A3M - Account Authentication & Authorization Module

[eluser]Peng Kong[/eluser]
sorry zishan, i tired but can't really understand the issue.
helping debug specific servers is a bit out of my expertise.

if you think you're having issues with query strings here's my suggestion to debug.
they key is STRIPPING down the system and test each part seperately to see what is failing.

first install a clear CI and enabled query strings and PATH_INFO.
try to surf to your website with query strings e.g. www.mysite.com/a3m/account/sign_in?asd=asd&qwe=qwe

if that works means query strings is fine else you got to figure out how to allow www.mysite.com/a3m/account/sign_in?asd=asd&qwe=qwe

[eluser]Peng Kong[/eluser]
or if you're can create a ftp access for me to the server i can help u see what's the issue quickly. =p

[eluser]Peng Kong[/eluser]
if you can't sign in with google make sure you're using https.
more or less the only code im contributing is the 250 lines in a3m\system\application\modules\account\controllers\sign_in_google.php
the rest belong to a3m\system\application\modules\account\plugins\libraries\php-openid-php5.3
so firstly are you using php 5.3? if you using < 5.3 download and use http://openidenabled.com/files/php-openi...-2.1.3.zip instead.

[eluser]Zishan[/eluser]
Sorry, I should have been clearer.

I was stating that I experienced some problems with query strings (past tense). PATH_INFO is unusable, so I had to use REQUEST_URI, and it required a trailing slash. I am just posting the info for anyone who may have a similar problem.

The actual problem I was having was an inability to log in with openid. It has been solved via mod_security whitelisting by my hosting provider.

No problems left.

[eluser]Naatan[/eluser]
[quote author="Zishan" date="1270100623"]Great job Peng. Saved me a week of figuring out CodeIgniter and programming this very same stuff

btw, I'm on hostgator, had some trouble getting segment urls and query strings working together. I think I'm past that hump:

1. rewrite rule
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
2. config.php
$config['uri_protocol'] = "REQUEST_URI";
$config['url_suffix'] = "/";

Current problem is failure to log in with google, myspace and aol. The google error response is:

Auth_OpenID_FailureResponse Object
(
[status] => failure
[endpoint] => Auth_OpenID_ServiceEndpoint Object
(
[EDIT] ...
)

[identity_url] =>
[message] => Invalid openid.mode '<No mode set>'
[contact] =>
[reference] =>
)

I tried following this: http://code.google.com/p/diso/issues/detail?id=136
and these directions: http://ioni2.com/2009/wordpress-openid-l...nd-drupal/

but the techie I got said he couldn't help without something that actually produced a 403 error. He supposedly whitelisted me for rule 340163, but I'm still getting the same problem.

Thoughts?

[EDIT]

Jfyi, that dump is of $response from sign_in_google.php controller, around line 94:
// Complete authentication process using server response
$response = $consumer->complete(site_url('account/sign_in_google/verify'));

However, access log shows openid.mode parameter is defined:
...&
openid.ns=http://specs.openid.net/auth/2.0&
openid.mode=id_res&
...

[EDIT2]

Hit up another hostgator techie. Was rule ID 340153 ("Generic PHP code injection protection via ARGS 3"), not 340163 ("Remote File Injection attempt in ARGS (MM)").[/quote]

Fellow HG user here I solved the above by adding the following in the main CI index file:

$_SERVER['PATH_INFO'] = $_SERVER['REQUEST_URI'];

And then making sure that every URL A3M was passing ended with a forward slash before appending GET parameters.

Edit: whoops didn't see the last page.. I see you already figured it out

@Peng, perhaps it would be interesting if A3M would natively append the slash so people who have this problem don't have to edit any of your files.

[eluser]Unknown[/eluser]
Very good, congratulations.
So is missing the authorization module for I use in my project.

[eluser]sirwan.me[/eluser]
Im willing to create documentation for this

[eluser]sirwan.me[/eluser]
I had an issue earlier, but I fixed is by disabling the SSL feature.

I have a question though, is A3M folder supposed to go outside of your main application/system folder as a new application, or is this supposed to be your main application where you develop the entire site... because I need control panel and a front end for the website?

so instead of it becoming

blah.com/a3m/

it becomes

blah.com

[eluser]sirwan.me[/eluser]
Also, I don't think you should allow users to Change their username... becuase I'm trying to create something like this www.blah.com/username ... so their profiles are viewable, and that can't happen if they're able to keep changing it.

[eluser]Peng Kong[/eluser]
[quote author="Zishan" date="1270100623"]
@Peng, perhaps it would be interesting if A3M would natively append the slash so people who have this problem don't have to edit any of your files. [/quote]

yes natively appending the slash is no issue.
i only left it out because i thought it didn't make a difference.
Now that i know it affects those using "REQUEST_URI"
this shall be included in the next version

-pk