TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
Kohana 3.3 - Login & Logout
  • Hi everyone,

    I'm having two problems using Kohana 3.3 Auth.

    1. When login, i'm able to use false password to login.
    2. When logout, it works fine, session cleared & regenerated and redirect to login page. But, click on back button in browser, in return a protected area (login required).

    For Login module, i'm referring to http://jdstraughan.com/post/auth-module-for-kohana-31-using-orm-driver/, and of course, fixing some issue in this tutorial since it's using Kohana 3.1.

    For #1, should I overwrite the Auth _login method?

    Hopes anyone can help me out.

  • As far as I know, there is nothing wrong with the Kohana Auth+ORM in 3.3 so it might be you are doing something strange that is causing the issues you are seeing.

    1. You should not be able to do this - the most common issue is the other way around, you can't login because of the hashing or the missing roles_users database entry
    2. Logout should also be 100% error proof -- clicking on the back button should kick you out
  • Hi chrisgo, thanks for your response.

    1. the roles_users already exist. I'm following the requirements for the database tables for Auth. For hashing already set in config/auth.php.

    2. I've created an app to test the Auth+ORM module. It seems, click on back button back to protected page.

    Is it possible if you could provide the codes that you used? I'm really stuck in this part, Auth + ORM, Been few days, maybe couple of weeks. @_@

  • I have URLs (using the default route) that looks like http://domain.com/public/login and http://domain.com/public/logout

    This is the 2 functions that work (I'm actually using Jelly instead of ORM but the code is 100% the same, the only difference you get is the $user object that got returned

    public class Controller_Public extends Controller_Base // extends Controller_Template
    {
    
        /**
         * Login
         */
        public function action_login()
        {
            // Template
            $this->template->title = "Login";
            $this->template->content = View::factory('public/login')
                                           ->bind('username', $username);
            // POST
            if (HTTP_Request::POST == $this->request->method())
            {
                $username = $this->request->post('username');
                $password = $this->request->post('password');
                $remember = $this->request->post('remember');
                if (Auth::instance()->login($username, $password, $remember))
                {
                    $this->user = Auth::instance()->get_user();
                    HTTP::redirect(URL::site('/'));
                }
                else
                {
                    Flash::error("Username or password is not correct.");
                }
            }
        }
    
        /**
         * Logout
         */
        public function action_logout()
        {
            $this->template->title = "Logout";
            $this->template->content = View::factory('public/logout');
            Auth::instance()->logout();
            // Remove the user in the controller and templates/views
            $this->user = NULL;
            Session::instance()->destroy();
            Flash::success("You have been successfully logged out.");
        }
    
    }
    
  • @chrisgo super code : )))

    if (Auth::instance()->login($username, $password, (bool) $remember))
    {
         HTTP::redirect(URL::site('/'));
    }
    
    ...
    
    Auth::instance()->logout(TRUE, TRUE); 
    // or  Auth::instance()->logout(FALSE, TRUE); it's better
    
    // rest dont need to this
    //$this->user = NULL;
    // Session::instance()->destroy();
    
  • Alright, thanks chrisgo..I'll try it out. Will let you know the result.

  • Thanks @WinterSilence ... just cut/paste my stock code ... thanks for cleaning it up for nasrul439 :)

  • I'm using the following it works! thanks guys!

    Auth::instance()->logout(FALSE, TRUE);

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion