| A3M - Account Authentication & Authorization Module |
[eluser]Peng Kong[/eluser]
Hosted on Google Code http://code.google.com/p/a3m/ Key Features 1. Sign Up, Sign In (with remember me) and Sign Out 2. Reset Password for native account 3. reCAPTCHA support (optional) 4. SSL support (optional) 5. Language file support 6. Sign In "Fail Attempt Offset" before user has to always solve the captcha (this is google style. Basically you can keep trying over and over... at human speed.) 8. Semantic XHTML views 9. Actively supported by developer Design Goals 1. User Experience (demo down atm) 2. Create code that is easily re-purposed - loosely coupled and follows CI PHP Style Guide 3. Adhere to security best practices - takes salt hash, sql injection, xss, etc in to consider 4. Proper MVC separation (working with and without Modular extensions... all credit to wiredesignz) 5. Reduce code bloat - by reused CI Core code as far as possible, form_validation, sessions, etc 6. Optimal performance - Minimal autoloading, don't xss_clean for no good reason, etc 7. Configurable via config file - if it’s not in there it’s was likely a design decision, feel free to question 8. Everything is built layer by layer first - CSS and JS optional because it can be stripped away and everything work the same. Degrades gracefully. Development Roadmap 1. AJAX validation on client side - Will be built using JQuery but since the code is well separated you can throw it away easily if you don't want this 2. Signin/Signup with Facebook, Twitter and OpenID (google, yahoo, etc) (done) 3. Flexible Authorization access control based on roles and permissions 3. Change password, email and username (done) Caveat: This module uses query strings. This might be controversial but I really honestly think not using GET totally is quite inflexible. I always settle for a mixture of segment based and GET. With that said, if you’re a segment based purist the code should be easily modified to remove GET. The other one is that I’m using CI Sessions, I love it! I did modify its certain short comings but it’s does the Session job well (and secure) imo. Much work went into this and you free to use it as you please. All I ask is that you contribute back any bugs fixes, improvements and other thoughts you have so that we can keep improving this module. This is still unfinished work and i'm just upload it early to get feedback from the community. Installation Steps 1. Download, extract, upload the 'a3m' folder 2. Run sql script a3m/a3m.sql 3. Config your database connect 4. In module config, turn on reCAPTCHA (optional) 5. In module config, turn on SSL (optional) Change Log v0.3 1. Uses phpass to hash passwords 2. Signin with Google, Yahoo, AOL, MySpace and OpenID - with support for SREG, AX and PAPE v0.4 1. Total 'refactor' of codes. Reorganization of codes 2. Sign in with Google, Yahoo!, AOL, Twitter, MySpace, Facebook and any OpenID Provider 3. Not yet done: forget password, verify email, account management. (to do in v0.5) v0.5 1. Some minor bug fixes. TBH i forgot to log what i changed but the good news is that as of v0.5. my code is under internal version control (subversion) 2. Account pages - Account Settings - change email, fullname, firstname, lastname, dateofbirth, gender, postcode, country, language, timezone - Change Password - My Profile - change username, change profile picture - Linked Accounts (to do in v0.6) 3. Forgot password v0.6 1. Linked Accounts 2. OAuth Server (with OAuth Test Client)
[eluser]phpserver[/eluser]
Just in time,thanks.I was looking to have my web application use gamail to have the users login using their gmail email account.
[eluser]Peng Kong[/eluser]
phpserver, sorry actually that part isn't done yet. should be done in a week or two tho.
[eluser]Peng Kong[/eluser]
Note: next upgrade of a3m (v0.3) will use phpass-0.2 for password hash storage. The is apparently best practices in password storage that is employed by both wordpress and drupal. So no point reinventing the wheel.
[eluser]Peng Kong[/eluser]
*update* Signin with google, yahoo, aol, myspace and openid (everyone else) is now working. Support Simple Registration (sreg) ... at least for my pengkong.mp openid yahoo doesn't seem to have release sreg to public yet but i've requested for whitelisting as stated in this thread. Still trying to get Google's Attribute Exchange (AX) working, then clean up the codes abit and i'll release it as v0.3 here's the demo link https://it.euphoriatwentythree.com/projects/a3m/account/sign_in this it if you're interested.
[eluser]emanon[/eluser]
Hi Peng Kong, Looks interesting. Looking forward to giving it a try. BTW, your 'Download Package' link is 404.
[eluser]Peng Kong[/eluser]
oh my bad totally. deleted it by mistake when uploading the website. check again later. i'll upload in a few hours. im nearly done with google / yahoo AX...
[eluser]Peng Kong[/eluser]
ok great i've updated v0.3. 1) Signin with - Google (supports AX) - Yahoo (supports AX) - AOL (doesn't support anything) - MySpace (doesn't support anything) - OpenID (only tested on the two listed below) - chim.mp (supports SREG) - myopenid.com (supports SREG) 2) The idea was to either... Get users to link to an existing account (current flow still crappy...) - OR - Create a new account 3) Many OpenIDs can point to one account. So depending on which 3rd party you're signed into you can click on the logo or type in your username and be authenticated right away. -- AX basically only gives you the users real name, email, country and langauge SREG gives more on top of those... like nickname, date of birth, gender, postal code Notes: 1) Basically aol and myspace doesn't give anything more then the claimed identifier (OpenID) Not even email... so... it's juz more of a "quick" sign in process 2) Facebook and twitter is still in the road map... as both don't support OpenID. Facebook uses Facebook Connect. Twitter uses oAuth. 3) phpass is now used to hash passwords ** I've updated the download link on the first post. |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
