benedmunds / codeigniter-ion-auth Goto Github PK
View Code? Open in Web Editor NEWSimple and Lightweight Auth System for CodeIgniter
Home Page: http://benedmunds.com/ion_auth/
License: MIT License
Simple and Lightweight Auth System for CodeIgniter
Home Page: http://benedmunds.com/ion_auth/
License: MIT License
Error appears when i'm trying use method update_user when data doesn't contain any meta fields. I investigate code and found problem in model.
usage:
$this->ion_auth->update_user((integer)$this->user->id, $data);
example:
if (!empty($this->columns))
{
// 'user_id' = $id
$this->db->where($this->meta_join, $id);
foreach ($this->columns as $field)
{
if (is_array($data) && isset($data[$field]))
{
$this->db->set($field, $data[$field]);
unset($data[$field]);
}
}
$this->db->update($this->tables['meta']);
}
if isset($data[$field])
is not true, $this->db->set($field, $data[$field]);
is not done, but $this->db->update($this->tables['meta']);
is done at the end... then error appears :)
Are there any drawbacks to setting a protected var for each item in the config file that way they could be changed on the fly with a set method of sorts ie:
set('site_title', 'My Awesome Site')?
This would solve some of the issues we have in PyroCMS. Maybe we can leave out the protected var part and just use a set() method to override the config items instead. From my travels in pyro, any attempts to override config items from outside ion_auth is a lost cause. The values i try to set outside the library are overridden when ion_auth initializes with the ones in the config file.
If your not apposed to this idea I can fork and "pull request or stfu"
Using a recent copy of the CodeIgniter 2.0 code with Ion Auth causes an error, "Unable to load the requested class: language". This is fixed by changing line 92 in libraries/Ion_auth.php to $this->ci->load->library('lang');. However, this fix is not backwards compatible and thus creates a catch-22. If you could detect whether CI2 is in use or not it would solve the problem.
I just wanted to give a bit of feedback to the great Ion Auth library. My Version is exactly one week old and downloaded from github. Codeigniter is v1.7.3
In your example controller you heavily use flashdata. So did i but in conjunction with database sessions.
When I updated a user and got a duplicate error, the new session data could not be stored in the database, because the transaction was not completed and so the flashdata message stayed empty. So here is the fix:
ion_auth_model.php
// After line 838, before return FALSE:
$this->db->trans_rollback();
I could be wrong and I apologize in advance if I'm wasting your time.
The statement :
$where =& func_get_args();
inside this function might always return empty array since the function definition of function calling it has no arguments itself:
public function extra_where()
{
...
$where =& func_get_args();
...
}
Anyways, I found this issue when trying to test the 'activate' function in ion_auth_model.php.
Having said that, I wonder if the definition for the extra_where function should be something like this:
public function extra_where($args)
{
...
where $args contains the array returned by func_get_args(); of the function calling it.
The data type for the created_on and last_login fields are incorrect. As a result, when you create a new user or login, the fields does not get updated.
The datatype should be INT or something else instead of the mediumint.
See (http://dev.mysql.com/doc/refman/5.1/en/numeric-types.html).
mediumint(11): 11 is not the number of digits you can save in the field. 11 is number of digits that will be displayed. so having mediumint(2) or mediumint(8) or mediumint(11) does not make any difference to the storage capacity.
//from mysql install
created_on
mediumint(11) unsigned NOT NULL,
last_login
mediumint(11) unsigned NOT NULL,
active
int(1) unsigned DEFAULT NULL,
//should be changed to:
created_on
int unsigned NOT NULL,
last_login
int unsigned NOT NULL,
active
tinyint unsigned DEFAULT NULL,
See the lines: 124-132.
/**
* Should the salt be stored in the database
**/
$config['store_salt'] = false;
/**
* Should the salt be stored in the database
**/
$config['store_salt'] = true;
Hi, I'm a noob on object oriented php and CI so I decided to try this one to get me started.
I'm trying CodeIgniter_1.7.2 with benedmunds-CodeIgniter-Ion-Auth-b15a45f.zip
CI install went fine, did the DB stuff and copied Ion-Auth files to respective directorys.
