
Reputation: 1751

Codeigniter ion auth password issue

I ran in to a problem with ion auth what i cant really solve.

I use sha1 encryption, salt is turnd off in config.

Checked if the input post posts the correct input and it does.

I type in for password 12345, and that should be 8cb2237d0679ca88db6464eac60da96345513964 whit sha1 encryption.

But when it sends it into the database its totally different every time, like it would create a random string each time

Here is my signup function

// signup
function signup()


     $this->form_validation->set_rules('username', 'Username', 'required');
     $this->form_validation->set_rules('password', 'Password', 'required|min_length[4]');
     $this->form_validation->set_rules('repassword', 'Retype Your Password', 'required|min_length[4]|matches[password]');

     if($this->form_validation->run() !== FALSE)
          $username = $this->input->post('username');
          $password = $this->input->post('password');
          $email = $this->input->post('email');
          $additional_data = array('name' => $this->input->post('name'));    

          $group = array('2');
          $this->ion_auth->register($username, $password, $email, $additional_data, $group);


Could please someone give me a hint? or if anybody ran in to a similar problem and got it fixed, please provide some help


config file

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

| -------------------------------------------------------------------------
| Database Type
| -------------------------------------------------------------------------
| If set to TRUE, Ion Auth will use MongoDB as its database backend.
| If you use MongoDB there are two external dependencies that have to be 
| integrated with your project:
|   CodeIgniter MongoDB Active Record Library -
|   CodeIgniter MongoDB Session Library -
$config['use_mongodb'] = FALSE;

| -------------------------------------------------------------------------
| MongoDB Collection.
| -------------------------------------------------------------------------
| Setup the mongodb docs using the following command: 
| $ mongorestore sql/mongo
| Ion Auth uses a simplified schema when using MongoDB as backend, here they are:
| groups: {
|   _id: GROUP_ID,
|   name,
|   description
| }
| login_attempts: {
|   ip_address,
|   login,
|   time
| }
| users: {
|   _id: USER_ID,
|   ip_address,
|   username, (ensureIndex)
|   password,
|   salt,
|   email, (ensureIndex)
|   activation_code,
|   forgotten_password_code, (ensureIndex)
|   forgotten_password_time,
|   remember_code,
|   created_on, (ensureIndex)
|   last_login,
|   active, (ensureIndex)
|   first_name,
|   last_name,
|   company,
|   phone,
|   groups: [GROUP_ID_1, GROUP_ID_2, ...], (ensureIndex)
| }
$config['collections']['users']          = 'users';
$config['collections']['groups']         = 'groups';
$config['collections']['login_attempts'] = 'login_attempts';

| -------------------------------------------------------------------------
| Tables.
| -------------------------------------------------------------------------
| Database table names.
$config['tables']['users']           = 'job_users';
$config['tables']['groups']          = 'job_groups';
$config['tables']['users_groups']    = 'job_users_groups';
$config['tables']['login_attempts']  = 'job_ogin_attempts';

 | Users table column and Group table column you want to join WITH.
 | Joins from
 | Joins from
$config['join']['users']  = 'user_id';
$config['join']['groups'] = 'group_id';

 | -------------------------------------------------------------------------
 | Hash Method (sha1 or bcrypt)
 | -------------------------------------------------------------------------
 | Bcrypt is available in PHP 5.3+
 | IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use
 | bcrypt instead of sha1.
 | NOTE: If you use bcrypt you will need to increase your password column character limit to (80)
 | Below there is "default_rounds" setting.  This defines how strong the encryption will be,
 | but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust
 | this based on your server hardware.
 | If you are using Bcrypt the Admin password field also needs to be changed in order login as admin:
 | $2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36
 | Becareful how high you set max_rounds, I would do your own testing on how long it takes
 | to encrypt with x rounds.
$config['hash_method']    = 'sha1'; // IMPORTANT: Make sure this is set to either sha1 or bcrypt
$config['default_rounds'] = 8;      // This does not apply if random_rounds is set to true
$config['random_rounds']  = FALSE;
$config['min_rounds']     = 5;
$config['max_rounds']     = 9;

