MeNeedz Auth

[eluser]davidbehler[/eluser]
He is right, the file you download (Auth.php) goes into application/library.
The corresponding config file (auth.php) goes to application/config.
You can edit your application/config/autoload.php and add 'auth' to the list of libraries or use

Code:

$this->load->library('auth');

in your controller.

See my user guide for an example of usage, login of a user in this case.

@pembelajar:
As this library is only a library and not a controller + model + library + views it is kinda limited and it's purpose in the first place is authentication & authorization. By adding a register and forgot password function I am already broading it's horizon so to speak and I am not sure if adding a function to edit the user would be just too much.
I might think about creating a whole package for user administration including controller, model, views my library but I don't know yet. Depends more or less on the public demand for such a thing.

[eluser]ray73864[/eluser]
The library allows people to code their own controllers and models for editing a user and doing lots of other stuff.

Perhaps what you could do is provide a simple library function for changing the password? that way if a person wanted to they could use that function for creating a 'forgot password' and 'change password' section on their website.

creating a simple function like that (perhaps a couple of them), would mean it could still continue to be a library but was also allow it to be extended further with the help of controllers and models.

[eluser]pembelajar[/eluser]
[quote author="ray73864" date="1227028620"]The library allows people to code their own controllers and models for editing a user and doing lots of other stuff.

Perhaps what you could do is provide a simple library function for changing the password? that way if a person wanted to they could use that function for creating a 'forgot password' and 'change password' section on their website.

creating a simple function like that (perhaps a couple of them), would mean it could still continue to be a library but was also allow it to be extended further with the help of controllers and models.[/quote]

This is the point that i have talked is. ;-)
But anything you do for this library is very great for me, thanks a lot.

[eluser]davidbehler[/eluser]
Your wish shall be granted

I have added a new function "change_password" that allows you to change the password of a given user. First parameter is the identifier of the user (the same that's used for login) and the second parameter is optional and can be used to set the new password. If the second parameter is left empty an new password is generated (the length of the new password that's generated depends on the value set for the new config variable "password_length" and defaults to 6).

Now you should be able to build a change password function or change a users password in your admin panel.

Anything else you need?

[eluser]pembelajar[/eluser]
Greats! thats completed for me now.
I would share my application, if it has been done.
Thank you.

[eluser]davidbehler[/eluser]
I am really looking forward to see my library in action

[eluser]Bikun[/eluser]
Implementing your library, so will be in use soon )

By the way, what is user_salt and how to use it?

[eluser]davidbehler[/eluser]
Just read these 2 wikipedia articles, they should answer all your questions

Saltin
Rainbow tables

To use salting with my library you have to add a column to your user table that can hold the salt (actually just a hash code with 32 or 40 bit depending on your hash function) and add %salt% to the encryption order.

[eluser]Bikun[/eluser]
Uuhh, things changed a lot within years I didn't do any programming

Now it's more or less clear what is salt, thanks.

I'm trying to use:
http://www.bigroom.co.uk/blog/php-password-security

It generated salt and password hash. Do I need to change something in the code to make things work?

Currently SQL "SELECT * FROM (`users`) WHERE `user_name` = 'vlad' AND password =md5(concat(user_salt, '123qwe')) LIMIT 1" doesn't return anything...

[eluser]davidbehler[/eluser]
As long as the user_salt field exists and is set to a value and that value was used to create the hash for the user's password it should work.