Xikeon - 06 July 2007 05:35 PM

I’m sorry? I don’t really understand what you mean? Why would email as login auth be more secure?

There are normally two things needed to log into a website: login auth and password. If you take the username as login auth and that username is visible on the website, you’re already giving away 50% of the data required to login. Most users have silly passwords so it would be relatively easy to guess at least some of them, or maybe even hack them by brute force if you don’t have a strikes system implemented (this seems unlikely, but who knows).

Emails are usually not shown publicly, so if you use the email instead of the username as login auth, you will effectively hide 100% of the data required to log in and make it almost impossible to guess (the only way is to make the user itself to give you his/her email somehow, which can happen, but then it’s not your responsability).

That’s why using the email is more secure than using the username

Either way, looks like a nice class, thanks for sharing, will try it

Regards,

Thanks Zeld, you summed it up perfectly Sorry I was so slow to respond, but I haven’t had much spare time lately.

Your library does look interesting. I’m about to start making my decision on the development environment for my next project. I’m leaning towards using CI and pulling in some of the Zend Framework libraries I like. If I go that route, I’ll take a bigger look into this Have you plopped it up on the wiki yet?

Christian Land - 06 July 2007 01:08 AM

Btw. handling the “Forgot Password” function like you do is an open invitation for troublemakers…

Hi,

I do also agree it, it is a real urgent function you need to improve, because of that we can’t use your lib in a real production environement.

You userlib is a very nice idea, i will follow it and waiting for new versions.

Just 1 question, why didn’t you used the build in Mailer class of CI unstead of simple mail functions wich are not portable ?

Very nice and easy to use library with good documentation in this short topic. My congratulations!

But I have a one suggestion: how about adding a logout method? It could be quite useful .

Najki - 16 July 2007 05:23 AM

Very nice and easy to use library with good documentation in this short topic. My congratulations!

But I have a one suggestion: how about adding a logout method? It could be quite useful .

I concur! or do we have to grow our own logout module?

There is, however, a primitive logout function built-in to CodeIgniter, but I was hoping for a solution more compatible with this Userlib.

Najki - 18 July 2007 01:36 PM

There is, however, a primitive logout function built-in to CodeIgniter, but I was hoping for a solution more compatible with this Userlib.

$this->session->sess_destroy();

Thanks but I use session_destroy(); would there be any issues if I use this?

Hi Mike,

Kick ass library you’ve created. I managed to integrate it with my app in a matter of minutes. I have a question though…my app allows a user once registered to log in to his/her account page.

The problem I have now is does your library support a function that displays the user’s name upon login in? Like say the user was myself Mathew, upon logging in my account page would display “Welcome Mathew!”.

I tried using the getData function but I seem to only invoke variables that I have explicitly hardcoded. Is there any other way to dynamically achieve this by pulling the data from the ‘users’ table? Thanks much appreciated

Love this library - it’s very flexible and has a lot of room for growth!

On tweak I added was some more flexibility in getData - I set it up so that username or select criteria could be left off allowing for a return of all fields of a particular row and/or certain fields from many rows this way I can list one or more users quickly.

Code Arachn!d - 24 July 2007 11:19 AM

Love this library - it’s very flexible and has a lot of room for growth!

On tweak I added was some more flexibility in getData - I set it up so that username or select criteria could be left off allowing for a return of all fields of a particular row and/or certain fields from many rows this way I can list one or more users quickly.

function getData( $username = '', $what = '*' )
{
  $where_clause = (!empty($username)) ? $where_clause = ' WHERE username=\'' . mysql_real_escape_string( $username ) . '\'' : '';
  $lcheck = $this->CI->db->query( 'SELECT ' . mysql_real_escape_string( $what ) . ' FROM `users` ' . $where_clause);
  if( $lcheck->num_rows( ) > 0 ) {
   return $lcheck->result_array( );
  } else {
   return 'Username or row does not exist.';
  }
}

Awesome would it be too much trouble to show me how to use this function in my view?(Sorry PHP newb here) a code sample would be nice. Like lets say once the user logged in the ‘view’ will greet him/her by his/her first name?