A3M - Account Authentication & Authorization Module - Mushmellow

[eluser]Natedogg386[/eluser]
I am using the one that was downloaded with the a3m 1.0 mushmellow package from google code. Where could I find the one with the module?

[eluser]SpitefulTowel[/eluser]
That's the one I was referring to. I'm not sure why you're having problems with it though.

[eluser]Natedogg386[/eluser]
Here are the exact contents of my htaccess file, located under the a3m_mushmellow file on my server.

Code:

RewriteEngine on
RewriteRule ^$ /a3m_mushmellow/index.php [L]
RewriteCond $1 !^(index\.php|resource|system|user_guide|robots\.txt|favicon\.ico)
RewriteRule ^(.*)$ /a3m_mushmellow/index.php/$1 [L]

I notice when you click "sign up" the uri changes to end with "/account/sign_up". But it just refreshes the front page. You can see for yourself at http://www.bingebidder.com/a3m_mushmellow/

Any and all suggestions are greatly appreciated.

[eluser]mr.noname[/eluser]
hello guy

Thank for the awesome library.

I've try it with facebook on my local machine.

everything ok, it's great.

and i also try to login with facebook account with your demo link here
https://mushmellow.gamespai.com/index.ph...nt/sign_in

I found some bug on that link ( on profile link )

It's can not display my facebook picture
I see you try to use graph api to retrieve profile picture

But you display it by use this src

Code:

https://mushmellow.gamespai.com/resource/user/profile/http://graph.facebook.com/100001284953024/picture?t=746277a902dba17b69e8b64217fac16a

It's should be only https://graph.facebook.com/some_facebook_id/picture


Should you update your demo link with a new version of a3m?

[eluser]DavidFisherman[/eluser]
Hi PK,

Kudos for this great module.

I'm trying the module inside an iframes facebook app and it doesn't seem to work. If the website is open by itself, and you try to login through the facebook connect, everything works fine. But, when you try to login through the facebook application page with the website open inside the iframe, then it just never logs me in and just redirects to the home controller and never signs me in. This only happens with IE and Safari, I believe this is due to security settings in IE and Safari which do not allow cross-domain posting/cookies sharing! Is there a workaround for this to make a3m work?

Thanks,
-David

[eluser]diZzyCoDeR[/eluser]
@Natedogg386 -- I banged my head against the wall all evening trying to figure why my .htaccess wouldn't work, but I needed to change the config.php file to match this:

Code:

$config['uri_protocol']    = "ORIG_PATH_INFO";

** try all the different types (AUTO didn't work for me either)

@peng kong

I'm running on a shared host (php 5.2.?) and I'm getting these

Message: Undefined property: Account_model::$db

Filename: models/account_model.php

Line Number: 40

Fatal Error: Call to a member function get_where() on a non-object in {filename}

thrown on

Code:

return $this->db->get_where('a3m_account', array('username' => $username))->row();

I tracked it down (I think) to needing to use __Construct() method.. although, before I go changing all the classes, do I have this right? Is anyone else exhibiting this misfortune?

..should be this..(?)

Code:

class Account_model extends Model {
    
    /**
     * Constructor
     */
    function __construct() //CHANGE FROM: Account_model()
    {
        // Call the Model constructor
                parent::__construct(); //CHANGE FROM: parent::Model();
        }

[eluser]Natedogg386[/eluser]
@diZzyCoDeR

I had given up until you posted that quick 30 second fix, and it worked. Thank you very much, I believe I banged my head on the wall as much if not more than you.

[eluser]diZzyCoDeR[/eluser]
No prob. mate.

Now, about my FATAL ERROR... after a nights sleep and a coffee.. but I tracked it down to "database" class not being loaded.

wha?

So I autoloaded it at system/application/config/autoload.php

wtf?! That seems to have done it.

[eluser]Peng Kong[/eluser]
[quote author="iateaduck" date="1295858622"]Helllooo I apologize if this has been asked already before, but I see that in the config file, the session cookies are not encrypted.
Does this allow the user to tamper with their session?
Would it break A3M if I set cookie encryption to true?

Thanks a lot!
DuckEater[/quote]

it's not a security issue as far as i understand... as long as you use a database to handle sessions. if you encrypt it doesn't affect anything only makes your cookie file bigger for no good reason.

from what i understand when using db the cookie basically just stores a reference that points to a row in your session table. the only way to hijack someone's session is to steal/guess/bruteforce their cookie's stored reference but also note that the reference changes every 5 mins. also then depending on how secure you need it to be you can also require the user agent and the ip address to match up. erm.. encrypting basically scrambles the data on the cookie which in this case is the reference to the session. but what the hacker will do is recreate the cookie not try to decrypt.

don't shoot me if i got it wrong

[eluser]Peng Kong[/eluser]
[quote author="codeninja" date="1296102898"]Is a3m compatible with ci2.0? I am getting session errors while using it...[/quote]

no it's not compatible with ci2.0! you got to follow the official ci guide on how to port ci1.7 to 2.0. but don't worry i already ported it cuz the good ellislab folks officially release 2.0. i will upload my 2.0 version tmr to google code and release a download package.