Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]davidjlynch[/eluser]
Hi Ben,

Trying to see if a password exists on login page so I can return an error if it doesn't (usability issue), I have used the below code to check username and it works perfectly

Code:

/**
     * Username check
     *
     * @return bool
     * @author Ben Edmunds
     **/
    public function username_check($username)
    {
        if ($this->ion_auth->username_check($username))
        {
            $this->form_validation->set_message('username_check', 'The username "'.$username.'" already exists.');
            return FALSE;
        }
        else
        {
            return TRUE;
        }
    }

does something exist to check_password?

[eluser]Ben Edmunds[/eluser]
Bernd,

Yes I got it, thank you! I'll try to go through it soon.


davidjlynch,

You can check to see if ion_auth->login return true or false.

[eluser]davidjlynch[/eluser]
Hi Ben,

Once again thanks for the quick response, glad to see I'm not the only one working on a Sunday. I have tried the following but just get errors, the email_check works, but as I said password_check returns errors, could you possibly help further?

Code:

public function email_check($email)
    {
        if ($this->ion_auth->email_check($email)){
            $this->form_validation->set_message('email_check', 'The email "'.$email.'" already exists.');
            return FALSE;
        } else{
            return TRUE;
        }
    }
    
    public function password_check($password)
    {
        if ($this->ion_auth->login($password)){
            $this->form_validation->set_message('password_check', 'The password you entered does not exists.');
            return FALSE;
        } else{
            return TRUE;
        }
    }

Once again thanks for all your help.

[eluser]megabyte[/eluser]
So I have a security question.

The is logged in function:

Code:

/**
* logged_in
*
* @return bool
* @author Mathew
**/
public function logged_in()
{
$identity = $this->ci->config->item('identity', 'ion_auth');

return (bool) $this->ci->session->userdata($identity);
}

Do you think it would be better to check their credential as far as being active, and not just checking a session?

[eluser]megabyte[/eluser]
I also don't understand how there can be arguments in a public function inside a controller?

When I say I don't understand, I don't mean I'm questioning you. I mean I didn't know you can do this, or how they would be used.

Code:

//activate the user
function activate($id, $code=false)
{
$activation = $this->ion_auth->activate($id, $code);

        if ($activation) {
//redirect them to the auth page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect("auth", 'refresh');
        }
        else {
//redirect them to the forgot password page
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("auth/forgot_password", 'refresh');
        }
    }

[eluser]ladooboy[/eluser]
Hello Ben!

First of all, this is a really great auth system .

I've got a question, wondering if you can help me.
I want a user to be able to open only ONE session. So if he is logged in with firefox and tries to login with IE it should log him out from firefox and leave the IE session open.

Is there any method which would help me archiving this ?
I could maybe check if the ip address in combination with the browser exists in the database, if not login user out? Would that approach be reliable enough ? But then we know the ISP sometimes changes the ip address and the user might get kicked out randomly on ip change.

Another session issue. If the User hasn't ticket "remember me" and closes his browser the app should automatically log him out. How would you archive this ?

Many thanks for your help in advance.

[eluser]ladooboy[/eluser]
@megabyte
Maybe this will help you.
You can call any functions in the controller from the URL as long as they were not hidden as "_function":

Basically when you do: www.mysite.com/controller/function/arguments you will call the following: www.test.com/auth/activate(23,[email protected]). This will initiate the activate method of the auth controller sending two values to the method.

You can use this if you send an activation email to a user and the user clicks on the link with the above method and arguments to activate his account.

Here from the user guide: codeigniter



Regards to the logged_in().

As far as my understanding is; when you login it saves your email address in the session. So when you visit a protected site it checks if your're email address(or username) is in the session, which means you're logged in, and let's you through.

If you're not logged in then you're email address wouldn't be in the session I guess.

[eluser]joytopia[/eluser]
@ladooboy

I haven't yet tried to search in field user-data of table ci_session.
If it does not work, you could create a new field in the session table with username (or email if this is your identity field).

Then write a method:
When a user logs in, it destroys all other sessions with this identity.

HTH Bernd

[eluser]ladooboy[/eluser]
Hi !

I am trying to implement a function which logs the oldest session out if the user logs in again or on a different browser.

Currently I have a Problem:

Code:

class MY_Controller extends Controller{
    public $data;
    public $load_view;
    
    
    function __construct(){            
        parent::Controller();    // Always need to call the parent Controller
    
        $this->load->library('ion_auth');

I'm loading the library in my Base_Controller. The auth_ion library has this snipped in its constructor.

Code:

if (!$this->logged_in() && get_cookie('identity') && get_cookie('remember_code'))
        {
            $this->ci->ion_auth_model->login_remembered_user();
        }

My Local Controller has:

Code:

class Welcome extends MY_Controller{
    function __construct(){
        parent::__construct();
        if(!$this->ion_auth->logged_in()) redirect('auth/login');
    }

As you can see my local controller checks if the user is logged in, if not redirect him.

With this structure it will run the Logged_in function twice on the same page.
So On my welcome controller it runs the query twice, once from the welcome controller and once from my Base_controller where I have loaded the auth library.

Any ideas how I can just run it once on each of my controller ?

[eluser]Ben Edmunds[/eluser]
It sounds like you want to turn off the "remember users" option in the config file that way they will be forced to login everytime they come to your site.