• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CodeCritique? : auth built on Datamapper.

#1
[eluser]CI-Newb[/eluser]
Hello: For the majority of my projects I start with CI, Datamapper, Template & auth functions. I figured I would just create that base package and throw it on github, perhaps others might care to use it and regardless I would love to get some code critique feedback. If anything can be more efficient, best practices, etc.

link: GitHub DM-Auth
Current Functions :
Login
Logout
Password Reset (via link / token)

So if anyone has the time to take a look around at the above functions & provide some feed back / pull requests any help would be appreciated! I'll be updating this often Smile looking forward to some input Smile

#2
[eluser]skunkbad[/eluser]
I took a quick look, but don't have time to go further. I didn't find an SQL dump, so it was not possible to see the database structure.

One thing I noticed was there was very little being checked to see if somebody is logged in vs an imposter. Logging in is the easy part, but what you do to check if the user is logged in is not so easy to make secure. You ought to read through this:

http://stackoverflow.com/questions/549/t...entication

Consider each part of it, and take time to review your code against each point. It's not the Bible of authentication, but it brings up good points that need to be considered. Of course if you are not making sites for banks and sites with very sensitive data then it may not matter.

#3
[eluser]CI-Newb[/eluser]
Hey there Smile, The sql is on the github page (users_table.sql) so if you get time to check the database structure that'd be awesome, also if you end up having more time to give a look through the rest of the code that would be awesome. I've just updated it again with a basic view-profile controller, still updating but I've added and refined a bunch of code. Also the checking is done in the library *auth_controller*. It's called at the beginning of each controller where auth is required. I will take a look at the link you've provided and see how I can improve its functionality. I'll let you know how it turns out! Thanks for the link & input!

#4
[eluser]CI-Newb[/eluser]
also: is community auth yours?

#5
[eluser]skunkbad[/eluser]
[quote author="CI-Newb" date="1349546799"]also: is community auth yours?[/quote]

yes


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.