• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The Auth Library 1.0.3 - The Easiest Auth Library for CodeIgniter

#21
[eluser]Adam Griffiths[/eluser]
[quote author="suashi" date="1236646949"]Let's say our counter variable is named attempts

With that in mind you can retrieve/set the value at each login attempt like:

Code:
$current_attempts = $this->session->userdata('attempts'); // retrieve old value
$this->session->set_userdata('attempts', $current_attempts++); // set new value

Of course you should check the number of attempts before setting the new value and even before trying to login the user.

I don't know if you already did it, but you can set the expiration time for the session in the config file, it's named sess_expiration

Anyway I just came back home and I'm downloading the lib cause I want to try it out![/quote]

Of course, I've done so much coding on this and other things the past few weeks I can't remember what I've released and what's still on my machine.

If I set the session expiration to 15 minutes (the time the login attempts would be 5), wouldn't that make the whole session only last for 15 minutes?

#22
[eluser]jacobc[/eluser]
[quote author="Adam Griffiths" date="1236649162"]If I set the session expiration to 15 minutes (the time the login attempts would be 5), wouldn't that make the whole session only last for 15 minutes?[/quote]
Yea that would... Perhaps including your own expiration variable for the login attempts as well. So store a time for last_login_attempt.

#23
[eluser]gyo[/eluser]
Hi Adam,
I really appreciate your effort in making this library, but I think it still needs to grow.
Auth (authentication and authorization) is a very critical step, let's say it has to be bomb proof... Wink

Here is some feedback:
You should remove all the checking like min and max password chars from the lib; I would do that kind of checks in a model, without throwing all the error messages with show_error() because that limits a lot the flexibility.
I see you're loading all the libraries and config twice (both in __constructor and Auth methods); you're mixing php4 and php5, and the only element of php5 is the __constructor. Just remove it, since all the library is php4 and it will work in php5, or optimize it for php5 without backward compatibility.
Since I'm paranoid about security I would filter all the input->post for XSS, apart from checking the data types:

$this->input->post('some_data', TRUE);

Take a look at Redux Auth which has been developed with security as the main idea:

http://codeigniter.com/wiki/Redux_Auth/


Anyway... I'm trying to be constructive with my comments, and I'm always open to different points of view! Wink


Byee

#24
[eluser]Adam Griffiths[/eluser]
[quote author="suashi" date="1236695203"]Hi Adam,
I really appreciate your effort in making this library, but I think it still needs to grow.
Auth (authentication and authorization) is a very critical step, let's say it has to be bomb proof... Wink

Here is some feedback:
You should remove all the checking like min and max password chars from the lib; I would do that kind of checks in a model, without throwing all the error messages with show_error() because that limits a lot the flexibility.
I see you're loading all the libraries and config twice (both in __constructor and Auth methods); you're mixing php4 and php5, and the only element of php5 is the __constructor. Just remove it, since all the library is php4 and it will work in php5, or optimize it for php5 without backward compatibility.
Since I'm paranoid about security I would filter all the input->post for XSS, apart from checking the data types:

$this->input->post('some_data', TRUE);

Take a look at Redux Auth which has been developed with security as the main idea:

http://codeigniter.com/wiki/Redux_Auth/


Anyway... I'm trying to be constructive with my comments, and I'm always open to different points of view! Wink


Byee[/quote]

Thanks for your comments. In 1.0.2 there are no longer two constructors, just the one Auth(), so this has been fixed. Since I'm using the Auth library, there really isn't anywhere to use a model, or to filter the data for XSS, since the form validation library takes care of that.

I'll take a look at storing the login attempts in the session data, hopefully I can come up with something better, and fix some "bugs".

Thanks.

#25
[eluser]minimalistic[/eluser]
Hey,

I'm starting a very small project now (Intranet stuff) and I'll use your lib. I'll post some feedback later in the day.

Ricardo

#26
[eluser]gyo[/eluser]
Hey Adam,

just to be sure... is this one the latest version available?

http://www.freshpowered.com/docs/downloads/auth.zip

thanks
gyo

#27
[eluser]Adam Griffiths[/eluser]
The latest version can be found on the user guide at http://programmersvoice.com/user_guide/.

That reminds me, I need to change my signature.

#28
[eluser]heavener[/eluser]
This is directed towards your newer release "The Authentication Library 1.0.2".

Upon installation it threw an error at me:
Code:
Parse error: syntax error, unexpected T_ELSEIF in /nfs/c04/h02/mnt/61892/domains/lab.jodyheavener.com/html/imveg/system/application/libraries/Auth.php on line 91

And here is a link to an image of what the error looks like:
http://lab.jodyheavener.com/phperror-auth.jpg

Can someone please help? Sorry, I'm pretty much a n00b at CI and Authentication systems.

#29
[eluser]heavener[/eluser]
This is directed towards your newer release "The Authentication Library 1.0.2".

Upon installation it threw an error at me:
Code:
Parse error: syntax error, unexpected T_ELSEIF in /nfs/c04/h02/mnt/61892/domains/lab.jodyheavener.com/html/imveg/system/application/libraries/Auth.php on line 91

And here is a link to an image of what the error looks like:
http://lab.jodyheavener.com/phperror-auth.jpg

Can someone please help? Sorry, I'm pretty much a n00b at CI and Authentication systems.

#30
[eluser]Adam Griffiths[/eluser]
If you change the elseif on that line to if, that will fix it.

I was sure I fixed that! I'll make an update for the library really soon.

Thanks.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.