• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The Auth Library 1.0.3 - The Easiest Auth Library for CodeIgniter

#1
[eluser]Adam Griffiths[/eluser]
Hey guys,

The Auth Library 1.0 has made it! You may have seen on the suggestions thread what new things there are, but the biggest surprise yet? To use the Auth Library, you do not need to write any code. Period. And that's not because I have included an admin controller, ready to roll either.

Please check out the blog post I wrote introducing the library and giving a simple tutorial on how to use it. I will write some CodeIgniter style docs for it in the next few days.

Latest Version
The latest version will always be in the master branch of the Github Repo

User Guide
The user guide for The Authentication Library can be found at http://programmersvoice.com/user_guide/.

Thanks guys!

I have created a new support forum thread for comments and questions along with a new version of The Authentication Library. This can be found here.

#2
[eluser]dallen33[/eluser]
Looks interesting. Can you tell me why I would use yours over DXAuth?

#3
[eluser]Adam Griffiths[/eluser]
[quote author="GodsHand" date="1235533668"]Looks interesting. Can you tell me why I would use yours over DXAuth?[/quote]

It only takes 3 steps to install, one of which is downloading the zip file. To start using it, all you need to do is extend the 'Application' controller instead of 'Controller' - so there's no need to create your own login, register and logout functions. This saves time and makes things much cleaner to look at. You want an auth library to handle authentication, right? So it'd make sense to put everything in it's own controller, right? That's what I thought anyway.

Also, the way I have done the remember me function is really really secure, I went as far as saying uncrackable, but if you had long enough and enough power I guess you could get round the hash at some point.

In summary, it's tiny, 8 files overall, 4 of which are views. It's easy to work with, as I said you don't need to write any code. It's secure, the remember me function isn't vulnerable to cookie stealing, because the cookie changes every hour.

#4
[eluser]Aken[/eluser]
Thank you Adam for your contribution. I will give it a shot while developing my shopping cart, and see if it suits my needs. Seems pretty simple so far, which is what I'm going for (since the only auth I need to worry about is the staff).

Just a few notes so far:

- I think you should only include files in the ZIP that have changes, or are new. Having all of the contents of Application can get confusing, and be very problematic if anyone has made crucial changes to those files already (which is typical, since the first thing you do when installing CI is edit config files).

- Does not work in PHP4. Got a weird error about calling a member in a non-object or something like that. It was when $this->auth->logged_in() was getting called in the admin.php controller. I didn't take time to investigate, just double checked what PHP version I was on and changed to 5.

- When visiting admin/login, I got a notice about an undefined constant "login_attempts" on line 118 of Auth.php (the library). Turns out there was an odd character instead of a typical apostrophe, so that should be fixed.

I'll add on any more as I tinker Smile

#5
[eluser]Aken[/eluser]
- Auth.php library, line 195 needs to be changed from $this->username to $username. Screws up part of the registration process (leaves out the username). Noticed it via E_NOTICE errors for undefined variables.

- When I register an account, it tells me I succeeded and am now logged in. But when I type in another URL (say the admin controller for example), I get an error for undefined function destroy_session(). There are two problems here: 1) the function should be session_destroy() 2) The function is being called inside _verify_cookie(), and in the registration process, no cookie is generated (and no token/identifier is added to the DB either). I assume this could be fixed by tossing the _generate() function into the registration process, but that would instigate Remember Me without the person asking for it. I'll leave that up to you to resolve Smile

- A note about _verify_cookie() function, an if/else statement is used to check if the generated identifier matches the one in the cookie, yet nothing is being done upon success. This should be shorted to a simple if ($identifier !== ...) operator.


BTW, none of this stuff is by any means meant as an insult. Trying to help make your project bug-free and 100% functional.

I may be interested in helping to fine-tune all of this, and doing a practical user guide for it, if you're interested.

#6
[eluser]Adam Griffiths[/eluser]
@aken: Thanks for telling me, it helps a load, this is why I love open source!

I fixed all the problems except for PHP4 compatibility, I didn't have enough time to dig deep to identify the problem.

Get the new files (sans CI files) from here

See what's been done here.

#7
[eluser]Aken[/eluser]
Not a problem, Adam. I enjoy helping out. Promotes me as a developer anyway Big Grin

I'll take a look at the changes and shout out any new recommendations that I find. Thanks!

Another small suggestion: your Mac creates a __MACOSX folder in the root, and .DS_Store files inside each folder. You should check your zip file and delete any of these extraneous files.

EDIT:

Adam, after some quick research, the PHP4 constructor is backwards compatible in PHP5. If PHP5 cannot find the __construct() method, it searches for the Class() function instead. So you'd be okay using one PHP4-style constructor, and it will be fine on both versions. I've verified that it worked on both versions on my server Smile

I also took the time to add a tiny bit of code to the Library and Config files that allows me to define the ID of the default user group for registrations. This would be a good addition, just make sure to tell people to make it the admin user group for the first user account, so the correct permissions are there (that or have them edit it manually in the DB).

Man this is fun. It's been a while since I've been elbow deep in PHP code.

Adam, would you prefer if I contacted you via email regarding changes and ideas? I have a few other minor things written down, and it seems like a waste to clutter up this thread with them.

#8
[eluser]Adam Griffiths[/eluser]
Aken, thanks for this, it helps a great deal. I'll go and delete the hidden files on my end and upload a newer version without those unnecessary files. I'll change the constructor to be Auth() and see what happens.

@adding lines to define the default user id: I did this in the database, but put it as 1 (admin) accidentally. I'll change this for 1.0.2.

Yeah you can contact me by email, I'll send it you in a PM.

Thanks again.

#9
[eluser]Ihab Khattab[/eluser]
Hi Adam,

really nice work



I suggest storing 'login_attempts' in sessions better than cookies as user can easily edit his cookies data and change 'login_attempts' to '3' for example so he can login again and again

Thanks Aken for your valuable replies


again nice work guys

BTW happy birthday Adam,God bless you

#10
[eluser]Adam Griffiths[/eluser]
Thanks for the suggestion. I just tried it out but for some reason when I used the CI Session Library it killed the application. Didn't display anything, do you think this might be because I filled up the cookie?

-- Yeah, it's 4KB of data. What do you guys think, should I include my Native PHP Session library and use that, this way I can add the login_attempts to the session, bringing it out of a cookie and making it more secure. But, then again, I can't set a timeout on a session, so I'll have to stick with a cookie. Although I could salt the cookie, so you couldn't just edit the cookie to be 0...thinking out loud here but what do people think?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.