From 98f0a74457b31f5cc117ee4a388c51da7f99c232 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 20 May 2015 05:21:29 +0200 Subject: [PATCH 01/63] added Time-Based One-Time Password --- application/config/aauth.php | 1 + .../helpers/googleauthenticator_helper.php | 208 ++++++++++++++++++ application/language/english/aauth_lang.php | 4 +- application/libraries/Aauth.php | 43 +++- sql/Aauth_v2.sql | 1 + 5 files changed, 254 insertions(+), 3 deletions(-) create mode 100644 application/helpers/googleauthenticator_helper.php diff --git a/application/config/aauth.php b/application/config/aauth.php index c1061be..9ec712c 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -57,6 +57,7 @@ $config['aauth']['recaptcha_login_attempts'] = 4; $config['aauth']['recaptcha_siteKey'] = ''; $config['aauth']['recaptcha_secret'] = ''; +$config['aauth']['totp_active'] = true; // login attempts time interval // default 20 times in one hour $config['aauth']['max_login_attempt'] = 10; diff --git a/application/helpers/googleauthenticator_helper.php b/application/helpers/googleauthenticator_helper.php new file mode 100644 index 0000000..7424d0b --- /dev/null +++ b/application/helpers/googleauthenticator_helper.php @@ -0,0 +1,208 @@ +_getBase32LookupTable(); + unset($validChars[32]); + + $secret = ''; + for ($i = 0; $i < $secretLength; $i++) { + $secret .= $validChars[array_rand($validChars)]; + } + return $secret; + } + + /** + * Calculate the code, with given secret and point in time + * + * @param string $secret + * @param int|null $timeSlice + * @return string + */ + public function getCode($secret, $timeSlice = null) + { + if ($timeSlice === null) { + $timeSlice = floor(time() / 30); + } + + $secretkey = $this->_base32Decode($secret); + + // Pack time into binary string + $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice); + // Hash it with users secret key + $hm = hash_hmac('SHA1', $time, $secretkey, true); + // Use last nipple of result as index/offset + $offset = ord(substr($hm, -1)) & 0x0F; + // grab 4 bytes of the result + $hashpart = substr($hm, $offset, 4); + + // Unpak binary value + $value = unpack('N', $hashpart); + $value = $value[1]; + // Only 32 bits + $value = $value & 0x7FFFFFFF; + + $modulo = pow(10, $this->_codeLength); + return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT); + } + + /** + * Get QR-Code URL for image, from google charts + * + * @param string $name + * @param string $secret + * @param string $title + * @return string + */ + public function getQRCodeGoogleUrl($name, $secret, $title = null) { + $urlencoded = urlencode('otpauth://totp/'.$name.'?secret='.$secret.''); + if(isset($title)) { + $urlencoded .= urlencode('&issuer='.urlencode($title)); + } + return 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$urlencoded.''; + } + + /** + * Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now + * + * @param string $secret + * @param string $code + * @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after) + * @param int|null $currentTimeSlice time slice if we want use other that time() + * @return bool + */ + public function verifyCode($secret, $code, $discrepancy = 1, $currentTimeSlice = null) + { + if ($currentTimeSlice === null) { + $currentTimeSlice = floor(time() / 30); + } + + for ($i = -$discrepancy; $i <= $discrepancy; $i++) { + $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i); + if ($calculatedCode == $code ) { + return true; + } + } + + return false; + } + + /** + * Set the code length, should be >=6 + * + * @param int $length + * @return PHPGangsta_GoogleAuthenticator + */ + public function setCodeLength($length) + { + $this->_codeLength = $length; + return $this; + } + + /** + * Helper class to decode base32 + * + * @param $secret + * @return bool|string + */ + protected function _base32Decode($secret) + { + if (empty($secret)) return ''; + + $base32chars = $this->_getBase32LookupTable(); + $base32charsFlipped = array_flip($base32chars); + + $paddingCharCount = substr_count($secret, $base32chars[32]); + $allowedValues = array(6, 4, 3, 1, 0); + if (!in_array($paddingCharCount, $allowedValues)) return false; + for ($i = 0; $i < 4; $i++){ + if ($paddingCharCount == $allowedValues[$i] && + substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) return false; + } + $secret = str_replace('=','', $secret); + $secret = str_split($secret); + $binaryString = ""; + for ($i = 0; $i < count($secret); $i = $i+8) { + $x = ""; + if (!in_array($secret[$i], $base32chars)) return false; + for ($j = 0; $j < 8; $j++) { + $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT); + } + $eightBits = str_split($x, 8); + for ($z = 0; $z < count($eightBits); $z++) { + $binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? $y:""; + } + } + return $binaryString; + } + + /** + * Helper class to encode base32 + * + * @param string $secret + * @param bool $padding + * @return string + */ + protected function _base32Encode($secret, $padding = true) + { + if (empty($secret)) return ''; + + $base32chars = $this->_getBase32LookupTable(); + + $secret = str_split($secret); + $binaryString = ""; + for ($i = 0; $i < count($secret); $i++) { + $binaryString .= str_pad(base_convert(ord($secret[$i]), 10, 2), 8, '0', STR_PAD_LEFT); + } + $fiveBitBinaryArray = str_split($binaryString, 5); + $base32 = ""; + $i = 0; + while ($i < count($fiveBitBinaryArray)) { + $base32 .= $base32chars[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)]; + $i++; + } + if ($padding && ($x = strlen($binaryString) % 40) != 0) { + if ($x == 8) $base32 .= str_repeat($base32chars[32], 6); + elseif ($x == 16) $base32 .= str_repeat($base32chars[32], 4); + elseif ($x == 24) $base32 .= str_repeat($base32chars[32], 3); + elseif ($x == 32) $base32 .= $base32chars[32]; + } + return $base32; + } + + /** + * Get array with all 32 characters for decoding from/encoding to base32 + * + * @return array + */ + protected function _getBase32LookupTable() + { + return array( + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7 + 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15 + 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23 + 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31 + '=' // padding char + ); + } +} diff --git a/application/language/english/aauth_lang.php b/application/language/english/aauth_lang.php index ec28e22..9625f98 100644 --- a/application/language/english/aauth_lang.php +++ b/application/language/english/aauth_lang.php @@ -25,6 +25,9 @@ $lang['aauth_error_email_invalid'] = 'Invalid e-mail address'; $lang['aauth_error_password_invalid'] = 'Invalid password'; $lang['aauth_error_username_invalid'] = 'Invalid Username'; $lang['aauth_error_username_required'] = 'Username required'; +$lang['aauth_error_totp_code_required'] = 'TOTP Code required'; +$lang['aauth_error_totp_code_invalid'] = 'Invalid TOTP Code'; + // Access errors $lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.'; @@ -33,7 +36,6 @@ $lang['aauth_error_login_failed_name'] = 'Username and Password do not match.'; $lang['aauth_error_login_attempts_exceeded'] = 'You have exceeded your login attempts, your account has now been locked.'; $lang['aauth_error_recaptcha_not_correct'] = 'Sorry, the reCAPTCHA text entered was incorrect.'; - // Misc. errors $lang['aauth_error_no_user'] = 'User does not exist'; $lang['aauth_error_account_not_verified'] = 'Your account has not been verified. Please check your e-mail and verify your account.'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c762e07..02f10a6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -102,6 +102,7 @@ class Aauth { $this->CI->load->helper('email'); $this->CI->load->helper('language'); $this->CI->load->helper('recaptchalib'); + $this->CI->load->helper('googleauthenticator_helper'); $this->CI->lang->load('aauth'); // config/aauth.php @@ -129,7 +130,7 @@ class Aauth { * @param bool $remember * @return bool Indicates successful login. */ - public function login($identifier, $pass, $remember = FALSE) { + public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL) { // Remove cookies first $cookie = array( @@ -234,7 +235,26 @@ class Aauth { return FALSE; } } - + + if($this->config_vars['totp_active'] == TRUE){ + $query = null; + $query = $this->aauth_db->where($db_identifier, $identifier); + $query = $this->aauth_db->where('totp_secret !=', ''); + $query = $this->aauth_db->get($this->config_vars['users']); + $totp_secret = $query->row()->totp_secret; + if ($query->num_rows() > 0 AND !$totp_code) { + $this->error($this->CI->lang->line('aauth_error_totp_code_required')); + return FALSE; + }else if ($query->num_rows() > 0 AND $totp_code) { + $ga = new PHPGangsta_GoogleAuthenticator(); + $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0); + if (!$checkResult) { + $this->error($this->CI->lang->line('aauth_error_totp_code_invalid')); + return FALSE; + } + } + } + // if email and pass matches and not banned if ( $query->num_rows() > 0 ) { @@ -2111,6 +2131,25 @@ class Aauth { return $content; } + public function generate_totp_secret(){ + $ga = new PHPGangsta_GoogleAuthenticator(); + $stop = false; + while (!