EllisLab text mark
Advanced Search
1 of 26
1
   
A3M - Account Authentication & Authorization Module
Posted: 06 February 2010 05:48 AM
Avatar
Joined: 2009-08-06
195 posts

Hosted on Google Code
http://code.google.com/p/a3m/

Key Features
1.  Sign Up, Sign In (with remember me) and Sign Out
2.  Reset Password for native account
3.  reCAPTCHA support (optional)
4.  SSL support (optional)
5.  Language file support
6.  Sign In “Fail Attempt Offset” before user has to always solve the captcha (this is google style. Basically you can keep trying over and over… at human speed.)
8.  Semantic XHTML views
9.  Actively supported by developer

Design Goals
1.  User Experience (demo down atm)
2.  Create code that is easily re-purposed - loosely coupled and follows CI PHP Style Guide
3.  Adhere to security best practices - takes salt hash, sql injection, xss, etc in to consider
4.  Proper MVC separation (working with and without Modular extensions… all credit to wiredesignz)
5.  Reduce code bloat - by reused CI Core code as far as possible, form_validation, sessions, etc
6.  Optimal performance - Minimal autoloading, don’t xss_clean for no good reason, etc
7.  Configurable via config file - if it’s not in there it’s was likely a design decision, feel free to question
8.  Everything is built layer by layer first - CSS and JS optional because it can be stripped away and everything work the same. Degrades gracefully.

Development Roadmap
1.  AJAX validation on client side - Will be built using JQuery but since the code is well separated you can throw it away easily if you don’t want this
2.  Signin/Signup with Facebook, Twitter and OpenID (google, yahoo, etc) (done)
3.  Flexible Authorization access control based on roles and permissions
3.  Change password, email and username (done)

Caveat: This module uses query strings. This might be controversial but I really honestly think not using GET totally is quite inflexible. I always settle for a mixture of segment based and GET. With that said, if you’re a segment based purist the code should be easily modified to remove GET. The other one is that I’m using CI Sessions, I love it! I did modify its certain short comings but it’s does the Session job well (and secure) imo.

Much work went into this and you free to use it as you please. All I ask is that you contribute back any bugs fixes, improvements and other thoughts you have so that we can keep improving this module. This is still unfinished work and i’m just upload it early to get feedback from the community.

Installation Steps
1. Download, extract, upload the ‘a3m’ folder
2. Run sql script a3m/a3m.sql
3. Config your database connect
4. In module config, turn on reCAPTCHA (optional)
5. In module config, turn on SSL (optional)


Change Log

v0.3
1. Uses phpass to hash passwords
2. Signin with Google, Yahoo, AOL, MySpace and OpenID
  - with support for SREG, AX and PAPE

v0.4
1. Total ‘refactor’ of codes. Reorganization of codes
2. Sign in with Google, Yahoo!, AOL, Twitter, MySpace, Facebook and any OpenID Provider
3. Not yet done: forget password, verify email, account management. (to do in v0.5)

v0.5
1. Some minor bug fixes. TBH i forgot to log what i changed but the good news is that as of v0.5. my code is under internal version control (subversion)
2. Account pages
- Account Settings - change email, fullname, firstname, lastname, dateofbirth, gender, postcode, country, language, timezone
- Change Password
- My Profile - change username, change profile picture
- Linked Accounts (to do in v0.6)
3. Forgot password

v0.6
1. Linked Accounts
2. OAuth Server (with OAuth Test Client)

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 06 February 2010 05:58 AM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-03
183 posts

Just in time,thanks.I was looking to have my web application use gamail to have the users login using their gmail email account.

 Signature 

“Do Something To Reduce Your Energy Use,The World Is Running Out Of Known Sources Of Energy”

 
Posted: 06 February 2010 06:00 AM   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

phpserver, sorry actually that part isn’t done yet. should be done in a week or two tho.

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 06 February 2010 06:12 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-03
183 posts

Oh,i just noticed it.Okay,i cant wait.

