<?php /** * Name: Ion Auth * * * Created: 10.01.2009 * * Description: Modified auth system based on redux_auth with extensive customization. This is basically what Redux Auth 2 should be. * Original Author name has been kept but that does not mean that the method has not been modified. * * Requirements: PHP5.6 or above * * @package CodeIgniter-Ion-Auth * @author Ben Edmunds * @link http://github.com/benedmunds/CodeIgniter-Ion-Auth * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /* | ------------------------------------------------------------------------- | Database group name option. | ------------------------------------------------------------------------- | Allows to select a specific group for the database connection | | Default is empty: uses default group defined in CI's configuration | (see application/config/database.php, $active_group variable) */ $config['database_group_name'] = ''; /* | ------------------------------------------------------------------------- | Tables. | ------------------------------------------------------------------------- | Database table names. */ $config['tables']['users'] = 'users'; $config['tables']['groups'] = 'groups'; $config['tables']['users_groups'] = 'users_groups'; $config['tables']['login_attempts'] = 'login_attempts'; /* | Users table column and Group table column you want to join WITH. | | Joins from users.id | Joins from groups.id */ $config['join']['users'] = 'user_id'; $config['join']['groups'] = 'group_id'; /* | ------------------------------------------------------------------------- | Hash Method (bcrypt or argon2) | ------------------------------------------------------------------------- | Bcrypt is available in PHP 5.3+ | Argon2 is available in PHP 7.2 | | Argon2 is recommended by expert (it is actually the winner of the Password Hashing Competition | for more information see https://password-hashing.net). So if you can (PHP 7.2), go for it. | | Bcrypt specific: | bcrypt_default_cost settings: This defines how strong the encryption will be. | However, higher the cost, longer it will take to hash (CPU usage) So adjust | this based on your server hardware. | | You can (and should!) benchmark your server. This can be done easily with this little script: | https://gist.github.com/Indigo744/24062e07477e937a279bc97b378c3402 | | With bcrypt, an example hash of "password" is: | $2y$08$200Z6ZZbp3RAEXoaWcMA6uJOFicwNZaqk4oDhqTUiFXFe63MG.Daa | | A specific parameter bcrypt_admin_cost is available for user in admin group. | It is recommended to have a stronger hashing for administrators. | | Argon2 specific: | argon2_default_params settings: This is an array containing the options for the Argon2 algorithm. | You can define 3 differents keys: | memory_cost (default 4096 kB) | Maximum memory (in kBytes) that may be used to compute the Argon2 hash | The spec recommends setting the memory cost to a power of 2. | time_cost (default 2) | Number of iterations (used to tune the running time independently of the memory size). This defines how strong the encryption will be. | threads (default 2) | Number of threads to use for computing the Argon2 hash | The spec recommends setting the number of threads to a power of 2. | | You can (and should!) benchmark your server. This can be done easily with this little script: | https://gist.github.com/Indigo744/e92356282eb808b94d08d9cc6e37884c | | With argon2, an example hash of "password" is: | $argon2i$v=19$m=1024,t=2,p=2$VEFSSU4wSzh3cllVdE1JZQ$PDeks/7JoKekQrJa9HlfkXIk8dAeZXOzUxLBwNFbZ44 | | A specific parameter argon2_admin_params is available for user in admin group. | It is recommended to have a stronger hashing for administrators. | | For more information, check the password_hash function help: http://php.net/manual/en/function.password-hash.php | */ $config['hash_method'] = 'bcrypt'; // bcrypt or argon2 $config['bcrypt_default_cost'] = 10; // Set cost according to your server benchmark - but no lower than 10 (default PHP value) $config['bcrypt_admin_cost'] = 12; // Cost for user in admin group $config['default_rounds'] = 8; // This does not apply if random_rounds is set to true $config['random_rounds'] = FALSE; $config['min_rounds'] = 5; $config['max_rounds'] = 9; $config['salt_prefix'] = version_compare(PHP_VERSION, '5.3.7', '<') ? '$2a$' : '$2y$'; $config['argon2_default_params'] = [ 'memory_cost' => 1 << 12, // 4MB 'time_cost' => 2, 'threads' => 2 ]; $config['argon2_admin_params'] = [ 'memory_cost' => 1 << 14, // 16MB 'time_cost' => 4, 'threads' => 2 ]; /* | ------------------------------------------------------------------------- | Authentication options. | ------------------------------------------------------------------------- | maximum_login_attempts: This maximum is not enforced by the