$stop) { + $secret = $ga->createSecret(); + $query = $this->aauth_db->where('totp_secret', $secret); + $query = $this->aauth_db->get($this->config_vars['users']); + if ($query->num_rows() == 0) { + return $secret; + $stop = true; + } + } + } + + public function generate_totp_qrcode($secret){ + $ga = new PHPGangsta_GoogleAuthenticator(); + return $ga->getQRCodeGoogleUrl($this->config_vars['name'], $secret); + } + } // end class // $this->CI->session->userdata('id') diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index b0c68a1..12ee7a5 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -117,6 +117,7 @@ CREATE TABLE `aauth_users` ( `remember_time` datetime DEFAULT NULL, `remember_exp` text COLLATE utf8_general_ci, `verification_code` text COLLATE utf8_general_ci, + `totp_secret` varchar(16) COLLATE utf8_general_ci DEFAULT NULL, `ip_address` text COLLATE utf8_general_ci, `login_attempts` int(11) DEFAULT '0', PRIMARY KEY (`id`) From 11288205faddb39b339e550fff55ade55609a317 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 20 May 2015 05:33:16 +0200 Subject: [PATCH 02/63] added totp_reset_over_reset_password and update_user_totp_secret() --- application/config/aauth.php | 2 ++ application/libraries/Aauth.php | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 9ec712c..d9d3858 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -58,6 +58,8 @@ $config['aauth']['recaptcha_siteKey'] = ''; $config['aauth']['recaptcha_secret'] = ''; $config['aauth']['totp_active'] = true; +$config['aauth']['totp_reset_over_reset_password'] = false; + // login attempts time interval // default 20 times in one hour $config['aauth']['max_login_attempt'] = 10; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 02f10a6..54fbeac 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -502,6 +502,10 @@ class Aauth { 'pass' => $this->hash_password($pass, $user_id) ); + if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_reset_over_reset_password'] == TRUE){ + $data['totp_secret'] = NULL; + } + $row = $query->row(); $email = $row->email; @@ -2131,7 +2135,18 @@ class Aauth { return $content; } - public function generate_totp_secret(){ + public function update_user_totp_secret($user_id = FALSE, $secret) { + + if ($user_id == FALSE) + $user_id = $this->CI->session->userdata('id'); + + $data['totp_secret'] = $secret; + + $this->aauth_db->where('id', $user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); + } + + public function generate_unique_totp_secret(){ $ga = new PHPGangsta_GoogleAuthenticator(); $stop = false; while (!$stop) { From 86845c22b0e14b72c15cbfe279e59cfa380dde3a Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 22 May 2015 11:32:23 +0200 Subject: [PATCH 03/63] fixed a error on login without totp_code --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 54fbeac..b7050d6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -241,11 +241,11 @@ class Aauth { $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->where('totp_secret !=', ''); $query = $this->aauth_db->get($this->config_vars['users']); - $totp_secret = $query->row()->totp_secret; if ($query->num_rows() > 0 AND !$totp_code) { $this->error($this->CI->lang->line('aauth_error_totp_code_required')); return FALSE; }else if ($query->num_rows() > 0 AND $totp_code) { + $totp_secret = $query->row()->totp_secret; $ga = new PHPGangsta_GoogleAuthenticator(); $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0); if (!$checkResult) { From f0f1bb08e8958e2f154f8b22ae79c41469a6128d Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 22 May 2015 13:22:58 +0200 Subject: [PATCH 04/63] fixed a failure --- application/libraries/Aauth.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index b7050d6..0c81f7d 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -239,18 +239,19 @@ class Aauth { if($this->config_vars['totp_active'] == TRUE){ $query = null; $query = $this->aauth_db->where($db_identifier, $identifier); - $query = $this->aauth_db->where('totp_secret !=', ''); $query = $this->aauth_db->get($this->config_vars['users']); + $totp_secret = $query->row()->totp_secret; if ($query->num_rows() > 0 AND !$totp_code) { $this->error($this->CI->lang->line('aauth_error_totp_code_required')); return FALSE; - }else if ($query->num_rows() > 0 AND $totp_code) { - $totp_secret = $query->row()->totp_secret; - $ga = new PHPGangsta_GoogleAuthenticator(); - $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0); - if (!$checkResult) { - $this->error($this->CI->lang->line('aauth_error_totp_code_invalid')); - return FALSE; + }else { + if(!empty($totp_secret)){ + $ga = new PHPGangsta_GoogleAuthenticator(); + $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0); + if (!$checkResult) { + $this->error($this->CI->lang->line('aauth_error_totp_code_invalid')); + return FALSE; + } } } } From d2cf407cb38c5ee4c7898fddad4fc5e58fdf1354 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 22 May 2015 13:23:19 +0200 Subject: [PATCH 05/63] changed totp_active default value to false --- application/config/aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index d9d3858..0d24b8b 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -57,7 +57,7 @@ $config['aauth']['recaptcha_login_attempts'] = 4; $config['aauth']['recaptcha_siteKey'] = ''; $config['aauth']['recaptcha_secret'] = ''; -$config['aauth']['totp_active'] = true; +$config['aauth']['totp_active'] = false; $config['aauth']['totp_reset_over_reset_password'] = false; // login attempts time interval From f4c42a31208c8b4c093de3eb66cfbef87251b57f Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 26 May 2015 20:32:15 +0200 Subject: [PATCH 06/63] added totp_only_on_ip_change --- application/config/aauth.php | 2 +- application/libraries/Aauth.php | 28 +++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 0d24b8b..ddfeb7c 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -58,8 +58,8 @@ $config['aauth']['recaptcha_siteKey'] = ''; $config['aauth']['recaptcha_secret'] = ''; $config['aauth']['totp_active'] = false; +$config['aauth']['totp_only_on_ip_change'] = false; $config['aauth']['totp_reset_over_reset_password'] = false; - // login attempts time interval // default 20 times in one hour $config['aauth']['max_login_attempt'] = 10; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 0c81f7d..7784ba6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -236,7 +236,7 @@ class Aauth { } } - if($this->config_vars['totp_active'] == TRUE){ + if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE){ $query = null; $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->get($this->config_vars['users']); @@ -255,6 +255,32 @@ class Aauth { } } } + + if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == TRUE){ + $query = null; + $query = $this->aauth_db->where($db_identifier, $identifier); + $query = $this->aauth_db->get($this->config_vars['users']); + $totp_secret = $query->row()->totp_secret; + $ip_address = $query->row()->ip_address; + $current_ip_address = $this->CI->input->ip_address(); + if ($query->num_rows() > 0 AND !$totp_code) { + if($ip_address != $current_ip_address ){ + $this->error($this->CI->lang->line('aauth_error_totp_code_required')); + return FALSE; + } + }else { + if(!empty($totp_secret)){ + if($ip_address != $current_ip_address ){ + $ga = new PHPGangsta_GoogleAuthenticator(); + $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0); + if (!$checkResult) { + $this->error($this->CI->lang->line('aauth_error_totp_code_invalid')); + return FALSE; + } + } + } + } + } // if email and pass matches and not banned if ( $query->num_rows() > 0 ) { From 239ef68c802b45b6f4ce8f073ebe94ac379659a9 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 3 Jun 2015 07:39:09 +0200 Subject: [PATCH 07/63] changed some default config vars --- application/config/aauth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index ddfeb7c..92b5c1e 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -11,7 +11,7 @@ // if user don't have permisssion to see the page he will be // redirected the page spesificed below -$config['aauth']['no_permission'] = '/'; +$config['aauth']['no_permission'] = FALSE; //name of admin group $config['aauth']['admin_group'] = 'admin'; //name of default group, the new user is added in it @@ -43,10 +43,10 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; $config['aauth']['remember'] = ' +3 days'; // pasword maximum char long (min is 4) -$config['aauth']['max'] = 13; +$config['aauth']['max'] = 24; // non alphanumeric characters that are allowed in a name -$config['aauth']['valid_chars'] = array(' ', '\''); +$config['aauth']['valid_chars'] = array(); // ddos protection, //if it is true, the user will be banned temporary when he exceed the login 'try' From 515945b11a075b96004cd4205972b4579042d606 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 5 Jun 2015 04:54:28 +0200 Subject: [PATCH 08/63] fixed issue #42 --- application/libraries/Aauth.