Jump to content

Archived

This topic is now archived and is closed to further replies.

sKunKbad

My CodeIgniter Auth / User Management

Recommended Posts

Many hours of work have finally produced V1 of a Auth / User Management system that I made for CI. I am not claiming to be a security expert, but I tried to study and make the Auth as secure as possible. Many people have downloaded it, but so far I haven't heard back any comments, other than the code looks clean, and that maybe I overdid it a little.

 

I'd really appreciate some feedback on the system, and how secure or not secure it really is. While it does have some features common to typcial auth systems, I'd like to have a real assessment of potential vulnerabilities before going further. Any other comments are also appreciated.

 

If you're interested, please check out the system; download available from http://auth.brianswebdesign.com

 

Thanks

Share this post


Link to post
Share on other sites

Is there any docs around or an subversion browser or something?

Share this post


Link to post
Share on other sites

I'm not a codeignitor user but is this meant to be an extension to the framework or an application built with the framework?

 

Just looking at the directory structure....

 

.
|-- application
|   |-- config
|   |   |-- autoload.php
|   |   |-- config.php
|   |   |-- hooks.php
|   |   `-- routes.php
|   |-- controllers
|   |   |-- administration.php
|   |   |-- home.php
|   |   |-- register.php
|   |   |-- sudo.php
|   |   `-- user.php
|   |-- helpers
|   |   `-- MY_url_helper.php
|   |-- hooks
|   |   |-- my_session_start_hook.php
|   |   `-- my_site_definitions_hook.php
|   |-- language
|   |   `-- english
|   |       `-- authentication_lang.php
|   |-- libraries
|   |   |-- Authentication.php
|   |   `-- MY_Form_validation.php
|   |-- models
|   |   |-- administrative_functions.php
|   |   |-- formval_callbacks.php
|   |   |-- manage_users.php
|   |   `-- registration_functions.php
|   `-- views
|       |-- administration
|       |   |-- admin_menu.php
|       |   |-- create_user.php
|       |   |-- sort_users.php
|       |   |-- update_user.php
|       |   `-- users_table.php
|       |-- home
|       |   |-- column_a.php
|       |   `-- column_a_2.php
|       |-- register
|       |   |-- notify_admin_email.php
|       |   |-- registration_email.php
|       |   |-- registration_form.php
|       |   |-- settings.php
|       |   `-- show_pending.php
|       |-- template_content.php
|       `-- user
|           |-- choose_password_form.php
|           |-- column_a.php
|           |-- login_form.php
|           `-- recover_form.php
|-- css
|   |-- community_auth.css
|   `-- yui-reset-fonts-2.6.0.css
|-- img
|   `-- community_auth
|       |-- Thumbs.db
|       |-- bg.gif
|       `-- info.jpg
|-- readme.txt
`-- sql
    `-- community_auth.sql

 

It appears you have dumped a heap of files into userland.

Share this post


Link to post
Share on other sites

This is an extension. If neccessary, the whole application directory can be moved above root. While my readme file doesn't recommend this, it is worth noting that this only requires changing a single configuration setting in index.php (already noted in the readme).

 

Thanks for commenting. I'll make sure to change the readme to suggest that above root is obviously a better place for the application directory.

Share this post


Link to post
Share on other sites

Looks more like an application than an extension.

Share this post


Link to post
Share on other sites

Well, it is what it is.  I know, because you have helped me before, that you are very smart. If you see anything wrong please let me know.

Share this post


Link to post
Share on other sites

I haven't had a real good look but it seems if I where a codeignitor user the only part of your code I might find useful (and reusable) would be the actual Authentication library. Even then though, theres references to Brians Web Design which would need to be removed.

 

The rest of it IMO, should be thrown out and rebuilt by the developer. If you where asking opinions on an Auth script you made with CI instead of for CI my opinion might be different. As it is, its far too much of an application than any type of extension, most of which isn't likely to fit anyone else's needs except yours.

Share this post


Link to post
Share on other sites

It's not really my intention to have people use it without modification. The chances of somebody needing it as-is are very slim, however, there's always people asking how to log people in, and how to manage users. How to register and how to do a password recovery are common topics too. I'm happy to help people, so if anyone can use it, or use it as an example when they can't figure something out, then I'll be happy with that.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.