adamgriffiths / ag-auth Goto Github PK
View Code? Open in Web Editor NEWThe Easiest Authentication Library for the CodeIgniter PHP Framework.
Home Page: http://www.adamgriffiths.co.uk/user_guide/
License: MIT License
The Easiest Authentication Library for the CodeIgniter PHP Framework.
Home Page: http://www.adamgriffiths.co.uk/user_guide/
License: MIT License
File: /libraries/My_Controller.php
Lines: 80, 100, 112
All three lines bypass the CI dbprefix as well as the Auth Library $config['auth_user_table'] values in use of the table 'users'.
Noticed a bug in the libraries/Auth.php file, near line 82:
Reads:
$user_level = $this->CI->session->userdata('group');
When it should be:
$user_level = $this->CI->session->userdata('group_id');
As in the login() function in the same file you set the session variable as 'group_id', not 'group'
In config file (auth.php) you can set the names for your user tables:
$config['auth_user_table'] = 'users';
$config['auth_group_table'] = 'groups';
BUT in the MY_Controller.php the SQL sentences are written ignoring these parameters:
SELECT * FROM `users` WHERE ...
Solution:
var $auth_user_table;
var $auth_group_table;
$this->auth_user_table = $this->config->item('auth_user_table');
$this->auth_group_table = $this->config->item('auth_group_table');
Change all sql sentences from this:
$query = $this->db->query("SELECT * FROM `users` WHERE `$auth_type` = '$str'");
to this:
$query = $this->db->query("SELECT * FROM `{$this->auth_user_table}` WHERE `$auth_type` = '$str'");
The value of config['auth_login'] is used for both failed and successful logins.
So, if you try to access some controller without being authenticated for it , you're redirected to config['auth_login'], but naturally, you're not authenticated for that either, so it redirects you .. to config['auth_login']. and so forth.
I realize it is only the header text, but it is misleading that a regular user and admin see the same page title 'admin panel'.
Other than the obvious not being able to get the random url, in the offline processing your line 361 has the following code which in itself produces an error.
[code] $token = โ; [/code]
I fixed the issue using '' instead of the special character quotation.
Only reason I noticed the error is I am driving to Anaheim, CA for Blizzcon and working in the backseat off an AT&T Wireless card. Should produce similar results by gasp unplugging.
on line 96 it uses a meta refresh for the redirect. unless this is very clever for some reason I suggest it changed into a normal header location redirect.
I frequently leave my computer on and happened to leave Firefox open with myself at the login screen for a very long time, so when I came back to working on things I put in the wrong information to begin with but when I did I got an error:
A PHP Error was encountered Severity: Notice Message: Undefined index: login_attempts Filename: libraries/Auth.php Line Number: 325
As best I could tell, this was due to not checking if the session existed or something. Anyways I thought I would share it.
Modification below:
Logout
You have been successfully logged out! Redirecting...
<!script type="text/JavaScript">
</!script>
in the sql dump you have: user_agent
varchar(50)
however this will truncate some user_agents and you will not be able to validate login properly. please change this to something larger (255? 120? I don't know)
This was my first CodeIgnitor experience and I spent the last 2.5 hours tracking down your bugs. Totally not cool.
Codeigniter throws a usermodel not found error, but looking through the repo, I realize that it's not included with the package. Is this intentional?
This can be fixed by adding the following line after the line 33:
if($user == null) $user = array();
Didn't create a pull request. I've never done that. Sorry about that.
Thanks for porting this over to CI2, really looking forward to this working properly.
I've had to do a load of changes to make this work properly under CI2, which I will send as a pull request for you when I test them more.
I've run into a big problem that I can't fix, and need your input into it. Under the admin controller, there is a check being performed to see if a user is logged in, which currently always returns false, irrespective of whether the session is correctly set.
I am finding though that there are too many sessions being created, and only one of them has the correct details for this code, but it never seems to be the right one that is being checked.
Do you have any insight into this?
Is it possible to do this in conjunction with the CI Sessions methods?
I can't get this to work at all, I keep getting:
Fatal error: Class 'Application' not found in /Users/designermonkey/Projects/Chameleon/codeigniter/httpdocs/application/controllers/admin/admin.php on line 4
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.