Now when I try: http://mytestserver/codeigniter/index.php/auth/login
I get: An Error Was Encountered
Unable to load the requested file: auth/login.php
Any clues of where I got it wrong?
Permissions seems fine.
The identity_check doesn't consider the extra_where-clause.
I get unknown column group
in field set
when I pass array("group" => "group_name") in to update user.
Didn't know if I was going about changing the group of a user wrong?
It's not possible to update user's "group_id" with update_user() function. update_user() function only checks for "username", "password" and "email" but not "group_id". Is there any way to update user's "group_id" with ion_auth?
$this->ion_auth->update_user(1, array('group_id' => 3)); is not working.
Install doesn't mention need for url helper.
url helper is needed for the redirect() function.
get_user_by_email method in Ion_auth_model doesn't work since email is not passed to method get_users_by_email. Solution would be to add $email to function call.
before :
public function get_user_by_email($email)
{
$this->db->limit(1);
return $this->get_users_by_email();
}
after :
public function get_user_by_email($email)
{
$this->db->limit(1);
return $this->get_users_by_email($email);
}
I've recently downloaded Ion Auth and found it to do a great job with the Authorization aspect, but it has very minimal ACL capabilities. The Group functionality should be more robust, allowing for any user to be part of more than one group. Additionally, if Ion Auth is to be a truly robust Auth/ACL solution, there needs to be a full-scale ACL implementation included within it. Something that allows for ACLs to be tied to Groups and then configured individually for each user.
For example:
User:
Joe Cool
Groups:
PHP Coders
Java Coders
ACLs:
PHP Coders -> Read Access to Code Repo
Java Coders -> Read Access to Code Repo, Edit Access to Forum Postings
If Ion Auth had this capability, it would be the schnizzle.
Only a tiny one - I noticed that the table 'meta' has a user_id column of type int(10) which doesn't match the 'users' table's id column mediumint(8). Not a problem unless you're using InnoDB and setting up foreign keys, in which case it'll fail.
Same for users.group_id mediumint(8) vs groups.id tinyint(3).
Hi
I seem to be having some issues when I've 'remembered' a user and left the application to timeout the session. When I reload an authed page, I get a database error on line 838 of ion_auth_model in the update_last_login function.
I think that the following is happening:
This is the point of failure - var_dump($this->ion_auth) returns NULL here. Maybe this is because the ion_auth library is still building the instance at this point via __construct(), so it's not been initialized?
Anyway, I've fixed it temporarily by commenting out line 888 of ion_auth_model: $this->update_last_login($user->id);
The documentation doesn't mention the need to autoload the 'database' helper. Many times this is already setup, but you may want to specifically mention it in your README.
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, groups.description AS group_description, meta.first_name, meta.last_name,' at line 1
SELECT users.*, groups.name AS group, groups.description AS group_description, meta.first_name, meta.last_name, meta.company, meta.phone FROM (users) LEFT JOIN meta ON users.id = meta.user_id LEFT JOIN groups ON users.group_id = groups.id ORDER BY users.created_on desc LIMIT 10
Filename: /Users/slav/Sites/cads/models/ion_auth_model.php
Line Number: 659
It's the same problems as before...
$this->db->select(array(
$this->tables['users'].'.*',
$this->tables['groups'].'.name AS '. $this->db->protect_identifiers('group'),
$this->tables['groups'].'.description AS '. $this->db->protect_identifiers('group_description')
));
This generates SELECT users . * , groups.name AS group ,
Should be:
SELECT users . * , groups.name AS group
function protect_identifiers is for part before AS
I modified my own version of Ion-Auth (great product btw *:thumbs_up:*) and thought I might suggest it here to see if it is useful to you, or if I am doing something tremendously wrong. :)
I was thinking that perhaps the users_meta table might be better served with only four columns :
- id(same as current)
- user_id
- property(blob/text)
- value(blob/text)
This would allow me (or other developers) to add/remove meta data from the database without having to always re-configure the ion_auth config to specify which columns were in use.
