Welcome Guest, Not a member yet? Register   Sign In
Starting a CI 4 project: best auth library?
#1

I'm starting a CI4 project in about 1 month.

I'm choosing my Auth library:

1) Ion Auth https://github.com/benedmunds/CodeIgnite...uth/tree/4
Last update is about 1 year ago. Is it still valid?

2) Myth Auth https://github.com/lonnieezell/myth-auth
It seems really good but they says it doesn't work with 4.0.3 
So is it useless right now for me? I'll release my project in about 2-3 months.

3) Any other library that you use?

Thank you
Alberto
Reply
#2

(This post was last modified: 05-26-2020, 02:31 AM by captain-sensible.)

is it a large project with lots of users or a fairly simple one concerning auth.

Sometimes the way writers of libraries document code , i find it hard to understand.

I've got a simple  web with really only one admin needed so as an alternative to using someones library i just wrote my own code  using a simple captcha , session to limit attempts to 5 goes, url to login hidden (i.e not quoted anywhere)

authentification based is on captcha being correct , user name being correct and the password in a sqlite db is hashed so i use for that :

$logic = password_verify($this->password,$this->hashPassword);
where $this->password is whats recevied by :
$this->request->getVar('userPassword')



protected $regex= '/[^A-Za-z0-9!?\s]+/';
//$regex this is a php class member




$password= $this->request->getVar('userPassword'); // pasword typed in to form textbox
    $password2= htmlentities($password,ENT_QUOTES);
    $this->password= preg_replace($this->regex,"",$password2);
    $this->password= trim($this->password);

A bit convoluted but if password is correct it works !


i've thought my knowledge may be limiting but then i've seen W.P web sites where login is easily found, a user can easily be found and there is no captcha.

So i'm not sure whether to stick with own system or replace it if there is a simple library.
So also would be interested to more replies.
Reply
#3

A lot of users here like using Lonnie's Myth/Auth.

Myth:Auth
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#4

(05-26-2020, 03:55 AM)InsiteFX Wrote: A lot of users here like using Lonnie's Myth/Auth.

Myth:Auth
 
Yes but it doesn't work on 4.0.3!! What version are they using?
Reply
#5

(05-26-2020, 02:27 AM)captain-sensible Wrote: is it a large project with lots of users or a fairly simple one concerning auth.

Sometimes the way writers of libraries document code , i find it hard to understand.

I've got a simple  web with really only one admin needed so as an alternative to using someones library i just wrote my own code  using a simple captcha , session to limit attempts to 5 goes, url to login hidden (i.e not quoted anywhere)

authentification based is on captcha being correct , user name being correct and the password in a sqlite db is hashed so i use for that :

$logic = password_verify($this->password,$this->hashPassword);
where $this->password is whats recevied by :
$this->request->getVar('userPassword')



protected $regex= '/[^A-Za-z0-9!?\s]+/';
//$regex this is a php class member




$password= $this->request->getVar('userPassword'); // pasword typed in to form textbox
    $password2= htmlentities($password,ENT_QUOTES);
    $this->password= preg_replace($this->regex,"",$password2);
    $this->password= trim($this->password);

A bit convoluted but if password is correct it works !


i've thought my knowledge may be limiting but then i've seen W.P web sites where login is easily found, a user can easily be found and there is no captcha.

So i'm not sure whether to stick with own system or replace it if there is a simple library.
So also would be interested to more replies.


It's a complex project. It makes no sense to write a new auth library for this.
Reply
#6

(05-26-2020, 07:08 AM)AlbertoBedo Wrote: Yes but it doesn't work on 4.0.3!! What version are they using?

As myth-auth are under development, it's subject to change at any time. At this time you are required to use the development branch of CodeIgniter 4; https://github.com/codeigniter4/CodeIgniter4
Reply
#7

(05-26-2020, 09:11 AM)jreklund Wrote:
(05-26-2020, 07:08 AM)AlbertoBedo Wrote: Yes but it doesn't work on 4.0.3!! What version are they using?

As myth-auth are under development, it's subject to change at any time. At this time you are required to use the development branch of CodeIgniter 4; https://github.com/codeigniter4/CodeIgniter4

Thanks! yeah I would really like to use myth-auth because it looks like the best solution. However I can't use an under-development code.

The only way is if there will be a stable release of myth-auth in 2-3 months.

If there will not be I should find another auth solution.

What does all the users use out there?

Do they still use CI3?
Reply
#8

I use the development branch and it runs just fine for me.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#9

@AlbertoBedo I recommend using Myth:Auth. The issue with 4.0.3 is actually a little complicated. It has had a stable (albeit beta) release for some time but a recent major security issue instigated an urgent release of 1.0 beta 3, which includes code based on the CI framework since 4.0.3. If you are really looking 2-3 months out I expect there will be additional releases before then to switch to, but I also can tell you I'm using Myth:Auth very happily in production now and it is quite solid.
Reply
#10

(This post was last modified: 05-31-2020, 02:50 PM by includebeer.)

(05-26-2020, 07:08 AM)AlbertoBedo Wrote:
(05-26-2020, 03:55 AM)InsiteFX Wrote: A lot of users here like using Lonnie's Myth/Auth.

Myth:Auth
 
Yes but it doesn't work on 4.0.3!! What version are they using?

I use Myth:Auth beta 2 with CI 4.0.3 and it's working fine.

(05-27-2020, 06:55 PM)MGatner Wrote: @AlbertoBedo I recommend using Myth:Auth. The issue with 4.0.3 is actually a little complicated. It has had a stable (albeit beta) release for some time but a recent major security issue instigated an urgent release of 1.0 beta 3, which includes code based on the CI framework since 4.0.3. If you are really looking 2-3 months out I expect there will be additional releases before then to switch to, but I also can tell you I'm using Myth:Auth very happily in production now and it is quite solid.

@MGatner can you give more detail about this security issue? I don't want to install the develop branch in production as I want some kind of stability but if if there's a big security hole it may be better to install CI's develop branch and Myrh:Auth beta 3. What would you recommend?
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply




Theme © iAndrew 2016 - Forum software by © MyBB