 | -------------------------------------------------------------------------
 | Authentication options.
 | -------------------------------------------------------------------------
 | maximum_login_attempts: This maximum is not enforced by the library, but is
 | used by $this->ion_auth->is_max_login_attempts_exceeded().
 | The controller should check this function and act
 | appropriately. If this variable set to 0, there is no maximum.
$config['site_title']           = "";        // Site Title,
$config['admin_email']          = "[email protected]";  // Admin Email, [email protected]
$config['default_group']        = 'members';            // Default group, use name
$config['admin_group']          = 'admin';              // Default administrators group, use name
$config['identity']             = 'email';              // A database column which is used to login with
$config['min_password_length']  = 7;                    // Minimum Required Length of Password
$config['max_password_length']  = 20;                   // Maximum Allowed Length of Password
$config['email_activation']     = FALSE;                // Email Activation for registration
$config['manual_activation']    = FALSE;                // Manual Activation for registration
$config['remember_users']       = TRUE;                 // Allow users to be remembered and enable auto-login
$config['user_expire']          = 86500;                // How long to remember the user (seconds)
$config['user_extend_on_login'] = FALSE;                // Extend the users cookies everytime they auto-login
$config['track_login_attempts'] = FALSE;                // Track the number of failed login attempts for each user or ip.
$config['maximum_login_attempts']     = 3;              // The maximum number of failed login attempts.
$config['forgot_password_expiration'] = 0;              // The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.

 | -------------------------------------------------------------------------
 | Email options.
 | -------------------------------------------------------------------------
 | email_config:
 |    'file' = Use the default CI config or use from a config file
 |    array  = Manually set your email config settings
$config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity
$config['email_config'] = array(
    'mailtype' => 'html',

 | -------------------------------------------------------------------------
 | Email templates.
 | -------------------------------------------------------------------------
 | Folder where email templates are stored.
 | Default: auth/
$config['email_templates'] = 'auth/email/';

 | -------------------------------------------------------------------------
 | Activate Account Email Template
 | -------------------------------------------------------------------------
 | Default: activate.tpl.php
$config['email_activate'] = 'activate.tpl.php';

 | -------------------------------------------------------------------------
 | Forgot Password Email Template
 | -------------------------------------------------------------------------
 | Default: forgot_password.tpl.php
$config['email_forgot_password'] = 'forgot_password.tpl.php';

 | -------------------------------------------------------------------------
 | Forgot Password Complete Email Template
 | -------------------------------------------------------------------------
 | Default: new_password.tpl.php
$config['email_forgot_password_complete'] = 'new_password.tpl.php';

 | -------------------------------------------------------------------------
 | Salt options
 | -------------------------------------------------------------------------
 | salt_length Default: 10
 | store_salt: Should the salt be stored in the database?
 | This will change your password encryption algorithm,
 | default password, 'password', changes to
 | fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt.
$config['salt_length'] = 10;
$config['store_salt']  = FALSE;

 | -------------------------------------------------------------------------
 | Message Delimiters.
 | -------------------------------------------------------------------------
$config['message_start_delimiter'] = '<p>';     // Message start delimiter
$config['message_end_delimiter']   = '</p>';    // Message end delimiter
$config['error_start_delimiter']   = '<p>';     // Error mesage start delimiter
$config['error_end_delimiter']     = '</p>';    // Error mesage end delimiter

/* End of file ion_auth.php */
/* Location: ./application/config/ion_auth.php */

Upvotes: 4

Views: 13227

Answers (2)


Reputation: 1751

First thanks for Mike for his help out.

I managed to make it, and I feel a bit stupid.

The problem was with identity. I was checking the identity with name, instead of email.

Now it works like a charm.

And thanks Again Mike

Upvotes: 1


Reputation: 10634

ion_auth does use a salt and its random..

See the configs:

'salt_length' - Length of the encryption salt. DEFAULT is '10'.

'store_salt' - TRUE or FALSE. Store the salt in a separate database column or not. This can be useful for integrating with existing apps. DEFAULT is 'false'.

You should create a controller to create the user.


function register(){
  //$this->ion_auth->register($username, $password, $email, $additional_data, $group)
    $this->ion_auth->register('robert', '123456', '[email protected]', array( 'first_name' => 'Robert', 'last_name' => 'Roberts' ), array('1') );


Just noticed you are doing this.. I was under the impression you were trying to manually add the user to the table.

Couple questions

  • What is loggedIn();
  • did you use the provided sql file to import/create the tables and data for ion_auth
  • what does your config look like?
  • group id #2 is not required as the user thats registering will ALWAYS be assigned to group 2

You're defining $additional_data incorrectly as there are first_name, last_name, phone fields and no name field.

Upvotes: 1

Related Questions