Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming cookie login help
cookie login help
  • El Forum
    Guest
  •  
#1
05-25-2012, 09:17 AM

[eluser]UnknownPlayer[/eluser]
Hi,
i need help with login cookie, what should i do to set cookie but to be secure(hash i think) ?
Should i set email and password_hash in cookie, and then to check every time page loads, in db or other solution ?
  • El Forum
    Guest
  •  
#2
05-25-2012, 09:23 AM

[eluser]weboap[/eluser]
use sessions : http://ellislab.com/codeigniter/user-gui...sions.html

don't forget to set
Code:
$config['encryption_key'] = 'some_random_key';


$config['sess_cookie_name']  = 'ci_session';
$config['sess_expiration']  = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name']  = 'sessions';
$config['sess_match_ip']  = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;

  • El Forum
    Guest
  •  
#3
05-25-2012, 09:27 AM

[eluser]UnknownPlayer[/eluser]
I use session for login, but when exit browser i need to login again, so with this settings it will work ?
And what should i set in session, user_id, is that good ?
  • El Forum
    Guest
  •  
#4
05-25-2012, 09:59 AM

[eluser]weboap[/eluser]
i see you are actually looking for a way to implement a remember me mechanism.
try this.
https://github.com/joeauty/RememberMe-CodeIgniter-Spark
  • El Forum
    Guest
  •  
#5
05-25-2012, 10:07 AM

[eluser]UnknownPlayer[/eluser]
This is what i need, i will check if i could make this work, if not i will ask.
Thank you.
  • El Forum
    Guest
  •  
#6
05-25-2012, 10:43 AM

[eluser]UnknownPlayer[/eluser]
I need help with this library Sad
I made checkbox with name="remember", and now login function is:

Code:
function login() {
        if ($this->check_login()) redirect('user/profil');
        if ($this->input->post('remember')) $this->rememberme->setCookie($this->input->post('remember')); // this is from remember library
        $data['title'] = "Login Page";

        $this->form_validation->set_error_delimiters('<p>','</p>');

        $this->form_validation->set_rules('username', 'Username', 'trim|required|alpha_numeric|min_length[3]|xss_clean|strtolower');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|alpha_numeric|min_length[3]|xss_clean');

        if ($this->form_validation->run() == FALSE) {
            $data['main_content'] = 'pages/login';
            $this->load->view('template', $data);
        } else {
            $cookie_user = $this->rememberme->verifyCookie(); // this is from remember library too (don't know if this need to be here ?)
            $username = $this->input->post('username');
            $password = $this->input->post('password');

            $user = $this->User_model->check_user($username, $password);

            if ($user->user_id) {
                $login_data = array(
                                'user_id'   =>  $user->user_id,
                                'logged_in' =>  TRUE
                                );
                $this->session->set_userdata($login_data);
                if ($this->ref_url('get')) redirect($this->ref_url('get'));
                redirect('user');

            } else {
                $this->session->set_flashdata('login_error', TRUE);
                redirect('user/login');
            }

        }
    }

Now i dont know if this code is correct, i mean this 2 new lines.

And where i should put:
Code:
if ($cookie_user) {
    // find user id of cookie_user stored in application database
    $user = User::findUser($cookie_user);
    // set session if necessary
    if (!$this->session->userdata('user_id')) {
        $this->session->set_userdata('user_id', $user);
    }
    $this->user = $user;
}
else if ($this->session->userdata('user_id')) {
    $this->user = $this->session->userdata('user_id');
}

?

Thanks
  • El Forum
    Guest
  •  
#7
05-26-2012, 07:24 AM

[eluser]besson3c[/eluser]
Hi,

I'm the author of the RememberMe spark.

I think there are a few concepts here you aren't grasping, allow me to try to help...

