Closed muditmehrotra closed 9 years ago
See notes in the other issue. You should setup a test controller method and debug email sending from there.
ok I will try to create a new controller and try to send email.
One more thing is after registering the user when I try to login the user by using the correct email and password its not working. I debug the result of $this->ion_auth->login($identity, $password, $remember); but it return false every time in fact with the correct user email and password. I am using email as identity for login in the config/ion_auth file already but don't know why its not working as I expected :( Below is the code for the login action :
public function login() { $this->form_validation->set_rules('identity', 'Email', 'required'); $this->form_validation->set_rules('loginpassword', 'Password', 'required');
$identity = $this->input->post('identity');
$password = $this->input->post('loginpassword');
$remember = (bool) $this->input->post('remember');
if($this->form_validation->run() == true)
{
$log = $this->ion_auth->login($identity, $password, $remember);
if ($log == true)
{
$messages = $this->ion_auth->messages();
echo $messages;
die($messages);
}
else
{
$errors = $this->ion_auth->errors();
echo $errors;
die($errors);
}
}
else
{
die("invalid");
}
}
Please, advise where I am doing wrong I have rechecked my code many times but not able to find any loophole. Please, advise ben?
What does the $this->ion_auth->errors() output? Also please post your config.
Here is the code for the config.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/* | -------------------------------------------------------------------------- | Base Site URL |
---|---|---|
URL to your CodeIgniter root. Typically this will be your base URL, | ||
WITH a trailing slash: | ||
http://example.com/ | ||
If this is not set then CodeIgniter will guess the protocol, domain and | ||
path to your installation. | ||
*/ $config['base_url'] = 'http://localhost/salokya/codeigniter/gab/';
/* | -------------------------------------------------------------------------- | Index File |
---|---|---|
Typically this will be your index.php file, unless you've renamed it to | ||
something else. If you are using mod_rewrite to remove the page set this | ||
variable so that it is blank. | ||
*/ $config['index_page'] = '';
/* | -------------------------------------------------------------------------- | URI PROTOCOL |
---|---|---|
This item determines which server global should be used to retrieve the | ||
URI string. The default setting of 'AUTO' works for most servers. | ||
If your links do not seem to work, try one of the other delicious flavors: | ||
'AUTO' Default - auto detects | ||
'PATH_INFO' Uses the PATH_INFO | ||
'QUERY_STRING' Uses the QUERY_STRING | ||
'REQUEST_URI' Uses the REQUEST_URI | ||
'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO | ||
*/ $config['uri_protocol'] = 'AUTO';
/* | -------------------------------------------------------------------------- | URL suffix |
---|---|---|
This option allows you to add a suffix to all URLs generated by CodeIgniter. | ||
For more information please see the user guide: | ||
http://codeigniter.com/user_guide/general/urls.html |
*/
$config['url_suffix'] = '';
/* | -------------------------------------------------------------------------- | Default Language |
---|---|---|
This determines which set of language files should be used. Make sure | ||
there is an available translation if you intend to use something other | ||
than english. | ||
*/ $config['language'] = 'english';
/* | -------------------------------------------------------------------------- | Default Character Set |
---|---|---|
This determines which character set is used by default in various methods | ||
that require a character set to be provided. | ||
*/ $config['charset'] = 'UTF-8';
/* | -------------------------------------------------------------------------- | Enable/Disable System Hooks |
---|---|---|
If you would like to use the 'hooks' feature you must enable it by | ||
setting this variable to TRUE (boolean). See the user guide for details. | ||
*/ $config['enable_hooks'] = FALSE;
/* | -------------------------------------------------------------------------- | Class Extension Prefix |
---|---|---|
This item allows you to set the filename/classname prefix when extending | ||
native libraries. For more information please see the user guide: | ||
http://codeigniter.com/user_guide/general/core_classes.html | ||
http://codeigniter.com/user_guide/general/creating_libraries.html | ||
*/ $config['subclassprefix'] = 'MY';
/* | -------------------------------------------------------------------------- | Allowed URL Characters |
---|---|---|
This lets you specify with a regular expression which characters are permitted | ||
