Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Ignited Code  >  Thread
   
2 of 30
Prev
1
2
3
4
Next
Last
Redux Authentication 1.4a (24th July 2008)
 
Popcorn
Posted: 27 February 2008 02:50 PM   [ Ignore ]   [ # 11 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  11-08-2007

Well, this is how it works.

The Auth libs has 2 salts, a file based on (This is stored in the auth config and is static.) and the other one is generated each time a user registers and this is stored within that users row.

Now, what happens when a user registers is that the auth lib hashes the password with a unique key (salt) from both the config and the database. The advantage to this is that if a hacker breaks into your website and steals your database. He is missing the other salt (auth config salt) so his attempts at brute forcing the passwords will be nill.

So, this 2 layer security and is more secure than just running your password once through the md5 function.

The other advantage is if 2 or more users sign up with the same password they will all up end with different hashes.

 Signature 

Redux Auth is no longer maintained.
Profile
 
 
louis w
Posted: 27 February 2008 02:56 PM   [ Ignore ]   [ # 12 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  593
Joined  02-04-2008

Thanks for the insight. This looks like a great add on.
Profile
 
 
coldKingdom
Posted: 27 February 2008 02:57 PM   [ Ignore ]   [ # 13 ]  
Grad Student
Rank
Total Posts:  34
Joined  02-08-2008

If i run this view file

$email "coldKingdom";
    
if($this->auth->check_group($email) === 'Administratör')
    echo "Fungerar bra"//Works alright
else
    echo "Fungerar inte alls"//It's a no no :) 

It return the second line that it didn’t work, is it suppose to work this way or am I doing something wrong?

 Signature 

Swedish website developer smile
Profile
 
 
Popcorn
Posted: 27 February 2008 03:08 PM   [ Ignore ]   [ # 14 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  11-08-2007

Do you have a group column in your users table?

and

a group table configured with an id and title?

The group in the users table should match with the same id in the group table with the title : “Administratör”.

Can you also provide a sample of your database layout and I’ll try and figure this out.

Image of how it “should” work

http://img504.imageshack.us/img504/3875/29768517gu6.png

Many thanks.

 Signature 

Redux Auth is no longer maintained.
Profile
 
 
coldKingdom
Posted: 27 February 2008 03:12 PM   [ Ignore ]   [ # 15 ]  
Grad Student
Rank
Total Posts:  34
Joined  02-08-2008

No problem. Here is my table layouts, I did an export smile

Users table:

INSERT INTO tbl_user (idusernamepasswordemailfirstnameipgroupVALUES
(24'coldKingdom''ca44c9c9e5dfb0ac920dca3130878383507183de''coldKingdom''Andreas''you wish..hehe''1'); 

Group table:

INSERT INTO `tbl_group` (`id`, `title`) VALUES
(1'Administratör'),
(2'Medlem'),
(3'Gäst'),
(4'Bannad'); 

The login is working fine.

Edit: Just noticed your picture, and it’s the same as mine. As you can see above

 Signature 

Swedish website developer smile
Profile
 
 
Popcorn
Posted: 27 February 2008 03:24 PM   [ Ignore ]   [ # 16 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  11-08-2007

Yep, found the fix.

Open auth_model and replace the check_group with this code. Should work now. Sorry for the bug.

function check_group $email$table$left)
    {
        $this->db->select($table '.title');
        $this->db->from($table);
        $this->db->join($left$table .'.id = '.$left.'.group''left');
        $this->db->where($left .'.email'$email);
        
        $i $this->db->get();
        
        return $i->row()->title;
    

Will upload the new fix asap.

 Signature 

Redux Auth is no longer maintained.
Profile
 
 
coldKingdom
Posted: 27 February 2008 03:26 PM   [ Ignore ]   [ # 17 ]  
Grad Student
Rank
Total Posts:  34
Joined  02-08-2008

Working great, Thanks!

How you updated the zip file with the other features you have done today?

 Signature 

Swedish website developer smile
Profile
 
 
Popcorn
Posted: 27 February 2008 03:31 PM   [ Ignore ]   [ # 18 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  11-08-2007

Not yet. I’m going to do the request password and email activation before I release the next version.

Glad it’s working now.

 Signature 

Redux Auth is no longer maintained.
Profile
 
 
Tom Glover
Posted: 27 February 2008 03:35 PM   [ Ignore ]   [ # 19 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  747
Joined  01-13-2008
Popcorn - 27 February 2008 08:31 PM

Not yet. I’m going to do the request password and email activation before I release the next version.

Glad it’s working now.

cool smirk How long do you reckon until the next release? Sounds like it could be good.

 Signature 

Yonti - I am Currently looking for a business partner, to create the best developer hosting out there. If your interested PM me.

Fluxity Lighting - My other company.


I’m a Proud Supporter and Sponser of Tomorrows Web.
Profile
 
 
Popcorn
Posted: 27 February 2008 03:37 PM   [ Ignore ]   [ # 20 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  11-08-2007

Shouldn’t be too long. I “hope” to have it released by the weekend.

 Signature 

Redux Auth is no longer maintained.
Profile
 
 
   
2 of 30
Prev
1
2
3
4
Next
Last
 
‹‹ Forums      Cache library with memcache support ››
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 3.1.5 (20110621)
Script Executed in 1.4402 seconds
Atom Feed   RSS 2.0