Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums External Resources Addins Community Auth: creating a new log in controller
Community Auth: creating a new log in controller
  • Offline jgalak
    Newbie
  • *
  • Posts: 4
    Threads: 3
    Joined: Oct 2017
    Reputation: 0
#1
11-11-2017, 06:27 PM

I'm trying to figure out Community Auth.  The example controller is working fine.  I've created a new controller (named Auth), which extends MY_Controller.  It has a login function, that's basically a clone of the one in the examples controller.  It has it's own views, which are similair to the example views (especially the actual log in view).  I changed routes.php so that 'LOGIN_PAGE' points at 'auth/login'.

But I get no results.  It doesn't authenticate, it doesn't reject.  Whether I put in valid credentials or not, it just takes me back to the login view.  The log doesn't seem to have anything useful.  Here's what it looks like:


Code:
DEBUG - 2017-11-12 01:23:57 --> UTF-8 Support Enabled
DEBUG - 2017-11-12 01:23:57 --> Global POST, GET and COOKIE data sanitized
DEBUG - 2017-11-12 01:23:57 --> Config file loaded: /home/jgalak/html/oscar2/application/third_party/community_auth/config/db_tables.php
DEBUG - 2017-11-12 01:23:57 --> Config file loaded: /home/jgalak/html/oscar2/application/third_party/community_auth/config/authentication.php
DEBUG - 2017-11-12 01:23:57 --> Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.
DEBUG - 2017-11-12 01:23:57 --> Encryption: Auto-configured driver 'openssl'.
DEBUG - 2017-11-12 01:23:57 -->
 string     = bad
 password   = password
 form_token = 79d6da2b
 token_jar  = ["5462e405","ce843e45","6ef58368","79d6da2b"]
DEBUG - 2017-11-12 01:23:57 -->
 URI STRING FROM LOGIN = auth/login
DEBUG - 2017-11-12 01:23:57 --> Total execution time: 0.0045
DEBUG - 2017-11-12 01:23:58 --> UTF-8 Support Enabled
DEBUG - 2017-11-12 01:23:58 --> Global POST, GET and COOKIE data sanitized
DEBUG - 2017-11-12 01:23:58 --> Config file loaded: /home/jgalak/html/oscar2/application/third_party/community_auth/config/db_tables.php
DEBUG - 2017-11-12 01:23:58 --> Config file loaded: /home/jgalak/html/oscar2/application/third_party/community_auth/config/authentication.php
DEBUG - 2017-11-12 01:23:58 --> Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.
DEBUG - 2017-11-12 01:23:58 --> Encryption: Auto-configured driver 'openssl'.
DEBUG - 2017-11-12 01:23:58 --> Total execution time: 0.0017


This is with deliberately bad credentials.  It looks like the data from the form is being picked up, but nothing is being done with it - it's neither rejected nor accepted.

When I use the example controller, everything works fine.

On a related note, I cannot, for the life of me, figure out where the log in page goes.  What code actually processes the login request?  It looks like a hook somewhere takes over execution, since when I look at the html generated by the example controller, it looks like it just goes back to the examples/login function, but that function clearly doesn't do the processing....

Help appreciated.
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#2
11-11-2017, 07:29 PM

I also have a website that uses auth/login. So you did say you took care of the route:

PHP Code:
$route[LOGIN_PAGE] = 'auth/login'


Then, in my Auth.php controller (note that this is customized):

PHP Code:
/**
 * This login method only serves to redirect a user to a 
 * location once they have successfully logged in. It does
 * not attempt to confirm that the user has permission to 
 * be on the page they are being redirected to.
 */
public function login()
{
    // Method should not be directly accessible
    if$this->uri->uri_string() == 'auth/login')
        show_404();

    ifstrtolower$_SERVER['REQUEST_METHOD'] ) == 'post' )
        $this->require_min_level(1);

    $this->setup_login_form();

    $data = [
        'doc_title' => ['post' => ' - Sign In'],
        'content'   => $this->load->view('auth/login_form'''TRUE)
    ];

    $this->load->view('templates/plain'$data);
}

// -------------------------------------------------------------- 

This is my login form (view):


PHP Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');

$max_chars_for_password config_item('max_chars_for_password') > 0
    ' maxlength="' config_item('max_chars_for_password') . '"'
    ''

$form form_open$login_url, [
    'class' => 'custom-form client-form'
]);

$form .= '
    <header>
        Sign In
    </header>
    <fieldset>
        <section>
            <label for="login_string" class="label">Username or Email</label>
            <label class="input"> <i class="icon-append fa fa-user"></i>
                <input type="text" name="login_string" id="login_string">
            </label>
        </section>
        <section>
            <label for="login_pass" class="label">Password</label>
            <label class="input"> <i class="icon-append fa fa-lock"></i>
                <input type="password" name="login_pass" id="login_pass" ' $max_chars_for_password '>
            </label>
            <div class="note">
                <a href="/account_recovery">Forgot password?</a>
            </div>
        </section>
    </fieldset>
    <footer>
        <button type="submit" class="btn btn-primary">
            Sign in
        </button>
    </footer>
 </form>';

if( ! isset( $on_hold_message ) )
{
    if( isset( $login_error_mesg ) )
    {
        $alert '
            <div class="alert alert-danger" role="alert">
              <strong>Login Error #' $this->authentication->login_errors_count ' of ' config_item('max_allowed_attempts') . '</strong>
            </div>
        ';
    }

    if( $this->input->get('logout') )
    {
        $alert '
            <div class="alert alert-success" role="alert">
              <strong>You are signed out.</strong>
            </div>
        ';
    }
}
else
{
    unset( $form );

    // ON HOLD MESSAGE
    $alert '
        <div class="alert alert-danger" role="alert">
          <strong>Excessive Login Attempts</strong><br /><br />
          Access locked for ' . ( (int) config_item('seconds_on_hold') / 60 ) . ' minutes.
        </div>
    ';
}

?>

<div class="container-fluid">
    <div class="row">
        <div class="col-xs-12 col-sm-9 col-md-5 col-lg-4 col-centered">
            <?php if( isset( $alert ) ) echo $alert?>
        </div>
    </div>

    <?php
        if( isset( $form ) )
        {
    ?>

    <div class="row">
        <div class="col-xs-12 col-sm-9 col-md-5 col-lg-4 col-centered">
            <div class="well no-padding">
                <?php echo $form?>
            </div>
        </div>
    </div>

    <?php        
        }
    ?>
</div>

<?php
/* End of file login_form.php */
/* Location: /views/auth/login_form.php */ 


So, how does it all work? When a login attempt is made to an allowed login URL, your login method in your Auth controller has this in it:


PHP Code:
$this->require_min_level(1); 

That calls the require_min_level() method that is in Auth_controller.php. If you look in that method, it's calling the user_status method of the Authentication.php library, and that library method checks for POST variables, and other stuff. If all is well and the user is authenticated, then the auth variables are set, and the user is redirected to where you specify. If the login attempt fails, the user is redirected back to the login page via _redirect_to_login_page().

With that, I think you should have enough info to get this going. Let me know if you have any other questions.
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply




Theme © iAndrew 2016 - Forum software by © MyBB