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 4e47312..34aaa1d 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1105,16 +1105,19 @@ class Aauth { $group_id = $this->get_group_id($group_par); - $this->aauth_db->where('id',$group_id); - $query = $this->aauth_db->get($this->config_vars['groups']); - if ($query->num_rows() == 0){ - return FALSE; - } + $this->aauth_db->where('id',$group_id); + $query = $this->aauth_db->get($this->config_vars['groups']); + if ($query->num_rows() == 0){ + return FALSE; + } // bug fixed // now users are deleted from user_to_group table $this->aauth_db->where('group_id', $group_id); $this->aauth_db->delete($this->config_vars['user_to_group']); + + $this->aauth_db->where('group_id', $group_id); + $this->aauth_db->delete($this->config_vars['perm_to_group']); $this->aauth_db->where('id', $group_id); return $this->aauth_db->delete($this->config_vars['groups']); @@ -1334,7 +1337,7 @@ class Aauth { // deletes from perm_to_user table $this->aauth_db->where('perm_id', $perm_id); - $this->aauth_db->delete($this->config_vars['perm_to_group']); + $this->aauth_db->delete($this->config_vars['perm_to_user']); // deletes from permission table $this->aauth_db->where('id', $perm_id); From 341bab55a73e45b9c2f6ea3bfae12a452bd1bdfc Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Mon, 8 Jun 2015 00:51:30 +0200 Subject: [PATCH 09/63] added min password length --- application/config/aauth.php | 4 +++- application/libraries/Aauth.php | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 92b5c1e..8e38c95 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -42,7 +42,9 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; // remember time $config['aauth']['remember'] = ' +3 days'; -// pasword maximum char long (min is 4) +// pasword minimum char long +$config['aauth']['min'] = 8; +// pasword maximum char long $config['aauth']['max'] = 24; // non alphanumeric characters that are allowed in a name diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 7784ba6..afeb061 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -666,7 +666,7 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } - if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ + if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){ $this->error($this->CI->lang->line('aauth_error_password_invalid')); $valid = FALSE; } From bbc992d2f7386e02ba06a472d832f8cd1a32b2ef Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Mon, 8 Jun 2015 00:53:54 +0200 Subject: [PATCH 10/63] Revert "added min password length" This reverts commit 341bab55a73e45b9c2f6ea3bfae12a452bd1bdfc. --- application/config/aauth.php | 4 +--- application/libraries/Aauth.php | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 8e38c95..92b5c1e 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -42,9 +42,7 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; // remember time $config['aauth']['remember'] = ' +3 days'; -// pasword minimum char long -$config['aauth']['min'] = 8; -// pasword maximum char long +// pasword maximum char long (min is 4) $config['aauth']['max'] = 24; // non alphanumeric characters that are allowed in a name diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index afeb061..7784ba6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -666,7 +666,7 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } - if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){ + if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ $this->error($this->CI->lang->line('aauth_error_password_invalid')); $valid = FALSE; } From 43f0d83fac23e19ececed9e7ba76da9f4c9d50b7 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Mon, 8 Jun 2015 00:59:27 +0200 Subject: [PATCH 11/63] added 'min' password length like 'max' --- application/config/aauth.php | 4 +++- application/libraries/Aauth.php | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index c1061be..4e6cb40 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -42,8 +42,10 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; // remember time $config['aauth']['remember'] = ' +3 days'; -// pasword maximum char long (min is 4) +// pasword maximum char long $config['aauth']['max'] = 13; +// pasword minimum char long +$config['aauth']['min'] = 5; // non alphanumeric characters that are allowed in a name $config['aauth']['valid_chars'] = array(' ', '\''); diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 34aaa1d..02fffc1 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -142,14 +142,15 @@ class Aauth { $this->CI->input->set_cookie($cookie); if( $this->config_vars['login_with_name'] == TRUE){ - if( !$identifier OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) + + if( !$identifier OR strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ) { $this->error($this->CI->lang->line('aauth_error_login_failed_name')); return FALSE; } $db_identifier = 'name'; }else{ - if( !valid_email($identifier) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) + if( !valid_email($identifier) OR strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ) { $this->error($this->CI->lang->line('aauth_error_login_failed_email')); return FALSE; @@ -615,7 +616,7 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } - if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ + if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){ $this->error($this->CI->lang->line('aauth_error_password_invalid')); $valid = FALSE; } @@ -692,7 +693,7 @@ class Aauth { } if ($pass != FALSE) { - if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ + if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){ $this->error($this->CI->lang->line('aauth_error_password_invalid')); $valid = FALSE; } From 35a9232e3ec17234e9fb9806375bb29fe21fea62 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Thu, 11 Jun 2015 12:49:29 +0200 Subject: [PATCH 12/63] added a fix for #46 --- application/libraries/Aauth.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 02fffc1..8ad3538 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -678,6 +678,8 @@ class Aauth { */ public function update_user($user_id, $email = FALSE, $pass = FALSE, $name = FALSE) { + $valid = TRUE; + $data = array(); if ($email != FALSE) { From 9afda70a7d61692edbece00340735a027d57dd58 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 23 Jun 2015 00:05:10 +0200 Subject: [PATCH 13/63] Updated README.md added TOTP info @tswagger take look over the TOTP pls, i dont know if anything is missing. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 80d60b0..37d2edd 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ Aauth is a User Authorization Library for CodeIgniter 2.x, which aims to make ea * Login DDoS Protection * Updated functions (check documentation for details) * Bugs fixes +* TOTP (Time-based One-time Password) ### Migration *** From 3413b3bf0ae45336aa3af01607942a11eb230887 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Thu, 25 Jun 2015 18:09:11 +0200 Subject: [PATCH 14/63] added configuration to not use cookies if sessions are enabled. --- application/config/aauth.php | 1 + application/libraries/Aauth.php | 180 ++++++++++++++++++++------------ 2 files changed, 114 insertions(+), 67 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 92b5c1e..f955c76 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -68,6 +68,7 @@ $config['aauth']['max_login_attempt'] = 10; $config['aauth']['verification'] = false; $config['aauth']['login_with_name'] = false; +$config['aauth']['use_cookies'] = false; // system email. $config['aauth']['email'] = 'admin@admin.com'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 7784ba6..d6b4645 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -22,7 +22,6 @@ * https://github.com/emreakay/CodeIgniter-Aauth * * @todo separate (on some level) the unvalidated users from the "banned" users - * @todo add configuration to not use cookies if sessions are enabled. */ class Aauth { @@ -132,15 +131,17 @@ class Aauth { */ public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL) { - // Remove cookies first - $cookie = array( - 'name' => 'user', - 'value' => '', - 'expire' => time()-3600, - 'path' => '/', - ); + if($this->config_vars['use_cookies'] == TRUE){ + // Remove cookies first + $cookie = array( + 'name' => 'user', + 'value' => '', + 'expire' => time()-3600, + 'path' => '/', + ); + $this->CI->input->set_cookie($cookie); + } - $this->CI->input->set_cookie($cookie); if( $this->config_vars['login_with_name'] == TRUE){ if( !