ErkanaAuth: A non-invasive user authentication library

[eluser]easylancer[/eluser]
Just thought i would post this, in the example on http://www.michaelwales.com/2007/10/erka...n-library/ there is a error. This line

if ($this->erkanaauth->try_login('username'=>$username, 'password'=>$password)) {

should be

if ($this->erkanaauth->try_login(array('username'=>$username, 'password'=>$password))) {

as it wouldn't run until i changed it. Thank you for this great library as i have been looking a authentication system and none of the others had the flexibility.

[eluser]Michael Wales[/eluser]
Yeah - I am aware of that error, I just haven't went back to change it just yet.

12v:
I like your changes - I'm going to give them a more thorough review, possibly clean up the code a bit - do you mind if I merge it into the next version of ErkanaAuth?

Everyone else:
How has ErkanaAuth helped in your application development? What would you change or where has ErkanaAuth given you issues that you needed to work around? I know the role system is lacking - it wasn't even going to be included to be honest - I'm definitely planning on focusing on this system a bit more in the future.

Future Plans:
Another library that can be loaded that will provide automatic generation of login/register/forgot password forms.
Methods to assist with user creation/registration and forgotten passwords.
Real documentation.

[eluser]12vunion[/eluser]
Please, go right ahead and use it. I'm using your code, I figured it only fair and in the spirit of things to contribute my code right back to you.

[eluser]easylancer[/eluser]
I have added in a forget password function into erkanaauth. This is as far as i got:

Code:

function forgot($condition = array(), $length)
    {        
        $this->CI->db->select($condition[0]);
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        if ($query->num_rows != 1) {
            return FALSE;
        } else {
            /*---------- Create a New Password ----------*/
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= rand( 1, 9 );
            }
            
            $data = array(
               'password' => $new
            );
            $this->CI->db->update('users', $data, $condition);
            
            mail($condition, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
    }

I can't seem to get the mail to work. The update function works but it won't email.

[eluser]Phil Sturgeon[/eluser]
[quote author="easylancer" date="1195150608"]I have added in a forget password function into erkanaauth. This is as far as i got:

Code:

//old code

I can't seem to get the mail to work. The update function works but it won't email.[/quote]

In responce to our IM conversation, here is the code I was talking about.

Code:

function forgot($condition = array(), $length)
    {        
        // Get the first and only key name in this array
        list($field)=array_keys($condition);
        
        // Use the key name to work out what to select
        $this->CI->db->select($field);

        // Use $condition[$field] to get the value
        $query = $this->CI->db->getwhere('users', $condition[$field], 1, 0);
        if ($query->num_rows != 1) {
            return FALSE;
        } else {
            /*---------- Create a New Password ----------*/
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= rand( 1, 9 );
            }
            
            $data = array(
               'password' => $new
            );

            $this->CI->db->update('users', $data, $condition);
            
            // The line below will be broken if its not an email you are sending it.
            mail($condition, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
    }

[eluser]easylancer[/eluser]
Here is the code fully working, Thanks to thepyromaniac for his time and help.

Code:

function forgot($condition = array(), $length)
    {    
        /*---------- Get Key and Value array ----------*/
        list($field) = array_keys($condition);
            
        $this->CI->db->select(array($field, 'email as definatly_email'));
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        if ($query->num_rows()) {
            
            $row = $query->row();
            
            /*---------- Create a New Password ----------*/
            $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
            $new = '';
            for( $i = 1; $i <= $length; $i++ )
            {
                $new .= $pattern{rand(0,35)};
            }
            
            $data = array(
               'password' => $new
            );
            $this->CI->db->update('users', $data, $condition);
            
            /*---------- Sends email to the user ----------*/
            mail($row->definatly_email, "New Password", "Your new password is: " . $new);
            return TRUE;
        }
        return FALSE;
    }

The code is flexible, but there had to be a limit on it as whatever the condition is that the user chooses that is what the member will get emailed by, so you wouldn't be able to use a field name like username if its not a email as it wouldn't be able to email by that. But you can make the email field whatever you want to call it so it could be called mailuser as long as it will have a email address in it.

The password field will have to be called password aswell, could add a extra variable and let the user input it themselves when they call the forgot function, but for speed i left that out.

To use the code just call

$this->erkanaauth->forgot(array('email'=>$email), 8);

The 8 is the lenght of the new password.

Added the Fixes from thepyromaniac post below.

[eluser]Phil Sturgeon[/eluser]

Code:

function forgot($condition = array(), $length)
    {    
        /*---------- Get Key and Value array ----------*/
        list($field) = array_keys($condition);
            
        $this->CI->db->select(array($field, 'email as definatly_email'));
        $query = $this->CI->db->getwhere('users', $condition, 1, 0);
        
        if ($query->num_rows())
        {
            $row = $query->row();

            $this->load->helper('string');
            
            $data = array(
               'password' => random_string('alnum', $length)
            );
            $this->CI->db->update('users', $data, $condition);
            
            /*---------- Sends email to the user ----------*/
            mail($row->definatly_email, "New Password", "Your new password is: " . $new);
            return TRUE;
        }

    return FALSE;
    }

There ya go, use username or whatever. The same "does it exist" check will grab you their email address for use when sending em mail.

I still dont reccomend this, hopefully its the developer that gets to chose how the forgot pass works, not the user.

"I forgot my account, my special data field is active and my special data value is 1... yea thats my account alright!" >.<

[eluser]Michael Wales[/eluser]
Great work easylancer - I hope this additions work out for you.

Unfortunately, I've been giving this particular issue quite a bit of thought and I am unsure as to whether a full-scale forgotten password implementation fits within the scope of ErkanaAuth. More than likely, what you will see, is a set of methods that will assist in creating your own forgotten password functionality.

My perfect forgotten password functionality works as so, therefore my methods will be assistants in creating this functionality:
1. User enters their username and email address in form.
2. Their account receives a unique key for a 24-hour period that permits them to visit a password change page, with that unique key, and change their password.

This prevents people from entering an email address and automatically changing someone's password. In addition, it gives the user the freedom to reassign their own password, rather than you giving them one, them coming back, and having to change it again. It's all taken care of in one step.

I'm not trying to knock your work on this easylancer. That's the beauty of ErkanaAuth - it's non-invasive, which means it can be utilized and extended to make your job as easy as possible. Unfortunately, it's not really what I am looking for in the library as a whole.

To be honest, I'm not sure if I'll ever add forgotten password functionality to Erkana. At first glance, it seems like an appropriate fit, but when you actually use and "feel" the style of Erkana you realize it still leaves you, the developer, in total control. I fear it would be difficult to implement forgotten password without stealing some of that control from the developer.

[eluser]sophistry[/eluser]
you definitely spelled definitely wrong.

[eluser]cosmik_roger[/eluser]
Hello, I got a problem that I can't resolve, so I ask for your help:
This library works fine with cookie, but with session, when executing the function try_session_login(), it seems that $this->CI->session->userdata('user_id') can't retrieve data.
I changed the name of the session and users table, but as it works fine with the try_login() function (i made an echo of $this->CI->session->userdata('user_id') and it is well created.
You can check Erkana library's file of my project here : http://robby.homelinux.net/jdllbeauvais/...naauth.php
and the controller here : http://robby.homelinux.net/jdllbeauvais/.../admin.php

thanks for your attention