Redux Authentication 1.4a (24th July 2008)

[eluser]louis w[/eluser]
Oh ok.

Do you think 128 is not enough?

I do not have much experience with salts. Just trying to figure out why its to complex.

[eluser]Popcorn[/eluser]
Well, this is how it works.

The Auth libs has 2 salts, a file based on (This is stored in the auth config and is static.) and the other one is generated each time a user registers and this is stored within that users row.

Now, what happens when a user registers is that the auth lib hashes the password with a unique key (salt) from both the config and the database. The advantage to this is that if a hacker breaks into your website and steals your database. He is missing the other salt (auth config salt) so his attempts at brute forcing the passwords will be nill.

So, this 2 layer security and is more secure than just running your password once through the md5 function.

The other advantage is if 2 or more users sign up with the same password they will all up end with different hashes.

[eluser]louis w[/eluser]
Thanks for the insight. This looks like a great add on.

[eluser]coldKingdom[/eluser]
If i run this view file

Code:

$email = "coldKingdom";
    
if($this->auth->check_group($email) === 'Administratör')
    echo "Fungerar bra"; //Works alright
else
    echo "Fungerar inte alls"; //It's a no no :)

It return the second line that it didn't work, is it suppose to work this way or am I doing something wrong?

[eluser]Popcorn[/eluser]
Do you have a group column in your users table?

and

a group table configured with an id and title?

The group in the users table should match with the same id in the group table with the title : "Administratör".

Can you also provide a sample of your database layout and I'll try and figure this out.

Image of how it "should" work

http://img504.imageshack.us/img504/3875/29768517gu6.png

Many thanks.

[eluser]coldKingdom[/eluser]
No problem. Here is my table layouts, I did an export

Users table:

Code:

INSERT INTO tbl_user (id, username, password, email, firstname, ip, group) VALUES
(24, 'coldKingdom', 'ca44c9c9e5dfb0ac920dca3130878383507183de', 'coldKingdom', 'Andreas', 'you wish..hehe', '1');

Group table:

Code:

INSERT INTO `tbl_group` (`id`, `title`) VALUES
(1, 'Administratör'),
(2, 'Medlem'),
(3, 'Gäst'),
(4, 'Bannad');

The login is working fine.

Edit: Just noticed your picture, and it's the same as mine. As you can see above

[eluser]Popcorn[/eluser]
Yep, found the fix.

Open auth_model and replace the check_group with this code. Should work now. Sorry for the bug.

Code:

function check_group ( $email, $table, $left)
    {
        $this->db->select($table . '.title');
        $this->db->from($table);
        $this->db->join($left, $table .'.id = '.$left.'.group', 'left');
        $this->db->where($left .'.email', $email);
        
        $i = $this->db->get();
        
        return $i->row()->title;
    }

Will upload the new fix asap.

[eluser]coldKingdom[/eluser]
Working great, Thanks!

How you updated the zip file with the other features you have done today?

[eluser]Popcorn[/eluser]
Not yet. I'm going to do the request password and email activation before I release the next version.

Glad it's working now.

[eluser]Tom Glover[/eluser]
[quote author="Popcorn" date="1204162266"]Not yet. I'm going to do the request password and email activation before I release the next version.

Glad it's working now.[/quote]

:coolsmirk: How long do you reckon until the next release? Sounds like it could be good.