Example
id : 1
user_id : 1
property : First Name
value : Ben
id : 2
user_id : 1
property : Last Name
value : Edmunds
If wanted I can provide my horribly mangled code changes that made this work for me but be warned : in my 11/12 years of coding with php/mysql I can never get my head around a proper "JOIN" syntax so I don't use that. I write a separate query to grab the meta data.
Anyway, just a suggestion...Or if someone could point out the problem with this method that I am overlooking (which is very possible) that would be awesome as well.
This block makes five queries
$this->session->set_userdata($this->identity_column, $user->{$this->identity_column});
$this->session->set_userdata('id', $user->id); //kept for backwards compatibility
$this->session->set_userdata('user_id', $user->id); //everyone likes to overwrite id so we'll use user_id
$this->session->set_userdata('group_id', $user->group_id);
$group_row = $this->db->select('name')->where('id', $user->group_id)->get($this->tables['groups'])->row();
$this->session->set_userdata('group', $group_row->name);
that can be accomplished with one like so
$group_row = $this->db->select('name')->where('id', $user->group_id)->get($this->tables['groups'])->row();
$sessiondata = array(
$this->identity_column => $user->{$this->identity_column},
'id' => $user->id, //kept for backwards compatibility
'user_id' => $user->id, //everyone likes to overwrite id so we'll use user_id
'group_id' => $user->group_id,
'group' => $group_row->name
);
$this->session->set_userdata($sessiondata);
The error fails loading of the auth.php example controller.
Line 65:
$this->load->helper('cookie');
should be:
$this->ci->load->helper('cookie');
On the file: libraries/Ion_auth.php on line 210, the code reads:
$this->set_error('forgot_password_successful');
but it should probably say:
$this->set_message('forgot_password_successful');
Since it's a success message.
I have moded quite a bit of Ion Auth, and my build isn't your most recent... but I believe this is a bug:
The change_password function changes the password fine, but it doesn't account for if you have:
$config['store_salt'] = true;
It doesn't use the stored salt, then the login is broken as the login checks against a password using the stored salt.
Hi,
In my opinion, the columns salt and password of table "users" should be char(40) as they have constant length. Column "active" should be "tinyint", an int is way too big. The number between parenthesis in int(1) just indicates on how many characters (or numbers) an index should concider. Finally you should add an index on (username, password) columns for faster DB lookup.
I know it's just small optimisations. Sorry to open an "issue" just for that.
Jordan
I've noticed that, in my own development project, sometimes I need email activation to be enabled and sometimes not. For example, when a user is created through the website, the activation email should be sent. But when the admin is creating a user, he doesn't necessarily need the email to be sent. Is it possible to make this option both configurable as default and while calling the function E.G.:
[code]
public function register($username, $password, $email, $additional_data, $group_name = false, $email_activation = $this->ci->config->item('message_start_delimiter', 'ion_auth'))
{
//...
}
[/code]
Thanks!
I saw that in the model you have it set to be CI2.0 compatible, you forgot the Controller tho.
Just add this above where you start the function (just below <?php for all others who do not know what I am talking about by function).
if(!class_exists('Controller')) { class Controller extends CI_Controller {} }
Cheers!
there is a missing '.' in the 412 line in model/ion_auth_model.php, could you fix this please.
Auth config items are currently interspersed in the global config - they should be in their own array i.e. CI_Config_Object / Config / ion_auth so as to avoid overwriting other potentially global config elements with the same name.
It was all working fine, and sending both emails only I have stored_salt = TRUE so after reseting password I was unable to login.
I added $profile->salt to libraries/ion_auth.php
$new_password = $this->ci->ion_auth_model->forgotten_password_complete($code, $profile->salt);
And processed it correctly in models/ion_auth_model.php
public function forgotten_password_complete($code, $salt=FALSE)
'password' => $this->hash_password($password, $salt),
Seemed to be quick fix.
It would be great to add a parameter into get_users() function allowing define an "order by" statement. It's useful when you want to list a users table.
Yeah, as the title says, there's a problem when you have numbers in your usernames/passwords.
Fix, pl0x?
I love Ion Auth except for the fact that it uses single iteration sha1 hashing when stores passwords.