RememberMe stores information about the cookie you set with the remember me checkbox in your login form to a localhost database. $cookie_user = $this->rememberme->verifyCookie() is designed to verify that a cookie has been set for that user by consulting the database. Check out the code for verifyCookie here, if you wish:

https://github.com/joeauty/RememberMe-Co...mberme.php


The example code (the code you have quoted when you ask "where should I put") for verifying the cookie should go in your core controller if you want to setup your entire application to require authentication for access, or within the individual controllers that require authentication. $this->rememberme->verifyCookie() is your gatekeeper to ensure that authentication has been made. It returns false if the user is not authenticated, and returns the user's username they used to authenticate as if authentication was successful. Use it as a means of access control.

$this->rememberme->setCookie() is for saving record of successful authentication to the database. It should go after you have done whatever checks are necessary in your application to ensure that the user *should* have access to your application.

Make sense?
  • El Forum
    Guest
  •  
#8
05-26-2012, 07:43 AM

[eluser]UnknownPlayer[/eluser]
I need little more help please.
I got this:
Code:
if ($user->user_id) { // if get user from db
                $remember = $this->input->post('remember');
                if ($remember) $this->rememberme->setCookie($remember); // check if remember checkbox is checked and setCookie
                $login_data = array(
                                'user_id'   =>  $user->user_id,
                                'logged_in' =>  TRUE
                                );
                $this->session->set_userdata($login_data);
                if ($this->ref_url('get')) redirect($this->ref_url('get'));
                redirect('user');

            } else {
                $this->session->set_flashdata('login_error', TRUE);
                redirect('user/login');
            }
Now when i restart browser, i still have "rmtoken_localhost" cookie, but i dont have "ci_session", where are stored user_id and logged_in state ?
Where i need to put verifyCookie ?

Btw i use this function to check login:
Code:
function check_login() {
        if ($this->session->userdata('logged_in')) {
            return TRUE;
        } else return FALSE;
    }
  • El Forum
    Guest
  •  
#9
05-26-2012, 08:15 AM

[eluser]besson3c[/eluser]
Hi UnknownPlayer,

When somebody logs in you are initiating a session variable tracking their login, as you should be, but the whole purpose of the RememberMe spark is that it doesn't require a user logging in each time they access the site within a new browser session. Therefore, you need something to $this->rememberme->verifyCookie() to check to see if the cookie has been recorded to the ci_cookies database table (which I'm assuming you have created, as per the instructions in the README)?

Therefore, I would revise your check_login function accordingly:

Code:
function check_login() {
        if ($this->rememberme->verifyCookie()) {
            // for users that have logged in with the "remember" checkbox checked
            return TRUE;
        } else if ($this->session->userdata('logged_in')) {
            // for users that did not login with the "remember" checkbox checked
            return TRUE;
        } else return FALSE;
    }

This check_login() function now handles access control perfectly. Call it whenever, or put this code in your core controller if you want it automatically called on every page load.

If you've set your CodeIgniter config as suggested by the README:

Code:
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';

Specifically the $config['sess_use_database'] = true, You'll also need to have created the ci_sessions table. This is a CodeIgniter thing, not a RememberMe Spark thing. See the section here entitled "Saving Session Data to a Database" for creating the ci_sessions table:

http://ellislab.com/codeigniter/user-gui...sions.html

If you do not have a ci_sessions cookie it might be because CodeIgniter is unable to write to this table. Check to see if entries are being saved to this table when you save CodeIgniter session information.


What the RememberMe Spark does is saves a record of the cookies set by the browser, and when you invoke $this->rememberme->verifyCookie(), compares what is saved into your browser to what is recorded in the database table. What is recorded in your browser, after all, can be tampered with. If your browser's cookie matches the cookie signature in the database, sessions are allowed to be retained across browser sessions, virtually forever. The reason why we can set $config['sess_expire_on_close'] = TRUE is because sessions are now being tracked by the Spark, and not the CodeIgniter session class. However, the Spark depends on the CodeIgniter session class for proper operation, so you'll need to ensure that it is working as it should too.

Does this help?
  • El Forum
    Guest
  •  
#10
05-26-2012, 10:00 AM

[eluser]UnknownPlayer[/eluser]
Again problem Sad




Theme © iAndrew 2016 - Forum software by © MyBB