake I've made.

[eluser]tomcode[/eluser]
What do You have in Your dbmodel.php on line 113 ?

[eluser]stevefink[/eluser]
I'll be darned. There -was- white space at the end of my dbmodel.php ?>, not a newline, but just white space on the same line. Shesh that's hard to catch with the naked eye. Thank you so much. :-(

Just curious... is the following legit to redirect to the default controller?

redirect("", 'refresh');

Also for Michael,

is it safe to assume I can use this code on any controller which requires an authenticated login?

Code:

if (!$this->erkanaauth->try_session_login()) {
            redirect('/login', 'refresh');
        }

I looked through my cookies and only saw ci_session there, so I wasn't sure where the other stuff is hiding out on.

Thanks again guys, you rock.

[eluser]Michael Wales[/eluser]

Code:

redirect('', 'refresh')

Yes, that redirect is fine (with or without the second parameter).

is it safe to assume I can use this code on any controller which requires an authenticated login?

Yup! Even better, why not create a libraries\MY_Controller.php file with the following code:

Code:

class Auth_Controller extends Controller {
    function auth_controller() {
        parent::Controller();
        if (!$this->erkanaauth->try_session_login()) redirect('/login', 'refresh');
    }
}

Then, any controller in which users should be logged in, just extend your Auth_Controller rather than Controller.

Code:

class Products extends Auth_Controller {
}

ErkanaAuth uses whichever session library you have installed. So, if you have the native CI session library (with the default setting, naming the cookie 'ci_session' - that is all you are going to see).

One downfall of Erkana is it is only as secure as your cookie settings (since all it does is store the user's ID). So, be sure to encrypt your cookies and establish a strong encryption key within config.php - otherwise people could just change the user_id in the cookie to any ID they want.

[eluser]tomcode[/eluser]
Just finished my direct access model, my more universal Ersatz for a forgotten password feature.

demo installation

Code:

<?php

/**
* Non-intrusive Direct Access Model
*
* This model creates and controls direct access tokens
* which can be used for features like forgotten password.
*
* @package    CodeIgniter
* @subpackage    Models
* @category    Authorization
* @author        Thomas Traub
* @link        http://www.tomcode.com/inside/codeigniter/direct_access
*/
class Direct_access_model extends Model {

    var $db_table = 'direct_access';
    var $hash_field = 'hash';
    
    /**
     * Creates, stores and returns the direct
     * access token for the passed condition.
     * Overwrites an exiting old entry.
     *
     * @param array associative the database query condition
     * @return string the access URL param
     */
    function set_access($condition)
    {
        // create hash
        $data[$this->hash_field] = str_shuffle(uniqid('' .rand(0, 32768)));

        // look for an existing entry
        $query = $this->db->getwhere($this->db_table, $condition, 1, 0);
        $row = $query->row();
        
        //  update or insert
        if ($query->num_rows == 0)
        {
            $condition = array_merge($condition, $data);
            
            $this->db->insert($this->db_table, $condition);
        }
        else $this->db->update($this->db_table, $data, $condition);
        
        // return only in case of success
        if($this->db->affected_rows() == 1) return array_merge($condition, $data);
    }
    
    /**    
     * Returns the ident data for a passed condition (hash token),
     * and, by default, deletes the found entry.
     *
     * @param array associative the database query condition
     * @param boolean shall the entry be deleted
     * @return mixed boolean:false or object: the query row
     */
    function get_access($condition, $delete_condition = true)
    {
        $query = $this->db->getwhere($this->db_table, $condition, 1, 0);
        
        if ($query->num_rows != 1) return FALSE;
        
        if($delete_condition) $this->delete_access($condition);
        
        return $query->row();
    }
    
    /**    
     * Deletes an entry based on the passed query condition
     *
     * @param array associative the database query condition
     */
    function delete_access($condition)
    {
        $this->db->delete($this->db_table, $condition);
    }
}