Why single MD5, SHA1, SHA256, SHA512, SHA-3 hashing is bad?:
2)Salts Will Not Help You - It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed.
3)SHA-1 is being retired for most government uses; the U.S. National Institute of Standards and Technology says, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010".
What to do?
Use bcrypt. Actually - use php's bcrypt implementation - crypt function (there are several different
options - best ones would be crypt_sha256, crypt_sha512 or crypt_blowfish). Imho -i'd go for crypt_sha512.
Why is it better?
Because it introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.
How to add it to Ion Auth? Easy.(read php crypt function manual first)
Instead of sha1 functions use something like here:
[code]return crypt(string $password, string $salt);[/code]
where $salt variable has to be in the following format (thanks php):
[code] $id$rounds=number$actualsalt[/code]
where:
[b]id[/b] - type of hashing (1 - for md5, 2a for blowfish, 6 for sha512 etc)
[b]rounds[/b] - CPU load, number of iterations. The higher the number - the higher CPU requirements. that's what makes it really hard to break. can be any number from 1000 to 999,999,999. Default 5000
[b]$actualsalt[/b] -obviously 16 characters salt
So - for example:
[code]return crypt($password, '$6$rounds=6000$'.$salt.'$');[/code]
You can use phpmyadmin again to add a 1-st user:
[b]username[/b]: any
[b]password[/b]: password
[b]salt [/b](16 chars): aaaaaaaaaaaaaaaa
[b]hash [/b](if 6000 iterations and crypt_sha512): $6$rounds=6000$aaaaaaaaaaaaaaaa$DIu5Q9s6kgfnxcDQPZZ/Xt6T5gar0eBbZShHRWp.aHbBO5nskNc2U1I6YX5aJD6GnKh43i/9EVxV2L5.jrQsw0
Yeas - that entire thing is a hash starting from
I like Ion Auth more than any library out there for CI and I think that this should be addedd to it instead of default sha1 mechanism
Hope this helps.
Hello there,
I contacted you through email because the "forgotten password" functionality was not working for me. I found what the problem was, duplicate email entries in the database. One would say that when I am changing the identity to username rather than email, I wouldn't need the register function to check for duplicate emails. But since the existance of duplicate emails renders the forgotten_password function useless, I recommend the following three ways, with the code for each one (please note that I am a PHP-CodeIgniter beginner, and this is my first ever paid project, so you may want to further check my pieces of code to see if they meet your standards, but I hope they help as much as I have wanted them to):
Add a duplicate_emails to the configuration file, which asks the programmer whether duplicate emails are allowed. And then, add this to the end of the __construct() function of Ion_auth_model:
$this->duplicate_emails = $this->config->item('duplicate_emails', 'ion_auth');
Then, in the register function in the same file, change the if statement to:
if (($this->identity_column == 'email' || $this->duplicate_emails == true) && $this->email_check($email))
You can also forget completely about duplicate emails and such, and make the forgotten_password based on the identity set in the configuration file. So, in the forgotten_password() function in the model, change the update command to:
$this->db->update($this->tables['users'], array('forgotten_password_code' => $key), array($this->identity_column => $email));
Of course, then you should change $email in the list of arguments to $identity to make it more readable.
Thank you for this awesome project. You're my hero. smiles
Library function forgot_password assumes 'email' for identity.
Fixed with these mods:
// Get user information
$user = $this->get_user_by_email($email);
$data = array('identity' => $user->{$this->ci->config->item('identity')},
'forgotten_password_code' => $user->forgotten_password_code
);
...and a few lines later...
$this->ci->email->to($user->email);
There is no way to know that you have already made an entry with an existing email address. It just pops the form back up and you just have to try again.
Is the ip_address field merely a placeholder? Ion Auth does not seem to update it automatically during authorization.
I am not using the normal mail function to send email, nor am I using sendmail. I am using an SMTP server for testing, and now I have to paste the configuration code for the SMTP server, username, password, and etc before every $this->email->initialize(). Is it possible to use the configuration in the email.php file for sending emails throughout ion_auth?
