Closed q2amarket closed 10 years ago
Add a default value of null to the salt field in the DB.
-Ben Edmunds
On Nov 28, 2013, at 4:41 AM, Q2A Market notifications@github.com wrote:
When I tried to create user with store_salt to FALSE it is giving below error
$config['salt_length'] = 10;$config['store_salt'] = FALSE;
Here is the error
Error Number: 1364
Field 'salt' doesn't have a default value
INSERT INTO users
(first_name
, last_name
, company
, phone
,
username
, password
, email
, ip_address
, created_on
,
last_login
, active
) VALUES ('xxx', 'yyy', 'zzz', '466', 'xxx.yyy',
'', 'xxx@yyy.com', '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0', 1385641604,
1385641604, 1)
Filename: C:\xampp\htdocs\atlas-dev\system\database\DB_driver.php
Line Number: 330
When I tried with store_sal to TRUE it is not giving error but than it is not considering the password correct and user cannot login.
Can you help to resolve this?
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522 .
Thanks for reply,
Could you please specify in which file I should look for the salt field for the DB?
Actually in your DB Schema. So use your favorite GUI or the command line to set a default value for that column.
-Ben Edmunds
On Nov 28, 2013, at 9:05 PM, Q2A Market notifications@github.com wrote:
Thanks for reply,
Could you please specify in which file I should look for the salt field for the DB?
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29497017 .
Oh so should I consider it as a bug? By the way if I want to use salt and make it to True
in config than why it is not considering any password?
I may be asking very basic question but still trying to understand the system you have written. I won't mind to use salt
as far as it works well.
Ok that's fine. Set it to true and then copy the password from the comment in the config file to your db for the admin user. The salt changes the way the password on hashed so you'll need to update it.
-Ben Edmunds
On Nov 28, 2013, at 9:29 PM, Q2A Market notifications@github.com wrote:
Oh so should I consider it as a bug? By the way if I want to use salt and make it to True in config than why it is not considering any password?
I may be asking very basic question but still trying to understand the system you have written. I won't mind to use salt as far as it works well.
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29497503 .
Thanks for the quick response,
I have already tried that before posting here.
When I set store_salt
to TRUE
and updated password fbaa5e216d163a02ae630ab1a43372635dd374c0
in admin password field but than not able to login.
Note: I have tried updating password without selecting any function like sha1
al well as by selecting sha1
but none of them works.
Ah sorry I missed that you updated the password. Please ensure that the salt is still there in the db as well.
-Ben Edmunds
On Nov 28, 2013, at 9:37 PM, Q2A Market notifications@github.com wrote:
Thanks for the quick response,
I have already tried that before posting here.
When I set store_salt to TRUE and updated password fbaa5e216d163a02ae630ab1a43372635dd374c0 in admin password field but than not able to login.
Note: I have tried updating password without selecting any function like sha1 al well as by selecting sha1 but none of them works.
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29497662 .
Yeah salt value is there in db. Please refer this image http://s28.postimg.org/cpleard4t/image.jpg
Did you change the username or email? If so try setting it back to admin and try again.
-Ben Edmunds
On Nov 28, 2013, at 9:42 PM, Q2A Market notifications@github.com wrote:
Yeah salt value is there in db. Please refer this image http://s28.postimg.org/cpleard4t/image.jpg
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29497761 .
Actually I made changes directly to the migration file so that should not be a problem. What basically I have done combined first name and last name with dot
so it will become first.last
where default is with the space.
I have set identification with the username instead of email. Can that creates a problem?
Here is the code what I Have updated controllers/auth.php line #415
$username = strtolower($this->input->post('first_name')) . '.' . strtolower($this->input->post('last_name'));
This allows me to login with the store_salt
to FALSE
but than again not able to create new users
Do you need username login? I usually recommend using email login.
If you're going to use username you should allow the user to enter it usually
-Ben Edmunds
On Nov 28, 2013, at 10:00 PM, Q2A Market notifications@github.com wrote:
Here is the code what I Have updated controllers/auth.php line
$username = strtolower($this->input->post('first_name')) . '.' . strtolower($this->input->post('last_name'));
This allows me to login with the store_salt to FALSE but than again not able to create new users
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29498125 .
Yea likely there is an inconsistently with your changes.
How did you change the login view and method?
-Ben Edmunds
On Nov 28, 2013, at 9:57 PM, Q2A Market notifications@github.com wrote:
Actually I made changes directly to the migration file so that should not be a problem. What basically I have done combined first name and last name with dot so it will become first.last where default is with the space.
I have set identification with the username instead of email. Can that creates a problem?
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29498054 .
Yes actually the system I am building is for internal use only and we may use only username instead of email. But if you prefer and suggest email than I may switch that to email.
I am using Bootstrap3 so wrap your code to their HTML. Basically I didn't changed anything but only added HTML wrapper and some class to the form_xxx() fields.
