Issues - adamgriffiths/the-codeigniter-authentication-library

adamgriffiths / the-codeigniter-authentication-library

Description:

The Easiest Authentication Library for the CodeIgniter PHP Framework.

Sort by: Priority | Votes | Last Updated

Loading…

1.

0 votes

insufficient group privileges / group_id issue
2 comments Created 6 months ago by JadedEvan

Title

Body
Noticed a bug in the libraries/Auth.php file, near line 82: Reads: $user_level = $this->CI->session->userdata('group'); When it should be: $user_level = $this->CI->session->userdata('group_id'); As in the login() function in the same file you set the session variable as 'group_id', not 'group'
or cancel
Noticed a bug in the libraries/Auth.php file, near line 82:

Reads:
$user_level = $this->CI->session->userdata('group');

When it should be:
$user_level = $this->CI->session->userdata('group_id');

As in the login() function in the same file you set the session variable as 'group_id', not 'group'

Comments
JadedEvan Thu Jun 25 01:28:49 -0700 2009 | link
Similarly, I added a redirect based on the user's group settings at the end of the login() function. Again there is trouble because of the group/group_id issue. Around line 143:

$auth_type => $username, 'username' => $row['username'], 'user_id' => $row['id'], 'group_id' => $row['group_id'], 'logged_in' => TRUE );

Nowhere in that block is the 'group' being set. It'd be nice to access that instead of passing around the group_id.
Comment
Similarly, I added a redirect based on the user's group settings at the end of the login() function. Again there is trouble because of the group/group_id issue. Around line 143: $auth_type => $username, 'username' => $row['username'], 'user_id' => $row['id'], 'group_id' => $row['group_id'], 'logged_in' => TRUE ); Nowhere in that block is the 'group' being set. It'd be nice to access that instead of passing around the group_id.
or cancel
adamgriffiths Sat Jul 11 09:06:11 -0700 2009 | link

I have fixed this issue in the latest commit to the repo. The correct reference for the group ID is 'group_id' not 'group'.

Hopefully this clears things up.

If you'd like to double check this in the repo I can close this issue then.

Thanks.

Comment
I have fixed this issue in the latest commit to the repo. The correct reference for the group ID is 'group_id' not 'group'. Hopefully this clears things up. If you'd like to double check this in the repo I can close this issue then. Thanks.
or cancel

Parsed with GitHub Flavored Markdown
2.

0 votes

infinite redirecting loop
2 comments Created 5 months ago by bluevibe

Title

Body
The value of config['auth_login'] is used for both failed and successful logins. So, if you try to access some controller without being authenticated for it , you're redirected to config['auth_login'], but naturally, you're not authenticated for that either, so it redirects you .. to config['auth_login']. and so forth.
or cancel

The value of config['auth_login'] is used for both failed and successful logins.

So, if you try to access some controller without being authenticated for it , you're redirected to config['auth_login'], but naturally, you're not authenticated for that either, so it redirects you .. to config['auth_login']. and so forth.

Comments

adamgriffiths Thu Jul 30 11:06:11 -0700 2009 | link

Thanks for letting me know. I'm fixing this right now.

Comment
Thanks for letting me know. I'm fixing this right now.
or cancel

adamgriffiths Thu Jul 30 11:17:38 -0700 2009 | link

Fixed redirect error on unsuccessful login closed by 5d6b8e8

Comment
Fixed redirect error on unsuccessful login closed by 5d6b8e817981961743d1da1358f024b698ab2acd
or cancel

Parsed with GitHub Flavored Markdown
4.

0 votes

Users Table CI DB Prefix & Auth Library Config
0 comments Created 4 months ago by xdeskproductions

Title

Body
File: /libraries/My_Controller.php Lines: 80, 100, 112 All three lines bypass the CI dbprefix as well as the Auth Library $config['auth_user_table'] values in use of the table 'users'.
or cancel

File: /libraries/My_Controller.php
Lines: 80, 100, 112

All three lines bypass the CI dbprefix as well as the Auth Library $config['auth_user_table'] values in use of the table 'users'.

Comments

Parsed with GitHub Flavored Markdown
3.

