Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Auth::check() always return false
  • when i check a user login statut on another page(action) or when i reload the current page  the Auth:check() always return false!!

    however the Auth::login() perfom a normale login and return true!

    it seems that i have some issue with the session, i changed the expiration time to 0, and retrieved a value from the session ... then i noticed that the session works fine.. so i checked the time zone on the config file,  it not defined yet, so it use the default one..

    now i  can't resolve the issue!!

    this is how i restrieve the login status


    if (Auth::ckeck()){
    ....

    or 

    $auth = Auth::instance();
    if ($auth->ckeck()){
    ....


    the both return false...!!!

  • For the session, it is VITAL that all time and timezone settings are correct.

    - make sure the server is configured for the correct timezone
    - make sure the server runs on time (NTP)
    - make sure php.ini defines the same timezone as the server
    - if the timezone is configrued in app/config/config.php, make sure it's the same as in php.ini
    - make sure the PC (client) is configured for the correct timezone
    - make sure the PC runs on time

    The expiry timestamp on cookies (not only session cookies) is speficied in GMT. This GMT time must be calculated server side from the servers local time and timezone, and will be converted to local time on the PC using the PC's time and timezone.

    So if either of them is not correct, the time conversion from/to GMT goes wrong, causing the expiry timestamp to be wrong. This will cause your cookies to expire prematurely, or not even accepted by the browser (for example if the calculated time is in the past).

    If you set the expiration time to 0, Fuel will set the expiry to 2 years from now. Which will make sure the cookie will not expire when it arrives, no matter how wrong the time settings are (unless you're 2 years out of sync).

    So if it works with this setting, it's definitely a time settings issue.

    Please note that you should NOT set "gmt_offset" in your app config! This is not a timezone offset as some people seem to think, it's meant to correct a faulty server setting (i,e. server is configured for UTC but runs on local time) if the fault can not be corrected (because other apps rely on the incorrect setting).
  • thank you for your help, but i still have the issue... actually i test the project on localhost (windows7 )
    i've configured the timezone on the machine to use "(UTC) Casablanca", also on the php.ini and the app config. also i set the cookie expiration time to 0 on the app config file... i restart apache and still the same issue...
    am under windows 7 64bit, using AMPPS server with php 5.4.

    maybe i should stoke some variables into the controller when the login return true,  but that mean that i will rewrite the whole login process..(updating, checking users, get user infos ... )

  • Getting confused here.

    First you write that it works when you set the expiration time to 0, now you say you still have the issue?

    And I haven't seen an anwer to my other questions:
    - do you redirect immediately after login?
    - are you using Internet Explorer?
  • sorry but its the session that works not the login process ,  "then i noticed that the session works fine.", i've tested the session.
    yes i redirect to another page where i check the login by Auth:check(), that return false, (after a success login)

    i use google chrome (canary).
    thank you.


  • this is the login method i used  :



    if (Input::post()) {

    $auth = Auth::instance();

    if ($auth->login())
    {
    $uid = $auth->get_user_id();
    $uname = $auth->get_screen_name();
    $url = Uri::create('user/:uid',array('uid'=>$uname));

    Response::redirect($url);
    }
    else
    {
    $data['username'] = Input::post('username');
    $data['login_error'] = 'Wrong username/password combo. Try again';
    }
    }
    .....



    it redirect to the user profile where it sayed that am not logged.
  • i checked the session, by Session::get(), it return all the defined  values except those setted by the login class : ex  'username' and 'login_hash'.!!
  • Harro VertonHarro Verton
    Accepted Answer
    If before this redirect you can set a session variable, and you can read that variable back in your profile method, then the session is ok, and I can't see why the login won't work.

    Can you do a

    Debug::dump(Session::get());exit;

    In profile controller to see what is exactly in the session after that redirect?

