Login

solidcodes · 08-21-2015, 04:50 AM

@Brian

I have my own User Authentication, but I use yours because it has clear documentation.
Anyway will continue to test all functionailities of this auth.

solidcodes · 08-21-2015, 05:04 AM

@Brian
Should I create register_form.php too?

skunkbad · 08-21-2015, 02:05 PM

(08-21-2015, 04:38 AM)solidcodes Wrote: Okay I just modified the codes,

Code:
private function _get_unused_id() { // Create a random user id //$random_unique_int = mt_rand(1200, 4294967295); $random_unique_int = mt_rand(); // Make sure the random user_id isn't already in use $query = $this->db->where('user_id', $random_unique_int) ->get_where(config_item('user_table')); if ($query->num_rows() > 0) { $query->free_result(); // If the random user_id is already in use, get a new number return $this->_get_unused_id(); } return $random_unique_int; }

It works now, but I'm not sure why brian did that.
Brian??? lol

It could be that the max value available to mt_rand is 2147483647 and not 4294967295

You might try changing the number there and see if it works. I'll have to investigate, but try that and let me know.

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

skunkbad · 08-21-2015, 02:07 PM

(08-21-2015, 05:04 AM)solidcodes Wrote: @Brian
Should I create register_form.php too?

CodeIgniter and Community Auth will not limit you in your ability to create a registration form, but that functionality has not been included in Community Auth because Community Auth is not trying to be your application. You be the dev!

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

***Narf*** · 08-21-2015, 02:11 PM

(08-21-2015, 02:05 PM)skunkbad Wrote:
(08-21-2015, 04:38 AM)solidcodes Wrote: Okay I just modified the codes,

Code:
private function _get_unused_id() { // Create a random user id //$random_unique_int = mt_rand(1200, 4294967295); $random_unique_int = mt_rand(); // Make sure the random user_id isn't already in use $query = $this->db->where('user_id', $random_unique_int) ->get_where(config_item('user_table')); if ($query->num_rows() > 0) { $query->free_result(); // If the random user_id is already in use, get a new number return $this->_get_unused_id(); } return $random_unique_int; }

It works now, but I'm not sure why brian did that.
Brian??? lol

It could be that the max value available to mt_rand is 2147483647 and not 4294967295

You might try changing the number there and see if it works. I'll have to investigate, but try that and let me know.

It is, no matter if you're on a 32 or 64-bit system. But either way - there's mt_getrandmax().

***Narf*** · 08-21-2015, 02:13 PM

Also, in that context - use UUIDs.
And mt_rand() isn't really random. Smile

solidcodes · 08-21-2015, 04:38 PM

@Narf
Copy that.

Is this a good UUID?
https://gist.github.com/dahnielson/508447

@Brian
Why randomize it?
Why not just let MySQL auto-increment it?

solidcodes · 08-21-2015, 07:08 PM

@Brian
I now installed Community-Auth under wiredesignz HMVC.
I will fix and tweak if I'll found a problem.

I'm not really satisfied with vanila MVC it feels like I'm inside planet earth only.
With HMVC it feels like I'm inside a Galaxy, lol ^__^
I will test everything now.

skunkbad · 08-21-2015, 09:23 PM

OK, I just updated the repo. I'm now using this:

PHP Code:
$random_unique_int = 2147483648 + mt_rand( -2147482447, 2147483647 ); 

This gives a semi random integer between 1200 and 4294967295, which was my original intention.

Please keep in mind that the examples controller is really just for simple examples. It's not meant to build off of. You may not want to randomize your user IDs, and perhaps instead auto increment them. You may also want to create blocks of user IDs for different user types. Whatever you decide to do, just keep in mind that because the user ID field in the database is int(10), you are limited to 4294967295 if UNSIGNED, and it is unsigned by default.

You may decide that randomizing the user IDs is beneficial for some reason. Although, as Narf points out, mt_rand is not so random, it's been random enough for me. I like the idea of having user IDs that are not auto incremented, because who is always admin? Yeah, #1, right? Another thing to consider is that if you have a user that has a ID that is 10101. They will probably assume that there is a user ID 10102. If you are randomizing IDs, the chances of a user guessing another user's ID is difficult. In the range of 1200 to 4294967295 is A LOT of numbers! Over 4 Billion.

I'm a firm believer that security through obscurity is not security at all, but it doesn't hurt to make things harder. Anyways, thanks for using Community Auth and providing feedback. These kinds of things will lead to a better Community Auth.

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

solidcodes · 08-21-2015, 10:04 PM

@Brian
I now understand it's for security purpose.
Thank you for your relentless replies...