Tank Auth v1.0 (CI authentication library) |
[eluser]Gromozeka[/eluser]
The lib contains only core auth methods. Sorry, role management is out of them.
[eluser]playaz[/eluser]
Looks good@work so cant check this out til later Is there a live demo of this online anywhere? :-) Thanks again dude, this sounds promising
[eluser]Laurentvw[/eluser]
Thank you, Gromozeka! When I was looking for an authorization library several months ago, I also stumbled on that StackOverflow page and decided to go for DX Auth. Unfortunately though, I wasn't completely happy with the library. The 8 db tables, the lack of password security and the (unneeded) roles & permission features were just a few examples of that. Tank Auth seems to be just what I was looking for! You've got all my support on this one I haven't looked at the code in too much detail yet, so can't judge on that one. Two little remarks though. E-mail/username field seems to be case-sensitive. Logging in without capitalization (laurentvw instead Laurentvw) failed. You may want to fix that. Also, the captcha image isn't displaying. But I also had that problem when using DX Auth. Not sure why, I'm probably doing something wrong (I did chmod /captcha to 777), but it doesn't matter too much for me since I disabled captcha. Anyway, thanks for the great library, good job! Edit: I managed to inject this using the user field on the login form: '; foo ' (which resulted in a sql error) Related to: Code: function get_user_by_login($login, $activated = NULL)
[eluser]Gromozeka[/eluser]
Hi Laurentvw, Thank you for your support and for the time you've spent to work with Tank Auth. I've fixed the issues you found. Now email and username fields are case-insensitive (so both 'laurentvw' and 'Laurentvw' will work). SQL-injection is also fixed. Please download the latest version (1.0.2) from the same location: http://konyukhov.com/soft/tank_auth/tank_auth.zip About captcha: I met the same problem with CAPTCHA while working with DX Auth, so maybe my experience will be useful for you. There were 2 problems: 1) server was unable to create captcha-files, and 2) browser was unable to show them. The solution for 1st one was to fix write-rights for the captcha folder. Please notice, the path in the config-file is absolute and server-related. So if you set it this way: $config['captcha_path'] = 'img/captcha/'; then you will have to create folder img (with writable folder captcha inside) in the same directory where your system folder is. If the captcha-images are been creating in this folder but the browser cannot render them, I recommend you to check your htaccess file -- maybe access to your captcha folder is not permitted (as it was in my case). Hope that it will help you.
[eluser]jabberjab[/eluser]
Really wish you hadn't used <php= tags :-P It would have definitely saved me some time integrating Tank Auth with my project
[eluser]jabberjab[/eluser]
I am unable to use those tags on my server. From what I've read using <?= is frowned upon for code that is going to be distributed, because it's not always supported, that said it doesn't really matter to me now that I've converted all the <?='s to <? echo's Thanks again for this library -- Though there's one issue I keep having. When an email is sent (the verification email) only parts of the email is being sent. It ends with; "Finish your registration... Link doesn't work? Copy the following link to y " <-- Perhaps it's just GMail. I'll see if it sends correctly to other email services.
[eluser]Xeoncross[/eluser]
<? causes problems if you are using things like XML and such. It is actually a feature I heard they might be removing from php because of the bad practice it creates. Also it is a shame that you removed the role management - I guess I'll have to stick with DX Auth.
[eluser]Gromozeka[/eluser]
Sorry, I didn't think about it. The short tags work fine on my server. Ok, <?=$var?> have been replaced with <?php echo $var; ?> Please download the latest version and renew the view folder.
[eluser]jabberjab[/eluser]
Cool. I've got a quick question. How do I retrieve the userID or username of a logged in user via tank_auth? |
Welcome Guest, Not a member yet? Register Sign In |