    I checked some of the apps here, and we do the same:

    // check the credentials.
    if (\Auth::instance()->login(\Input::param('username'), \Input::param(\Input::param('pwfield'))))
    {
        // logged it, go the the user dashboard
        \Response::redirect(\Uri::create('dashboard'));
    }
    else
    {
        // login failed, show an error message
        $data['username']    = \Input::param('username');
        $data['login_error'] = \Lang::get('login.failure');
    }

    And in our base controller, we simply use

    // user info
    Auth::check();
    $this->user = ( ! Auth::member('0')) ? Auth::instance() : null;

    So I'm out of idea's.
  • Our posts crossed, I see you already dumped the session.

    You don't do a destroy of the session somewhere?
  • on the profile page (action) i used : 

    public function action_index($uid=NULL)
    {
    Debug::dump(Session::get()); // return the username and the login_hash

    Debug::dump(Auth::check()); // return false!!!!!
    }


    so what's wrong!!!! i don't understand why the session is working and populated with the login values, and still Auth::check() return false!
  • another thing ... when i reload the profile page !! the username and the login_hash disappear from the session!!  it seems that the Auth:check() remove those values when it fails!
  • trying to not use the Auth:check() method , this is what i do on the profile page  :

    public function action_index($uid=NULL)
    {
    Debug::dump(Session::get()); //return username and login_hash
    Debug::dump(Auth::instance()->get_user_id()); //return  an array  containing 'SimpleAuth' and 0
    Debug::dump(Session::get()); // return nothing!!
    }
    !!
  • Auth::check() does indeed delete the session variables if the check fails.

    It runs:

    $this->user = \DB::select_array(\Config::get('simpleauth.table_columns', array('*')))
        ->where('username', '=', $username)
        ->from(\Config::get('simpleauth.table_name'))
        ->execute(\Config::get('simpleauth.db_connection'))->current();

    and if this returns null (no hit), the check has failed.

    Is your simpleauth config file configured properly?
  • this is the simpleauth config file content : 


    return array(

    'db_connection' => null,

    'table_name' => 'users',

    'table_columns' => array('*'),

    'guest_login' => true,

    'groups' => array(
    -1 => array('name' => 'Banned', 'roles' => array('banned')),
    0 => array('name' => 'Guests', 'roles' => array()),
    1 => array('name' => 'Users', 'roles' => array('user')),
    50 => array('name' => 'Moderators', 'roles' => array('user', 'moderator')),
    100 => array('name' => 'Administrators', 'roles' => array('user', 'moderator', 'admin')),
    ),

    'roles' => array(
    'user' => array(
    'comments' => array('create', 'read'),
    'upload' => array('create', 'read'),
    ),

    'moderator' => array('comments' => array('update', 'delete')),

    '#' => array('website' => array('read')),

    'banned' => false,

    ),

    'login_hash_salt' => '&é#"{(+)[-]}',

    'username_post_key' => 'username',

    'password_post_key' => 'password',
    )

  • Pretty standard.

    What happens if you run that query, with a hardcoded username for $username? Does it find the record?
  • Solved ! :D its a big issue caused by me, !!!
    finally i found the probleme, its the the database structure for auth ! the last_login field were type date and it should br varchar, i 've recreated the table structure and now it works fine. 

    that happend cause i already have a table named users with data,  and don't use the oil to create the table and stuffs.

    so thank you for your help .
  • No problem, glad you've fixed it.
  • Hello,
    i made three days trying to solve this issue.
    i noticed that all my config is correct and my db table, but the great problem was libsodium not installed.
    please try clarify this for next forums
  • Don't hijack another topic!

    If libsodium is not installed, and it can not be emulated, you'll get an error message?

    // check if we have sodium available
    if ( ! is_callable('sodium_crypto_generichash') or ! is_callable('random_bytes'))
    {
    throw new \FuelException('Fuel requires Sodium support in PHP. Either use PHP 7.2+, install the libsodium PECL extension, of the sodium-compat composer package!');
    }

    What PHP version are you on?

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion