Welcome Guest, Not a member yet? Register   Sign In
Community Auth with HMVC
#1

Hi,
Can anyone briefly or practical give me insight as to how community auth works with HMVC?
Thank alot!!
Reply
#2

(This post was last modified: 12-11-2016, 12:23 PM by skunkbad.)

I tried looking for you, but somebody had successfully done this a while back (1+ years?). I don't think they gave the details, but it is supposedly possible.

There is this: https://www.youtube.com/watch?v=m0a1ldrnNKU , but I couldn't understand a thing they were saying.
Reply
#3

(12-11-2016, 12:20 PM)skunkbad Wrote: I tried looking for you, but somebody had successfully done this a while back (1+ years?). I don't think they gave the details, but it is supposedly possible.

There is this: https://www.youtube.com/watch?v=m0a1ldrnNKU , but I couldn't understand a thing they were saying.

Well thanks alot. Not all that helpful cos they were speaking in Hindu i guess and i could barely hear them let alone understand but it did give me insight on how they extended the MY_Controller class instead of the MX in the modules folder. Wont give up here tho will still try and find a way. Thanks alot !!
Reply
#4

(12-11-2016, 01:48 PM)koficypher Wrote:
(12-11-2016, 12:20 PM)skunkbad Wrote: I tried looking for you, but somebody had successfully done this a while back (1+ years?). I don't think they gave the details, but it is supposedly possible.

There is this: https://www.youtube.com/watch?v=m0a1ldrnNKU , but I couldn't understand a thing they were saying.

Well thanks alot. Not all that helpful cos they were speaking in Hindu i guess and i could barely hear them let alone understand but it did give me insight on how they extended the MY_Controller class instead of the MX in the modules folder. Wont give up here tho will still try and find a way. Thanks alot !!

I've been using Community Auth on a few websites over the years, one of which is almost 5 years in development. Hundreds of thousands of lines of code. I've never used HMVC. If you find that it's easy to implement, maybe you could make up some instructions, and I'll try it out. If it seems reliable, I could put a blog post about it on the Community Auth website.
Reply
#5

(12-11-2016, 03:25 PM)skunkbad Wrote:
(12-11-2016, 01:48 PM)koficypher Wrote:
(12-11-2016, 12:20 PM)skunkbad Wrote: I tried looking for you, but somebody had successfully done this a while back (1+ years?). I don't think they gave the details, but it is supposedly possible.

There is this: https://www.youtube.com/watch?v=m0a1ldrnNKU , but I couldn't understand a thing they were saying.

Well thanks alot. Not all that helpful cos they were speaking in Hindu i guess and i could barely hear them let alone understand but it did give me insight on how they extended the MY_Controller class instead of the MX in the modules folder. Wont give up here tho will still try and find a way. Thanks alot !!

I've been using Community Auth on a few websites over the years, one of which is almost 5 years in development. Hundreds of thousands of lines of code. I've never used HMVC. If you find that it's easy to implement, maybe you could make up some instructions, and I'll try it out. If it seems reliable, I could put a blog post about it on the Community Auth website.
That'll be very great!! Thanks.
Reply
#6

I'm using this hmvc extension in my ci project.
https://bitbucket.org/wiredesignz/codeig...sions-hmvc

does community auth package work wit it ?
As I glance thru it's documentation, it required controller to extend My_controller from community auth

However, my modules' controllers are extended MX_controller from the hmvc extension mentioned above.
Reply
#7

(01-12-2017, 07:05 PM)adrianmak Wrote: I'm using this hmvc extension in my ci project.
https://bitbucket.org/wiredesignz/codeig...sions-hmvc

does community auth package work wit it ?
As I glance thru it's documentation, it required controller to extend My_controller from community auth

However, my modules' controllers are extended MX_controller from the hmvc extension mentioned above.


Since others have done it, it's certainly possible, but you'd have to figure it out on your own, or perhaps with the help of other Community Auth users. It's entirely possible that you could extend MX_controller. PHP OOP does allow you to extend multiple times, so if that's the only issue, I think you'll figure it out.
Reply
#8

(This post was last modified: 05-17-2017, 09:08 AM by bpuig. Edit Reason: More info )

I've managed to make it "work" having MY_Controller extend Auth_Controller and having Auth_controller extend MX_Controller. I've said "work" because I'm not able to make the session persist further than the time set on config variable sess_time_to_update.

