Closed ghost closed 9 years ago
Well... Is as simple as it says. For ion auth to work you need to have session library enabled and to use sessions you need to set an encryption key in the config.php.
avenirer, Thank you for your response and you are absolutely right which prompted me to as Ben what he set the value to for his test login of admin@admin.com/password. Obviously, when I "go live" in my application I will change this to my current encryption key.
The encryption key is not used for the password hashing.
That password or the encryption it uses has nothing to to with the encryption key that is asked in there. The encryption key that you must insert there is for CodeIgniter to work with sessions. Has nothing to do with Ion Auth.
Thanks.
I do get them confused.
Sorry for the bother.
john
From: Adrian Voicu [mailto:notifications@github.com] Sent: Wednesday, January 07, 2015 11:21 AM To: benedmunds/CodeIgniter-Ion-Auth Cc: jufkirkpatrick Subject: Re: [CodeIgniter-Ion-Auth] Initial ION_auth Setup and Error Message (#701)
That password or the encryption it uses has nothing to to with the encryption key that is asked in there. The encryption key that you must insert there is for CodeIgniter to work with sessions. Has nothing to do with Ion Auth.
— Reply to this email directly or view it on GitHub https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/701#issuecomment-69066011 . https://github.com/notifications/beacon/AEfM8d0AF4EhpwFGPfz7MB__Mf1D7CKNks5nfXCjgaJpZM4DPfJL.gif
Not to hash a dead horse, but doesn't there have to be a SALT value stored somewhere for the default login admin@admin.com/password?
With the default config the salt is stored inside the password field in the DB. If "store_salt" is true it will be stored in the salt field in the DB.
I got IT!!
From: Ben Edmunds [mailto:notifications@github.com] Sent: Wednesday, January 07, 2015 11:21 AM To: benedmunds/CodeIgniter-Ion-Auth Cc: jufkirkpatrick Subject: Re: [CodeIgniter-Ion-Auth] Initial ION_auth Setup and Error Message (#701)
Closed #701 https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/701 .
— Reply to this email directly or view it on GitHub https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/701#event-215446530 . https://github.com/notifications/beacon/AEfM8ZjIlJE3vy3Os-9fzt3xhwSyUNCrks5nfXCKgaJpZM4DPfJL.gif
Thanks. I got it, finally. I do get the SALT and encryption key mixed up!! And I do not make them the same. John
Greetings, I am testing your ION_Auth in CodeIgniter 2.2.0. I have downloaded the programs from Git Hub, etc. and I am testing on WAMP.
*/ $config['base_url'] = 'localhost/ion_auth';
*/ $config['index_page'] = '';
*/ $config['uri_protocol'] = 'AUTO';
*/
$config['url_suffix'] = '';
*/ $config['language'] = 'english';
*/ $config['charset'] = 'UTF-8';
*/ $config['enable_hooks'] = FALSE;
*/ $config['subclassprefix'] = 'MY';
*/ $config['permitted_urichars'] = 'a-z 0-9~%.:-';
*/ $config['allow_get_array'] = TRUE; $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; $config['directory_trigger'] = 'd'; // experimental not currently in use
*/ $config['log_threshold'] = 0;
*/ $config['log_path'] = '';
*/ $config['log_date_format'] = 'Y-m-d H:i:s';
*/ $config['cache_path'] = '';
*/ $config['encryption_key'] = '';
*/ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = TRUE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300;
*/ $config['cookie_prefix'] = ""; $config['cookie_domain'] = ""; $config['cookie_path'] = "/"; $config['cookie_secure'] = FALSE;
*/ $config['global_xss_filtering'] = TRUE;
*/ $config['csrf_protection'] = TRUE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200;
*/ $config['compress_output'] = FALSE;
*/ $config['time_reference'] = 'local';
*/ $config['rewrite_short_tags'] = FALSE;
*/ $config['proxy_ips'] = '';
/* End of file config.php / / Location: ./application/config/config.php */
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /**
*/ $config['tables']['users'] = 'users'; $config['tables']['groups'] = 'groups'; $config['tables']['users_groups'] = 'users_groups'; $config['tables']['login_attempts'] = 'login_attempts';
*/ $config['join']['users'] = 'user_id'; $config['join']['groups'] = 'group_id';
*/ // sha1 or bcrypt, bcrypt is STRONGLY recommended $config['hash_method'] = 'bcrypt'; // This does not apply if random_rounds is set to true $config['default_rounds'] = 8;
$config['random_rounds'] = FALSE; $config['min_rounds'] = 5; $config['max_rounds'] = 9; $config['salt_prefix'] = '$2y$';
*/ $config['site_title'] = "Example.com"; // Site Title, example.com $config['admin_email'] = "admin@example.com"; // Admin Email, admin@example.com $config['default_group'] = 'members'; // Default group, use name $config['admin_group'] = 'admin'; // Default administrators group, use name $config['identity'] = 'email'; // A database column which is used to login with $config['min_password_length'] = 8; // Minimum Required Length of Password $config['max_password_length'] = 20; // Maximum Allowed Length of Password $config['email_activation'] = FALSE; // Email Activation for registration $config['manual_activation'] = FALSE; // Manual Activation for registration $config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login $config['user_expire'] = 86500; // How long to remember the user (seconds). Set to zero for no expiration $config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login $config['track_login_attempts'] = FALSE; // Track the number of failed login attempts for each user or ip. $config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE) $config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts. $config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts $config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
*/ $config['remember_cookie_name'] = 'remember_code'; $config['identity_cookie_name'] = 'identity';
*/ $config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = array( 'mailtype' => 'html', );
*/ $config['email_templates'] = 'auth/email/';
*/ $config['email_activate'] = 'activate.tpl.php';
*/ $config['email_forgot_password'] = 'forgot_password.tpl.php';
*/ $config['email_forgot_password_complete'] = 'new_password.tpl.php';
*/ $config['salt_length'] = 22; $config['store_salt'] = FALSE;
*/ $config['delimiters_source'] = 'config'; // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library $config['message_start_delimiter'] = '
'; // Message start delimiter $config['message_end_delimiter'] = '
'; // Message end delimiter $config['error_start_delimiter'] = ''; // Error message start delimiter $config['error_end_delimiter'] = '
'; // Error message end delimiter/* End of file ionauth.php / /_ Location: ./application/config/ion_auth.php */