| Standardised user login |
[eluser]morph london[/eluser]
Hi I am very new to CodeIgniter and I am very impressed with what I have seen so far. Now my first CodeIgniter project involves a simple cms. I have been searching for a standardized way of a) Creating a login page (email, password) from a database. b) A piece of code I can add to each page that is "protected" that will redirect to the login page. I was quite surprised in the documentation that there seems to be no way built into CodeIgniter to do this out of the box. Is there a standard was of achieving this? or is there a method anyone could recommend as being secure? Also in my attempts to create such a page I have come across an issue with the Validation library. When I validate the password field and md5 it in the process, if the user has not entered a valid email it bounces back to the login page but the password field contains the md5 hash. I would like it to contain the original string. Thanks for your help.
[eluser]morph london[/eluser]
Thanks for the link I will check it out. The site has to be secure so do you know if this is secure code. What I am ideally looking for is adding CI to my 'Toolkit' as it were and I don't want to find out down the line I am using code that I will have to go and amend.
[eluser]stevepaperjam[/eluser]
Quote:do you know if this is secure code So far I've only used it as part of a blog-type thing for the admin section, but I'm planning on using it as part of a shopping cart site. I've not done any security testing myself, but you might be able to glean some further info from this thread.
[eluser]Phil Sturgeon[/eluser]
CI can do this out of the box. Model Code: function checkLogin($username, $password){Controller Check Code: if(!$this->session->userdata('userid')) redirect('user/login');User Auth is an INCREDIBLY simple thing, its just bloated by extra things such as forgot password, activation, user management, banning, etc. A full user auth system in CI can be done with 2 methods, 1 model and the simple piece of code above. I would avoid FAL like the plague for a small project, but it can come in handy if you strip it RIGHT down to the bones.
[eluser]morph london[/eluser]
Ok cool thats exactly what I wanted. Now back to the other issue I am having. So looking at the validation Library it demonstrates the validation for a password field using md5. So I assume it is better to store a password as md5 for security, then compare it from there. Now in the below code taken from the docss: function index() { $this->load->helper(array('form', 'url')); $this->load->library('validation'); $rules['username'] = "required"; $rules['password'] = "required"; $rules['passconf'] = "required"; $rules['email'] = "required"; $this->validation->set_rules($rules); $fields['username'] = 'Username'; $fields['password'] = 'Password'; $fields['passconf'] = 'Password Confirmation'; $fields['email'] = 'Email Address'; $this->validation->set_fields($fields); if ($this->validation->run() == FALSE) { $this->load->view('myform'); } else { $this->load->view('formsuccess'); } } If the user leaves out their email address this then fills the password field with a md5 instead of their original string.
[eluser]Phil Sturgeon[/eluser]
You are close. Code: function index()Notice the improved validation rules to make sure passwords match and the email is forced to be a valid email. Also notice the loop that will grab data from post and put it into a $data variable so you can pass it to your model. We then replace the users submitted password with a md5 hash. Registration complete!
[eluser]Rick Jolly[/eluser]
pyromaniac - You've just created another auth library! Maybe call it pyroauth and create a support thread.
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
