A few comments:
1) you should set up the table fields the same way you did the table to allow people to use it with their existing table
2) md5 for passwords is simply not strong enough anymore. At least give the option of using bcrypt
3) likewise, adding a salt is not very complicated
4) autologin is great - too many leave that out & always have to hack it. good feature add
5) if they are using the session table, then every set() & get() is a db call, so combine those logged_in sets with the rest
6) I guess this still works, but:
$this->CI->db->where('username', $user);
$query = $this->CI->db->get_where($this->user_table);
could be:
$this->CI->db->where('username', $user)b->get($this->user_table);
7) up to you, but this sets the entire user table row to the session:
$this->CI->session->set_userdata($row);
which could be just fine, or could be quite big. perhaps configurable?
8) Why are you setting a session var of “logged_in” and then not using it?
function is_logged() {
if ($this->CI->session->userdata('username'))
return TRUE;
else
return FALSE;
}
9) This is a nice idea:
function get_data_user($param = 'username') {
if ($param == 'username')
return $this->CI->session->userdata('username');
if ($param == 'email')
return $this->CI->session->userdata('email');
return '';
}
but why not just let it look up ANY $param off the session? ie, (untested)
function get_data_user($param = 'username') {
$session = $this->CI->session->userdata();
return (empty($session[$param]))? false : $session[$param];
}
