-
Notifications
You must be signed in to change notification settings - Fork 26
SimpleLoginSecure
Name: SimpleLogin-Secure 1.0 Download: File:SimpleLoginSecure-1.0.zip Released: October 3, 2008 CI Version: Tested with CodeIgniter 1.6.3 Author: [url=http://dunae.ca]Alex Dunae[/url]
SimpleLogin-Secure for Code Igniter is a modified version of Simplelogin. In Anthony’s words:
[quote]Simplelogin is designed to give you a quick and simple login library that will get you up and running with an unobtrusive authorization system very quickly. It does not try to guess how you want to structure your app, it simply tries to give you a little help.[/quote]
There are three primary modifications to Anthony’s original code. Most importantly, SimpleLogin-Secure uses the [url=http://www.openwall.com/phpass/]phpass framework[/url] for secure, portable password hashing instead of straight [em]md5[/em] without a salt. Secondly, SimpleLogin-Secure uses an e-mail address instead of a user name as the login key. And finally, it adds [em]user_date[/em], [em]user_modified[/em] and [em]user_last_login[/em] date/time fields to the default install.
For more information on why [em]md5[/em] hashing is not enough, see the excellent post about [url=http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/]password schemes on the Matasano Security blog[/url].
Copy [em]SimpleLoginSecure.php[/em] and the entire [em]phpass-0.1[/em] directory to your [em]system/application/libraries[/em] directory.
Create your database table using the following SQL sample. You can also edit the hash length and portability constants at the top of [em]SimpleLoginSecure.php[/em].
[code]CREATE TABLE users (
user_id int(10) unsigned NOT NULL auto_increment,
user_email varchar(255) NOT NULL default '',
user_pass varchar(60) NOT NULL default '',
user_date datetime NOT NULL default '0000-00-00 00:00:00',
user_modified datetime NOT NULL default '0000-00-00 00:00:00',
user_last_login datetime NULL default NULL,
PRIMARY KEY (user_id),
UNIQUE KEY user_email (user_email)
) DEFAULT CHARSET=utf8;[/code]
The methods exposed by SimpleLogin-Secure are identical to those of Simplelogin.
[code]// load the library $this->load->library('SimpleLoginSecure');
// create a new user $this->simpleloginsecure->create('[email protected]', 'uS$rpass!');
// attempt to login if($this->simpleloginsecure->login('[email protected]', 'uS$rpass!')) { // success }
// check if logged in if($this->session->userdata('logged_in')) { // logged in }
// logout $this->simpleloginsecure->logout();
// delete by user ID $this->simpleloginsecure->delete($user_id);[/code]
The original Simplelogin library was written by Anthony Graddy. SimpleLogin-Secure was written by [url=http://dunae.ca]Alex Dunae[/url], 2008.
Category:Contributions::Libraries::Authentication Category:Libraries::Authentication Category:Libraries::Authorization