$identifier OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) @@ -184,13 +185,17 @@ class Aauth { $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']){ - $reCAPTCHA_cookie = array( - 'name' => 'reCAPTCHA', - 'value' => 'true', - 'expire' => time()+7200, - 'path' => '/', - ); - $this->CI->input->set_cookie($reCAPTCHA_cookie); + if($this->config_vars['use_cookies'] == TRUE){ + $reCAPTCHA_cookie = array( + 'name' => 'reCAPTCHA', + 'value' => 'true', + 'expire' => time()+7200, + 'path' => '/', + ); + $this->CI->input->set_cookie($reCAPTCHA_cookie); + }else{ + $this->CI->session->set_tempdata('reCAPTCHA', 'true', 7200); + } } // if user is not verified @@ -226,7 +231,7 @@ class Aauth { $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); - if($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true'){ + if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){ $reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']); $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") ); @@ -304,24 +309,32 @@ class Aauth { $random_string = random_string('alnum', 16); $this->update_remember($row->id, $random_string, $remember_date ); - $cookie = array( - 'name' => 'user', - 'value' => $row->id . "-" . $random_string, - 'expire' => time() + 99*999*999, - 'path' => '/', - ); - - $this->CI->input->set_cookie($cookie); + if($this->config_vars['use_cookies'] == TRUE){ + $cookie = array( + 'name' => 'user', + 'value' => $row->id . "-" . $random_string, + 'expire' => time() + 99*999*999, + 'path' => '/', + ); + + $this->CI->input->set_cookie($cookie); + }else{ + $this->CI->session->set_userdata('remember', $row->id . "-" . $random_string); + } } if($this->config_vars['recaptcha_active']){ - $reCAPTCHA_cookie = array( - 'name' => 'reCAPTCHA', - 'value' => 'false', - 'expire' => time()-3600, - 'path' => '/', - ); - $this->CI->input->set_cookie($reCAPTCHA_cookie); + if($this->config_vars['use_cookies'] == TRUE){ + $reCAPTCHA_cookie = array( + 'name' => 'reCAPTCHA', + 'value' => 'false', + 'expire' => time()-3600, + 'path' => '/', + ); + $this->CI->input->set_cookie($reCAPTCHA_cookie); + }else{ + $this->CI->session->unset_tempdata('reCAPTCHA'); + } } // update last login @@ -352,37 +365,67 @@ class Aauth { // cookie control else { - if( ! $this->CI->input->cookie('user', TRUE) ){ - return FALSE; - } else { - $cookie = explode('-', $this->CI->input->cookie('user', TRUE)); - if(!is_numeric( $cookie[0] ) OR strlen($cookie[1]) < 13 ){return FALSE;} - else{ - $query = $this->aauth_db->where('id', $cookie[0]); - $query = $this->aauth_db->where('remember_exp', $cookie[1]); - $query = $this->aauth_db->get($this->config_vars['users']); - - $row = $query->row(); - - if ($query->num_rows() < 1) { - $this->update_remember($cookie[0]); - return FALSE; - }else{ - - if(strtotime($row->remember_time) > strtotime("now") ){ - $this->login_fast($cookie[0]); - return TRUE; + if($this->config_vars['use_cookies'] == TRUE){ + if( ! $this->CI->input->cookie('user', TRUE) ){ + return FALSE; + } else { + $cookie = explode('-', $this->CI->input->cookie('user', TRUE)); + if(!is_numeric( $cookie[0] ) OR strlen($cookie[1]) < 13 ){return FALSE;} + else{ + $query = $this->aauth_db->where('id', $cookie[0]); + $query = $this->aauth_db->where('remember_exp', $cookie[1]); + $query = $this->aauth_db->get($this->config_vars['users']); + + $row = $query->row(); + + if ($query->num_rows() < 1) { + $this->update_remember($cookie[0]); + return FALSE; + }else{ + + if(strtotime($row->remember_time) > strtotime("now") ){ + $this->login_fast($cookie[0]); + return TRUE; + } + // if time is expired + else { + return FALSE; + } } - // if time is expired - else { + } + } + }else{ + if(!$this->CI->session->has_userdata('remember')){ + return FALSE; + }else{ + $session = explode('-', $this->CI->session->userdata('remember')); + if(!is_numeric( $session[0] ) OR strlen($session[1]) < 13 ){return FALSE;} + else{ + $query = $this->aauth_db->where('id', $session[0]); + $query = $this->aauth_db->where('remember_exp', $session[1]); + $query = $this->aauth_db->get($this->config_vars['users']); + + $row = $query->row(); + + if ($query->num_rows() < 1) { + $this->update_remember($session[0]); return FALSE; + }else{ + + if(strtotime($row->remember_time) > strtotime("now") ){ + $this->login_fast($session[0]); + return TRUE; + } + // if time is expired + else { + return FALSE; + } } } } } } - return FALSE; } @@ -422,14 +465,15 @@ class Aauth { */ public function logout() { - $cookie = array( - 'name' => 'user', - 'value' => '', - 'expire' => time()-3600, - 'path' => '/', - ); - - $this->CI->input->set_cookie($cookie); + if($this->config_vars['use_cookies'] == TRUE){ + $cookie = array( + 'name' => 'user', + 'value' => '', + 'expire' => time()-3600, + 'path' => '/', + ); + $this->CI->input->set_cookie($cookie); + } return $this->CI->session->sess_destroy(); } @@ -2154,10 +2198,12 @@ class Aauth { public function generate_recaptcha_field(){ $content = ''; - if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true'){ - $content .= ""; - $siteKey = $this->config_vars['recaptcha_siteKey']; - $content .= "
"; + if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active']){ + if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){ + $content .= ""; + $siteKey = $this->config_vars['recaptcha_siteKey']; + $content .= "
"; + } } return $content; } From 461278b157e55426ec355bfffd4c8f261aa635b2 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Thu, 25 Jun 2015 18:11:01 +0200 Subject: [PATCH 15/63] fixed login error after TOTP check (login with wrong pw fixed) --- application/libraries/Aauth.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index d6b4645..043e646 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -220,17 +220,7 @@ class Aauth { } $user_id = $query->row()->id; - - $query = null; - $query = $this->aauth_db->where($db_identifier, $identifier); - - // Database stores pasword hashed password - $query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id)); - $query = $this->aauth_db->where('banned', 0); - $query = $this->aauth_db->get($this->config_vars['users']); - - $row = $query->row(); if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){ $reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']); $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") ); @@ -286,9 +276,20 @@ class Aauth { } } } - + + $query = null; + $query = $this->aauth_db->where($db_identifier, $identifier); + + // Database stores pasword hashed password + $query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id)); + $query = $this->aauth_db->where('banned', 0); + + $query = $this->aauth_db->get($this->config_vars['users']); + + $row = $query->row(); + // if email and pass matches and not banned - if ( $query->num_rows() > 0 ) { + if ( $query->num_rows() != 0 ) { // If email and pass matches // create session @@ -474,7 +475,7 @@ class Aauth { ); $this->CI->input->set_cookie($cookie); } - + return $this->CI->session->sess_destroy(); } From bcbf28b432c0a07feef72d0116cd5fbfeb27ab7d Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 24 Jul 2015 13:11:20 +0200 Subject: [PATCH 16/63] changed NULL to FALSE by get_perm_id() i found that error on my unit tests :smile: --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 043e646..d25df2c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1614,7 +1614,7 @@ class Aauth { $query = $this->aauth_db->get($this->config_vars['perms']); if ($query->num_rows() == 0) - return NULL; + return FALSE; $row = $query->row(); return $row->id; From f0cf74ec517b24428f93a7b7029b94af17730bc0 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 24 Jul 2015 13:15:29 +0200 Subject: [PATCH 17/63] added return by delete_user() --- application/libraries/Aauth.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index d25df2c..2a366f5 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -923,12 +923,10 @@ class Aauth { * Delete user * Delete a user from database. WARNING Can't be undone * @param int $user_id User id to delete + * @return bool Delete fails/succeeds */ public function delete_user($user_id) { - $this->aauth_db->where('id', $user_id); - $this->aauth_db->delete($this->config_vars['users']); - // delete from perm_to_user $this->aauth_db->where('user_id', $user_id); $this->aauth_db->delete($this->config_vars['perm_to_user']); @@ -940,6 +938,11 @@ class Aauth { // delete user vars $this->aauth_db->where('user_id', $user_id); $this->aauth_db->delete($this->config_vars['user_variables']); + + // delete user + $this->aauth_db->where('id', $user_id); + return $this->aauth_db->delete($this->config_vars['users']); + } //tested From 12a76b1659984fb72b78113081dee1519fc5cfb5 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Fri, 24 Jul 2015 13:40:18 +0200 Subject: [PATCH 18/63] changed result to row by get_pm added return false if ``aauth_error_no_pm`` appears --- application/libraries/Aauth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 2a366f5..d8d6358 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1720,11 +1720,12 @@ class Aauth { if ($query->num_rows() < 1) { $this->error( $this->CI->lang->line('aauth_error_no_pm') ); + return FALSE; } if ($set_as_read) $this->set_as_read_pm($pm_id); - return $query->result(); + return $query->row(); } //tested From 6474cdf2e4bd82ef57ead03cb5d17361d5a8d1fe Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 01:23:35 +0200 Subject: [PATCH 19/63] test to resolve conflicts :smile: --- application/config/aauth.