Kohana 3.3: Auth Module - Able to login with false password

StackOverflow https://stackoverflow.com/questions/17416814

  •  02-06-2022
  •  | 
  •  

Question

I'm having two issue with Kohana Auth module:

  1. Able to login with false password
  2. I have logout from the application, but when click on Back button in browser, it display the content of the secured side. Then I refresh that page, it's redirect to login page - which this redirect I need it when user click on Back button in browser.

What I have done so far:

  1. I've create a workaround to check manually the password equality instead of using built-in login method and if success, use the Kohana Auth predefined method.
  2. I've done checking the Session value using Firebug, it's changing when I logout. Which suppose if clicking on Back button won't display the secured side as I've an ACL implement on the pages.

Hopes anyone can help me on this...really a critical request..

Some of my reference:

  1. Cannot login with Kohana 3.3.0 ORM Auth
  2. http://forum.kohanaframework.org/discussion/comment/78699#Comment_78699
  3. http://forum.kohanaframework.org/discussion/11756/kohana-auth-module-3-3/p1

Regards, Nas

No correct solution

OTHER TIPS

Maybe this will help: Register action:

$extra_rules = Validation::factory($this->request->post())
                        ->rule('password', 'not_empty')
                        ->rule('password', 'min_length', array(':value', '8'))
                        ->rule('password_confirm', 'matches', array(':validation', 'password_confirm', 'password'))

                $user->create($extra_rules);
//if You want to enable login add a role, or You can put it later on account confirmation or something
                if ($user->saved()) {
                    $user->add('roles', 1);
                }

Login action:

$logged = Auth::instance()->login($this->request->post('username'), $this->request->post('password'), $_POST['autologin'] = true);

        if ($logged == true) {
            $user = Auth::instance()->get_user();
            $userId = $user->id;

            HTTP::redirect('somewhere');
        } else {
            $validation = Validation::factory($this->request->post())
                    ->rule('username', 'not_empty')
                    ->rule('password', 'not_empty');
            if ($validation->check()) {
                $validation->error('username', 'general');
            }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top