library, but is used by | is_max_login_attempts_exceeded(). | The controller should check this function and act appropriately. | If this variable set to 0, there is no maximum. | min_password_length: This minimum is not enforced directly by the library. | The controller should define a validation rule to enforce it. | See the Auth controller for an example implementation. | | The library will fail for empty password or password size above 4096 bytes. | This is an arbitrary (long) value to protect against DOS attack. */ $config['site_title'] = "Example.com"; // Site Title, example.com $config['admin_email'] = "admin@example.com"; // Admin Email, admin@example.com $config['default_group'] = 'members'; // Default group, use name $config['admin_group'] = 'admin'; // Default administrators group, use name $config['identity'] = 'email'; /* You can use any unique column in your table as identity column. The values in this column, alongside password, will be used for login purposes IMPORTANT: If you are changing it from the default (email), update the UNIQUE constraint in your DB */ $config['min_password_length'] = 8; // Minimum Required Length of Password (not enforced by lib - see note above) $config['email_activation'] = FALSE; // Email Activation for registration $config['manual_activation'] = FALSE; // Manual Activation for registration $config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login $config['user_expire'] = 86500; // How long to remember the user (seconds). Set to zero for no expiration - see sess_expiration in CodeIgniter Session Config for session expiration $config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login $config['track_login_attempts'] = TRUE; // Track the number of failed login attempts for each user or ip. $config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE) $config['maximum_login_attempts'] = 10; // The maximum number of failed login attempts. $config['lockout_time'] = 50; /* The number of seconds to lockout an account due to exceeded attempts You should not use a value below 60 (1 minute) */ $config['forgot_password_expiration'] = 1800; /* The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire. 30 minutes to 1 hour are good values (enough for a user to receive the email and reset its password) You should not set a value too high, as it would be a security issue! */ $config['recheck_timer'] = 0; /* The number of seconds after which the session is checked again against database to see if the user still exists and is active. Leave 0 if you don't want session recheck. if you really think you need to recheck the session against database, we would recommend a higher value, as this would affect performance */ /* | ------------------------------------------------------------------------- | Cookie options. | ------------------------------------------------------------------------- | remember_cookie_name Default: remember_code */ $config['remember_cookie_name'] = 'remember_code'; /* | ------------------------------------------------------------------------- | Email options. | ------------------------------------------------------------------------- | email_config: | 'file' = Use the default CI config or use from a config file | array = Manually set your email config settings */ $config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = [ 'mailtype' => 'html', ]; /* | ------------------------------------------------------------------------- | Email templates. | ------------------------------------------------------------------------- | Folder where email templates are stored. | Default: auth/ */ $config['email_templates'] = 'auth/email/'; /* | ------------------------------------------------------------------------- | Activate Account Email Template | ------------------------------------------------------------------------- | Default: activate.tpl.php */ $config['email_activate'] = 'activate.tpl.php'; /* | ------------------------------------------------------------------------- | Forgot Password Email Template | ------------------------------------------------------------------------- | Default: forgot_password.tpl.php */ $config['email_forgot_password'] = 'forgot_password.tpl.php'; /* | ------------------------------------------------------------------------- | Message Delimiters. | ------------------------------------------------------------------------- */ $config['delimiters_source'] = 'config'; // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library $config['message_start_delimiter'] = '<p>'; // Message start delimiter $config['message_end_delimiter'] = '</p>'; // Message end delimiter $config['error_start_delimiter'] = '<p>'; // Error message start delimiter $config['error_end_delimiter'] = '</p>'; // Error message end delimiter