FuelPHP Forums

It depends on the platform, and what you have installed.
On some, you will have to install the desired locale files first.

do you have a default role set in the config? If so, has the user trying to login been assigned the default role? If you dont have a default role in the config file then the previous question doesn't matter. debug $status in the Warden_Driver->has_access before and after this 'if' block:
if (!empty($role) && $status) { Try do a Warden::logout() to clear the cookies and session then try Warden::check() this should return false, then try logging in again. Make sure you dont have an exit() somewhere in your code as this stops the new session values from being saved.

Why use (and thus include) PHPCryptLib, and not PHPSecLib, which is already available in the Fuel core?

I see the examples of how to use the ACL/roles methods, but am not quite getting it. Do you have an example of how you would use this? Here is an example scenario: How would this look in the DB? User Roles:
=========
1) superadmin
2) admin
3) user
4) not logged in (no role) Site Sections:
===========
these are in module/controller/action format and the required roles are in ( ) /admin/users/create - to create a user (superadmin & admin)
/admin/roles/create - to add a role (superadmin)
/user/profile/view - view profile - any logged in user If I am understanding this correctly, if i want to limit access to /admin/roles/create to super admin only i would have a DB record for:

name                         resource                                     action                          description
---------------------        -------------------------------------     -------------------------     ---------------------------------------------------------
admin_roles            /admin/roles/create                view                             view roles

Sorry if this is too vague and I know it is a simple answer, i've probably just over-complicated it. Thank you in advance.

Example Roles table: id name description
======================
1 superadmin Super admin
2 admin Administrator
3 user
user can login
Example Permissions table: Method 1:
id name resource action
=================================
1 superadmin & admin admin/users create
2 superadmin admin/roles create
3 logged in user user/profile view
Or Method 2:
id name resource action
=================================
1 superadmin & admin Model_User create
2 superadmin Model_Role create
3 logged in user Model_Profile view
Plus any descriptions in the descriptions column..
Example roles_permissions: role_id permission_id
=================
1 1
2 1
1 2
1 3
2 3
3 3
Then assign the roles to users..
You can also add default role to the Warden config:
'default_role' => 'user'
This will check that a user trying to login has this role and every user that signs up successfully is assigned this role automatically. Now in your controllers,
Before someone can create a user: Using Method 1: if (Warden::can('create', 'admin/user')) {
// do something
} Using Method 2: $user = Warden::current_user();
if ($user && ($user->is_admin() || $user->is_superadmin())) {
if (Warden::can('create', 'Model_User')) {
// do something
}
} This is just an example showing how to use it, you can modify it to your specific needs, soon there will be an easier way to create roles and permissions, through maybe oil or an init script..

man you rock! thank you!!!

I'm still a little confused on the "name" field in the permissions table. Is this just a readable name to identify it or is this actually used some where?

There's an entire flame war about the pro's and con's. bcrypt has been surpassed by scrypt, so if you want the latest and greatest, use that instead. For most purposes, including Fuels, PBKDF2 is more than secure enough. The stackoverflow discussion actually touches on an important subject, namely that Blowfish isn't a hashing algorithm, it's an encryption algoritm. It serves a different purpose. It all depends on what you need or want to use it for, and more importantly, how you implement it. In case of pdkdf2, the number of key iterations are very important. We recommend a minimum of 1000. The Auth package actually uses 10.000 key iterations to calculate the hash. We have added the pbkdf2 implementation to PHPSecLib, and had it checked by a security company to make sure no mistakes were made (and we made some alterations to the code based on the result, in particular to timing to prevent timing attacks).

There will be working examples coming with the 1.0 release as stated in the github issue page..
It uses the orm package so all you have to know about registering users has to do with the orm, encryption is done automatically, please check the user model class for methods on the features..all the methods are documented..
Basic eg. try {
$user = new Model_User();
$user->username = 'Aran';
$user->email = 'example@email.com';
$user->password = 'password';
$user->save();
} catch (Exception $e) {
echo $e->getMessage();
}
Eg. Confirming a user: try {
Model_User::confirm_by_token(Input::get('confirmation_token'));
} catch (Exception $e) {
echo $e->getMessage();
}

check() and logged_in() both return booleans always, check the code

Aran Wilkinson wrote on Thursday 10th of November 2011:

yeah I used print_r to check the returned values and nothing is being returned... This is the line where I use authenticate and am getting no errors here... if(Warden::authenticate($val->validated('username'), $val->validated('password'), true))
{
Response::redirect('common/check');
}

Try use a try, catch..an exception might have been thrown somewhere

The only things I've considered for / added to my own build of Warden that I find really helpful: a) Permission Categories - this way I can throw up a quick UI that pulls up categories of permissions that can be assigned to a new or existing role (ie: Admin, CMS, etc permissions are all separated) b) I would love to see (not sure if this is possible, haven't given it enough thought) a simpler recyclable function that can just be tossed into any function that will check the current class and function and automatically check for permissions based on those two parameters. In CodeIgniter I would have used URL parameters for this, but I haven't looked into it enough for fuelPHP ie: if(!can_access_this()) { // redirect } Other than that, I've already used Warden a few times and with a few minor fixes to the 1.2/dev branch it's been working great.