within your URLs. When someone tries to submit a URL with disallowed | ||
characters they will get a warning message. | ||
As a security measure you are STRONGLY encouraged to restrict URLs to | ||
as few characters as possible. By default only these are allowed: a-z 0-9~%.:_- | ||
Leave blank to allow all characters -- but only if you are insane. | ||
DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | ||
*/ $config['permitted_urichars'] = 'a-z 0-9~%.:-';
/* | -------------------------------------------------------------------------- | Enable Query Strings |
---|---|---|
By default CodeIgniter uses search-engine friendly segment based URLs: | ||
example.com/who/what/where/ | ||
By default CodeIgniter enables access to the $_GET array. If for some | ||
reason you would like to disable it, set 'allow_get_array' to FALSE. | ||
You can optionally enable standard query string based URLs: | ||
example.com?who=me&what=something&where=here | ||
Options are: TRUE or FALSE (boolean) | ||
The other items let you set the query string 'words' that will | ||
invoke your controllers and its functions: | ||
example.com/index.php?c=controller&m=function | ||
Please note that some of the helpers won't work as expected when | ||
this feature is enabled, since CodeIgniter is designed primarily to | ||
use segment based URLs. | ||
*/ $config['allow_get_array'] = TRUE; $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; $config['directory_trigger'] = 'd'; // experimental not currently in use
/* | -------------------------------------------------------------------------- | Error Logging Threshold |
---|---|---|
If you have enabled error logging, you can set an error threshold to | ||
determine what gets logged. Threshold options are: | ||
You can enable error logging by setting a threshold over zero. The | ||
threshold determines what gets logged. Threshold options are: | ||
0 = Disables logging, Error logging TURNED OFF | ||
1 = Error Messages (including PHP errors) | ||
2 = Debug Messages | ||
3 = Informational Messages | ||
4 = All Messages | ||
For a live site you'll usually only enable Errors (1) to be logged otherwise | ||
your log files will fill up very fast. | ||
*/ $config['log_threshold'] = 0;
/* | -------------------------------------------------------------------------- | Error Logging Directory Path |
---|---|---|
Leave this BLANK unless you would like to set something other than the default | ||
application/logs/ folder. Use a full server path with trailing slash. | ||
*/ $config['log_path'] = '';
/* | -------------------------------------------------------------------------- | Date Format for Logs |
---|---|---|
Each item that is logged has an associated date. You can use PHP date | ||
codes to set your own date formatting | ||
*/ $config['log_date_format'] = 'Y-m-d H:i:s';
/* | -------------------------------------------------------------------------- | Cache Directory Path |
---|---|---|
Leave this BLANK unless you would like to set something other than the default | ||
system/cache/ folder. Use a full server path with trailing slash. | ||
*/ $config['cache_path'] = '';
/* | -------------------------------------------------------------------------- | Encryption Key |
---|---|---|
If you use the Encryption class or the Session class you | ||
MUST set an encryption key. See the user guide for info. | ||
*/ $config['encryption_key'] = 'MQ53o14F3788W5j93P5098n97SHThkWn';
/* | -------------------------------------------------------------------------- | Session Variables |
---|---|---|
'sess_cookie_name' = the name you want for the cookie | ||
'sess_expiration' = the number of SECONDS you want the session to last. | ||
by default sessions last 7200 seconds (two hours). Set to zero for no expiration. | ||
'sess_expire_on_close' = Whether to cause the session to expire automatically | ||
when the browser window is closed | ||
'sess_encrypt_cookie' = Whether to encrypt the cookie | ||
'sess_use_database' = Whether to save the session data to a database | ||
'sess_table_name' = The name of the session database table | ||
'sess_match_ip' = Whether to match the user's IP address when reading the session data | ||
'sess_match_useragent' = Whether to match the User Agent when reading the session data | ||
'sess_time_to_update' = how many seconds between CI refreshing Session Information | ||
*/ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300;
/* | -------------------------------------------------------------------------- | Cookie Related Variables |
---|---|---|
'cookie_prefix' = Set a prefix if you need to avoid collisions | ||
'cookie_domain' = Set to .your-domain.com for site-wide cookies | ||
'cookie_path' = Typically will be a forward slash | ||
'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists. | ||
