One more important issue about inserting NULL values in the database.
I have a custom field in the Useraccount table ‘user_type’ which is an FK to a lookup table, but it is not required and therefore can be NULL.

Problem is that inserting NULL in the database raises an error, this seems to be related to the ActiveRecord library which escapes all values with backtics which is not accepted for NULL values.

I think this should be handled somewhere in the flexi_auth_model.update_user() function, but I want to share this with you first.

EDIT: An alternative would be, adding a value “not specofied” to the lookup table, thereby elimination the need for a NULL value. But I do not favour this solution, it should be possible to update a nullable field to the value of NULL>

The issue appears to be more general in nature and is described in this thread:
http://stackoverflow.com/questions/3509791/codeigniter-activerecord-update-method-refuses-to-insert-null-value?rq=1

Though I still have no solution, escaping the values can be prevented by using the extra parameter on the $this->db->set method, but when using the field-value array approach, this does not work.
Even Phil Sturgeon commented the issue and consiferes it as a bug, but apparently it has not been solved yet.

I have found a solution by modifying the flexi-auth_model->update_user() method
It holds the assumption that a null value is passed in the post array as the string ‘null’, and does not add the quotes when a ‘null’ value is found. The update query code had to be rewritten for this:
In facyt the same goes for the insert, but in this case the lookup field can just be omitted in which case the database default value us used, which is also null.

(from line 315)

Regards, Klaas

@Damiano Curreri

Since you say you can access the demo homepage, you have probably correctly setup the majority of the library and just have a minor error within one of your controllers.

I would double check that the ‘base_url’ and ‘includes_dir’ vars set in parent::__construct of each of your controller files is defined correctly.

From the fact you say you can access the demo homepage which is loaded via the auth_lite controller, I’m presuming its the ‘base_url’ var set in this controller that is the problem.

@Klausch

You’ve been busy…

insert_custom_user_data()
Regarding the insert_custom_user_data() function and the undefined $row_id var being returned, that’s an obvious error that I’ve somehow missed…
Since potentially multiple row_id’s could be set, I will likely have to overhaul the function a little to ensure it works well.

Regarding your message on 28 September 2012
First
You’re right that the activate_user() function only returns a boolean value, this is what’s in the user guide documentation, but the actual ‘@return’ value within the model incorrectly states it’s void - I’ll update it.

As for the behaviour of how the demo handles the value returned by this function, I’m not too bothered about the current implementation as it’s simply there as an example of using the function, it’s really up to the developer to decide the function interactions within the site.

Second
I think you may have deleted the parentheses from the uri_string() function sometime during your development as its in the current Github repo. Do a search for ‘uri_string()’ on https://github.com/haseydesign/flexi-auth/blob/master/demo_files/application/controllers/auth.php and you should see it there.

Third
It’s an interesting thought to include a database rollback transaction if the sending of the verification email fails.
I could probably implement the feature using CI’s database transactions.

If you were to implement the transactions yourself to a stable level and were willing to share the code, I’d be more than happy to include it in the library with full credits where due.

As for your most recent message regarding NULL values in the database, I’ll read into this later.

You’ve been sticking with the library for a while now, so are you liking it?

Thanks for your replies on these 3 issues!
Indeed issue 2 is a non-issue, probably I hit the delete key on a wrong moment…
Regarding issue one, thanks for updating.
And about issue three, I will think about that and will definately send you all code which I consider as an improvment or bugfix.

Furthermore, I have posted some extra info under the post about the NULL value issue, and also some code which, for now, addressed the issue.

So far I am impressed by the library, only the demo code is IMHO needlesly complicated and the extra “model” layer between controllers and library is not what I would prefer, but indeed this is in fact separate from the library.

I have to gain more experience with it, but I think it is very workable and the only alternative for IonAuth which lacks some functionality. Keep you informed!

@Klausch

I’ve just read your post and the Stack Overflow link regarding NULL values and CI’s ActiveRecord library.

The fact that it’s a CI bug causes problems, as CI could fix it with any update.
Whilst if I was to patch a work around like the code you have provided yourself into the library, I would have to go through every other function within the library to ensure it also patches CI’s bug.

Patching the library would then mean I would have to go through and test that every function within the library still works as intended.

Since I’m short of spare time at the moment, I will add this to my watch list, and if other users are encountering the same problem, I’ll have a look into implementing it.

Thanks for the code snippet.

First off—thank you for this.  I got it up and running super fast.

The one thing I’ve noticed is that Login Method always shows being logged in via password, even after closing the browser and reopening.  I’ve tested in IE 10 and Chrome (22.0.1229.79 currently)

Hi haseydesign,
Thanks for nice library. I’ve been able to install and run it without any problems.
Everything went flawless. Thanks for the good documentation and demo too.

I’m now customizing demo instead of starting from scratch.
When I try to remove <span class=“tooltip width_400”>...</span> lines in login_view.php (to remove Example Users tooltip) I think Javascript causes a problem. Password field disappears when you navigate to E-Mail or username field.

Regards

netty - 04 October 2012 03:23 PM

Hi haseydesign,
Thanks for nice library. I’ve been able to install and run it without any problems.
Everything went flawless. Thanks for the good documentation and demo too.

