SimpleLoginSecure

Name: SimpleLoginSecure 1.0 Download: File:SimpleLoginSecure-1.0.zip Released: October 3, 2008 CI Version: Tested with CodeIgniter 1.6.3 Author: [url=http://dunae.ca]Alex Dunae[/url]

SimpleLoginSecure for Code Igniter is a modified version of [url=http://codeigniter.com/wiki/Simplelogin/]Anthony Graddy’s Simplelogin library[/url]. In Anthony’s words:

[quote]Simplelogin is designed to give you a quick and simple login library that will get you up and running with an unobtrusive authorization system very quickly. It does not try to guess how you want to structure your app, it simply tries to give you a little help.[/quote]

There are three primary modifications to Anthony’s original code. Most importantly, SimpleLoginSecure uses the [url=http://www.openwall.com/phpass/]phpass framework[/url] for secure, portable password hashing instead of straight [em]md5[/em] without a salt. Secondly, SimpleLoginSecure uses an e-mail address instead of a user name as the login key. And finally, it adds [em]user_date[/em], [em]user_modified[/em] and [em]user_last_login[/em] date/time fields to the default install.

For more information on why [em]md5[/em] hashing is not enough, see the excellent post about [url=http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/]password schemes on the Matasano Security blog[/url].

Installation and configuration

Copy [em]SimpleLoginSecure.php[/em] and the entire [em]phpass-0.1[/em] directory to your [em]system/application/libraries[/em] directory.

Create your database table using the following SQL sample. You can also edit the hash length and portability constants at the top of [em]SimpleLoginSecure.php[/em].

[code]CREATE TABLE users ( user_id int(10) unsigned NOT NULL auto_increment, user_email varchar(255) NOT NULL default '', user_pass varchar(60) NOT NULL default '', user_date datetime NOT NULL default '0000-00-00 00:00:00', user_modified datetime NOT NULL default '0000-00-00 00:00:00', user_last_login datetime NULL default NULL, PRIMARY KEY (user_id), UNIQUE KEY user_email (user_email), ) DEFAULT CHARSET=utf8;[/code]

Use

The methods exposed by SimpleLoginSecure are identical to those of Simplelogin.

[code]// load the library $this->load->library('SimpleLoginSecure');

// create a new user $this->simpleloginsecure->create('user@example.com', 'uS$rpass!');

// attempt to login if($this->simpleloginsecure->login('user@example.com', 'uS$rpass!')) { // success }

// check if logged in if($this->session->userdata('logged_in')) { // logged in }

// logout $this->simpleloginsecure->logout();

// delete by user ID $this->simpleloginsecure->delete($user_id);[/code]

Credits

The original Simplelogin library was written by Anthony Graddy. SimpleLoginSecure was written by [url=http://dunae.ca]Alex Dunae[/url], 2008.

SimpleLoginSecure

Installation and configuration

Use

Credits

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!