EllisLab text mark
Advanced Search
1 of 33
Tank Auth v1.0 (CI authentication library)
Posted: 15 April 2009 05:39 AM   [ # 11 ]   [ Rating: 0 ]
Joined: 2008-06-26
24 posts

Looks good@work so cant check this out til later :(

Is there a live demo of this online anywhere? grin

Thanks again dude, this sounds promising

Posted: 15 April 2009 04:19 PM   [ # 12 ]   [ Rating: 0 ]
Joined: 2008-11-20
4 posts

Thank you, Gromozeka! When I was looking for an authorization library several months ago, I also stumbled on that StackOverflow page and decided to go for DX Auth.

Unfortunately though, I wasn’t completely happy with the library. The 8 db tables, the lack of password security and the (unneeded) roles & permission features were just a few examples of that.

Tank Auth seems to be just what I was looking for! You’ve got all my support on this one smile

I haven’t looked at the code in too much detail yet, so can’t judge on that one. Two little remarks though. E-mail/username field seems to be case-sensitive. Logging in without capitalization (laurentvw instead Laurentvw) failed. You may want to fix that.
Also, the captcha image isn’t displaying. But I also had that problem when using DX Auth. Not sure why, I’m probably doing something wrong (I did chmod /captcha to 777), but it doesn’t matter too much for me since I disabled captcha.

Anyway, thanks for the great library, good job!

I managed to inject this using the user field on the login form: ’; foo ‘ (which resulted in a sql error)
Related to:

function get_user_by_login($login$activated NULL)
"(username='".$login."' OR email='".$login."')";
Posted: 16 April 2009 10:44 AM   [ # 13 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

Hi Laurentvw,

Thank you for your support and for the time you’ve spent to work with Tank Auth. smile

I’ve fixed the issues you found. Now email and username fields are case-insensitive (so both ‘laurentvw’ and ‘Laurentvw’ will work). SQL-injection is also fixed. Please download the latest version (1.0.2) from the same location:


About captcha: I met the same problem with CAPTCHA while working with DX Auth, so maybe my experience will be useful for you. There were 2 problems: 1) server was unable to create captcha-files, and 2) browser was unable to show them.

The solution for 1st one was to fix write-rights for the captcha folder. Please notice, the path in the config-file is absolute and server-related. So if you set it this way: $config[‘captcha_path’] = ‘img/captcha/’; then you will have to create folder img (with writable folder captcha inside) in the same directory where your system folder is.

If the captcha-images are been creating in this folder but the browser cannot render them, I recommend you to check your htaccess file—maybe access to your captcha folder is not permitted (as it was in my case).

Hope that it will help you. smile

Posted: 18 April 2009 06:31 AM   [ # 14 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

Really wish you hadn’t used <php= tags tongue laugh It would have definitely saved me some time integrating Tank Auth with my project


[ upbeat.no - coming soon ]

Posted: 18 April 2009 12:31 PM   [ # 15 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

Hey, what’s wrong with these tags?

Posted: 18 April 2009 01:19 PM   [ # 16 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

I am unable to use those tags on my server.

From what I’ve read using <?= is frowned upon for code that is going to be distributed, because it’s not always supported, that said it doesn’t really matter to me now that I’ve converted all the <?=‘s to <? echo’s :D

Thanks again for this library—Though there’s one issue I keep having. When an email is sent (the verification email) only parts of the email is being sent.

It ends with;

“Finish your registration…

Link doesn’t work? Copy the following link to y ” <—

Perhaps it’s just GMail. I’ll see if it sends correctly to other email services. smile


[ upbeat.no - coming soon ]

Posted: 18 April 2009 01:30 PM   [ # 17 ]   [ Rating: 0 ]
Joined: 2008-07-16
411 posts

<? causes problems if you are using things like XML and such. It is actually a feature I heard they might be removing from php because of the bad practice it creates.

Also it is a shame that you removed the role management - I guess I’ll have to stick with DX Auth.


My Blog, C2D, PHP Videos, Résumé, Super .htaccess, Extra hooks, and MicroMVC

Posted: 18 April 2009 04:54 PM   [ # 18 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

Sorry, I didn’t think about it. The short tags work fine on my server.

Ok, <?=$var?> have been replaced with <?php echo $var; ?>

Please download the latest version and renew the view folder.

Posted: 19 April 2009 01:28 PM   [ # 19 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

I’ve got a quick question. How do I retrieve the userID or username of a logged in user via tank_auth?


[ upbeat.no - coming soon ]

Posted: 19 April 2009 01:43 PM   [ # 20 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

Using corresponding methods of the library:

* is_logged_in - check if user authorized on the site.
* get_user_id returns user_id if user is authorized on the site, FALSE otherwise.
* get_username returns username for authorized user, FALSE otherwise. The method makes sense only if use_username is set to TRUE in config-file; otherwise returns an empty string for every user.

Posted: 19 April 2009 01:44 PM   [ # 21 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

Awesome. Thanks again for this library, it works like a charm smile


[ upbeat.no - coming soon ]

Posted: 19 April 2009 05:52 PM   [ # 22 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

U R welcome smile Please let me know if you’ll have any problem with the library.

Posted: 22 April 2009 12:01 AM   [ # 23 ]   [ Rating: 0 ]
Joined: 2008-11-21
153 posts

Sounds promising although in my case I’d need roles & permissions

Posted: 23 April 2009 02:38 PM   [ # 24 ]   [ Rating: 0 ]
Joined: 2009-04-23
3 posts

Hello i tri tank auth with postgresql,
But i get this error

A Database Error Occurred

Error Number

ERREURune valeur NULL viole la contrainte NOT NULL de la colonne « user_data »

"ci_sessions" ("session_id""ip_address""user_agent""last_activity"VALUES ('fc40d7fc1a67d070866dc3578fdd1d1f''''Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.'1240510179

the columns user_data is “`user_data` text COLLATE utf8_bin NOT NULL,” normaly not null,
so i dont understand why the sql request contain no data for the field user_data.

Mayby the schema.sql is not correct in this version http://konyukhov.com/soft/tank_auth/tank_auth.zip ???

Posted: 24 April 2009 05:34 AM   [ # 25 ]   [ Rating: 0 ]
Joined: 2009-04-07
52 posts

It’s strange. I took the session support from native CI code, as it written here:
with the same table in DB:

session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50NOT NULL,
last_activity int(10unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)

When exactly this SQL error occur?

1 of 33