Well it's not that you need that, I'm just trying to figure out what broke it. Can you send me your controller and a db dump and I'll try it when I get a chance.
Email me, ben.edmunds@gmail.com
-Ben Edmunds
On Nov 28, 2013, at 10:07 PM, Q2A Market notifications@github.com wrote:
Yes actually the system I am building is for internal use only and we may use only username instead of email. But if you prefer and suggest email
I am using Bootstrap3 so wrap your code to their HTML. Basically I didn't changed anything but only added HTML wrapper and some class to the form_xxx() fields.
— Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-29498264 .
Okay will send you all files by end of the day today.. you please have a look the matter. Thanks a lot
Resolved..Just changed password and works fine.
Hello I'm chaiya. I'm new Ion auth user.
I 'm facing with password field get 0 when create new user.
Could anyone help me?
Post your Ion Auth config file please.
Thank you to Mr. Ben for your fast reply
HERE is my config file:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/* | ------------------------------------------------------------------------- | Database Type |
---|---|---|
If set to TRUE, Ion Auth will use MongoDB as its database backend. | ||
If you use MongoDB there are two external dependencies that have to be | ||
integrated with your project: | ||
CodeIgniter MongoDB Active Record Library - http://github.com/alexbilbie/codeigniter-mongodb-library/tree/v2 | ||
CodeIgniter MongoDB Session Library - http://github.com/sepehr/ci-mongodb-session |
*/ $config['use_mongodb'] = FALSE;
/* | ------------------------------------------------------------------------- | MongoDB Collection. |
---|---|---|
Setup the mongodb docs using the following command: | ||
$ mongorestore sql/mongo | ||
*/ $config['collections']['users'] = 'users'; $config['collections']['groups'] = 'groups'; $config['collections']['login_attempts'] = 'login_attempts';
/* | ------------------------------------------------------------------------- | Tables. |
---|---|---|
Database table names. |
*/ $config['tables']['users'] = 'users'; $config['tables']['groups'] = 'groups'; $config['tables']['users_groups'] = 'users_groups'; $config['tables']['login_attempts'] = 'login_attempts';
/* | Users table column and Group table column you want to join WITH. |
---|---|
Joins from users.id | |
Joins from groups.id |
*/ $config['join']['users'] = 'user_id'; $config['join']['groups'] = 'group_id';
/* | ------------------------------------------------------------------------- | Hash Method (sha1 or bcrypt) |
---|---|---|
Bcrypt is available in PHP 5.3+ | ||
IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use | ||
bcrypt instead of sha1. | ||
NOTE: If you use bcrypt you will need to increase your password column character limit to (80) | ||
Below there is "default_rounds" setting. This defines how strong the encryption will be, | ||
but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust | ||
this based on your server hardware. | ||
If you are using Bcrypt the Admin password field also needs to be changed in order login as admin: | ||
$2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36 | ||
Be careful how high you set max_rounds, I would do your own testing on how long it takes | ||
to encrypt with x rounds. |
*/ $config['hash_method'] = 'bcrypt'; // sha1 or bcrypt, bcrypt is STRONGLY recommended $config['default_rounds'] = 8; // This does not apply if random_rounds is set to true $config['random_rounds'] = FALSE; $config['min_rounds'] = 5; $config['max_rounds'] = 9;
/* | ------------------------------------------------------------------------- | Authentication options. |
---|---|---|
maximum_login_attempts: This maximum is not enforced by the library, but is | ||
used by $this->ion_auth->is_max_login_attempts_exceeded(). | ||
The controller should check this function and act | ||
appropriately. If this variable set to 0, there is no maximum. |
*/ $config['site_title'] = "MYsite.com"; // Site Title, example.com $config['admin_email'] = "loeur.chaiya@gmail.com"; // Admin Email, admin@example.com $config['default_group'] = 'members'; // Default group, use name $config['admin_group'] = 'admin'; // Default administrators group, use name $config['identity'] = 'email'; // A database column which is used to login with $config['min_password_length'] = 8; // Minimum Required Length of Password $config['max_password_length'] = 20; // Maximum Allowed Length of Password $config['email_activation'] = TRUE; // Email Activation for registration $config['manual_activation'] = FALSE; // Manual Activation for registration $config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login $config['user_expire'] = 86500; // How long to remember the user (seconds). Set to zero for no expiration $config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login $config['track_login_attempts'] = FALSE; // Track the number of failed login attempts for each user or ip. $config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE) $config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts. $config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts $config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
/* | ------------------------------------------------------------------------- | Email options. |
---|---|---|
