Tank Auth v1.0 (CI authentication library)

[eluser]brettalton[/eluser]
[quote author="lolmann" date="1284732972"]He there,

I like tank_auth a lot but i have a trouble getting it to work on a server - it worked fine on my local machine.

The problem is, Phpass doesn't seem to hash the passwords. So when comparing a password submitted at login to the (hashed) password in the database it fails. Somebody suggested that the problem could be that my server doesn't support the encryption method. But I don't know how to change it.

Here are some more details: http://ellislab.com/forums/viewthread/167507/

Any idea how this can be resolved?[/quote]
I would say just don't move your database from localhost to the server (or TRUNCATE the `users` table (as in empty it) so when you re-register, phpass will use the authentication system native to that server.

Remember phpass will try and use two different php-supported algorithms before going to a hand-written method. Thus, if your localhost is using algorithm, and your server is using another, the two password hashes will not match.

[eluser]brettalton[/eluser]
[quote author="RandyCram" date="1284734616"]So I am in the process of extending this for my use and I am not sure about one thing.

I added a field named "admin" to the user table in the database to have a value or 0 or 1, and if 1 to display admin only items. However for some reason I can't get it to work right.

I am not sure how I should do the check. I want the admin to be able to view the page so I don't want to redirect them right away i just want to display a link saying "Admin CP."

I added this to the library

Code:

function get_admin()
    {
        return $this->ci->session->userdata('admin');
    }

I tried adding it to the controller and doing an if $admin == 1 but it didn't work so what would the best method of doing this be?

Thanks.[/quote]

Well do you have the information being reported to <i>$this->ci->session->userdata</i> because, as I said in post #301, I wanted to pull out the user's e-mail address but since it didn't exist in the user data, I had to query the DB based on the user's ID. I haven't looked into it, but I should hack the lib to post that information to the session data so I'm not querying the DB on every page reload. I think you're looking to do the same thing.

Does that make sense?

[eluser]brettalton[/eluser]
Hey everyone, I came up with an elegant solution for tank_auth to redirect users to their original page, instead of to the home page, after login/registration/logout: http://ellislab.com/forums/viewreply/801348/

[eluser]RandyCram[/eluser]
[quote author="brettalton" date="1284750296"][quote author="RandyCram" date="1284734616"]So I am in the process of extending this for my use and I am not sure about one thing.

I added a field named "admin" to the user table in the database to have a value or 0 or 1, and if 1 to display admin only items. However for some reason I can't get it to work right.

I am not sure how I should do the check. I want the admin to be able to view the page so I don't want to redirect them right away i just want to display a link saying "Admin CP."

I added this to the library

Code:

function get_admin()
    {
        return $this->ci->session->userdata('admin');
    }

I tried adding it to the controller and doing an if $admin == 1 but it didn't work so what would the best method of doing this be?

Thanks.[/quote]

Well do you have the information being reported to <i>$this->ci->session->userdata</i> because, as I said in post #301, I wanted to pull out the user's e-mail address but since it didn't exist in the user data, I had to query the DB based on the user's ID. I haven't looked into it, but I should hack the lib to post that information to the session data so I'm not querying the DB on every page reload. I think you're looking to do the same thing.

Does that make sense?[/quote]

That worked, thanks!

I found where to add it to the userdata.

In the library Tank_auth.php Line 71-76:

Code:

} else {
                        $this->ci->session->set_userdata(array(
                                'user_id'    => $user->id,
                                'username'    => $user->username,
                                'status'    => ($user->activated == 1) ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED,
                        ));

Just add what you want. worked like a charm for me.

[eluser]interllect[/eluser]
i have question that im sure is gona sound pretty n00by :\
but how do u change a views layout based on the is_logged_in function?

here is an example of what i have tried... im just basically trying to make the form in my view not appear if the user is not signed in & apear when they are signed in based on the if statement... yeh im pretty new to CI so sorry if i sound kinda weird

blog controller:

Code:

<?php
class Blog extend controller{

function Blog(){
        parent::Controller();
        $this->load->helper(array('form','url'));
        $this->load->database();
        $this->load->library(array('form_validation','Tank_auth.php'));    
}

function Index(){
        $data['title'] = "Blog";
        $data['heading'] = "Blog";
        $data['query'] = $this->db->get('entries');
        
