Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Upgrading from 2.2.x - tank_auth
Upgrading from 2.2.x - tank_auth
  • Offline tunesmith
    Newbie
  • *
  • Posts: 1
    Threads: 1
    Joined: Apr 2020
    Reputation: 0
#1
04-23-2020, 01:46 PM

Hi all,

I've recently resurrected an old side project due to covid boredom. I made significant progress on it years ago and then forgot about it for a while. At the time it was on CI 1.7.2.

Over the last couple of weeks, I've successfully upgraded it to CI 2.1.4 (three rounds of lib upgrades so far), and with the move to a new server that has php-mcrypt, I'll be able to upgrade it to CI 2.2.x in the next couple of days.

After that I'm a bit at a loss because I've been using tank_auth for users, and it doesn't look like that is compatible with CI 3.x. 

Does anyone have any advice on what I should do next, particularly regarding authentication? I'm not sure of the effects of upgrading to either CI 3.x or 4.x, but I'd hate to make my users have to all generate new passwords. Does anyone have experience moving from tank_auth to something else?

Thanks!
Reply
  • Offline ncpv
    Newbie
  • *
  • Posts: 3
    Threads: 2
    Joined: Mar 2015
    Reputation: 0
#2
04-27-2020, 05:47 PM

Quote:Does anyone have experience moving from tank_auth to something else?

Take a look at IonAuth. It supports bcrypt and Argon2 - modern and secure hashes suitable for hashing passwords.

You will need to migrate user data from Tank Auth to Ion Auth database table.

For columns containing data like name, e-mail, phone, etc it should not be a problem - it can be copied.

As to how to avoid users recreating passwords: If the password hashing algorithm is different between the systems, it can not be simply copied. You need to decide which algorithm you are going to use: Bcrypt or Argon2 (assuming you decide to go with IonAuth). Then you will need to add code to the existing authentication system that will be called on successful login that will take the user password, hash it with the new algorithm and store the hash to the user table for Ion Auth.

When all users of your system (or majority) login successfuly, your database table for the new authentication system will be populated with new hashes and you can switch to the new system. Those users that did not login during migration time will have to recreate the passwords.

In this way the authentication system can be migrated transparently for users.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB