EllisLab text mark
Advanced Search
1 of 33
1
   
Tank Auth v1.0 (CI authentication library)
Posted: 15 April 2009 05:39 AM   [ # 11 ]   [ Rating: 0 ]
Avatar
Joined: 2008-06-26
24 posts

Looks good@work so cant check this out til later :(

Is there a live demo of this online anywhere? grin

Thanks again dude, this sounds promising

 
Posted: 15 April 2009 04:19 PM   [ # 12 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-20
4 posts

Thank you, Gromozeka! When I was looking for an authorization library several months ago, I also stumbled on that StackOverflow page and decided to go for DX Auth.

Unfortunately though, I wasn’t completely happy with the library. The 8 db tables, the lack of password security and the (unneeded) roles & permission features were just a few examples of that.

Tank Auth seems to be just what I was looking for! You’ve got all my support on this one smile

I haven’t looked at the code in too much detail yet, so can’t judge on that one. Two little remarks though. E-mail/username field seems to be case-sensitive. Logging in without capitalization (laurentvw instead Laurentvw) failed. You may want to fix that.
Also, the captcha image isn’t displaying. But I also had that problem when using DX Auth. Not sure why, I’m probably doing something wrong (I did chmod /captcha to 777), but it doesn’t matter too much for me since I disabled captcha.

Anyway, thanks for the great library, good job!

Edit:
I managed to inject this using the user field on the login form: ’; foo ‘ (which resulted in a sql error)
Related to:

function get_user_by_login($login$activated NULL)
{
    $req 
"(username='".$login."' OR email='".$login."')";
    
//...
 
Posted: 16 April 2009 10:44 AM   [ # 13 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

Hi Laurentvw,

Thank you for your support and for the time you’ve spent to work with Tank Auth. smile

I’ve fixed the issues you found. Now email and username fields are case-insensitive (so both ‘laurentvw’ and ‘Laurentvw’ will work). SQL-injection is also fixed. Please download the latest version (1.0.2) from the same location:

http://konyukhov.com/soft/tank_auth/tank_auth.zip

About captcha: I met the same problem with CAPTCHA while working with DX Auth, so maybe my experience will be useful for you. There were 2 problems: 1) server was unable to create captcha-files, and 2) browser was unable to show them.

The solution for 1st one was to fix write-rights for the captcha folder. Please notice, the path in the config-file is absolute and server-related. So if you set it this way: $config[‘captcha_path’] = ‘img/captcha/’; then you will have to create folder img (with writable folder captcha inside) in the same directory where your system folder is.

If the captcha-images are been creating in this folder but the browser cannot render them, I recommend you to check your htaccess file—maybe access to your captcha folder is not permitted (as it was in my case).

Hope that it will help you. smile

 
Posted: 18 April 2009 06:31 AM   [ # 14 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

Really wish you hadn’t used <php= tags tongue laugh It would have definitely saved me some time integrating Tank Auth with my project

 Signature 

[ upbeat.no - coming soon ]

 
Posted: 18 April 2009 12:31 PM   [ # 15 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

Hey, what’s wrong with these tags?

 
Posted: 18 April 2009 01:19 PM   [ # 16 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

I am unable to use those tags on my server.

From what I’ve read using <?= is frowned upon for code that is going to be distributed, because it’s not always supported, that said it doesn’t really matter to me now that I’ve converted all the <?=‘s to <? echo’s :D

Thanks again for this library—Though there’s one issue I keep having. When an email is sent (the verification email) only parts of the email is being sent.

It ends with;

“Finish your registration…

Link doesn’t work? Copy the following link to y ” <—

Perhaps it’s just GMail. I’ll see if it sends correctly to other email services. smile

 Signature 

[ upbeat.no - coming soon ]

 
Posted: 18 April 2009 01:30 PM   [ # 17 ]   [ Rating: 0 ]
Avatar
Joined: 2008-07-16
411 posts

<? causes problems if you are using things like XML and such. It is actually a feature I heard they might be removing from php because of the bad practice it creates.

Also it is a shame that you removed the role management - I guess I’ll have to stick with DX Auth.

 Signature 

My Blog, C2D, PHP Videos, Résumé, Super .htaccess, Extra hooks, and MicroMVC

 
Posted: 18 April 2009 04:54 PM   [ # 18 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

Sorry, I didn’t think about it. The short tags work fine on my server.

Ok, <?=$var?> have been replaced with <?php echo $var; ?>

Please download the latest version and renew the view folder.

 
Posted: 19 April 2009 01:28 PM   [ # 19 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

Cool.
I’ve got a quick question. How do I retrieve the userID or username of a logged in user via tank_auth?

 Signature 

[ upbeat.no - coming soon ]

 
Posted: 19 April 2009 01:43 PM   [ # 20 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

Using corresponding methods of the library:

* is_logged_in - check if user authorized on the site.
* get_user_id returns user_id if user is authorized on the site, FALSE otherwise.
* get_username returns username for authorized user, FALSE otherwise. The method makes sense only if use_username is set to TRUE in config-file; otherwise returns an empty string for every user.

 
Posted: 19 April 2009 01:44 PM   [ # 21 ]   [ Rating: 0 ]
Joined: 2009-03-25
13 posts

Awesome. Thanks again for this library, it works like a charm smile

 Signature 

[ upbeat.no - coming soon ]

 
Posted: 19 April 2009 05:52 PM   [ # 22 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

U R welcome smile Please let me know if you’ll have any problem with the library.

 
Posted: 22 April 2009 12:01 AM   [ # 23 ]   [ Rating: 0 ]
Joined: 2008-11-21
153 posts

Sounds promising although in my case I’d need roles & permissions

 
Posted: 23 April 2009 02:38 PM   [ # 24 ]   [ Rating: 0 ]
Joined: 2009-04-23
3 posts

Hello i tri tank auth with postgresql,
But i get this error

A Database Error Occurred

Error Number
:

ERREURune valeur NULL viole la contrainte NOT NULL de la colonne « user_data »

INSERT INTO 
"ci_sessions" ("session_id""ip_address""user_agent""last_activity"VALUES ('fc40d7fc1a67d070866dc3578fdd1d1f''81.247.128.65''Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.'1240510179

the columns user_data is “`user_data` text COLLATE utf8_bin NOT NULL,” normaly not null,
so i dont understand why the sql request contain no data for the field user_data.

Mayby the schema.sql is not correct in this version http://konyukhov.com/soft/tank_auth/tank_auth.zip ???

 
Posted: 24 April 2009 05:34 AM   [ # 25 ]   [ Rating: 0 ]
Avatar
Joined: 2009-04-07
52 posts

It’s strange. I took the session support from native CI code, as it written here:
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
with the same table in DB:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50NOT NULL,
last_activity int(10unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)
); 

When exactly this SQL error occur?

 
1 of 33
1