Hi folks,

I’d like to introduce a new authentication library for CI, based on DX Auth.

The original DX Auth is pretty good, althouth it’s not as convenient to use as it could be. Also it has some leaks in security, what is proved by this test:  What Code Igniter authentication library is best?. Those were the reasons to make it better.

There are some keypoints of the new lib:

  * Very compact (less than 20 files and 4 DB-tables)
  * Using phpass library for password hashing (instead of unsafe md5).
  * Login using username, email address or both (depending on config settings).
  * Registration is instant or after activation by email (optional).
  * Forgot password (letting users pick a new password upon reactivation).
  * Change password or email for registered users.
  * CAPTCHA support (native and reCAPTCHA are available).

and many more…

Here is the link to detailed descripton with installation guide.

And this is a link to the zip-file.

First: thanks a bunch for sharing… I definitely appreciate the effort and I"m excited to check Tank Auth out!

So, I feel a little guilty to have to make a somewhat negative comment right of the bat, especially considering that it might seem trivial to some but… If this is based on DX Auth, it’s too bad you went out of your way to replace the well structured Standard compliant markup in the views with some not so well coded table based HTML, with inline styles…

But I don’t want to just criticize, so if you’d like me to help with that part, I’d be more than happy to redo the HTML/CSS in the views for you. Just shoot me an email if you’re interested.

one of the few things i would add to this is a kickass access system, especially one that could work on a CMS for instance where the pages are stored in the DB and you might want to lock certain people out of certain pages.

minimal design, thank you for the time you’ve spent on Tank Auth. This is my first experience of writing an open library, and I appreciate any comments on it.

What about removing some parts of HTML code from views… Well, I think that the authorization library cannot be used separately, standing alone on a web-server just for user authentication. It should be a part of some project, like social net, blogging platform or something else. So you’ll have to integrate it into code of your web-project and make a proper HTML-layout for every form or warning message—to make it look native for your site. I think that when view-files contain only necessary code then this integration will be much more easier. You won’t need to look through dumps of redundant HTML-tags and remove them because they don’t fit your site’s style. You have just to add your own layout (and maybe modify existing code a little bit).

That’s why I removed almost everything from views.

On the other side, email templates contain correct HTML-layout (including DOCTYPE), because it’s the part that likely won’t be modified according to the style of your site.

I’m thinking about checking this out since it sounds very promising. One thing that always holds me back from using someone elses auth system is the complications with adding new fields to a user. How hard would it be for me to add say, a field called “hometown” and something like “eye color”. See where I’m going with this? If this won’t be too hard, I’m all up for giving it a run…

Hi Iverson,

Adding new fields to a user is very easy. In fact I can do it for you. Take a look, there is an old user_profile table structure (from database schema at schema.sql file):

To add a couple of new fields (“hometown” and “eye_color”) you need to replace it with this table:

And that’s all! When user is registered a new record in this table is created automatically (and it deletes only when user deletes their account). So I see no problem with adding new fields.

The real problem may be with editing this data. In fact, Tank Auth doesn’t contain a controller or a method to edit user profile. It can only create and delete them. Profile management is beyond this lib version capabilities.

I agree it sounds silly, to create empty profiles without option to fill them, so it should be a 1st To-Do for the next version of the library.

Hi, I installed your package,
tried to register,
typed in 10 times the captcha code, that did not work,
then I switched it to case insensitive, did not work…
then I switched the capcha off…
tried to register, had problems with sending mails….
windows xp with xampp, using an external isp as mail server
...
needed a long time trying to alter the php.ini with smtp_user and smtp_pwd settings,
until I read somewhere that this simply does not work with mail()...
so this problem is gone now,
but do you know why the captcha does not work??

Hi gunter,

Tank_Auth uses native CI captcha, that not perfect. I agree that sometimes it’s very hard to recognize what’s written on it. Moreover, it may show ‘0’ (a letter) or ‘0’ (zero) and there’s no way to distinguish them.

If you met this problem, I would recommend you to play with captcha settings, and firstly to change the font. It’s $config[‘captcha_fonts_path’] parameter in config-file. There are 5 different fonts available, from 1.ttf to 5.ttf. Try 2.ttf, maybe it will be more convenient to you.

The other way to solve the problem is to use reCaptcha. I use it in my project, and it works fine.

thanks, now it works!
the unreadable font was exactly the problem!!!

Where did the role_id run off to? Are roles managed another way? Otherwise I’ll just write roles myself.

The lib contains only core auth methods. Sorry, role management is out of them.