I'm suspicious that the problem is radicated in the calling multiple times $this->require_min_level(X) set in various scripts through Modules:run('...'). I think this is the cause because if I just to the login and then use a simple page, without calling any module, my session persists longer than sess_time_to_update.

I'm testing right now, if I find a solution I'll post it here.

EDIT: After testing I found that this session log out happens when Controller_1 calls method Controller_2 via HMVC, buuuut, it does not happen if Controller_1 calls method in Controller_1 via HMVC. I'll keep testing.
Reply
#9

(This post was last modified: 05-17-2017, 11:56 AM by bpuig.)

More info:

When session gets regenerated, in MY_Session sess_regenerate function, it saves the old session as  $this->pre_regenerated_session_id and the new current session as $this->regenerated_session_id.

I had the script make logs of every step, this is what came out:

DOING LOGIN, login is made, page is shown OK
Code:
DEBUG - 2017-05-17 20:34:29 --> pre_regenerated_session_id:iijge1q335sdpqb6u7516isvr7porj3k
DEBUG - 2017-05-17 20:34:29 --> regenerated_session_id:85ldb11gpif6vvsh4mv07sfd4a6jopnl
DEBUG - 2017-05-17 20:34:29 --> Test MX_Controller Initialized
DEBUG - 2017-05-17 20:34:29 --> Encryption: Auto-configured driver 'openssl'.
DEBUG - 2017-05-17 20:34:29 --> regenerated_session_id Auth Model (check_login_status) is checking for :85ldb11gpif6vvsh4mv07sfd4a6jopnl
DEBUG - 2017-05-17 20:34:29 --> query: SELECT `u`.`username`, `u`.`email`, `u`.`auth_level`, `u`.`user_id`, `u`.`banned`
FROM `auth_users` `u`
JOIN `auth_sessions` `s` ON `u`.`user_id` = `s`.`user_id`
WHERE `s`.`user_id` = '2205615491'
AND `s`.`login_time` = '2017-05-17 20:34:22'
AND `s`.`id` = 'iijge1q335sdpqb6u7516isvr7porj3k'
LIMIT 1

DEBUG - 2017-05-17 20:34:29 --> ****ROWS******:1

I have my sess_time_to_update set in 5 secs, to speed things up and see where it blows

Log after refreshing page in 5 secs I GET KICKED OUT
Code:
DEBUG - 2017-05-17 20:34:29 --> File loaded: ../modules/test_1/controllers/Test_1.php
DEBUG - 2017-05-17 20:34:29 --> Test_1 MX_Controller Initialized
DEBUG - 2017-05-17 20:34:29 --> regenerated_session_id auth model (check_login_status) is checking for null:85ldb11gpif6vvsh4mv07sfd4a6jopnl
DEBUG - 2017-05-17 20:34:29 --> query:SELECT `u`.`username`, `u`.`email`, `u`.`auth_level`, `u`.`user_id`, `u`.`banned`
FROM `auth_users` `u`
JOIN `auth_sessions` `s` ON `u`.`user_id` = `s`.`user_id`
WHERE `s`.`user_id` = '2205615491'
AND `s`.`login_time` = '2017-05-17 20:34:22'
AND `s`.`id` = 'iijge1q335sdpqb6u7516isvr7porj3k'
LIMIT 1
DEBUG - 2017-05-17 20:34:29 --> ****ROWS******:0


What I found is that codeigniter is looking for the old session, but my database already has the new one. This is something I dont understand.

Something happened in the middle that I'm missing?

I'll keep looking, any help is appreciated
Reply
#10

If you do a global search for "regenerated_session_id", you'll get a good idea of what is going on. Basically, it's through regenerated_session_id and pre_regenerated_session_id that we sync up the CI session with the auth_session record, ensuring that the auth is legit, and that the session is not dropped if the CI session is regenerated.

This is one of the trickier things to handle for auth, because not everyone is going to want to use database sessions, but the auth_sessions table is essential in ensuring that a session is indeed valid.

Perhaps a better way to handle sessions would be to force everyone to use database sessions, and then just merge the auth_sessions fields into ci_sessions. I just didn't feel like it was my place to force people to do that.

Since I don't use HMVC and don't want to spend the time to support it, you're on your own on this one, but it has been done. I think somebody has a youtube video on it, but it's in a foreign language so I can't tell you if it's good or not.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB