Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]Ben Edmunds[/eluser]
hugle,

If you delete, or deactivate, another user who is currently logged in nothing will happen to their session. TO affect their session immediately you would have to modify their information in the sessions table.

[eluser]spmckee[/eluser]
Hi,

What is the best way to prompt the user to change their initial password?

When I create the account I set the initial password to something that needs to be changed, like "default". When the user first logs in with that password I want to detect that and prompt them to change it. What's the easiest way to do this? Can I check the password set in the DB or is the best approach to create a "have they changed the pass yet" flag in the DB?

Thanks,
SP

[eluser]Unknown[/eluser]
Hi Ben,

First off thanks for an awesome Auth library

I have found a little bug when trying to update a user group and only the group, no other user data in the method user_update from ion_auth_model.php.

It gives me the following error:

You must use the SET method to update an entry

I think that happens when the method tries to update the table "meta" when the array data doesn't contains information for that table since it only checks for the columns array not to be empty.

So i modify the if statement in line 803 of ion_auth_model.php from this:

Code:

if (!empty($this->columns))

to this:

Code:

if (!empty($this->columns) && !(count(array_diff($this->columns,$data))==count($this->columns)))

I also change the if from line 820 to check if the array contains the group_id field

Code:

if (array_key_exists('username', $data) || array_key_exists('password', $data) || array_key_exists('email', $data) || array_key_exists('group_id', $data))

I know have it working, but i don't know if there is a better solution for this.

Hope you understand and sorry for my bad english :-)

[eluser]Sinclair[/eluser]
Hi,

I need to change the fields "created_on" and "last_login" from the table users from Integer to Timestamp.

What implications can I have? I don't use the account creation, the implication is only on the Login action?

Best Regards,

[eluser]Sandyandi N. dela Cruz[/eluser]
Hi,

I don't know if you've already noticed a bug when updating a user using the same identity from another user.
Example:

Code:

$config['identity'] = 'email';

When I try to update user1's record with user2's email, ion_auth allows it while it should not because the email field acts like a primary key of the users table when it's set as the $config['identity'].

Now, I modified update_user() from ion_auth_model.php into this:

Code:

public function update_user($id, $data)
    {
        $user = $this->get_user($id)->row();

        $this->db->trans_begin();
        
        $email = (array_key_exists('email', $data)) ? $data['email'] : FALSE;
        $username = (array_key_exists('username', $data)) ? $data['username'] : FALSE;
        
        if ($email !== FALSE && $this->identity_column == 'email' && ($this->email_check($email) && $user->email !== $email))
        {
            $this->ion_auth->set_error('account_creation_duplicate_email');
            return FALSE;
        }
        elseif ($username !== FALSE && $this->identity_column == 'username' && ($this->username_check($username) && $user->username !== $username))
        {
            $this->ion_auth->set_error('account_creation_duplicate_username');
            return FALSE;
        }
        
        if (!empty($this->columns))
        {
            // 'user_id' = $id
            $this->db->where($this->meta_join, $id);

            foreach ($this->columns as $field)
            {
                if (is_array($data) && isset($data[$field]))
                {
                        $this->db->set($field, $data[$field]);
                        unset($data[$field]);
                }
            }

            $this->db->update($this->tables['meta']);
        }

        if (array_key_exists('username', $data) || array_key_exists('password', $data) || array_key_exists('email', $data))
        {
            if (array_key_exists('password', $data))
            {
                $data['password'] = $this->hash_password($data['password'], $user->salt);
            }

            $this->db->where($this->ion_auth->_extra_where);

            $this->db->update($this->tables['users'], $data, array('id' => $id));
        }

        if ($this->db->trans_status() === FALSE)
        {
            $this->db->trans_rollback();
            return FALSE;
        }

        $this->db->trans_commit();
        return TRUE;
    }

It now disallows duplicate identity entries just like the register() from the ion_auth_model.php

[eluser]Sandyandi N. dela Cruz[/eluser]
I updated my post several times. :lol:

[eluser]sirwan.me[/eluser]
Is documentation not a good idea for this library ?

[eluser]joytopia[/eluser]
[quote author="sirwan.me" date="1278213180"]Is documentation not a good idea for this library ?[/quote]

sirwan.me,
the library is lightweight, the code seems to be self explaining and Ben does a great support here in the forum.

Yes, documentation is a good idea.
The library is open source, so feel free to write one.

Best regards
Bernd

[eluser]huuray[/eluser]
[quote author="sirwan.me" date="1278213180"]Is documentation not a good idea for this library ?[/quote]thumbs up

[eluser]srpurdy[/eluser]
Hi Guys,

Nice Auth Library! lightweight indeed.

I'm curious is there a function to protect an entire controller instead of just specific functions?

I only just started playing with it. I been using freakauth for awhile, but decided it's too bulky for most projects I do.

Anyway thanks guys!