• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Userlib - User Library

#11
[eluser]Xikeon[/eluser]
[quote author="jbowman" date="1183762845"]Since you are getting peoples emails, why not make that their login authentication variable, rather than their username? Since, hopefully, people won't be making email addresses visible on the site, this would also cut down on people trying to brute force password using screenname/password[/quote]

I'm sorry? I don't really understand what you mean? Why would email as login auth be more secure?

#12
[eluser]Zeldinha[/eluser]
[quote author="Xikeon" date="1183779328"]I'm sorry? I don't really understand what you mean? Why would email as login auth be more secure?[/quote]

There are normally two things needed to log into a website: login auth and password. If you take the username as login auth and that username is visible on the website, you're already giving away 50% of the data required to login. Most users have silly passwords so it would be relatively easy to guess at least some of them, or maybe even hack them by brute force if you don't have a strikes system implemented (this seems unlikely, but who knows).

Emails are usually not shown publicly, so if you use the email instead of the username as login auth, you will effectively hide 100% of the data required to log in and make it almost impossible to guess (the only way is to make the user itself to give you his/her email somehow, which can happen, but then it's not your responsability).

That's why using the email is more secure than using the username Smile

Either way, looks like a nice class, thanks for sharing, will try it Smile

Regards,

#13
[eluser]jbowman[/eluser]
Thanks Zeld, you summed it up perfectly Smile Sorry I was so slow to respond, but I haven't had much spare time lately.

Your library does look interesting. I'm about to start making my decision on the development environment for my next project. I'm leaning towards using CI and pulling in some of the Zend Framework libraries I like. If I go that route, I'll take a bigger look into this Smile Have you plopped it up on the wiki yet?

#14
[eluser]Référencement Google[/eluser]
[quote author="Christian Land" date="1183720119"]Btw. handling the "Forgot Password" function like you do is an open invitation for troublemakers...[/quote]

Hi,

I do also agree it, it is a real urgent function you need to improve, because of that we can't use your lib in a real production environement.

You userlib is a very nice idea, i will follow it and waiting for new versions.

Just 1 question, why didn't you used the build in Mailer class of CI unstead of simple mail functions wich are not portable ?

#15
[eluser]Najki[/eluser]
Very nice and easy to use library with good documentation in this short topic. My congratulations! Smile

But I have a one suggestion: how about adding a logout method? It could be quite useful Wink.

#16
[eluser]Jamongkad[/eluser]
[quote author="Najki" date="1184599380"]Very nice and easy to use library with good documentation in this short topic. My congratulations! Smile

But I have a one suggestion: how about adding a logout method? It could be quite useful Wink.[/quote]

I concur! or do we have to grow our own logout module?

#17
[eluser]Najki[/eluser]
There is, however, a primitive logout function built-in to CodeIgniter, but I was hoping for a solution more compatible with this Userlib.

Code:
$this->session->sess_destroy();

#18
[eluser]Jamongkad[/eluser]
[quote author="Najki" date="1184801804"]There is, however, a primitive logout function built-in to CodeIgniter, but I was hoping for a solution more compatible with this Userlib.

Code:
$this->session->sess_destroy();
[/quote]

Thanks but I use session_destroy(); would there be any issues if I use this?

#19
[eluser]Jamongkad[/eluser]
Hi Mike,

Kick ass library you've created. I managed to integrate it with my app in a matter of minutes. I have a question though...my app allows a user once registered to log in to his/her account page.

The problem I have now is does your library support a function that displays the user's name upon login in? Like say the user was myself Mathew, upon logging in my account page would display "Welcome Mathew!".

I tried using the getData function but I seem to only invoke variables that I have explicitly hardcoded. Is there any other way to dynamically achieve this by pulling the data from the 'users' table? Thanks much appreciated

#20
[eluser]Code Arachn!d[/eluser]
Love this library - it's very flexible and has a lot of room for growth!

On tweak I added was some more flexibility in getData - I set it up so that username or select criteria could be left off allowing for a return of all fields of a particular row and/or certain fields from many rows this way I can list one or more users quickly.

Code:
function getData( $username = '', $what = '*' )
{
  $where_clause = (!empty($username)) ? $where_clause = ' WHERE username=\'' . mysql_real_escape_string( $username ) . '\'' : '';
  $lcheck = $this->CI->db->query( 'SELECT ' . mysql_real_escape_string( $what ) . ' FROM `users` ' . $where_clause);
  if( $lcheck->num_rows( ) > 0 ) {
   return $lcheck->result_array( );
  } else {
   return 'Username or row does not exist.';
  }
}


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.