Welcome Guest, Not a member yet? Register   Sign In
The best auth library
#11

And i wanna ask a more broad question (and it's defiantly a dumb one☻, and i sorry but i just have not had time to thoroughly study source code of those libraries) essentially i need a really simple, and thought about making a new one myself.

So my question is - is it safe way to keep information about user's status - make a new session after checking user login and password (of course with hash and salt) that contains id.
If there is not such a session - to just simple redirect user to ath form.
Is it enough? Or it's really necessary to implement a complicated algorithm with tokens and so on.

And what is the best way to keep information about last user's activity? just manually update DB user do something each time?
Reply
#12

(07-22-2017, 08:30 AM)glorsh66 Wrote: And i wanna ask a more broad question (and it's defiantly a dumb one☻, and i sorry but i just have not had time to thoroughly study source code of those libraries) essentially i need a really simple, and thought about  making a new one myself.

So my question is - is it safe way to keep information about user's status - make a new session after checking user login and password (of course with hash and salt) that contains id.
If there is not such a session - to just simple redirect  user to ath form.
Is it enough? Or it's really necessary to implement a complicated algorithm with tokens and so on.

And what is the best way to keep information about last user's activity? just manually update DB user do something each time?

Generally speaking, if you're not sure if something is safe, mostly safe, or secure, then you've got some reading to do. Nobody can give you a proper answer to your questions, because there is an unsafe way to do everything you've asked about. Let's be honest, even code that's got thousands of eyeballs on it, somebody can still find a vulnerability and compromise an account or your system. Happens to WordPress all the time, right?
Reply
#13

And what can you say about - tank_auth?
Reply
#14

I'm using DX AUTH (https://github.com/yoosuf/DX-Auth) It's compatible with CI 3. If you are using CI 4, it's easy to convert. All libraries or auth frameworks are same. Many features are never used Smile
Reply




Theme © iAndrew 2016 - Forum software by © MyBB