A3M - Account Authentication & Authorization Module

[eluser]Unknown[/eluser]
Hi! Great job. It's very easy to use. I can't help waiting on authorization Keep moving

[eluser]Naatan[/eluser]
Hi guys,

First off I want to thank Peng Kong for making this awesome module. I just migrated my website (wow-wishlist.com) from using FreakAUTH to A3M and I am loving it. It is very professionally coded and is easy to implement.

The only criticism I can offer is the table structure, why are account_id's BIGINT's with a length of 40? There aren't enough humans inhabiting earth to ever reach this kind of number. Hell I'd be surprised if there were that many ants, or insects in general :p

Anyway, the two main features I was missing was "Change Password" and "Forgot Password", so I developed them myself.

I made sure I didn't have to touch any of the existing A3M code so that it should be compatible with future updates and can easily be stripped out when Peng offers his own "Change Password" and "forgot Password" features.

To install:

- Download file (duh)
- Extract contents to your "./system/application/modules/account/" folder (you shouldn't have to overwrite anything, just merge folders)
- Run account_reset.sql on your database
- Modify config/forgot_password.php to match your preferences
- Modify views
- done

Note that the views are really oriented at my own layout so you -will- have to change these.

Also note that I have not thoroughly tested my modifications yet, they seem to work properly on my end but bugs may still be present.

Looking forward to future updates for this module

[eluser]Peng Kong[/eluser]
thanks for the comment haatan.

you have a point there with the big int 40. will change to just bigint in next ver.

"change password" and "forget password" is implemented in the previous ver. but i have yet to port it to the latest ver. because the lastest ver. is a total rewrite.

Shouldn't take long to port so should definitely be done this week. (after oauth which i'm working on now)
I'll also study your code and integrate everything i find.

I'm actually designing it in such a way that people who sign in with google yahoo etc don't need to see a "change password" option... cause one point of openid is to not have your passwords strewn all over the net.

so the auth library will give you some kind of method to check "is_openid()" before presenting the change password option.

some goes for verification email. there will be a has_verified_email() function in the auth lib to allow us to check if user has at least ONE verified email. i'm designing it such that user's don't need to have a verified email unless you enforce it with has_verified_email().

[eluser]Naatan[/eluser]
Hi Peng,

Interested to hear about your total rewrite, will it essentially be a completely new module in no way resembling it's previous version or will it be easy to upgrade from the current version to the new version?

I did make the change password feature with a check to see if the current user is using a password.. so it would only be usable by those who used the a3m registration mechanism.

Any idea when we may have a look at the new version? I will probably hold off updating my website until this version arrives.

And for the record, a regular INT will do, unless you think your website will be getting more than 2.147.483.647 users :p

[eluser]Peng Kong[/eluser]
erm the ver. you're using is most likely the total rewrite already (ver.0.4 see my 1st post for change log)

to be honest I’m not caring to much about backwards compatibility atm. i really should have a disclaimer somewhere stating this is a alpha kind of thing and not really meant for production usage (because many features are still not yet done).

anyway with proper separation of concerns, loose coupling and clean coding style you should be able to easily understand and fix (or add) anything yourself that really is the selling point of a3m =)

Upgrading shouldn't be too hard down the road because i don't see myself changing the existing features (because the point is usability, keep it simple!) e.g. Not to throw a huge form at users during registration. Sign in with google, yahoo, etc is already as simple as it can get so that shouldn't change much either. Yep so upgrade will be adding new features rather then changing existing features.

I can’t really promise when the next release will be but I’m working on it full time so there should be some major releases every week.

[eluser]Peng Kong[/eluser]
keep the feedback coming and suggestions cause i'll try to factor as many use cases as possible, if possible. thanks

[eluser]Naatan[/eluser]
Thanks for the quick response Peng.

Yeah I'm using 0.4 so I guess upgrading to the next version shouldn't be too difficult

I understand that it's still in heavy development and as such isn't recommended for production use.. but seeing as we're all programmer here the tag "alpha" or "beta" isn't as "risky" as it would be for other products, long as you're willing to invest some extra time (which I am). From all the authentication systems I've seen for CI I find this one the most promising (not to mention the only one actually being maintained at the moment).

Anyway, looking forward to the next version I can wait a week, plenty of other stuff to work on

[eluser]Peng Kong[/eluser]
great!

[eluser]Naatan[/eluser]
In case anyones interested in getting A3M working with Vanilla forums 2.0 (ie. use A3M as the authentication / registration mechanism), create a controller with the following contents:

Code:

<?php

class userAuth extends Controller {

    private $userID;

    /**
     * Constructor
     * @author Nathan Rijksen
     */
    function userAuth() {
        parent::Controller();

        $this->load->library(array('account/authentication', 'account/account', 'account/facebook_platform','form_validation','wowish'));

        $this->userID = $this->session->userdata('account_id');
    }

    function index() {
        if (!$this->authentication->is_signed_in()) exit;
        $account = $this->account->get_by_id($this->userID);

        $account_email     = $this->db->get_where('a3m_account_email', array('account_id'=>$this->userID))->row();
        $email             = $this->db->get_where('a3m_email', array('id'=>$account_email->email_id))->row();

        $userFields = array(
            'UniqueID'        => $account->id,
            'Name'            => $account->username,
            'Email'            => $email->email,
        );

        foreach ($userFields AS $field=>$value)
            echo $field.'='.$value."\n";
    }

    function signout() {
        $this->session->unset_userdata('account_id');
        setcookie('Vanilla',' ',time()-3600,'/');
        unset($_COOKIE['Vanilla']);
        redirect(base_url());
    }

}

?>

Replace the contents of the redirect with whatever you want it to redirect to upon logging out.

Also, go into modules/account/libraries/Authentication.php and add the following to the sign_out function:

Code:

setcookie('Vanilla',' ',time()-3600,'/');
        unset($_COOKIE['Vanilla']);

Make sure that the following CI settings are set to false:

sess_match_ip
sess_match_useragent

Finally, install the Single Sign On addon for Vanilla Forums 2.0 and change the settings to:

Code:

# Authenticate Url
# http://domain.com/userAuth

# Registration Url
# http://domain.com/account/sign_up

# Sign-in Url
# http://domain.com/account/sign_in

# Sign-out Url
# http://domain.com/userAuth/signout

That's it.. sign in with A3M and navigate to your forums.. if all went well you should be automatically logged in.

(Note - make sure the admin user you create in vanilla does not conflict with an a3m user)

Also be sure to read the "Final Touches" over at > http://vanillaforums.org/page/singlesignon

[eluser]Peng Kong[/eluser]
ooo that looks like a cool forum software. will check it out sometime.

i've completed account settings management and change password today.
will do profile settings (username, profile picture), email management (each account can have 1-* verified/non-verified emails), email verfication and forgot password before releasing it as v0.5.

*for those looking out for oauth, i will include the working files. however the complete thing will have to wait for v0.6