Hi all,

  it is my first post, also is my first contribution to the codeigniter community . I found this fantastic framework the last thursday and after to read the documentation finally I made a very useful (for me ) User Authentification library. I have used Auth PEAR Class in my projects, but now I have seen the light and I learned to use CodeIgniter. Sorry I have tested UserAuth MiniApp but I think that in some project you only need a simple authentification, and you don’t need groups. So based in Auth PEAR Class that it is very very simple to use, I have made some similar.

The Code in Here

The Sample DEMO in Here (username: admin , password: admin)

UPDATE: 11/10/2006
- Comments in all methods compatible with phpdoc
- Minor changes for CodeIgniter 1.5.0.1 with Unix systems (problems with php filenames in sensitive case)
- Password is stored in md5 in the cookie session (in login allways check with database)
- Init file deleted (in CodeIgniter 1.5.0.1 init is automatic)

UPDATE: 11/01/2006
- Rsauth is compatible with CodeIgniter 1.5.0.1 without changes.

UPDATE: revision 0.2 10/30/2006
- Fix adduser and updatepassword in model
- Add userExists in rsauth Library for checking is the user already exists (for not adduser by example).

The readme file:
=================================================
  Rsauth library tested in Codeigniter 1.4.1

  author SeViR CW · http://www.sevir.org/en/
        revision 0.1 10/29/2006
=================================================

Rsauth is a Really Simple Authentification Library. This idea
is based in Auth PEAR Class but, I change some features for
simplify more.

1. INSTALLATION
Decompress rsauth.zip in your codeigniter installation directory.

2. CONFIGURATION
In your config application directory you can find database.php file,
you need configure correctly database config.
Also you can find a rsauth.php config file. This config file only has
four params:

rsauth_table = is the name of the table to store username and password data
rsauth_adminuser = the first user is created with this username automatically
rsauth_adminpassword = the password for this first user
rsauth_dbdriver = typically is the same as database driver (mysql, posgre,...)

3. DEMO
Change your default_controller in config/routes.php for “demorsauth” and test

NOTE: The first time that you use this library, checks if rsauth table exists,
and if it doesn’t exist, it is automatically created with one user configurated
as rsauth_adminuser and rsauth_adminpassword.

4. RSAUTH LIBRARY
$this->load->library(“rsauth”);  //load the library
$loginform = $this->rsauth->login($showloginform);  //Authentification routine,
if $showloginform is TRUE then returns (views/rsauth/rsauthform.php view) if
you don’t login or the login data is incorrect.
$this->rsauth->check();  //check if the user is logged
$this->getUser();  //returns the username logged
$this->rsauth->logout();  //logout

5. RSAUTH_MNG_MODEL MODEL
Is used by RSAUTH library but also it has some useful functions:
$this->load->model(“rsauth_mng_model”);
$this->rsauth_mng_model->adduser($username,$password);  //add one user
$this->rsauth_mng_model->updatepassword($username,$password);  //update password
  for the user
$this->rsauth_mng_model->getlasterror();  //if adduser or updatepassword methods
  faults, this function shows the error

Cheers,
  SeViR CW

SeViR CW - 28 October 2006 10:20 PM

Sorry I have tested UserAuth MiniApp but I think that in some project you only need a simple authentification, and you don’t need groups.

No need “Sorry” I like to quote Rick, from the very start of the authenication threads

Rick Ellis - 21 March 2006 12:47 PM

The biggest issue is that user management means different things to different people.  That said, I wouldn’t be opposed to developing a very basic user authentication/management class.

Your contribution is very welcome in the community.

George

In the new CI 1.5 the origibal code work? Thank you

abmcr - 01 November 2006 11:33 AM

In the new CI 1.5 the origibal code work? Thank you

Let me see, mmm, I just download the new CI 1.5.0.1

I have only changed to FALSE the line in the config.php:
$config[‘sess_use_database’]  = TRUE;
to
$config[‘sess_use_database’]  = FALSE;

I wish some automatic session table creation in the session library init for the different DBMS, so I would have to create manually the session table in the database if $config[‘sess_use_database’] = TRUE. Maybe I will do that this weekend .

So, RSAuth is compatible with CodeIgniter 1.5.0.1 :D

Many thanks for this truly easy to use lib.

One simple question. How secure is this? Can someone hack the cookie to cheat the application?

cioannou - 07 November 2006 07:08 AM

Many thanks for this truly easy to use lib.

One simple question. How secure is this? Can someone hack the cookie to cheat the application?

Really I made this library fastly . I upload some modifications (top post for reference). Now username and the password in md5 is stored in the session cookie so the library check in login method if this userdata is set and check with the database (passwords is stored in md5 in the rsauth table so you can not recover the password). If you hack the cookie you need the correct username and password to login correctly.

I have pending add more auth methods (POP server, LDAP, RADIUS, IMAP, SMB,...). Soon I will post the changes

Many thanks for your reply, I will download the “latest” version.

I noticed in the cookie a variable IS_LOGGED, that’s why I asked you about security. If someone plays with it, I guess that he can cheat…. :-(

cioannou - 12 November 2006 09:06 AM

I noticed in the cookie a variable IS_LOGGED, that’s why I asked you about security. If someone plays with it, I guess that he can cheat…. :-(

Now IS_LOGGED cookie is not used in the check login routine, it is garbage of the previous versions

Since I am already using the previous version, should I be aware of any major changes that may render my app unusable?

SeViR CW - 12 November 2006 10:01 AM

cioannou - 12 November 2006 09:06 AM

I noticed in the cookie a variable IS_LOGGED, that’s why I asked you about security. If someone plays with it, I guess that he can cheat…. :-(

Now IS_LOGGED cookie is not used in the check login routine, it is garbage of the previous versions

Sorry but according to the instructions above:

and also according to the controller example:

Code from the new library you posted:

Now if I understand this correctly, all a “bad guy” has to do is just hack the ISLOGGED part of the cookie, right?

What I did was to change the check() function to :

And it seems to work

Thank you for your effort and time

Something happened with the 1.5.1 update:

DEBUG - 2006-11-28 12:50:54—> Encrypt Class Initialized

It gets to RSAuth and loads this and then nothing.

What do you mean, it works for me in 1.5.1

I mean exactly what I say. I reverted back to 1.5.0.1 so I could move forward with the coding, but if it loads OK for others then I’ll try again.

Sorry, by 1.5.1 I thought you meant 1.5.0.1, haven’t tried 1.5.1 yet. My mistake.

I’ve just downloaded this class, and it seems really simple to use, and thus a great contribution to CI in my opinion.
However I’ve found something that is worth to mention.

In both Libraries/Rsauth.php on line: 22 AND in Controller/demorsauth.php on line: 9 you’re loading the session class but this could give some difficulties (at least for me).  CI will produce a error message saying that it cannot redeclare the ci_session class System/Libraries/session.php

So it would be a best practice if you just autoload the session class, or just load the class in the controller only.

But again great job done…

Greetsz,

- Jermaine

I’m getting the following error after installing. I checked /system/libraries/ and Session.php is there. Any ideas?

An Error Was Encountered

Unable to load the requested class: session