0 votes

why meta redirect?
2 comments Created 5 months ago by bluevibe

Title

Body
on line 96 it uses a meta refresh for the redirect. unless this is very clever for some reason I suggest it changed into a normal header location redirect.
or cancel

on line 96 it uses a meta refresh for the redirect. unless this is very clever for some reason I suggest it changed into a normal header location redirect.

Comments

adamgriffiths Thu Jul 30 11:19:25 -0700 2009 | link

Is there a specific problem with using the helper redirect() function?

I have no qualms with changing it I would just like to know the benefits.

Thanks.

Comment
Is there a specific problem with using the helper redirect() function? I have no qualms with changing it I would just like to know the benefits. Thanks.
or cancel

bluevibe Fri Jul 31 01:17:45 -0700 2009 | link

Hi Adam

I think it could be that this is not a big deal, that's why this is more of a question.

The only issue I've had with it is that it didn't redirect me at all (becase I had disabled meta redirects in my browser). But I'm pretty sure almost no one has that.

With a auth solution I feel that I would take that option away from the user, "if you're not authenticated, get out", and be sure that they are infact redirected, which they would be in all cases as far as I know with a location redirect (default).

But maybe you had some good reasons for going for the refresh redirect, if so please share :)

Comment
Hi Adam I think it could be that this is not a big deal, that's why this is more of a question. The only issue I've had with it is that it didn't redirect me at all (becase I had disabled meta redirects in my browser). But I'm pretty sure almost no one has that. With a auth solution I feel that I would take that option away from the user, "if you're not authenticated, get out", and be sure that they are infact redirected, which they would be in all cases as far as I know with a location redirect (default). But maybe you had some good reasons for going for the refresh redirect, if so please share :)
or cancel

Parsed with GitHub Flavored Markdown
5.

0 votes

Expired Sessions
3 comments Created 4 months ago by xdeskproductions

Title

Body
I frequently leave my computer on and happened to leave Firefox open with myself at the login screen for a very long time, so when I came back to working on things I put in the wrong information to begin with but when I did I got an error: <pre> A PHP Error was encountered Severity: Notice Message: Undefined index: login_attempts Filename: libraries/Auth.php Line Number: 325 </pre> As best I could tell, this was due to not checking if the session existed or something. Anyways I thought I would share it.
or cancel
I frequently leave my computer on and happened to leave Firefox open with myself at the login screen for a very long time, so when I came back to working on things I put in the wrong information to begin with but when I did I got an error:
```
A PHP Error was encountered
Severity: Notice
Message: Undefined index: login_attempts
Filename: libraries/Auth.php
Line Number: 325
```
As best I could tell, this was due to not checking if the session existed or something. Anyways I thought I would share it.
Comments

adamgriffiths Sun Aug 02 03:59:09 -0700 2009 | link

What version of The Authentication Library are you using?

This issue was fixed a few revisions ago.

Thanks.

Comment
What version of The Authentication Library are you using? This issue was fixed a few revisions ago. Thanks.
or cancel

xdeskproductions Sun Aug 02 06:39:01 -0700 2009 | link

First time downloading it a few days ago.

Comment
First time downloading it a few days ago.
or cancel

adamgriffiths Sat Aug 08 04:44:59 -0700 2009 | link

I found the problem. I'll work out the best way to fix it and commit soon.

Thanks.

Comment
I found the problem. I'll work out the best way to fix it and commit soon. Thanks.
or cancel

Parsed with GitHub Flavored Markdown
6.

0 votes

Offline random.org PHP Notices
0 comments Created 4 months ago by xdeskproductions

Title

Body
Other than the obvious not being able to get the random url, in the offline processing your line 361 has the following code which in itself produces an error. [code] $token = ”; [/code] I fixed the issue using '' instead of the special character quotation. Only reason I noticed the error is I am driving to Anaheim, CA for Blizzcon and working in the backseat off an AT&T Wireless card. Should produce similar results by *gasp* unplugging.
or cancel

Other than the obvious not being able to get the random url, in the offline processing your line 361 has the following code which in itself produces an error.

[code] $token = ”; [/code]

I fixed the issue using '' instead of the special character quotation.

Only reason I noticed the error is I am driving to Anaheim, CA for Blizzcon and working in the backseat off an AT&T Wireless card. Should produce similar results by gasp unplugging.

Comments

Parsed with GitHub Flavored Markdown