CL Auth [BETA] v0.2.5

[eluser]MCrittenden[/eluser]
Brilliant! Such a great feeling when it all comes together . Thanks for the info. I'll be sure and give you a testimonial when I finish up.

[eluser]FlashUK[/eluser]
Update: A working copy of the documentation is now online. The live version will get updated as I write more. A copy of the documentation will also be bundled with the next release.

I shall update my first post with this link too.

[eluser]michaelangela2008[/eluser]
Just a note for those of you upgrading to Firefox 3. I am a Firefox user but hit a problem after the upgrade. All of a sudden all of my authentication was having trouble and sporadically passing. it turns out that both of these user agents are being sent to the server as seen in the sessions table"

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9) Gecko/2008061004 Firefox/3.0

I previously had config set to match the useragent:

Code:

$config['sess_match_useragent']    = TRUE;

in config.php. Setting this to FALSE resolves this until the user agent string issue is cleared up. Just a note to others using this library. It's not an issue with CL Auth.

Michael

[eluser]Devon Lambert[/eluser]
Good job with the authentication library Flash. I thought it was hilarious that you released this library yesterday when I had just decided that I needed a better auth library. FAL was a little too much, and Redux fell short for my needs in other ways. This seems to be the perfect cup of tea so far.

I am especially a fan of the "remember me" feature, but I have yet to play with it. :-)

[eluser]MCrittenden[/eluser]
I'm curious as to why you chose to load views from the library rather than all of them being loaded from the controller. Just to keep things simpler?

Also, one recommendation: instead of loading cl_header.php and cl_footer.php in all of the views, maybe you could create a header and footer page in the config and then load those config items. That way, modifying the header and footer names would be a lot simpler.

Really, really great job. Especially for a first version. It's great to see the documentation coming along too.

[eluser]FlashUK[/eluser]
Thanks guys

@michaelangela2008:
I haven't migrated to Firefox3 yet so I haven't done any play testing yet, but this is interesting :O I shall have to install it and get a better understanding of whats the problem. Please follow michaelangela2008 advice and set your sess_match_useragent string to FALSE.

Also, I realised I called you michaelangelo2008 and not michaelangela2008 last time. Sorry about that ^_^

@dynce: Thanks dynce I originally made this library because I gave up on FAL too. FAL is full of great features but I found it very clucky (no offence to the FAL guys, they have put a lot of effort into it). Other libraries were just too simple and not secure enough for me.
The "remember me" option was very popular option that most people wanted (but FAL never integrated it), but I have tried to integrate it in a secure way which is inspired by phpBB3.

@MCrittenden: Thanks for your feedback. I coded the views into the library rather than into the controller to help stop duplicating code.

I thought people might find it more useful to call "login_form" and "register_form" if they want it in multiple places.
As for the header & footer... good observation. It never actually occurred to me to make it a config option, doing that would definitely make sense.

I think I made it that way because I assumed people would tweak the forms anyway. I will apply this to the next release and will reflect it in the documentation.
I'm not really that great with writing documentation so I might be a lil slow ^_^

[eluser]michaelangela2008[/eluser]
[quote author="FlashUK" date="1214369593"]@michaelangela2008:
Also, I realised I called you michaelangelo2008 and not michaelangela2008 last time. Sorry about that ^_^[/quote]

No worries.

I did have another issue but it seems it was related to a way that generating new sessions are done in Codeigniter. I was getting an apparently random dropped session, couldn't explain it or figure it out. I happened on this:

http://ellislab.com/forums/viewthread/80342/

and specifically this comment:

http://ellislab.com/forums/viewthread/80342/#418057

which led to mumrah's blog here:

http://mumrah.net/2008/06/codeigniter-session-id/

There is similar code in your CL_Session.php file so I modified it

So instead of

Code:

$new_sessid = '';
while (strlen($new_sessid) < 32)
{
  $new_sessid .= mt_rand(0, mt_getrandmax());
}
$new_sessid = md5(uniqid($new_sessid, TRUE));

it is now

Code:

$old_sessid = $this->userdata['session_id'];
$new_sessid = $this->userdata['session_id'];

I am still doing testing on this but it seems to have done the trick so far. I am new to Codeigniter and I haven't had to deal with sessions at this level before (previous PHP experience being with Drupal) so I can't say what exactly was happening or why.

The only thing I could only guess is that static files being loaded were somehow throwing off the current session. Only a guess and I have no way to prove it. :-) I've been doing logging, etc., but I haven't found anything conclusive. The session_id was being updated on every request though. I guess sometimes in the update it was losing the session and I ended up with a user_id of 0.

It doesn't seem like everyone has it so it might be a system configuration specific sort of thing and hopefully this will be the thing I need to get past this unusual issue.

[edit]
Yep that has so far done the trick. It's been pretty smooth sailing since.

Many thanks!

Michael

[eluser]FlashUK[/eluser]
@michaelangela2008

I have heard of people having this problem before. It only happens when the session cookie gets update but the cookie does not get updated with the new session_id.

It's worth doing some testing and see if the session updates your cookie when new info is set:

Code:

print_r($_COOKIE['ci_session']."<br />");
$this->cl_session->set_userdata('test', 'this is a test');
echo "<pre>";
print_r($this->db->queries);
echo "</pre>";

Paste this code anywhere in your controller, you should get an output that looks like this:

Code:

8fd2bedf464fd659af950862ba454bed

Array
(
    [0] => SELECT *
FROM (`ci_sessions`)
WHERE `session_id` = '8fd2bedf464fd659af950862ba454bed'
AND last_activity > 1214380964
AND `user_agent` = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'
    [1] => SELECT u.id, u.username, u.group_id  FROM users u, user_autologin k WHERE u.id = '1' AND k.user_id = u.id AND k.key_id = '8dbf8d91801d227b5e47b84b570419e6'
    [2] => UPDATE ci_sessions SET session_id = 'f476f5206feed83fddc75b6e2aac8ced', session_user_id = '0', last_activity = 1214388164, session_data = 'a:1:{s:4:\"test\";s:14:\"this is a test\";}' WHERE session_id = '8fd2bedf464fd659af950862ba454bed'
)

Check by looking at your data in your mysql table. But if it doesn't work, it would be interesting to know what browser and version your using.

I will however be adding this as a setting you can change in the session class to turn this feature off.

[eluser]Devon Lambert[/eluser]
No problem Flash,

Now if you really want my praise how about integrating your Auth library with the Vanilla Forum Engine.

The guys at FAL started this and I've been tinkering with it for days now. I think I am close to getting the whole thing running out of the box with a few more steps than them. Problem is that Mike (over at Lussomo) makes the whole thing seem a little easier than it actually is, atleast for me.

I can't for the life of me figure out how to get the system working such that I log in/out making use of your auth controller, and have the appropriate settings display themselves in the forums.

Any ideas? (Getting this fully working with any one auth library would probably bring in a significant user base for that auth library as a forum is a key part of ANY site/CMS AND Vanilla is one of the best open source options available.)

Dip into CI Tutorial
FAL-Vanilla Tutorial

Lussomo Wordpress-Vanilla Tutorial

[eluser]FlashUK[/eluser]
@dnyce
As much as I would love to help you I'm afraid I dont have the time to investigate this problem for you. By all means if any other members want to help you out, great! But I orginally created this library for my own purpose.
I have simply released this library to the community as my way of showing thanks and supporting codeigniter.

Sorry again, but if I had time I would. I suggest going through the posts you submitted and try convert it from FAL to CL Auth. I had a brief glimpse and it seems Vanilla allows you to map the db tables easily. Use the CL Auth documentation to help you.