dude… you act like i try to remove a mother’s babe… i simply give some suggestions to expand the usability of this project. most of these are simple things which even can be made from the config-file. if you are close to suggestions, i would be sad to shut up and eventually discard this library. i have some knowledge on usability+ideas, which i like to share to give strength to a cool addition to an already cool-project such as CI. please dont get me wrong… these are only thoughts and what i discover on customization of your library.

obsesif - 06 February 2007 07:40 PM

dude… you act like i try to remove a mother’s babe… i simply give some suggestions to expand the usability of this project. most of these are simple things which even can be made from the config-file. if you are close to suggestions, i would be sad to shut up and eventually discard this library. i have some knowledge on usability+ideas, which i like to share to give strength to a cool addition to an already cool-project such as CI. please dont get me wrong… these are only thoughts and what i discover on customization of your library.

@Obsesif
You sir are a cad…. A bounder and a cad.

@Dan,
I’m having trouble downloading the auth plugin from the website… is it still available?

I started testing FreakAuth a little more this evening and found the following:

/auth/index is the user log-in page -> attempted admin log-ins from this interface return invalid results
/adm/index is the admin log-in page -> admins log in OK (of course)

EDIT: As to the rest of the deleted dummy talk by yours truly, remember to turn on yer cookies

Works great.

Correct me if I’m wrong but, I think the CAPTCHA system exposes a security threat. A malicious user could flood the server with countless of CAPTCHA images (in the tmp folder), causing major lag to the server.

siric - 07 February 2007 01:15 PM

Correct me if I’m wrong but, I think the CAPTCHA system exposes a security threat. A malicious user could flood the server with countless of CAPTCHA images (in the tmp folder), causing major lag to the server.

If they do thousends of request in 20min yes.
Anyway if you read carefully the still ‘minimalistic’ user guide, you might have discovered that captcha images:

[EDITED]CAPTCHA images get deleted every time a new captcha get displayed if the CAPTCHA images are older than 20 minutes.

You can change the timing to less of 20min modifying line #756 of the FreakAuth_library.

I also considered to generate images dinamically but the CI userguide states Image Manipulation Class:

Note: If you choose the dynamic setting, only one image can be shown at a time, and it can’t be positioned on the page. It simply outputs the raw image dynamically to your browser, along with image headers.

It might be possible to implement the library banning an IP after a given numbers of tries. (storing the number of tries in the ci_session table).

i guess ip-banning would be more an addition to the heavier freakauth. still, its a nice idea…

Dan… is there a way similiar to get Username that I can get the ID of the logged in user?

Check out the user guide, section Tip&Trics; (just updated).

great… thanks

Capt. Miraculo - 07 February 2007 08:44 AM

@Dan,
I’m having trouble downloading the auth plugin from the website… is it still available?

Do you mean the Auth library from the wiki or FreakAuth_light?

Did you manage to download it?

Hey guys i hope you enjoyed FreakAuth_light and that you tested it so far.

I just want to ask you which are in your opinion the priorities for version 1.0.3-alpha release:

Some things that have been pointed out so far:

1) group admin/user tables together
2) make template path really customisable ($config[’FreakAuthL_template_dir’] )
3) don’t make it dependent from mod_rewrite
4) FreakAuth_light.php library-> make function_encode PHP4 compliant
5) ACL

I would also like to recall you the spirit of this forum thread:

a) test the library/application
b) report bugs
c) make improvement suggestions

Please don’t get offended if not all your suggestions get satisfact/developed.

I also wanna highlight that you are not only invited to point out things/suggestion, but also to provide solutions sending me scripts/hacks to improve them!

Cheers for your contribution

I am struggling a bit with this. A log in session basically expires after the first log in. I am then eternally redirected to auth/index when calling a function in the secured controller. I also found this to be the case earlier, and setting cookies to be domain wide in config.php seemed to resolve the issue. However, it’s back. The cookie is set and not expired. No errors in the log. Anyone else seeing similar problem?

Suggestion (for the sake of completeness):

Add logout info to the documentation: call $this->freakauth_light->logout(); from function in your controller.

danfreak - 09 February 2007 04:13 AM

Capt. Miraculo - 07 February 2007 08:44 AM

@Dan,
I’m having trouble downloading the auth plugin from the website… is it still available?

Do you mean the Auth library from the wiki or FreakAuth_light?

Did you manage to download it?

FreakAuth_light…
Yeah, I tried again about 3 hours later and it downloaded fine. I’m not sure what the issue was. Response time was _low_.

One thing I wanted to ask (and was going to investigate maybe next week…) is mod_rewrite absolutely necessary to use FreakAuth? I wanted to deploy it on a IIS server and they don’t have a concept like mod_rewrite (which I assume is why CI doesn’t use mod_rewrite by default) :(
There are a few IIS addons, but it’s a shared hosting so I can’t use them anyway.

As it is, I was going to try to fix FreakAuth to not require mod_rewrite…

Thanks for a great CI library tho… It’s unreal. I guess I got a bit cheesed off with obsesif… it’s OK to make suggestions, but if you really want them you should be will to help… (putting on flame proof suit)

Capt. Miraculo - 09 February 2007 07:28 AM

One thing I wanted to ask (and was going to investigate maybe next week…) is mod_rewrite absolutely necessary to use FreakAuth? I wanted to deploy it on a IIS server and they don’t have a concept like mod_rewrite (which I assume is why CI doesn’t use mod_rewrite by default) :(

It should already work without mod_rewrite but you should:

1) delete the .htaccess file from the root directory

2) in your application/config/config.php change your $config[‘index_page’] to

Let me know!

also try to have a look in previous pages for some other fixes on the fly about version 1.0.2-alpha
(they will be included in version 1.0.3-alpha)

Is there anything in the library to prevent duplicate user registrations based on either username or email?  I am looking through the code, but don’t see anything to prevent this yet.