Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Ion Auth - Lightweight Auth System based on Redux Auth 2
Ion Auth - Lightweight Auth System based on Redux Auth 2
  • El Forum
    Guest
  •  
#541
08-26-2010, 06:02 AM

[eluser]Lucas Alves[/eluser]
Edit: Now I read your question again. Your problem is that you probably didn't update the "columns" array in Ion_auth config file...

Why don't you just walk on meta_columns array, setting the additional data using this:

Code:
//validation rules, if  $this->form_validation->run() == true :
$meta_columns = $this->config->item('columns', 'ion_auth');

if (! empty($meta_columns)) {
    foreach ($meta_columns as $input) {
        $form_input = $this->input->post($input);

        /*clean the data...*/

        $additional_data[$input] = $form_input;

    }

    $this->ion_auth->register($username,$password,$email,$additional_data)

// else validation == false
//...

This way, when you add or remove columns in meta table, you just need to update the ion_auth config file, with no need to change the create_user code...

But, if you wanna do the way you're using this, you just need to set extra columns directly in the additional_data array, like

Code:
$additional_data = array('first_name' => $this->input->post('first_name'),
                         'last_name'  => $this->input->post('last_name'),
                         'address'    => $this->input->post('address')    ,
                         'company'    => $this->input->post('company'),
                         'phone'      => $this->input->post('phone1'),

                         'dog_name'      => $this->input->post('dog_name'),
                         'birthday'      => $this->input->post('birthday')
);
  • El Forum
    Guest
  •  
#542
08-26-2010, 07:09 AM

[eluser]martynrlee[/eluser]
Thanks Lucas, didnt think to run through the config file, like the $meta_columns solution as well.

Most appreciated.

Martyn.
  • El Forum
    Guest
  •  
#543
09-08-2010, 02:37 PM

[eluser]Rob Pomeroy[/eluser]
If I'm reading this right, the password is sent in the clear over the wire - is that right? A few years back I remember implementing an insanely paranoid login system using a javascript MD5 library to send a hashed, salted, hashed password to the web server. The salt was randomly generated by the server at the time the browser session began. This same salt was applied to the already-hashed password stored in the database, for comparision purposes. I can't quite remember the details.

Anyway, the point is I was wondering if Ben and the other folks working on this had an opinion on the plaintext password issue? Assuming that SSL is not desired/available, that is.
  • El Forum
    Guest
  •  
#544
09-08-2010, 04:12 PM

[eluser]Ben Edmunds[/eluser]
Rob,

IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript. Any halfway decent programmer can look through the JS and easily reverse engineering whatever encryption algorithm you implement.

If you need a truly secure login use SSL.
  • El Forum
    Guest
  •  
#545
09-09-2010, 01:29 AM

[eluser]Rob Pomeroy[/eluser]
[quote author="Ben Edmunds" date="1284001974"]IMHO there is absolutely no point in encrypting the passwords before you send them through the pipe with Javascript.[/quote]

Yeah, I admit this was only really covering the case of a wire sniffer, rather than a full-blown man-in-the-middle attack. Plus there's a fairly high overhead asking a browser to hash and re-hash.

Now to take a good look at your library! I'll be wanting to drop in reCAPTCHA, OpenID and possibly LDAP in due course... Thanks for all you've done. If I come up with any resuable code I'll be sure to fork it.
  • El Forum
    Guest
  •  
#546
09-09-2010, 01:31 AM

[eluser]Rob Pomeroy[/eluser]
edit: double post (proxy cache error)
  • El Forum
    Guest
  •  
#547
09-09-2010, 09:02 AM

[eluser]Ben Edmunds[/eluser]
Rob,

Thanks and definitely keep me updated on your progress implementing those items.
  • El Forum
    Guest
  •  
#548
09-12-2010, 10:54 PM

[eluser]Bob Stein[/eluser]
Ion Auth looks great. Wish I had come across it a couple weeks ago; it would have saved me a lot of time. I'm especially impressed by how well the "groups" logic seems to have been thought out.

Maybe it's just me, but as I was playing around wiht Ion Auth, I had a really hard time figuring out something really obvious, so I thought I'd post something here just in case others have the same issue:

If you want to allow new users to register themselves with Ion Auth, you'll almost certainly want to require them to verify their registration by email. Yes, Ion Auth DOES come with an email confirmation function.

To trigger email activation in Ion Auth, just open the ion_auth.php file located in the 'application/config' folder and scroll down to line 78. There you'll find
Code:
$config['email_activation'] = false;

Change that to "true" and you're good to go.

I'm a little surprised this is set as a config option (which is why I had such a hard time finding it). It seems like the kind of thing you'd want to pass as an option through a register()-type function, so that admins can add new users without a confirmation email if necessary. Or am I missing something?
  • El Forum
    Guest
  •  
#549
09-13-2010, 06:52 PM

[eluser]gscharlemann[/eluser]
Hi all

I'm running into session issues with Internet Explorer (the issue described below doesn't happen in Firefox or Chrome). Here's the deal...

1. User logs in via the auth/login method in the controller. The login works and the following is printed out after a successful login:
Code:
ion_auth->logged_in(): session_id = d33d753b8b7769f00471dbc460c84926
ion_auth->logged_in(): identity = email
ion_auth->logged_in(): session->identity = [email protected]
ion_auth->logged_in(): session->id = 25
ion_auth->logged_in(): session->user_id = 25
ion_auth->logged_in(): session->group_id = 2
ion_auth->logged_in(): boo? identity = 1
2. The next action the user takes is clicking a link directly below the above print out. The "tracker" controller is loaded and defaults to the calendar() function. The first action in tracker->calendar() calls the ion_auth->logged_in() function. This action in some versions of IE (this doesn't happen with my IE, but does with a few friends - we are both using IE 8.0) creates the following output:
Code:
tracker->calendar(): start
ion_auth->logged_in(): session_id = f438643a280a6bc6d993bd755543af4a
ion_auth->logged_in(): identity = email
ion_auth->logged_in(): session->identity =
ion_auth->logged_in(): session->id =
ion_auth->logged_in(): session->user_id =
ion_auth->logged_in(): session->group_id =
ion_auth->logged_in(): boo? identity =
The session information isn't being saved correctly for some reason. I tried saving the session information into the database via the config file, but that didn't correct the problem. And, as I said before this flow works in Firefox and Chrome and even some installs of IE8.0. Any suggestions on why this might be occurring or what I should look at? I'm stumped.

thank you
  • El Forum
    Guest
  •  
#550
09-13-2010, 11:19 PM

[eluser]joytopia[/eluser]
gscharlemann,

give hybrid session a try:

http://ellislab.com/forums/viewthread/124821/

Regards
Bernd




Theme © iAndrew 2016 - Forum software by © MyBB