kohana / auth
The official Kohana auth module
Installs: 224 922
Dependents: 10
Suggesters: 0
Security: 0
Stars: 102
Watchers: 18
Forks: 63
Type:kohana-module
Requires
- php: >=5.3.3
- composer/installers: ~1.0
- kohana/core: >=3.3
Requires (Dev)
- kohana/core: 3.3.*@dev
- kohana/koharness: *@dev
- kohana/unittest: 3.3.*@dev
This package is auto-updated.
Last update: 2024-11-11 14:45:22 UTC
README
I've forked the main Auth module because there were some fundamental flaws with it:
- It's trivial to bruteforce publicly hidden salt hashes.
- I've fixed this by switching the password hashing algorithm to the more secure secret-key based hash_hmac method.
- ORM drivers were included.
- I've fixed this by simply removing them. They cause confusion with new users because they think that Auth requires ORM. The only driver currently provided by default is the file driver.
- Auth::get_user()'s api is inconsistent because it returns different data types.
- I've fixed this by returning an empty user model by default. You can override what gets returned (if you've changed your user model class name for instance) by overloading the get_user() method in your application.
These changes should be merged into the mainline branch eventually, but they completely break the API, so likely won't be done until 3.1.