Skip to content
This repository

SimpleLoginSecure 

derekjones edited this page · 13 revisions
Clone this wiki locally

Name: SimpleLoginSecure 1.0.1 Download: File:SimpleLoginSecure-1.0.1.zip Released: October 3, 2008 CI Version: Tested with CodeIgniter 1.6.3 Author: Alex Dunae

SimpleLogin-Secure for Code Igniter is a modified version of Simplelogin. In Anthony’s words:

This library is now maintained by Stéphane Bourzeix at https://github.com/DaBourz/SimpleLoginSecure.

[quote]Simplelogin is designed to give you a quick and simple login library that will get you up and running with an unobtrusive authorization system very quickly. It does not try to guess how you want to structure your app, it simply tries to give you a little help.[/quote]

There are three primary modifications to Anthony’s original code. Most importantly, SimpleLogin-Secure uses the phpass framework for secure, portable password hashing instead of straight md5 without a salt. Secondly, SimpleLogin-Secure uses an e-mail address instead of a user name as the login key. And finally, it adds user_date, user_modified and user_last_login date/time fields to the default install.

For more information on why md5 hashing is not enough, see the excellent post about password schemes on the Matasano Security blog.

Installation and configuration

Copy SimpleLoginSecure.php and the entire phpass-0.1 directory to your system/application/libraries directory.

Create your database table using the following SQL sample. You can also edit the hash length and portability constants at the top of SimpleLoginSecure.php.

CREATE TABLE `users` (
  `user_id` int(10) unsigned NOT NULL auto_increment,
  `user_email` varchar(255) NOT NULL default '',
  `user_pass` varchar(60) NOT NULL default '',
  `user_date` datetime NOT NULL default '0000-00-00 00:00:00',
  `user_modified` datetime NOT NULL default '0000-00-00 00:00:00',
  `user_last_login` datetime NULL default NULL,
  PRIMARY KEY  (`user_id`),
  UNIQUE KEY `user_email` (`user_email`)
) DEFAULT CHARSET=utf8;

Use

The methods exposed by SimpleLogin-Secure are identical to those of Simplelogin.

// load the library
$this->load->library('SimpleLoginSecure');

// create a new user
$this->simpleloginsecure->create('user@example.com', 'uS$rpass!');

// attempt to login
if($this->simpleloginsecure->login('user@example.com', 'uS$rpass!')) {
    // success
}

// check if logged in
if($this->session->userdata('logged_in')) {
    // logged in
}

// logout
$this->simpleloginsecure->logout();

// delete by user ID
$this->simpleloginsecure->delete($user_id);

Credits

The original Simplelogin library was written by Anthony Graddy. SimpleLogin-Secure was written by Alex Dunae, 2008.

Updates

Version 1.0.1, November 4, 2008 Fixed hard-coded user table reference. Thanks, Thomas.

Category:Contributions::Libraries::Authentication Category:Libraries::Authentication Category:Libraries::Authorization

Something went wrong with that request. Please try again.