*/ $config['cookie_prefix'] = ""; $config['cookie_domain'] = ""; $config['cookie_path'] = "/"; $config['cookie_secure'] = FALSE;
/* | -------------------------------------------------------------------------- | Global XSS Filtering |
---|---|---|
Determines whether the XSS filter is always active when GET, POST or | ||
COOKIE data is encountered | ||
*/ $config['global_xss_filtering'] = FALSE;
/* | -------------------------------------------------------------------------- | Cross Site Request Forgery |
---|---|---|
Enables a CSRF cookie token to be set. When set to TRUE, token will be | ||
checked on a submitted form. If you are accepting user data, it is strongly | ||
recommended CSRF protection be enabled. | ||
'csrf_token_name' = The token name | ||
'csrf_cookie_name' = The cookie name | ||
'csrf_expire' = The number in seconds the token should expire. |
*/ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200;
/* | -------------------------------------------------------------------------- | Output Compression |
---|---|---|
Enables Gzip output compression for faster page loads. When enabled, | ||
the output class will test whether your server supports Gzip. | ||
Even if it does, however, not all browsers support compression | ||
so enable only if you are reasonably sure your visitors can handle it. | ||
VERY IMPORTANT: If you are getting a blank page when compression is enabled it | ||
means you are prematurely outputting something to your browser. It could | ||
even be a line of whitespace at the end of one of your scripts. For | ||
compression to work, nothing can be sent before the output buffer is called | ||
by the output class. Do not 'echo' any values with compression enabled. | ||
*/ $config['compress_output'] = FALSE;
/* | -------------------------------------------------------------------------- | Master Time Reference |
---|---|---|
Options are 'local' or 'gmt'. This pref tells the system whether to use | ||
your server's local time as the master 'now' reference, or convert it to | ||
GMT. See the 'date helper' page of the user guide for information | ||
regarding date handling. | ||
*/ $config['time_reference'] = 'local';
/* | -------------------------------------------------------------------------- | Rewrite PHP Short Tags |
---|---|---|
If your PHP installation does not have short tag support enabled CI | ||
can rewrite the tags on-the-fly, enabling you to utilize that syntax | ||
in your view files. Options are TRUE or FALSE (boolean) | ||
*/ $config['rewrite_short_tags'] = FALSE;
/* | -------------------------------------------------------------------------- | Reverse Proxy IPs |
---|---|---|
If your server is behind a reverse proxy, you must whitelist the proxy IP | ||
addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR | ||
header in order to properly identify the visitor's IP address. | ||
Comma-delimited, e.g. '10.0.1.200,10.0.1.201' | ||
*/ $config['proxy_ips'] = '';
/* End of file config.php / / Location: ./application/config/config.php */
Code for the config/ion_auth.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /**
/* | ------------------------------------------------------------------------- | Tables. |
---|---|---|
Database table names. |
*/ $config['tables']['users'] = 'users'; $config['tables']['groups'] = 'groups'; $config['tables']['users_groups'] = 'users_groups'; $config['tables']['login_attempts'] = 'login_attempts';
/* | Users table column and Group table column you want to join WITH. |
---|---|
Joins from users.id | |
Joins from groups.id |
*/ $config['join']['users'] = 'user_id'; $config['join']['groups'] = 'group_id';
/* | ------------------------------------------------------------------------- | Hash Method (sha1 or bcrypt) |
---|---|---|
Bcrypt is available in PHP 5.3+ | ||
IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use | ||
bcrypt instead of sha1. | ||
NOTE: If you use bcrypt you will need to increase your password column character limit to (80) | ||
Below there is "default_rounds" setting. This defines how strong the encryption will be, | ||
but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust | ||
this based on your server hardware. | ||
If you are using Bcrypt the Admin password field also needs to be changed in order login as admin: | ||
$2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36 | ||
Be careful how high you set max_rounds, I would do your own testing on how long it takes | ||
to encrypt with x rounds. | ||
salt_prefix: Used for bcrypt. Versions of PHP before 5.3.7 only support "$2a$" as the salt prefix | ||
Versions 5.3.7 or greater should use the default of "$2y$". |
