UserAuth Mini-App - download userauth_0.9.2t52.zip.

This app uses Native_session library

For some reason, some machines have an issue with native sessions, possibly of setup.
There is db_session, a proven alternative to Native_session that does not use php sessions.

Demo site http://mini-app.peccavi.com

Latest Version is currently
http://tomcode.com/inside/code-igniter/userauth/userauth_0.9.2t52/

This package demonstrates the usage of this UserAuth library while presenting an administration interface. The distribution is a mini-application aimed at being a useful example. The install, easy along side of the blog (tutorial video).

Hope this helps to ignite your code.

Features

UserAuth

* Simple useage, User Management System
* Access Control List (ACL) / Groups
* Role based system, definable in config file
* “Remember Me” with db backed cookies
* User/Group Administration Management
* UI, Tables and Forms are multi-lingual
* Configurable, Inactive Login Expiration
* Auto-install of required db tables
* Supports table prefixes for db

Mini-App

* Simple (demo) application framework
* Add static content without adding code
* Application has minimal template based view
* Internationalization, i18n for UserAuth
- * Cookie based user language select
- * Browser language detect (library file)
* - English, French, German, Spanish & Polish

Compatibility

* PHP 4.3.2 or newer
* MySQL 3.23.58 or newer (for auto-install)
* CI 1.5.x (Tested with 1.5.2)

Interesting… good job.

Kinda neat how userauth and Sentry ended up doing many of the same things in the same ways.

thzero - 26 August 2006 10:46 AM

Interesting… good job.

Kinda neat how userauth and Sentry ended up doing many of the same things in the same ways.

Same task on slightly different codebase, might consider to do a Sentry Mini-App to find common ground

Peccavio - 26 August 2006 10:48 AM

Same task on slightly different codebase, might consider to do a Sentry Mini-App to find common ground

Yeah, pretty much.

Peccavio - 26 August 2006 10:48 AM

might consider to do a Sentry Mini-App to find common ground

Maybe.

I’m trying to figure out how to put a refresh/redirect back to the login page if the session has expired. Could someone help me with this?

You know when you go to request a page but the session has expired so it sends you back to the login page?

Right now it just spits out a ci error.

Thanks.

rumblefish - 28 August 2006 05:48 PM

I’m trying to figure out how to put a refresh/redirect back to the login page if the session has expired. Could someone help me with this?

You know when you go to request a page but the session has expired so it sends you back to the login page?

Right now it just spits out a ci error.

I am planning an error handler to redirect all errors to displayed within template.
But now that you mention it… a programmable solution (undocumented) is already in existing code design.

Guess I should upgrade my example, thanks for the suggestion

yeah that works i guess, but i was thinking more along the lines iside the actual auth class if possible so that it doesnt have to be checked in each controller. unless there is another way I am not thinking about.

I just figure ifthe session expires the only place you would think to go isthe log in page, so it does’nt need to change from controller to controller.

rumblefish - 28 August 2006 09:22 PM

yeah that works i guess, but i was thinking more along the lines iside the actual auth class if possible so that it doesnt have to be checked in each controller. unless there is another way I am not thinking about.

I just figure ifthe session expires the only place you would think to go isthe log in page, so it does’nt need to change from controller to controller.

The controller needs $this->userauth->check(); in it to validate the user. This just adds an if redirect to it

Edit : This redirect only needs added on restricted pages. In this mini-app the login is embedded in the template, available in all pages

If you wanted to HACK userauth lib…. about line 233.. (this version) but where would generic for the redirect?

what about just checking for an expired session? or will what you said take that into consideration as an all in one solution.

All i wanted to really check is if the session had expired, but all my pages will have some restrictions, if there were some that didn’t then redirecting by expired session would make no sense i guess.

What kind of session issue is there still?

rumblefish - 28 August 2006 09:32 PM

what about just checking for an expired session? or will what you said take that into consideration as an all in one solution.

All i wanted to really check is if the session had expired, but all my pages will have some restrictions, if there were some that didn’t then redirecting by expired session would make no sense i guess.

Native_session doesn’t have a public method to test if session_id_expired. WE check if session is or S/B logged in.

Edit: checking session expired wouldn’t make sense with “Remember Me” which might log back in at the refresh

rumblefish - 28 August 2006 09:35 PM

What kind of session issue is there still?

On my box here I have no problem with session (php4 or php5) although I have a bug remaining with “remember Me” functionality.

When uploading to Derek’s site, sessions are unstable. sometimes works sometimes dropping sessions.

Both me and Derek are looking into it…. soon to fix

There are two issues in UserAuth MiniApp:

I create new group “Users”. When I try to add new user to this group and didn’t fill some value in the form then validation error occurs. In this moment the form “forgot” value in “Group” dropdown. In addition plain user password is visible in HTML code of this page.

UserAuth is on good way but I have two suggestions:

1. Ability to insert user into more than one group.
2. Include a database backend for ACL (instead of definition of ACL in every controller).

WatchingEye - 29 August 2006 10:27 AM

There are two issues in UserAuth MiniApp:

I create new group “Users”. When I try to add new user to this group and didn’t fill some value in the form then validation error occurs. In this moment the form “forgot” value in “Group” dropdown. In addition plain user password is visible in HTML code of this page.

UserAuth is on good way but I have two suggestions:

1. Ability to insert user into more than one group.
2. Include a database backend for ACL (instead of definition of ACL in every controller).

Plain user password visable in html on an admin page designed able to edit passwords,
not a major issue - encrypted in db and in cookies.

Currently this release is only a few days old, still at a couple of birthing issues.
The forms still have a few minor issues of validation / usability

Of suggestions…
1. The back end library was originally designed for users <- multiple -> groups, easy to expand the front end if you like.
2. Automating ACL in some form will evolve with this project. A simple script able to bring a role based system functional.

This project will never be everything to everyone. 
Designed at my need of solid starting point for projects.
Intend my efforts might be useful to others .
Sharing code always makes it better.

[quote author=“Peccavio” date=“1156886943]This project will never be everything to everyone. 
Designed at my need of solid starting point for projects.
Intend my efforts might be useful to others .
Sharing code always makes it better.

Pretty much the approach I took to Sentry.

thzero - 29 August 2006 11:40 AM

[quote author=“Peccavio” date=“1156886943]This project will never be everything to everyone. 
Designed at my need of solid starting point for projects.
Intend my efforts might be useful to others .
Sharing code always makes it better.

Pretty much the approach I took to Sentry.

WE should seek more of common grounds