Looks good@work so cant check this out til later :(

Is there a live demo of this online anywhere?

Thanks again dude, this sounds promising

Thank you, Gromozeka! When I was looking for an authorization library several months ago, I also stumbled on that StackOverflow page and decided to go for DX Auth.

Unfortunately though, I wasn’t completely happy with the library. The 8 db tables, the lack of password security and the (unneeded) roles & permission features were just a few examples of that.

Tank Auth seems to be just what I was looking for! You’ve got all my support on this one

I haven’t looked at the code in too much detail yet, so can’t judge on that one. Two little remarks though. E-mail/username field seems to be case-sensitive. Logging in without capitalization (laurentvw instead Laurentvw) failed. You may want to fix that.
Also, the captcha image isn’t displaying. But I also had that problem when using DX Auth. Not sure why, I’m probably doing something wrong (I did chmod /captcha to 777), but it doesn’t matter too much for me since I disabled captcha.

Anyway, thanks for the great library, good job!

Edit:
I managed to inject this using the user field on the login form: ’; foo ‘ (which resulted in a sql error)
Related to:

Hi Laurentvw,

Thank you for your support and for the time you’ve spent to work with Tank Auth.

I’ve fixed the issues you found. Now email and username fields are case-insensitive (so both ‘laurentvw’ and ‘Laurentvw’ will work). SQL-injection is also fixed. Please download the latest version (1.0.2) from the same location:

http://konyukhov.com/soft/tank_auth/tank_auth.zip

About captcha: I met the same problem with CAPTCHA while working with DX Auth, so maybe my experience will be useful for you. There were 2 problems: 1) server was unable to create captcha-files, and 2) browser was unable to show them.

The solution for 1st one was to fix write-rights for the captcha folder. Please notice, the path in the config-file is absolute and server-related. So if you set it this way: $config[‘captcha_path’] = ‘img/captcha/’; then you will have to create folder img (with writable folder captcha inside) in the same directory where your system folder is.

If the captcha-images are been creating in this folder but the browser cannot render them, I recommend you to check your htaccess file—maybe access to your captcha folder is not permitted (as it was in my case).

Hope that it will help you.

Really wish you hadn’t used <php= tags It would have definitely saved me some time integrating Tank Auth with my project

Hey, what’s wrong with these tags?

I am unable to use those tags on my server.

From what I’ve read using <?= is frowned upon for code that is going to be distributed, because it’s not always supported, that said it doesn’t really matter to me now that I’ve converted all the <?=‘s to <? echo’s :D

Thanks again for this library—Though there’s one issue I keep having. When an email is sent (the verification email) only parts of the email is being sent.

It ends with;

“Finish your registration…

Link doesn’t work? Copy the following link to y ” <—

Perhaps it’s just GMail. I’ll see if it sends correctly to other email services.

<? causes problems if you are using things like XML and such. It is actually a feature I heard they might be removing from php because of the bad practice it creates.

Also it is a shame that you removed the role management - I guess I’ll have to stick with DX Auth.

Sorry, I didn’t think about it. The short tags work fine on my server.

Ok, <?=$var?> have been replaced with <?php echo $var; ?>

Please download the latest version and renew the view folder.

Cool.
I’ve got a quick question. How do I retrieve the userID or username of a logged in user via tank_auth?

Using corresponding methods of the library:

* is_logged_in - check if user authorized on the site.
* get_user_id returns user_id if user is authorized on the site, FALSE otherwise.
* get_username returns username for authorized user, FALSE otherwise. The method makes sense only if use_username is set to TRUE in config-file; otherwise returns an empty string for every user.