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index f955c76..66dad04 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -42,8 +42,10 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; // remember time $config['aauth']['remember'] = ' +3 days'; -// pasword maximum char long (min is 4) +// pasword maximum char long $config['aauth']['max'] = 24; +// pasword minimum char long +$config['aauth']['min'] = 5; // non alphanumeric characters that are allowed in a name $config['aauth']['valid_chars'] = array(); From 595fe0b5bb18ca074b25ab9308cfeb5e96c284c7 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 01:25:26 +0200 Subject: [PATCH 20/63] revert max pw lenght --- application/config/aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 66dad04..285cc2d 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -43,7 +43,7 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; $config['aauth']['remember'] = ' +3 days'; // pasword maximum char long -$config['aauth']['max'] = 24; +$config['aauth']['max'] = 13; // pasword minimum char long $config['aauth']['min'] = 5; From b449749451e392c996c7d0783745c6227390673f Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 01:31:32 +0200 Subject: [PATCH 21/63] reverted the revert :smile: --- application/config/aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 285cc2d..66dad04 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -43,7 +43,7 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; $config['aauth']['remember'] = ' +3 days'; // pasword maximum char long -$config['aauth']['max'] = 13; +$config['aauth']['max'] = 24; // pasword minimum char long $config['aauth']['min'] = 5; From 87369a93419407a1beb98982daaea2cb5ede7114 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 01:32:27 +0200 Subject: [PATCH 22/63] Revert "reverted the revert :smile:" This reverts commit b449749451e392c996c7d0783745c6227390673f. --- application/config/aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 66dad04..285cc2d 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -43,7 +43,7 @@ $config['aauth']['user_variables'] = 'aauth_user_variables'; $config['aauth']['remember'] = ' +3 days'; // pasword maximum char long -$config['aauth']['max'] = 24; +$config['aauth']['max'] = 13; // pasword minimum char long $config['aauth']['min'] = 5; From 136ba686bdd6b71d72c3ad1a7002f91d85d74dbe Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 23:13:25 +0200 Subject: [PATCH 23/63] fix for #51 'is_allowed() bug ' --- application/libraries/Aauth.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c893deb..3b5a660 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1472,13 +1472,20 @@ class Aauth { $query = $this->aauth_db->get( $this->config_vars['perm_to_user'] ); if( $query->num_rows() > 0){ - return TRUE; - } elseif ($this->is_group_allowed($perm_id)) { - return TRUE; + return TRUE; } else { - return FALSE; - } - + if( $user_id===FALSE){ + return $this->is_group_allowed($perm_id); + } else { + $g_allowed=FALSE; + foreach( $this->get_user_groups($user_id) as $group ){ + if ( $this->is_group_allowed($perm_id, $group->id) ){ + $g_allowed=TRUE; + } + } + return $g_allowed; + } + } } /** From a11bdbe5800b9d85d4bb01df08acc675e540cb26 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 28 Jul 2015 23:31:38 +0200 Subject: [PATCH 24/63] Reserved keyword conflict in MySQL. --- application/libraries/Aauth.php | 6 +++--- sql/Aauth_v2.sql | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3b5a660..37e214c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1714,7 +1714,7 @@ class Aauth { 'receiver_id' => $receiver_id, 'title' => $title, 'message' => $message, - 'date' => date('Y-m-d H:i:s') + 'date_sent' => date('Y-m-d H:i:s') ); return $query = $this->aauth_db->insert( $this->config_vars['pms'], $data ); @@ -1796,7 +1796,7 @@ class Aauth { } $query = $this->aauth_db->where('receiver_id', $receiver_id); - $query = $this->aauth_db->where('read', 0); + $query = $this->aauth_db->where('date_read', NULL); $query = $this->aauth_db->get( $this->config_vars['pms'] ); return $query->num_rows(); @@ -1811,7 +1811,7 @@ class Aauth { public function set_as_read_pm($pm_id){ $data = array( - 'read' => 1, + 'date_read' => date('Y-m-d H:i:s') ); $this->aauth_db->update( $this->config_vars['pms'], $data, "id = $pm_id"); diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index 86f9520..c8a52de 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -75,8 +75,8 @@ CREATE TABLE `aauth_pms` ( `receiver_id` int(11) unsigned NOT NULL, `title` varchar(255) NOT NULL, `message` text, - `date` datetime DEFAULT NULL, - `read` tinyint(1) DEFAULT '0', + `date_sent` datetime DEFAULT NULL, + `date_read` datetime DEFAULT NULL, PRIMARY KEY (`id`), KEY `full_index` (`id`,`sender_id`,`receiver_id`,`read`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; From 4b530eda60f82c1f2a528635ce0dd593637b8e65 Mon Sep 17 00:00:00 2001 From: REJack Date: Tue, 4 Aug 2015 00:28:18 +0200 Subject: [PATCH 25/63] SQL error fixed --- sql/Aauth_v2.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index c8a52de..1a84a64 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -126,7 +126,7 @@ CREATE TABLE `aauth_users` ( -- ---------------------------- -- Records of aauth_users -- ---------------------------- -INSERT INTO `aauth_users` VALUES ('1', 'admin@example.com', 'dd5073c93fb477a167fd69072e95455834acd93df8fed41a2c468c45b394bfe3', 'Admin', '0', null, null, null, null, null, null, null, null, '0'); +INSERT INTO `aauth_users` VALUES ('1', 'admin@example.com', 'dd5073c93fb477a167fd69072e95455834acd93df8fed41a2c468c45b394bfe3', 'Admin', '0', null, null, null, null, null, null, null, null, null, '0'); -- ---------------------------- -- Table structure for `aauth_user_to_group` From 39c893fcc436230dd10552ab5d711a5b42959562 Mon Sep 17 00:00:00 2001 From: REJack Date: Fri, 14 Aug 2015 17:24:19 +0200 Subject: [PATCH 26/63] fix for #58 sry for my mistake --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 37e214c..d12e601 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -397,7 +397,7 @@ class Aauth { } } }else{ - if(!$this->CI->session->has_userdata('remember')){ + if(!isset($_SESSION('remember'))){ return FALSE; }else{ $session = explode('-', $this->CI->session->userdata('remember')); From 56202a2e7d30dbf54374e3f8e47e74b905344855 Mon Sep 17 00:00:00 2001 From: REJack Date: Fri, 14 Aug 2015 22:01:41 +0200 Subject: [PATCH 27/63] there was a mistake for #58 fix --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index d12e601..0964335 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -397,7 +397,7 @@ class Aauth { } } }else{ - if(!isset($_SESSION('remember'))){ + if(!isset($_SESSION['remember'])){ return FALSE; }else{ $session = explode('-', $this->CI->session->userdata('remember')); From 54f8563dcef0686fc4696a7b33fc77d38a8783a0 Mon Sep 17 00:00:00 2001 From: CEkdhl Date: Fri, 14 Aug 2015 22:36:49 +0200 Subject: [PATCH 28/63] Fix issue with messages --- application/libraries/Aauth.php | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c893deb..2f4484f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -111,8 +111,8 @@ class Aauth { $this->aauth_db = $this->CI->load->database($this->config_vars['db_profile'], TRUE); // load error and info messages from flashdata (but don't store back in flashdata) - $this->errors = $this->CI->session->flashdata('errors'); - $this->infos = $this->CI->session->flashdata('infos'); + $this->errors = $this->CI->session->flashdata('errors') ?: array(); + $this->infos = $this->CI->session->flashdata('infos') ?: array(); } @@ -1860,15 +1860,7 @@ class Aauth { */ public function get_errors_array() { - - if (!count($this->errors)==0) - { - return $this->errors; - } - else - { - return array(); - } + return $this->errors; } /** @@ -1955,14 +1947,7 @@ class Aauth { */ public function get_infos_array() { - if (!count($this->infos)==0) - { - return $this->infos; - } - else - { - return array(); - } + return $this->infos; } From 26a187bd063aa5a7a2a59c3bffc380b9d36191ac Mon Sep 17 00:00:00 2001 From: hbinded Date: Mon, 21 Sep 2015 15:51:29 +0200 Subject: [PATCH 29/63] Fix sql error This fixes the import error 
ERROR 1072 (42000): Key column 'read' doesn't exist in table
