Fresh Powered - Auth Library

[eluser]El EmiZ[/eluser]
You're looking for a chimera, Adam, there's no way to make cookie stealing impossible, there always will be XSS and those things. The only secure way to prevent cookie stealing is to trust in the application developer to adding an extra secure layer to his code (like using HTTPS and/or filtering javascript from user input).

Check this, there's a nice workaround for mitigate the problems. http://ilia.ws/archives/121-httpOnly-coo...P-5.2.html (there's a hint in how to do that in PHP < 5.2).

Great job, good luck =)

PS: Also, if you need a simple cyphering routine, look (I've commented it a bit =P):

Code:

<?php
/*
    cyph 0.3 - Based on an old VB cyphering routine by El EmiZ
    usage:
        cyph(string, encryption key, action)
        * Where action: 0 = cypher | 1 = decypher
    
    returns:
        * -1 = No key specified.
        * -2 = Invalid action.
        * Another value = Cyphered or decyphered data.
*/

function cyph($string, $key, $action) {
    if (empty($key)) {
        return -1;
    }
    if (($action < 0) && ($action > 1)) {
        return -2;
    }

    if ($action == 1) {
        $string = base64_decode($string);
    }
    
    // In the command below we "restart" the rand engine,
    //  with a custom salt number.
    // This _salt_ can (and MUST) be changed =),
    //  preferably to a user choice's one (configuration option?)
    // MUST BE THE SAME SALT IN THE CYPHERING AND DECYPHERING!
    srand (12345678901234);
    $return = '';
    
    for ($x = 0; $x < strlen($string); $x++) {
        for ($y = 0; $y < ord(substr($key, $x % strlen($key), 1)); $y++) {
            // Let's cycle the rand sequence a bit ;)
            $cycle_rand = rand(0, 255);
        }
        $return .= chr(ord(substr($string, $x, 1)) ^ rand(0, 255));
    }
    
    if ($action == 0) {
        $return = base64_encode($return);
    }

    return $return;
}

echo cyph("Testing", "CodeIgniter", 0);
echo "<br />";
echo cyph("swRcNjg+og==", "CodeIgniter", 1);
?&gt;

[eluser]Adam Griffiths[/eluser]
Thanks for that El Emiz. I'll have a look later on and will start implementing something soon.

[eluser]zackwragg[/eluser]
Hi Adam,

Awesome library. I just downloaded it and think I'm gonna end up using it quite a bit. When I get a moment I think I may make it a bit more reusable by putting the table, field and view names into the config file to make them all easily changeable.

Thanks for offering this back to the community.

[eluser]Adam Griffiths[/eluser]
@zack - Thank you for the kind comments.

[eluser]Knitter[/eluser]
HI,
I may be missing it, and if so a simple RTFM will do , but I can't find any license information on the code.
I'm thinking on using the library but would sleep better if I could have some license info to back me up, just in case

[eluser]Adam Griffiths[/eluser]
Hey,

I have released all the fresh powered code is totally free, do what you wish with it.

[eluser]Knitter[/eluser]
That license should be shot dead!

Thanks for the reply, not the license I would expect and will probably cause some problems, most likely it will prevent me from using the software, but now I know into what I'm getting into.

[eluser]Adam Griffiths[/eluser]
[quote author="Knitter" date="1227296803"]That license should be shot dead!

Thanks for the reply, not the license I would expect and will probably cause some problems, most likely it will prevent me from using the software, but now I know into what I'm getting into.[/quote]

I'm sorry you feel that way after my joke. I have edited my previous post anyway. What I was getting at was you can edit it however you like, I don't care. You could make a piece of software that will make you millions using it, and I won't care. It's totally free and open.

[eluser]Knitter[/eluser]
You could have left the post as it was

My problem is that that license, though supposedly free, creates a all different set of problems. Users and developers must understand that the US laws do not rule the world, and in this side of the Atlantic, Portugal to be exact, copyright laws are really different, things like Public Domain do not exist, not like in the US and not as a license. Every software a developer releases as Public Domain will be illegal to use in a commercial application in Portugal. If the public domain is not valid, then the software user didn't get the creator's permission and thus is using the application without permission, which means illegally.

As with the Public Domain, the same thing happens with other licenses that, being invalid in Europe and or Portugal, trow me, as a Portuguese developer into a swamp of legal terms.

The license you had posted before was one that was hard to justify to the commerce authorities responsible for keeping the law regarding copyright, if I used it in a commercial product, thought you as the author wouldn't mind, I would have a bit of a trouble explaining the text in that license, and would probably be taken to court. Though it would be hard to get any conviction, I would nevertheless have to go to the trouble and expenses of such process.

Most Open Source licenses work great in the US, out of it, it really depends on how they treat the original creator and how the manage that creator's rights.

But enough of off-topic, you said it to be free, it is just enough, as for the millions, well if I do create a software that makes that amount of money I'll probably distribute some to the base products I use

[eluser]BrentNJ[/eluser]
Hi,

I am still learning about CI. Do you have a complete example of the Auth Library?

I am guessing that I need to modify the user controller to show the login and register forms. And also post the data from the forms somewhere.

When I restrict access, is that in a Controller or a View?

Thanks!!