*/ $config['hash_method'] = 'bcrypt'; // sha1 or bcrypt, bcrypt is STRONGLY recommended $config['default_rounds'] = 8; // This does not apply if random_rounds is set to true $config['random_rounds'] = FALSE; $config['min_rounds'] = 5; $config['max_rounds'] = 9; $config['salt_prefix'] = '$2y$';
/* | ------------------------------------------------------------------------- | Authentication options. |
---|---|---|
maximum_login_attempts: This maximum is not enforced by the library, but is | ||
used by $this->ion_auth->is_max_login_attempts_exceeded(). | ||
The controller should check this function and act | ||
appropriately. If this variable set to 0, there is no maximum. |
*/ $config['site_title'] = "Example.com"; // Site Title, example.com $config['admin_email'] = "admin@example.com"; // Admin Email, admin@example.com $config['default_group'] = 'customer'; // Default group, use name $config['admin_group'] = 'admin'; // Default administrators group, use name $config['identity'] = 'email'; // A database column which is used to login with $config['min_password_length'] = 5; // Minimum Required Length of Password $config['max_password_length'] = 20; // Maximum Allowed Length of Password $config['email_activation'] = TRUE; // Email Activation for registration $config['manual_activation'] = FALSE; // Manual Activation for registration $config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login $config['user_expire'] = 86500; // How long to remember the user (seconds). Set to zero for no expiration $config['user_extend_on_login'] = TRUE; // Extend the users cookies every time they auto-login $config['track_login_attempts'] = FALSE; // Track the number of failed login attempts for each user or ip. $config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE) $config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts. $config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts $config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
/* | ------------------------------------------------------------------------- | Cookie options. |
---|---|---|
remember_cookie_name Default: remember_code | ||
identity_cookie_name Default: identity |
*/ $config['remember_cookie_name'] = 'remember_code'; $config['identity_cookie_name'] = 'identity';
/* | ------------------------------------------------------------------------- | Email options. |
---|---|---|
email_config: | ||
'file' = Use the default CI config or use from a config file | ||
array = Manually set your email config settings |
*/ $config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = array( 'mailtype' => 'html', 'protocol' => 'smtp', 'smtp_host' => 'ssl://smtp.googlemail.com', 'smtp_port' => 465 , 'smtp_timeout'=>'30', 'smtp_user' => 'mudit5050@gmail.com', 'smtp_pass' => '074562160', 'charset' => 'utf-8', 'newline' => '\r\n', );
/* | ------------------------------------------------------------------------- | Email templates. |
---|---|---|
Folder where email templates are stored. | ||
Default: auth/ |
*/ $config['email_templates'] = 'auth/email/';
/* | ------------------------------------------------------------------------- | Activate Account Email Template |
---|---|---|
Default: activate.tpl.php |
*/ $config['email_activate'] = 'activate.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Email Template |
---|---|---|
Default: forgot_password.tpl.php |
*/ $config['email_forgot_password'] = 'forgot_password.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Complete Email Template |
---|---|---|
Default: new_password.tpl.php |
*/ $config['email_forgot_password_complete'] = 'new_password.tpl.php';
/* | ------------------------------------------------------------------------- | Salt options |
---|---|---|
salt_length Default: 22 | ||
store_salt: Should the salt be stored in the database? | ||
This will change your password encryption algorithm, | ||
default password, 'password', changes to | ||
fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt. |
*/ $config['salt_length'] = 22; $config['store_salt'] = FALSE;
/* | ------------------------------------------------------------------------- | Message Delimiters. |
---|
*/ $config['delimiters_source'] = 'config'; // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library $config['message_start_delimiter'] = '
'; // Message start delimiter $config['message_end_delimiter'] = '
'; // Message end delimiter $config['error_start_delimiter'] = ''; // Error message start delimiter $config['error_end_delimiter'] = '
'; // Error message end delimiter/* End of file ionauth.php / /_ Location: ./application/config/ion_auth.php */
I have found this line on codeigniter forum debug the code instead of using this line we can use die('login') for success and die('failed') for unsuccessful login and got this response via AJAX on view. Please, review the code my project is halted due to this :(
if you use a non-ajax method does it work?