I’m now customizing demo instead of starting from scratch.
When I try to remove <span class=“tooltip width_400”>...</span> lines in login_view.php (to remove Example Users tooltip) I think Javascript causes a problem. Password field disappears when you navigate to E-Mail or username field.

Regards

Use CSS code to hide such elements instead of removing them completely.

Hi Hasey,

I am still very enthousiastic about the lib and we surely are going to use ot for our website. There are nevertheless a couple of new issues:

1.
When testing some custom dummy data with a bunch of users and custom tables, I encountered that the first user was not able to log in, the login screen just returned with an error message (‘Your submitted login details are incorrect.’) and empty fields.
The other users, with the same password, however could log in without any problem.

This first user had a userid of 0, which is legal in terms of a DB primary key. But indeed it was the culprit!
The call to flexi_auth_model->login(...) finally delegates to the function insert_database_login_session().
And this function starts with a test which fails:

When a value of 0 is passed in, a legal primary key value so a legal $user_id value, it is interpreted as FALSE and therefore the function exits with FALSE and the login fails.

I think the test is not right, if tou just want to test whether a valid int value is passed in, a better test would be:

For now I choose to work with PK values starting with 1, but I think you get my point

2.
We noticed some strange behaviour when changing the login credential (in our case the email address). Is is not necessarily a bug but I just want to share it.
We are testing on different machines which makes the session management a bit unclear. Though it should be possible, especially in this time of mobile internet, to be logged in from different sources.
This appeared not to be a problem unless we changed the email address and clicked on the confirmation mail on the new address. The activation went fine but some data was lost.

The culprit was the call of the following function, which we copied from the demo application:

Where this function normally returns the user data, it now returns am empty array
I have not dug very far in the code yet, but I think it just tries to lookup the user data by the old email address. It appears that after changing the call to

the right use data is returned, even after changing the email address and acces from still-alive session from some other machine.
I am just thinking about this, maybe I post more insights later.

I probably still miss something here but for now I wonder when the function get_user_by_identity() should be used, I think that this should merely be called by an administrator to access a given account.

Thanks Swedie.

@Jonny Blaze

There’s a few different things that were going on with regard to this.

Firstly, I presume to replicate this problem you were logging in, going to the Privilege Example page where it would correctly say ‘User logged in via password’.
If you then closed the browser and then reopened this same page, it would still say ‘User logged in via password’. If you then refreshed the page, the user would be logged out.

This problem has now been fixed so the users session credentials are instantly removed, rather than after 1 page refresh. The update is available via the Github repo.

——————————————————————————————————————-

Now further into possibly the behaviour you were expecting.
The reason why the user was logged out rather than saying ‘User logged in via “remember me”’ is because of the config setting:

This logs the user out when the browser is closed.

If you were to set the above setting to FALSE, and repeat the steps outlined at the top, it will still say ‘User logged in via password’ - this is because of the timelimit defined via the the config setting:

If you were to change this to for example 10 seconds, provided you don’t refresh the page within 10 seconds, the users login status will fall back to ‘User logged in via “remember me”’ (Provided the remember option was selected on login), or log the user out completely.

After considering this, I think it is best that the login via password status should always be removed upon the browser being closed - so I will look to include this feature into the library soon.

——————————————————————————————————————-

I hope that helps explain whats happening.

@netty

The problem you were having is caused by the class ‘tooltip_parent’ that is used throughout the demo to transform the next html element with a class of ‘tooltip’ into a popup element that is shown when the parent element is focused on.

So to remove the ‘Example Users’ popup from the demo login page, you would remove the entire span with the classes ‘tooltip width_400’ (As you say you did), but then also remove the ‘tooltip_parent’ class from input element with an id of ‘identity’.

Awesome, thanks.

@Klausch

Regarding issue #1.
A table with an Auto Increment column (As the user account table has), will by default start from the number 1, therefore the id of 0 should never occur.

In any case, to patch this possible occurrence, I’ve updated the instances of where this can occur withing the library.

—————————————————————————————————————————————-

Regarding issue #2.
You’ve possibly inadvertently highlighted a bug within the demo that may not directly solve the problem you were having, but may shed some light on what should be happening.

To start with, I tried to replicate the bug as you stated by updating a users email via the ‘verify_updated_email()’ function, and then calling the ‘get_user_by_identity_row_array()’ function immediately afterwards to get the new user data.

The data returned was as should be expected and formated as follows:

There seemed to be no problem here.

However, within the demo example, I noticed it was impossible to access the ‘update_email’ page without being logged in, therefore any non-logged in user (Perhaps using a different device) trying to verify their change of email address would not be able to access the page - this is because the email verification token only validates whether an email should be updated, it does not by default grant login access within the demo.

Therefore, if you were running the function behind a controller/model that required the user to be logged in, you may be getting returned an empty array…?

I’ve updated the Github repo to include both of these updates.

@karanits on 19 September.

Geez I was meant to get back to you on this much earlier.
If your still following the thread…

The errors you were getting when auto loading the CI form_validation library have been fixed.

The update is available from the Github repo.