email_config: | ||
'file' = Use the default CI config or use from a config file | ||
array = Manually set your email config settings |
_/ $config['use_ci_email'] = TRUE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = array( 'protocol'=>'smtp', 'smtp_host'=>'ssl://smtp.googlemail.com', //(SMTP server) 'smtp_port'=>'465', //(SMTP port) 'smtp_timeout'=>'30', 'smtp_user'=>'abc@gmail.com', //(user@gmail.com) 'smtppass'=>'*****', // (gmail password) 'mailtype' => 'html', 'charset' => 'utf-8', 'newline' => "\r\n", );
/* | ------------------------------------------------------------------------- | Email templates. |
---|---|---|
Folder where email templates are stored. | ||
Default: auth/ |
*/ $config['email_templates'] = 'auth/email/';
/* | ------------------------------------------------------------------------- | Activate Account Email Template |
---|---|---|
Default: activate.tpl.php |
*/ $config['email_activate'] = 'activate.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Email Template |
---|---|---|
Default: forgot_password.tpl.php |
*/ $config['email_forgot_password'] = 'forgot_password.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Complete Email Template |
---|---|---|
Default: new_password.tpl.php |
*/ $config['email_forgot_password_complete'] = 'new_password.tpl.php';
/* | ------------------------------------------------------------------------- | Salt options |
---|---|---|
salt_length Default: 10 | ||
store_salt: Should the salt be stored in the database? | ||
This will change your password encryption algorithm, | ||
default password, 'password', changes to | ||
fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt. |
*/ $config['salt_length'] = 10; $config['store_salt'] = TRUE;
/* | ------------------------------------------------------------------------- | Message Delimiters. |
---|
*/ $config['delimiters_source'] = 'config'; // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library $config['message_start_delimiter'] = '
'; // Message start delimiter $config['message_end_delimiter'] = '
'; // Message end delimiter $config['error_start_delimiter'] = ''; // Error mesage start delimiter $config['error_end_delimiter'] = '
'; // Error mesage end delimiter/* End of file ionauth.php / /_ Location: ./application/config/ion_auth.php */
It's because your PHP install doesn't support BCrypt. Try updating you PHP version to at least PHP 5.3.7
Thank you Mr. Ben,
Could you provide me the way how to update PHP version please?
Depends on your server.
Are you running locally? If so what OS?
Did you install PHP yourself or using a tool like WAMP or MAMP?
I use Window 7 and Wamp tool. Thank you Chaiya
It's been years since I've used WAMP but there should be a way to select a PHP version there.
This looks like it would work: http://sourceforge.net/projects/wampserver/files/WampServer%202/WampServer%202.2/wampserver2.2e/wampserver2.2e-php5.3.13-httpd2.2.22-mysql5.5.24-32b.exe/download
Lol Ben you're like the nicest guy in the world!
@LChaiya download the latest WAMP and install it.
@Ben Thank you for trying to help me. @Robertlagrant you have good idea.
Thank you.
Haha thanks @robertlagrant. I try
Is there any solution behind install new WAMP?
OK thank you Ben,
But If I would like to use my old WAMP. What should I do Ben? Do you have any Ideas?
Once again Thank you!.
In config/ion_auth.php set
$config['hash_method'] = 'sha1';
then update the "password" field the "admin" record in your "users" table in your database to
1283592850bc9a3e833d3f93ba181a1a8b3af67a
This query should do it for you
UPDATE users SET password="1283592850bc9a3e833d3f93ba181a1a8b3af67a" WHERE username="administrator";
Many thank to Ben, Let me try on it.
Cheer!
Ben ! It work fine :).
I can create new user and password field get right value.
Thank you.
On Thu, Mar 27, 2014 at 8:05 AM, Ben Edmunds notifications@github.comwrote:
In config/ion_auth.php set
$config['hash_method'] = 'sha1';
then update the "password" field the "admin" record in your "users" table in your database to
1283592https://github.com/benedmunds/CodeIgniter-Ion-Auth/commit/1283592850bc9a3e833d3f93ba181a1a8b3af67a
This query should do it for you
UPDATE users SET password="1283592850bc9a3e833d3f93ba181a1a8b3af67a" WHERE username="administrator";
Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-38759087 .
If you're still having trouble, the Geek Squad at Best Buy can help. They're good at installing and upgrading software. Pretty knowledgable about softwares too.
Hello
But when I Login with new account why the page show like this
"You must be an administrator to view this page."?
Could anyone explain me about this message?
On Thu, Mar 27, 2014 at 9:53 PM, David Stanley notifications@github.comwrote:
If you're still having trouble, the Geek Squad at Best Buy can help. They're good at installing and upgrading software. Pretty knowledgable about softwares too.
Reply to this email directly or view it on GitHubhttps://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/522#issuecomment-38812852 .
Edit the example controller (controllers/auth.php) to fit your needs.
When I tried to create user with
store_salt
toFALSE
it is giving below errorHere is the error
When I tried with
store_sal
toTRUE
it is not giving error but than it is not considering the password correct and user cannot login.Can you help to resolve this?