Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Mauth 0.9.6 - Authentication and User Managment Package (CI 2.0)
Mauth 0.9.6 - Authentication and User Managment Package (CI 2.0)
  • El Forum
    Guest
  •  
#31
12-19-2010, 03:43 PM

[eluser]Jeremy Hutchings[/eluser]
I'll be installing and checking this out for a project. I've gone though a3m and freakauth and they are both not up to scratch, or just too messy.

Given this is the single most commonly asked for thing, I'm *really* surprised (and frustrated) it's not part of the framework (or most others for that matter).

I hope this does well and I'll be giving feedback on bitbucket as I can!!

I think I'm going to have to retro fit it to a project now ! argh !
  • El Forum
    Guest
  •  
#32
12-19-2010, 04:45 PM

[eluser]missionsix[/eluser]
Excellent, thanks Jeremy.

I built this as a starting point for a user authentication and authorization based website. It is meant to be simple to configure the authorization. There are a couple key features i'm missing like reset password with a security question, but it would be pretty easy to implement.
  • El Forum
    Guest
  •  
#33
12-19-2010, 09:57 PM

[eluser]Jeremy Hutchings[/eluser]
Where do you keep the issues, this thread or on bitbucket ?
  • El Forum
    Guest
  •  
#34
12-20-2010, 01:22 AM

[eluser]missionsix[/eluser]
I prefer bitbucket because I can track them easier.
  • El Forum
    Guest
  •  
#35
12-20-2010, 04:20 AM

[eluser]jacobkball[/eluser]
I'd like to know how this authentication library stacks up against the best practice list of features over here:

http://stackoverflow.com/questions/34698...ry-is-best

Obviously, TankAuth is currently at the top of the pile, but it doesn't have any role-based structure as yet, and it's hard to tell if it's still being developed.

As per someone else's comment, I'd love for CodeIgniter to get its OWN authentication library, where we don't have to worry about making sure all the holes are patched, AND we won't have to worry about the developer finding something else to be interested in and leaving lots of people with nowhere to go.
  • El Forum
    Guest
  •  
#36
12-20-2010, 05:23 AM

[eluser]Phil Sturgeon[/eluser]
application/third_party/mauth/libraries/mauth.php needs to be Mauth.php or it will fail on case sensitive OS'.

Why are you using a hook AND an extended controller? The two do basically the same thing here and its adding lots of hidden code. You then also extend the Hook system?

This user library uses a LOT of extra code in many places and will be a headache to implement and a headache to work with for now.

It has some real potential but needs to be tidied up a little. Removing the Template library will probably cause less confusion in the long run too. Views should just be simple examples.
  • El Forum
    Guest
  •  
#37
12-20-2010, 05:25 AM

[eluser]Phil Sturgeon[/eluser]
[quote author="jacobkball" date="1292862043"]TankAuth is currently at the top of the pile, but it doesn't have any role-based structure as yet, and it's hard to tell if it's still being developed.[/quote]

I rate authentication libraries on how good they are at being authentication libraries. Authorization is something different, so write a authorization library. Smile
  • El Forum
    Guest
  •  
#38
12-20-2010, 06:17 AM

[eluser]jacobkball[/eluser]
I've added my votes to codeigniter.uservoice.com - thanks to the link from your site, Phil.

It's clear that a built in authentication library has by far the largest number of votes, so it will be interesting to see how this goes.

I would argue that authentication and authorisation are pretty closely related, and it would make sense to tackle both at the same time. If not, feel free to educate me Smile

At the end of the day, people want to be able to protect certain areas of their applications, and they want to allow certain people to do certain things, based on who they are (or what their role is).
  • El Forum
    Guest
  •  
#39
12-20-2010, 06:21 AM

[eluser]Phil Sturgeon[/eluser]
Quote:At the end of the day, people want to be able to protect certain areas of their applications, and they want to allow certain people to do certain things, based on who they are (or what their role is).

Sure but not too much of the application management should be done by something that basically says "this is a user, let them in or not".

In PyroCMS we use Ion Auth which only really handles authentication. It says "you are a user, you have an email, this is your name". That's all you really need from that (some would argue its still too much).

Obviously PyroCMS needs to manage what modules, pages, etc users can look at, but what does that have to do with the login system? Nothing!

Permissions is a whole extra module with a different database. It has nothing to do with Ion Auth and would be totally different from the next application I use Ion Auth for.
  • El Forum
    Guest
  •  
#40
12-20-2010, 06:56 AM

[eluser]jacobkball[/eluser]
Okay, I see where you're coming from, in that the authentication is separate from the permissions.

I'm not convinced that the permissions issues are totally different from project to project - sure, there's some unique things that pop up, but again, essentially, it's still going to be certain people allowed to do certain things, based on their role.

The fact that there's been so many attempts by various developers to do these two things speaks volumes for their need by the community. With these areas having such an impact on the overall security of an application, I think it's important to have solutions we can trust, and be confident that they'll be maintained / continued.




Theme © iAndrew 2016 - Forum software by © MyBB