Login

02-14-2008, 04:50 AM

[eluser]systemsos[/eluser]
I'll give you what I have thus far. Make sure that in your application/config/config.php the following is set

Code:
$config['sess_cookie_name']        = 'rapid_session';

$config['sess_expiration']        = 7200;

$config['sess_encrypt_cookie']    = TRUE;

$config['sess_use_database']    = TRUE;

$config['sess_table_name']        = 'ci_sessions';

$config['sess_match_ip']        = TRUE;

$config['sess_match_useragent']    = TRUE;

$config['sess_time_to_update']         = 300;

I then use the following adaption of Erkana: Code Authorization Library (I rewrote it with additional applications in mind... Please not it's not finished, so there is probably 1000 different ways to improve it. But the security is very "so so" when you aren't using the session database.

Code:
/-------------------------------------

//system/libraries/Rapidauth.php

/-------------------------------------

&lt;?php  if (!defined('BASEPATH')) exit('No direct script access allowed');

/**

 * CodeIgniter

 *

 * @package    Rapidauth

 * @author        Darren Nolan -  Rapid Hosting - Based on Erkana: CodeIgniter Authorization Library (www.michaelwales.com)

  * @link        http://www.rapidhosting.com.au

 * @since        Version 1.0

 * @filesource

 */

class Rapidauth

{

    var $CI;

    function Rapidauth()

    {

        $this->CI =& get_instance();

        log_message('debug', 'RapidAuth class loaded');

        $this->CI->load->database();

        $this->CI->load->library('session');

        $this->CI->load->helper('Rapidauth_helper');

    }

    function check_login ($condition = array(), $table = 'users', $select = 'id')

    {

        $this->CI->db->select($select);

        $query = $this->CI->db->getwhere($table, $condition, 1, 0);

        if ($query->num_rows != 1) {

            return FALSE;

        } else {

            $row = $query->row();

            $this->CI->session->set_userdata(array('user_id' => $row->$select, 'authenticated' => 'TRUE'));

            return TRUE;

        }

    }

    function check_session ()

    {

        if ($this->CI->session->userdata('user_id') AND $this->CI->session->userdata('authenticated')=='TRUE') {

            return TRUE;

        } else {

            return FALSE;

        }

    }

    function logout ()

    {

        $this->CI->session->unset_userdata('user_id');

        $this->CI->session->unset_userdata('authenticated');

        $this->CI->session->sess_destroy();

    }

}

?&gt;

/-------------------------------------

/Use the below code in your parent controller or index function for the controller to load it up

/-------------------------------------

$this->load->library('Rapidauth');    //Login, Logout and Log-Check functions

This is the code I use to check is the user/password combo is right.

Code:
if ($this->validation->run()) {

    if ($username=$this->input->post('username', true)) {

        $password = dohash($this->input->post('password'));

        $details = array ('username'=>$username, 'password'=>$password);

        if ($this->rapidauth->check_login($details)) {

            redirect ('admin/main');

        } else {

            //THIS SET MESSAGE PART DOESN'T WORK YET... STILL TRYING TO FIGURE IT OUT...

            $this->validation->set_message('required', 'Username or Password incorrect.');

        }

    }

}

At the start of all protected pages I use

Code:
if (!$this->rapidauth->check_session()) {

    redirect ('admin/login');

}

Now a thing to note with the library at the moment, is it only checks if the user is authenticated - there is no "role" system (yet) as defined with Erkana's code base.

However, by reading over the script - I'm a little more flexible with the table name for users and field returned to the session by passing values to the function.

of course $this->rapidauth->logout() and the such are all there. I'll attach the library here once it's complete - but I hope this gets you in the right direction.

Cheers,