--- sql/Aauth_v2.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index 1a84a64..7696cb9 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -78,7 +78,7 @@ CREATE TABLE `aauth_pms` ( `date_sent` datetime DEFAULT NULL, `date_read` datetime DEFAULT NULL, PRIMARY KEY (`id`), - KEY `full_index` (`id`,`sender_id`,`receiver_id`,`read`) + KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- From 65c565b7a7e0a0915d185c56e5b365d4f26b7137 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 21 Sep 2015 22:52:47 +0300 Subject: [PATCH 30/63] 3x --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 901c2bc..27888e1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ *** -Aauth is a User Authorization Library for CodeIgniter 2.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. +Aauth is a User Authorization Library for CodeIgniter 2.x abd 3.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. **This is Quick Start page. You can also take a look at the [detailed Documentation Wiki](https://github.com/emreakay/CodeIgniter-Aauth/wiki/_pages) to learn about other great Features** From 29330e248f493b4d505cfcfbc21acb49b5b8e648 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 21 Sep 2015 22:53:15 +0300 Subject: [PATCH 31/63] 3.x update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 27888e1..e15c64a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ *** -Aauth is a User Authorization Library for CodeIgniter 2.x abd 3.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. +Aauth is a User Authorization Library for CodeIgniter 2.x and 3.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. **This is Quick Start page. You can also take a look at the [detailed Documentation Wiki](https://github.com/emreakay/CodeIgniter-Aauth/wiki/_pages) to learn about other great Features** From eacf9b153900dbfabe74c16c343cd27756b7c551 Mon Sep 17 00:00:00 2001 From: hbinded Date: Mon, 28 Sep 2015 20:48:17 +0200 Subject: [PATCH 32/63] Fix wrong password message This fixes a non existing error message if all authentication methods fail. Line 352 is calling 
aauth_error_login_failed
but that is not in the lang line. This fix tries to match the naming used by the OP i.e. aauth_error_login_failed_xxx where xxx is the error (email/password). --- application/libraries/Aauth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 0964335..3c50650 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -349,7 +349,7 @@ class Aauth { // if not matches else { - $this->error($this->CI->lang->line('aauth_error_login_failed')); + $this->error($this->CI->lang->line('aauth_error_login_failed_all')); return FALSE; } } @@ -2391,4 +2391,4 @@ return FALSE; /* End of file Aauth.php */ -/* Location: ./application/libraries/Aauth.php */ \ No newline at end of file +/* Location: ./application/libraries/Aauth.php */ From 4be259129d55e6bfe7a361a0b190a0188aba2326 Mon Sep 17 00:00:00 2001 From: hbinded Date: Mon, 28 Sep 2015 20:50:12 +0200 Subject: [PATCH 33/63] Added wrong password message This adds a 'aauth_error_login_failed_all which is referenced in the Aauth.php --- application/language/english/aauth_lang.php | 1 + 1 file changed, 1 insertion(+) diff --git a/application/language/english/aauth_lang.php b/application/language/english/aauth_lang.php index c6b7bbb..437a69d 100644 --- a/application/language/english/aauth_lang.php +++ b/application/language/english/aauth_lang.php @@ -38,6 +38,7 @@ $lang['aauth_error_update_username_exists'] = "Username already exists on the sy $lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.'; $lang['aauth_error_login_failed_email'] = 'E-mail Address and Password do not match.'; $lang['aauth_error_login_failed_name'] = 'Username and Password do not match.'; +$lang['aauth_error_login_failed_all'] = 'E-mail, Username or Password do not match.'; $lang['aauth_error_login_attempts_exceeded'] = 'You have exceeded your login attempts, your account has now been locked.'; $lang['aauth_error_recaptcha_not_correct'] = 'Sorry, the reCAPTCHA text entered was incorrect.'; From f7d44fc0f645668fcf9f555f795f047b8886a8ba Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Tue, 29 Sep 2015 00:11:36 +0300 Subject: [PATCH 34/63] @version update v2.3.3 added --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 2100c60..0a30bb2 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.0 + * @version 2.3.3 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From 9aca808dd70885e0d6c293189f015774cf031cf6 Mon Sep 17 00:00:00 2001 From: REJack Date: Tue, 6 Oct 2015 15:51:00 +0200 Subject: [PATCH 35/63] possible fix for #66 --- application/libraries/Aauth.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 0a30bb2..a247bd0 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -221,14 +221,15 @@ class Aauth { } $user_id = $query->row()->id; + if($this->config_vars['recaptcha_active']){ + if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){ + $reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']); + $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") ); - if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){ - $reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']); - $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") ); - - if(!$resp->success){ - $this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct')); - return FALSE; + if(!$resp->success){ + $this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct')); + return FALSE; + } } } From e6aa1f6a057fedf441e665fb4251929327f0c4cc Mon Sep 17 00:00:00 2001 From: REJack Date: Tue, 6 Oct 2015 21:32:45 +0200 Subject: [PATCH 36/63] changed __key__ to __data_key__ in ``user_variables`` & ``system_variables`` (fix for #68) --- application/libraries/Aauth.php | 24 ++++++++++++------------ sql/Aauth_v2.sql | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index a247bd0..eb08a3f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -2025,7 +2025,7 @@ class Aauth { if ($this->get_user_var($key,$user_id) ===FALSE) { $data = array( - 'key' => $key, + 'data_key' => $key, 'value' => $value, 'user_id' => $user_id ); @@ -2036,12 +2036,12 @@ class Aauth { else { $data = array( - 'key' => $key, + 'data_key' => $key, 'value' => $value, 'user_id' => $user_id ); - $this->aauth_db->where( 'key', $key ); + $this->aauth_db->where( 'data_key', $key ); $this->aauth_db->where( 'user_id', $user_id); return $this->aauth_db->update( $this->config_vars['user_variables'], $data); @@ -2066,7 +2066,7 @@ class Aauth { return FALSE; } - $this->aauth_db->where('key', $key); + $this->aauth_db->where('data_key', $key); $this->aauth_db->where('user_id', $user_id); return $this->aauth_db->delete( $this->config_vars['user_variables'] ); @@ -2092,7 +2092,7 @@ class Aauth { } $query = $this->aauth_db->where('user_id', $user_id); - $query = $this->aauth_db->where('key', $key); + $query = $this->aauth_db->where('data_key', $key); $query = $this->aauth_db->get( $this->config_vars['user_variables'] ); @@ -2124,7 +2124,7 @@ class Aauth { if ( ! $this->get_user($user_id)){ return FALSE; } - $query = $this->aauth_db->select('key'); + $query = $this->aauth_db->select('data_key'); $query = $this->aauth_db->where('user_id', $user_id); @@ -2156,7 +2156,7 @@ class Aauth { if ($this->get_system_var($key) === FALSE) { $data = array( - 'key' => $key, + 'data_key' => $key, 'value' => $value, ); @@ -2167,11 +2167,11 @@ class Aauth { else { $data = array( - 'key' => $key, + 'data_key' => $key, 'value' => $value, ); - $this->aauth_db->where( 'key', $key ); + $this->aauth_db->where( 'data_key', $key ); return $this->aauth_db->update( $this->config_vars['system_variables'], $data); } @@ -2185,7 +2185,7 @@ class Aauth { */ public function unset_system_var( $key ) { - $this->aauth_db->where('key', $key); + $this->aauth_db->where('data_key', $key); return $this->aauth_db->delete( $this->config_vars['system_variables'] ); } @@ -2199,7 +2199,7 @@ class Aauth { */ public function get_system_var( $key ){ - $query = $this->aauth_db->where('key', $key); + $query = $this->aauth_db->where('data_key', $key); $query = $this->aauth_db->get( $this->config_vars['system_variables'] ); @@ -2220,7 +2220,7 @@ class Aauth { */ public function list_system_var_keys(){ - $query = $this->aauth_db->select('key'); + $query = $this->aauth_db->select('data_key'); $query = $this->aauth_db->get( $this->config_vars['system_variables'] ); // if variable not set if ($query->num_rows() < 1) { return FALSE;} diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index 7696cb9..e5f20d3 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -91,7 +91,7 @@ CREATE TABLE `aauth_pms` ( DROP TABLE IF EXISTS `aauth_system_variables`; CREATE TABLE `aauth_system_variables` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, - `key` varchar(100) NOT NULL, + `data_key` varchar(100) NOT NULL, `value` text, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -151,7 +151,7 @@ DROP TABLE IF EXISTS `aauth_user_variables`; CREATE TABLE `aauth_user_variables` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `user_id` int(11) unsigned NOT NULL, - `key` varchar(100) NOT NULL, + `data_key` varchar(100) NOT NULL, `value` text, PRIMARY KEY (`id`), KEY `user_id_index` (`user_id`) From d724b54fefe1ac362d5a0298862a4623e0a522c7 Mon Sep 17 00:00:00 2001 From: lostlian Date: Tue, 6 Oct 2015 20:49:16 -0500 Subject: [PATCH 37/63] Spanish Language Added Spanish Language Added --- application/language/spanish/aauth_lang.php | 56 +++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 application/language/spanish/aauth_lang.php diff --git a/application/language/spanish/aauth_lang.php b/application/language/spanish/aauth_lang.php new file mode 100644 index 0000000..bf723cd --- /dev/null +++ b/application/language/spanish/aauth_lang.php @@ -0,0 +1,56 @@ + Date: Wed, 7 Oct 2015 23:58:26 +0300 Subject: [PATCH 38/63] version 2.3.4 --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index eb08a3f..858f29f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.3.3 + * @version 2.3.4 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From bc90f5a0bb45e6d48e529042b60eaef5addf62a8 