An Error Was Encountered
Unable to load the requested language file: language/english/ion_auth_lang.php
Hello,
After i try to use get_newest_users i get this error :(
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, groups.description AS group_description, meta.first_name, meta.last_name,' at line 1
SELECT users.*, groups.name AS group, groups.description AS group_description, meta.first_name, meta.last_name, meta.company, meta.phone FROM (users) LEFT JOIN meta ON users.id = meta.user_id LEFT JOIN groups ON users.group_id = groups.id ORDER BY users.created_on desc
Hey Ben,
Just wondering if you have an SQL schema for Ion Auth V2, or a proposed structure?
As I was hoping to test out the V2 framework thus far and try and weed out any bugs.
When I update only group_id and no columns from metatable, there happened to be a problem that model tries update first the metatable, even though there's no column to update. This results in fail of UPDATE command. Fix:
ion_auth_model.php -> originally line 817:
instead of:
if (!empty($this->columns))
{
// 'user_id' = $id
$this->db->where($this->meta_join, $id);
foreach ($this->columns as $field)
{
if (is_array($data) && isset($data[$field]))
{
$this->db->set($field, $data[$field]);
unset($data[$field]);
}
}
$this->db->update($this->tables['meta']);
}
i put there this and it works:
if (!empty($this->columns))
{
// 'user_id' = $id
$col_count = 0;
foreach ($this->columns as $field)
{
if (is_array($data) && isset($data[$field]))
{
$col_count++;
$this->db->set($field, $data[$field]);
unset($data[$field]);
}
}
if ($col_count > 0)
{
$this->db->where($this->meta_join, $id);
$this->db->update($this->tables['meta']);
}
}
Hope this helps. Thanks for the library!
Not sure if this is an issue with my code, but it at least begs some looking into:
sessions
SET last_activity
= '1269400780', user_data
=Any way to override this manually, or call it manually (i.e. so I can implement a session update after my template wrapper has done it's work) ?
On the file: libraries/Ion_auth.php on line 265, the code reads:
$this->set_error('password_change_successful');
but it should probably say:
$this->set_message('password_change_successful');
Since it's a success message.
The problem happens when you try to register a new user. It causes an error when inserting data to metatable in case you don't provide all the values in $additional_data. Ion_auth_model tries to fetch those missing data from $this->input->post() (line 554 in ion_auth_model.php) and when it's missing, it tries to insert 0 (zero). But it can be incorrect value in some cases for DB (for example enum type with allowed NULL).
The solution is to check also if the parameter appears in POST array. My fix (works for me) is here:
line 552, instead:
else
{
$data[$input] = $this->input->post($input);
}
I use:
elseif($this->input->post($input))
{
$data[$input] = $this->input->post($input);
}
Hope this helps.
In the example controller there is the following call:
elseif( !$this->ion_auth->is_auth() )
and is_auth() does not appear to be defined in library/ion_auth.php
Example out of sync with library perhaps?
Bad form to use strlen() to determine if a user id or activation code is being passed to profile.
Passing a bogus code to forgotten_password_complete errors out:
A PHP Error was encountered
Severity: Notice
Message: Trying to get property of non-object
Maybe I just can't figure it out or something but I am working with pagination to show 15 users per page but i need to be able to pass a $limit and $offset variable and i can't figure out how to modify the library/model to let me. Any thoughts?
I use to retrieve a list of users from another table I have in my database so basically i just need something like this, but I need to be able to retrieve all the data from the meta field as well so I can't just change the name and table name..
function list_beta($limit, $offset) {
$this->db->limit($limit, $offset);
$query = $this->db->get('beta_users');
return $query->result();
}
I received a database syntax error when calling get_user() or get_user_array() when logged in. Fix seems pretty safe (and sane):
In ion_auth_model.php, changed line 621, function get_users() from:
$this->tables['groups'].'.name AS group',
to:
$this->tables['groups'].'.name AS ' . $this->db->protect_identifiers('group'),
and the same modification on line 402, function profile().
Works great for me now, not sure if my configuration is somehow strange.
Need to enforce that the salt length is >= the minimum password length
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.