        $this->load->view('blog_view', $data);
    }
    
    function blog_insert(){
    if ($this->tank_auth->is_logged_in()) {

        $this->form_validation->set_rules('title', 'title', 'trim|required|xss_clean');
        $this->form_validation->set_rules('body', 'body', 'trim|required|xss_clean');

        if ($this->form_validation->run() == FALSE)
        {
        
                redirect('blog/');
        }
        else
        {
                $this->db->insert('entries', $_POST);
                redirect('blog/');
        }
    } elseif (!$this->tank_auth->is_logged_in()) {
        redirect('');
      }
    }    

}

?>

blog view (aka the problem D: ):

Code:

<html>
<head></head>
<body>

<?php if (is_logged_in): ?>
        <table>
        &lt;?php echo validation_errors(); ?&gt;
            &lt;?php echo form_open('blog/blog_insert'); ?&gt;
                <tr style="vertical-align: text-top;">
                <td><label>Blog Title*</label></td><td>&lt;input style="color: black;" type="text" name="title"/&gt;&lt;/td>
                </tr>
                <tr>
                <td style="vertical-align: text-top;"><label>Blog Details*</label></td><td>&lt;textarea class="ckeditor" cols="80" id="editor1" name="body" rows="10"&gt;&lt;/textarea></td>
                </tr>
                <tr>
                <td style="vertical-align: text-top;">&lt;input style="background-image: url('/../../assets/Images/Nav_Button.jpg'); height: auto; width: auto; padding: 10px; border-bottom-width: 0; color: black;" type="submit" value="Submit"/&gt;&lt;/td>
                </tr>
            &lt;/form&gt;
        </table>
&lt;?php endif; ?&gt;

&lt;/body&gt;
&lt;/html&gt;

is this correct because it doesnt work for me??? am i supposed to include something else in the view or controller for it to work?

[eluser]interllect[/eluser]
bleh i got it now... syntax issue... basically forgot to place '()' after the function name xD ... silly me

[eluser]brettalton[/eluser]
[quote author="interllect" date="1284950739"]bleh i got it now... syntax issue... basically forgot to place '()' after the function name xD ... silly me[/quote]

You shouldn't do 'if logged in' from a view though. It should be decided from a controller.

Code:

class Page extends Controller {

    function Page()
    {
        parent::Controller();
    }

    function index()
    {
        $this->load->view('page/index');
    }

    function secret()
    {
        if ($this->tank_auth->is_logged_in())
        {
            $this->load->view('page/secret');
        }
        else
        {
            $this->load->view('page/login');
        }
    }
}

[eluser]interllect[/eluser]
ok i have another question...

how would i go about setting up user levels with tank_auth?

for example i wanted 3 levels of access. currently in my database i have given the user_profile table 2 extra columns:

levels description
1 (staff)
2 (moderator)
3 (admin)

what function should i use so that the level of access corrisponds with the user that is currently logged in?

[eluser]RandyCram[/eluser]
best way I can think of is make the column in your database just have a 1 for is that level and 0 for isn't and do an IF statement checking if they have it.

If($staff == 1) {
do something
}

[eluser]andjules[/eluser]
[quote author="billyjeans" date="1281370199"]It seems that clear_attempts should use the same creteria as get_attempts_num, otherwise the login attempts will not be cleared.

Code:

function clear_attempts($ip_address, $login, $expire_period = 86400)
    {
        /* modified to make it consistent with get_attempts_num
        $this->db->where(array('ip_address' => $ip_address, 'login' => $login));*/
        $this->db->where('ip_address', $ip_address);
        if (strlen($login) > 0) $this->db->or_where('login', $login);
        
        // Purge obsolete login attempts
        $this->db->or_where('UNIX_TIMESTAMP(time) <', time() - $expire_period);

        $this->db->delete(self::TABLE);
    }

[/quote]

It does sound like there is a logical hole.
IF clear_attempts - as it was originally written - only clears THIS USER's attempts, it may not solve the problem of the login being blocked because OTHER users (at other IP addresses) have increased the attempts in the database.

As a logical extension, I've needed to add a 'clear_attempts' call to the reset_password function, because once a email/tokenized-authenticated user resets their password, they could still be locked out by OTHER users having max'd-out the login attempts.