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 7 Oct 2015 23:04:46 +0200 Subject: [PATCH 39/63] Updated aauth.php changed use_cookies to true to provide CI2 Support --- application/config/aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 285cc2d..46b7eaf 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -70,7 +70,7 @@ $config['aauth']['max_login_attempt'] = 10; $config['aauth']['verification'] = false; $config['aauth']['login_with_name'] = false; -$config['aauth']['use_cookies'] = false; +$config['aauth']['use_cookies'] = true; // FALSE only on CI3 // system email. $config['aauth']['email'] = 'admin@admin.com'; From bc1c12aa52d950492899b8b0d72c2c213dc2209b Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Thu, 8 Oct 2015 00:15:49 +0300 Subject: [PATCH 40/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 858f29f..127d6ab 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.3.4 + * @version 2.3.5 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From a683c62c4e84e6d6e6eb614ee2f6ab6fe60b537a Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Thu, 8 Oct 2015 00:16:11 +0300 Subject: [PATCH 41/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 127d6ab..3be029f 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.3.5 + * @version 2.4.0 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From 205380b22e8496b43787ba51256615673fd412c4 Mon Sep 17 00:00:00 2001 From: lostlian Date: Wed, 7 Oct 2015 18:12:45 -0500 Subject: [PATCH 42/63] Set definition as not mandatory parameter for create_group The $definition parameter was a required parameter and it is not like the documentation. --- application/libraries/Aauth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3be029f..007b572 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1157,9 +1157,10 @@ class Aauth { * Create group * Creates a new group * @param string $group_name New group name + * @param string $definition Description of the group * @return int|bool Group id or FALSE on fail */ - public function create_group($group_name, $definition) { + public function create_group($group_name, $definition = '') { $query = $this->aauth_db->get_where($this->config_vars['groups'], array('name' => $group_name)); From dce098ffcba01c743c2763c376942e6fbbbb68ea Mon Sep 17 00:00:00 2001 From: lostlian Date: Sat, 10 Oct 2015 08:51:53 -0500 Subject: [PATCH 43/63] Fix for depreciated valid_email function Fix for depreciated valid_email function --- application/libraries/Aauth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 007b572..f36f6a3 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -789,7 +789,8 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_update_email_exists')); $valid = FALSE; } - if (!valid_email($email)){ + $valid_email = (bool) filter_var($email, FILTER_VALIDATE_EMAIL); + if (!$valid_email){ $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } From da36535250fbd0df57a1ecc179bf851bc3bbdeb4 Mon Sep 17 00:00:00 2001 From: lostlian Date: Sat, 10 Oct 2015 10:10:52 -0500 Subject: [PATCH 44/63] Fix depreciated valid email Fix depreciated valid email --- application/libraries/Aauth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f36f6a3..0aed7b7 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -713,7 +713,8 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_email_exists')); $valid = FALSE; } - if (!valid_email($email)){ + $valid_email = (bool) filter_var($email, FILTER_VALIDATE_EMAIL); + if (!$valid_email){ $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } From cfc0295f71ea9bab07fc0ec96b2267c2592da326 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 12 Oct 2015 23:13:06 +0300 Subject: [PATCH 45/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 0aed7b7..659481b 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.4.0 + * @version 2.4.1 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From 3db113a30af247e1e807766dac75fbf0e5243e8e Mon Sep 17 00:00:00 2001 From: "Vipin K. Singh" Date: Sat, 17 Oct 2015 11:16:17 +0530 Subject: [PATCH 46/63] "aauth_error_login_failed" is not specified aauth_error_login_failed - this language key is not specified --- application/libraries/Aauth.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 659481b..3aae7b2 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -216,7 +216,12 @@ class Aauth { $query = $this->aauth_db->get($this->config_vars['users']); if($query->num_rows() == 0){ - $this->error($this->CI->lang->line('aauth_error_login_failed')); + if( $this->config_vars['login_with_name'] == TRUE){ + $this->error($this->CI->lang->line('aauth_error_username_invalid')); + } else { + $this->error($this->CI->lang->line('aauth_error_email_invalid')); + } + //$this->error($this->CI->lang->line('aauth_error_login_failed')); return FALSE; } From 9ead7557c9ff7892e97bd26aa2940370e7038d83 Mon Sep 17 00:00:00 2001 From: "Vipin K. Singh" Date: Sat, 17 Oct 2015 11:32:24 +0530 Subject: [PATCH 47/63] Another approach for aauth_error_login_failed keeping the old logic, but using proper lang key "aauth_error_no_user" --- application/libraries/Aauth.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3aae7b2..f15f5ac 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -216,12 +216,7 @@ class Aauth { $query = $this->aauth_db->get($this->config_vars['users']); if($query->num_rows() == 0){ - if( $this->config_vars['login_with_name'] == TRUE){ - $this->error($this->CI->lang->line('aauth_error_username_invalid')); - } else { - $this->error($this->CI->lang->line('aauth_error_email_invalid')); - } - //$this->error($this->CI->lang->line('aauth_error_login_failed')); + $this->error($this->CI->lang->line('aauth_error_no_user')); return FALSE; } From 51d9ea89f89a6ee87eb92da17cf6f43c6876bf15 Mon Sep 17 00:00:00 2001 From: Steve Date: Sat, 24 Oct 2015 14:54:29 +0200 Subject: [PATCH 48/63] Add first version of french language file --- application/language/french/aauth_lang.php | 56 ++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 application/language/french/aauth_lang.php diff --git a/application/language/french/aauth_lang.php b/application/language/french/aauth_lang.php new file mode 100644 index 0000000..31e7257 --- /dev/null +++ b/application/language/french/aauth_lang.php @@ -0,0 +1,56 @@ + Date: Sat, 24 Oct 2015 16:18:57 +0200 Subject: [PATCH 49/63] Update config file for readability and comprehension --- application/config/aauth.php | 203 +++++++++++++++++++++-------------- 1 file changed, 121 insertions(+), 82 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 46b7eaf..66c94dc 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -1,85 +1,124 @@ - Date: Sat, 24 Oct 2015 16:41:00 +0200 Subject: [PATCH 50/63] Double declaration and assignation of valid flag --- application/libraries/Aauth.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f15f5ac..1ead464 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -780,8 +780,6 @@ class Aauth { */ public function update_user($user_id, $email = FALSE, $pass = FALSE, $name = FALSE) { - $valid = TRUE; - $data = array(); $valid = TRUE; From 581981f02cca4aab6b39bc7bf6e6bad89cb75ee8 Mon Sep 17 00:00:00 2001 From: REJack Date: Sat, 24 Oct 2015 23:01:32 +0200 Subject: [PATCH 51/63] fix for #79 --- application/libraries/Aauth.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f15f5ac..fa8a996 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -136,7 +136,7 @@ class Aauth { $cookie = array( 'name' => 'user', 'value' => '', - 'expire' => time()-3600, + 'expire' => -3600, 'path' => '/', ); $this->CI->input->set_cookie($cookie); @@ -190,7 +190,7 @@ class Aauth { $reCAPTCHA_cookie = array( 'name' => 'reCAPTCHA', 'value' => 'true', - 'expire' => time()+7200, + 'expire' => 7200, 'path' => '/', ); $this->CI->input->set_cookie($reCAPTCHA_cookie); @@ -316,7 +316,7 @@ class Aauth { $cookie = array( 'name' => 'user', 'value' => $row->id . "-" . $random_string, - 'expire' => time() + 99*999*999, + 'expire' => 99*999*999, 'path' => '/', ); @@ -331,7 +331,7 @@ class Aauth { $reCAPTCHA_cookie = array( 'name' => 'reCAPTCHA', 'value' => 'false', - 'expire' => time()-3600, + 'expire' => -3600, 'path' => '/', ); $this->CI->input->set_cookie($reCAPTCHA_cookie); @@ -472,7 +472,7 @@ class Aauth { $cookie = array( 'name' => 'user', 'value' => '', - 'expire' => time()-3600, + 'expire' => -3600, 'path' => '/', ); $this->CI->input->set_cookie($cookie); From 80977fe87742a32da238baa6410499cc5de80a31 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Mon, 26 Oct 2015 09:54:15 +0200 Subject: [PATCH 52/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index cdbc126..c4c26f7 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.4.1 + * @version 2.4.2 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From 1c5e9aad63a1ce5fe93afb92eb28452a4e162b9e Mon Sep 17 00:00:00 2001 From: REJack Date: Mon, 26 Oct 2015 15:41:33 +0100 Subject: [PATCH 53/63] fix for #81 Invalid new config file --- application/config/aauth.php | 68 ++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 66c94dc..053324c 