adamgriffiths / ag-auth Goto Github PK

in the sql dump you have: user_agent varchar(50)
however this will truncate some user_agents and you will not be able to validate login properly. please change this to something larger (255? 120? I don't know)

This was my first CodeIgnitor experience and I spent the last 2.5 hours tracking down your bugs. Totally not cool.

Thanks for porting this over to CI2, really looking forward to this working properly.

I've had to do a load of changes to make this work properly under CI2, which I will send as a pull request for you when I test them more.

I've run into a big problem that I can't fix, and need your input into it. Under the admin controller, there is a check being performed to see if a user is logged in, which currently always returns false, irrespective of whether the session is correctly set.

I am finding though that there are too many sessions being created, and only one of them has the correct details for this code, but it never seems to be the right one that is being checked.

Do you have any insight into this?

Is it possible to do this in conjunction with the CI Sessions methods?

I can't get this to work at all, I keep getting:

Fatal error: Class 'Application' not found in /Users/designermonkey/Projects/Chameleon/codeigniter/httpdocs/application/controllers/admin/admin.php on line 4

Noticed a bug in the libraries/Auth.php file, near line 82:

Reads:
$user_level = $this->CI->session->userdata('group');

When it should be:
$user_level = $this->CI->session->userdata('group_id');

As in the login() function in the same file you set the session variable as 'group_id', not 'group'

I frequently leave my computer on and happened to leave Firefox open with myself at the login screen for a very long time, so when I came back to working on things I put in the wrong information to begin with but when I did I got an error:

A PHP Error was encountered
Severity: Notice
Message: Undefined index: login_attempts
Filename: libraries/Auth.php
Line Number: 325

As best I could tell, this was due to not checking if the session existed or something. Anyways I thought I would share it.

on line 96 it uses a meta refresh for the redirect. unless this is very clever for some reason I suggest it changed into a normal header location redirect.

This can be fixed by adding the following line after the line 33:

if($user == null) $user = array();

Didn't create a pull request. I've never done that. Sorry about that.

Codeigniter throws a usermodel not found error, but looking through the repo, I realize that it's not included with the package. Is this intentional?

Modification below:

</!script>


I realize it is only the header text, but it is misleading that a regular user and admin see the same page title 'admin panel'.

File: /libraries/My_Controller.php
Lines: 80, 100, 112

All three lines bypass the CI dbprefix as well as the Auth Library $config['auth_user_table'] values in use of the table 'users'.

Other than the obvious not being able to get the random url, in the offline processing your line 361 has the following code which in itself produces an error.

[code] $token = ”; [/code]

I fixed the issue using '' instead of the special character quotation.

Only reason I noticed the error is I am driving to Anaheim, CA for Blizzcon and working in the backseat off an AT&T Wireless card. Should produce similar results by gasp unplugging.

In config file (auth.php) you can set the names for your user tables:

$config['auth_user_table'] = 'users';
$config['auth_group_table'] = 'groups';

BUT in the MY_Controller.php the SQL sentences are written ignoring these parameters:

SELECT * FROM `users` WHERE ...

Solution:

1.- Add vars to class

var $auth_user_table;
var $auth_group_table;

2.- Load values in Application()

$this->auth_user_table = $this->config->item('auth_user_table');
$this->auth_group_table = $this->config->item('auth_group_table');

3.- Modifiy sql sentences

Change all sql sentences from this:

$query = $this->db->query("SELECT * FROM `users` WHERE `$auth_type` = '$str'");

to this:

$query = $this->db->query("SELECT * FROM `{$this->auth_user_table}` WHERE `$auth_type` = '$str'");

The value of config['auth_login'] is used for both failed and successful logins.

So, if you try to access some controller without being authenticated for it , you're redirected to config['auth_login'], but naturally, you're not authenticated for that either, so it redirects you .. to config['auth_login']. and so forth.