Also, what does $this->ion_auth->errors() return if you var_dump it after the login attempt?
Yes I have used it without AJAX too and it returns "Incorrect Login".
One thing I noticed each time ion_auth generate a different encrypted password string for the same password like "12345678"
In my Database 12345678 will be $2y$08$MHbcSjKbkFiuEl5dJRcb5ud.9aie26hwY while by encrypting the same string using the http://www.bcrypt-generator.com/ it generates $2a$08$Z3C/n6RWWAPGCkkjqtDRN.Q8rCvcYGgSDrCV/9THJ9HGCRvkhabBy Both are Bcrypt encryption.
I think this will be the reason. Isn't it?
User registered successfully but when I try to login it refused why I don't know. I have checked my code many times its simple thing but not working. Please, advise where is the mistake? How to fix this issue because my project halted and client wants me to use this lib for user auth.
It uses a random salt so the string should be different every time. What version of PHP are you running?
I am using PHP 5.5.14 on MAMP server mac os. So what's the issue?
I'm not sure what the issue is. I've never seen anyone have this problem.
You'll need to add debug code to the model to see if the generated hash isn't matching the DB hash.
What DB are you using?
oops :(
MySQL I have tried it many times but getting same error. Can I send you my code for review?
Yea, zip up the project. Including the DB dump. and email to me ben DOT edmunds @ gmail.com
Hi Please, check your mail I have send code base to you
I'll check it out. It'll probably be later tonight or tomorrow before I get to it.
OK Thanks and Looking forward to you for expert advise. It will be great if you mail me code with any improvement back on my mail.
Thanks
Looks like you're using an old SQL schema. If you make the following changes it will correct the issues:
Update the following column types: users.password -> varchar(255) users.salt -> varchar(255) users.ip_address -> varchar(15)
Hi Ben,
I am new to ion_auth. I have done user registration successfully but I also need to send activation email to user and when user click that link his account need to be activate. My client wants to send activation email by using the mandrill.com. So my query is how I can do this? Also i have try to send activation email by configuring the config/ion_auth file by adding following code for gmail:
config/ion_auth.php file
$config['email_activation'] = TRUE; // Email Activation for registration $config['manual_activation'] = FALSE;
$config['use_ci_email'] = TRUE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = array( 'mailtype' => 'html', 'protocol' => 'smtp', 'smtp_host' => 'ssl://smtp.googlemail.com', 'smtp_port' => 465 , 'smtp_timeout'=>'30', 'smtpuser' => '**@gmail.com', 'smtppass' => '**', 'charset' => 'utf-8', 'newline' => '\r\n', );
My view code is :
'regForm'); echo form_open('', $attributes); ?>
if($this->form_validation->run() === FALSE) { die("no"); } else { $username = $this->input->post('email'); $firstName = $this->input->post('firstName'); $lastName = $this->input->post('lastName'); $email = $this->input->post('email'); $password = $this->input->post('password');
}