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -68,54 +68,54 @@ defined('BASEPATH') OR exit('No direct script access allowed'); $config_aauth = array(); $config_aauth["default"] = array( - ['no_permission'] = FALSE, + 'no_permission' => FALSE, - ['admin_group'] = 'admin', - ['default_group'] = 'default', - ['public_group'] = 'public', + 'admin_group' => 'admin', + 'default_group' => 'default', + 'public_group' => 'public', - ['db_profile'] = 'default', + 'db_profile' => 'default', - ['users'] = 'aauth_users', - ['groups'] = 'aauth_groups', - ['user_to_group'] = 'aauth_user_to_group', - ['perms'] = 'aauth_perms', - ['perm_to_group'] = 'aauth_perm_to_group', - ['perm_to_user'] = 'aauth_perm_to_user', - ['pms'] = 'aauth_pms', - ['system_variables'] = 'aauth_system_variables', - ['user_variables'] = 'aauth_user_variables', + 'users' => 'aauth_users', + 'groups' => 'aauth_groups', + 'user_to_group' => 'aauth_user_to_group', + 'perms' => 'aauth_perms', + 'perm_to_group' => 'aauth_perm_to_group', + 'perm_to_user' => 'aauth_perm_to_user', + 'pms' => 'aauth_pms', + 'system_variables' => 'aauth_system_variables', + 'user_variables' => 'aauth_user_variables', - ['remember'] = ' +3 days', + 'remember' => ' +3 days', - ['max'] = 13, - ['min'] = 5, + 'max' => 13, + 'min' => 5, - ['valid_chars'] = array(), + 'valid_chars' => array(), - ['ddos_protection'] = true, + 'ddos_protection' => true, - ['recaptcha_active'] = false, - ['recaptcha_login_attempts'] = 4, - ['recaptcha_siteKey'] = '', - ['recaptcha_secret'] = '', + 'recaptcha_active' => false, + 'recaptcha_login_attempts' => 4, + 'recaptcha_siteKey' => '', + 'recaptcha_secret' => '', - ['totp_active'] = false, - ['totp_only_on_ip_change'] = false, - ['totp_reset_over_reset_password'] = false, + 'totp_active' => false, + 'totp_only_on_ip_change' => false, + 'totp_reset_over_reset_password' => false, - ['max_login_attempt'] = 10, + 'max_login_attempt' => 10, - ['login_with_name'] = false, + 'login_with_name' => false, - ['use_cookies'] = true, + 'use_cookies' => true, - ['email'] = 'admin@admin.com', - ['name'] = 'Emre Akay', + 'email' => 'admin@admin.com', + 'name' => 'Emre Akay', - ['verification'] = false, - ['verification_link'] = '/account/verification/', - ['reset_password_link'] = '/account/reset_password/' + 'verification' => false, + 'verification_link' => '/account/verification/', + 'reset_password_link' => '/account/reset_password/' ); $config['aauth'] = $config_aauth['default']; From 0f31aa7ea7095b56964e90ab03c08b14cf5105d2 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Tue, 27 Oct 2015 08:15:35 +0200 Subject: [PATCH 54/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c4c26f7..39c7be2 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.4.2 + * @version 2.4.3 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From c999d7c8da0a612af41d44a6d73c487d2b220d07 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Tue, 27 Oct 2015 09:10:38 +0200 Subject: [PATCH 55/63] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index e15c64a..44ce482 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +![CodeIgniter-Aauth-Logo](https://cloud.githubusercontent.com/assets/2417212/8925689/add409ea-34be-11e5-8e50-845da8f5b1b0.png) + + *** Aauth is a User Authorization Library for CodeIgniter 2.x and 3.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. From f51e1b4ff2dd761f631f322fe80c7682c36d8b89 Mon Sep 17 00:00:00 2001 From: REJack Date: Tue, 27 Oct 2015 11:40:30 +0100 Subject: [PATCH 56/63] Enchantment on is_allowed() function #83 --- application/libraries/Aauth.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 39c7be2..3663b67 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1469,6 +1469,11 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } + if($this->is_admin($user_id)) + { + return true; + } + $query = $this->aauth_db->where('perm_id', $perm_id); $query = $this->aauth_db->where('user_id', $user_id); $query = $this->aauth_db->get( $this->config_vars['perm_to_user'] ); From f42e5468ffc5037ac10c20256509e690064d6c83 Mon Sep 17 00:00:00 2001 From: REJack Date: Tue, 27 Oct 2015 12:14:37 +0100 Subject: [PATCH 57/63] moved $perm_id after the if's conditions for more performance --- application/libraries/Aauth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3663b67..972afd7 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1463,8 +1463,6 @@ class Aauth { */ public function is_allowed($perm_par, $user_id=FALSE){ - $perm_id = $this->get_perm_id($perm_par); - if( $user_id == FALSE){ $user_id = $this->CI->session->userdata('id'); } @@ -1473,6 +1471,8 @@ class Aauth { { return true; } + + $perm_id = $this->get_perm_id($perm_par); $query = $this->aauth_db->where('perm_id', $perm_id); $query = $this->aauth_db->where('user_id', $user_id); From 6f70228f7117411c785046b0a13f0c4c0316a3a9 Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Tue, 27 Oct 2015 15:46:11 +0200 Subject: [PATCH 58/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 972afd7..016dd3d 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.4.3 + * @version 2.4.4 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License From 6dd383938555675095f92e14636fc1e3b18d84bd Mon Sep 17 00:00:00 2001 From: Steve Date: Tue, 27 Oct 2015 22:44:05 +0100 Subject: [PATCH 59/63] add gitignore for development comodity --- .gitignore | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 4dff4e4..7a2e453 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,16 @@ # Created by .gitignore support plugin (hsz.mobi) -.idea/ \ No newline at end of file +.idea/ + +* +!./application/config/aauth.php +!./application/controllers/example.php +!./application/helpers/googleauthenticator_helper.php +!./application/helpers/recaptchalib_helper.php +!./application/language/english/aauth_lang.php +!./application/language/french/aauth_lang.php +!./application/language/spanish/aauth_lang.php +!./application/libraries/Aauth.php +!./LICENSE +!./README.md +!./sql/Aauth_v2.sql +!./sql/readme.txt From c84fde559118caa520db9528c6eb0f902f10fd6d Mon Sep 17 00:00:00 2001 From: Steve Date: Wed, 28 Oct 2015 00:06:52 +0100 Subject: [PATCH 60/63] Add hash in configuration --- application/config/aauth.php | 4 +++- application/libraries/Aauth.php | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 053324c..7bd0f04 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -115,7 +115,9 @@ $config_aauth["default"] = array( 'verification' => false, 'verification_link' => '/account/verification/', - 'reset_password_link' => '/account/reset_password/' + 'reset_password_link' => '/account/reset_password/', + + 'hash' => 'sha256' ); $config['aauth'] = $config_aauth['default']; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 016dd3d..38d0dc3 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1145,7 +1145,7 @@ class Aauth { function hash_password($pass, $userid) { $salt = md5($userid); - return hash('sha256', $salt.$pass); + return hash($this->config_vars['hash'], $salt.$pass); } ######################## From c276164c5b6a5303632716d25130be0e3c912278 Mon Sep 17 00:00:00 2001 From: Steve Date: Wed, 28 Oct 2015 00:10:38 +0100 Subject: [PATCH 61/63] Add explaination an recommendations --- application/config/aauth.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/application/config/aauth.php b/application/config/aauth.php index 7bd0f04..ef1cb27 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -64,6 +64,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ['verification_link'] Link for verification without site_url or base_url | ['reset_password_link'] Link for reset_password without site_url or base_url | +| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..) +| Please, run hash_algos() for know your all supported algorithms +| */ $config_aauth = array(); From 825f53576f051add512a05ec404bdb6f5f18fba6 Mon Sep 17 00:00:00 2001 From: Steve Date: Wed, 28 Oct 2015 00:22:59 +0100 Subject: [PATCH 62/63] reform old gitignore --- .gitignore | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.gitignore b/.gitignore index 7a2e453..4e79763 100644 --- a/.gitignore +++ b/.gitignore @@ -1,16 +1,2 @@ # Created by .gitignore support plugin (hsz.mobi) .idea/ - -* -!./application/config/aauth.php -!./application/controllers/example.php -!./application/helpers/googleauthenticator_helper.php -!./application/helpers/recaptchalib_helper.php -!./application/language/english/aauth_lang.php -!./application/language/french/aauth_lang.php -!./application/language/spanish/aauth_lang.php -!./application/libraries/Aauth.php -!./LICENSE -!./README.md -!./sql/Aauth_v2.sql -!./sql/readme.txt From ecb3ae3a779c48a70edd845893c9da695918333b Mon Sep 17 00:00:00 2001 From: Emre Akay Date: Wed, 28 Oct 2015 10:06:41 +0200 Subject: [PATCH 63/63] Update Aauth.php --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 016dd3d..40f91bd 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -13,7 +13,7 @@ * * @copyright 2014-2015 Emre Akay * - * @version 2.4.4 + * @version 2.4.5 * * @license LGPL * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License