 Signature 

“Do Something To Reduce Your Energy Use,The World Is Running Out Of Known Sources Of Energy”

 
Posted: 06 February 2010 10:34 AM   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

http://ellislab.com/forums/viewthread/120316/P30/

interesting thread

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 06 February 2010 11:42 PM   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

Note: next upgrade of a3m (v0.3) will use phpass-0.2 for password hash storage.
The is apparently best practices in password storage that is employed by both wordpress and drupal. So no point reinventing the wheel.

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 09 February 2010 10:57 AM   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

*update* Signin with google, yahoo, aol, myspace and openid (everyone else) is now working.

Support Simple Registration (sreg) ... at least for my pengkong.mp openid

yahoo doesn’t seem to have release sreg to public yet but i’ve requested for whitelisting as stated in this thread.

Still trying to get Google’s Attribute Exchange (AX) working, then clean up the codes abit and i’ll release it as v0.3

here’s the demo link https://it.euphoriatwentythree.com/projects/a3m/account/sign_in
this it if you’re interested.

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 09 February 2010 10:44 PM   [ # 7 ]   [ Rating: 0 ]
Joined: 2009-04-11
2 posts

Hi Peng Kong,

Looks interesting. Looking forward to giving it a try. BTW, your ‘Download Package’ link is 404.

 
Posted: 09 February 2010 11:41 PM   [ # 8 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

oh my bad totally. deleted it by mistake when uploading the website. check again later. i’ll upload in a few hours. im nearly done with google / yahoo AX…

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 10 February 2010 12:10 AM   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

ok great i’ve updated v0.3.

1) Signin with
  - Google (supports AX)
  - Yahoo (supports AX)
  - AOL (doesn’t support anything)
  - MySpace (doesn’t support anything)
  - OpenID (only tested on the two listed below)
    - chim.mp (supports SREG)
    - myopenid.com (supports SREG)

2) The idea was to either…
  Get users to link to an existing account (current flow still crappy…)
  - OR -
  Create a new account

3) Many OpenIDs can point to one account. So depending on which 3rd party you’re signed into you can click on the logo or type in your username and be authenticated right away.

AX basically only gives you the users real name, email, country and langauge
SREG gives more on top of those… like nickname, date of birth, gender, postal code

Notes:

1) Basically aol and myspace doesn’t give anything more then the claimed identifier (OpenID)
  Not even email… so… it’s juz more of a “quick” sign in process

2) Facebook and twitter is still in the road map… as both don’t support OpenID.
  Facebook uses Facebook Connect. Twitter uses oAuth.

3) phpass is now used to hash passwords

** I’ve updated the download link on the first post.

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 10 February 2010 08:08 PM   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2009-05-04
31 posts

LDAP support also would be great.

Good work wink

 
Posted: 11 February 2010 04:04 AM   [ # 11 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

lol sorry, i really have no experience with LDAP. maybe u can write LDAP support and share with the rest of us =p

i’m working on facebook connect at the moment. in fact im totally rewriting this module with internationalization support

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
Posted: 11 February 2010 05:24 AM   [ # 12 ]   [ Rating: 0 ]
Joined: 2010-02-08
5 posts

can’t wait to mess around with this a bit.

 
Posted: 11 February 2010 09:51 AM   [ # 13 ]   [ Rating: 0 ]
Joined: 2010-01-12
20 posts

For anyone who is trying this out and getting the error message - “Field ‘user_data’ doesn’t have a default value”, it is because you are using mysql 5+ in strict mode, which means null fields cannot be left empty, so to fix this when setting up the ci_sessions table change:

`user_data` text NOT NULL,

to

`user_data` text DEFAULT NULL,

in the sql file.

 
Posted: 11 February 2010 08:59 PM   [ # 14 ]   [ Rating: 0 ]
Avatar
Joined: 2008-02-17
278 posts

Great job Peng Kong, I’m subscribing to this thread and definitely will try this library.

 
Posted: 11 February 2010 09:54 PM   [ # 15 ]   [ Rating: 0 ]
Avatar
Joined: 2009-08-06
195 posts

thanks steelaz & chiefchirpa.

i’m giving the library a full re-factoring at the moment. Notice that everything is more or less stuffed into one controller and one language file at the moment. that’s kind of doesn’t scale too well. so the next ver (0.4) there will definitely be even more ‘separation’ meaning ‘cleaner’ codes.

i’m also trying to consider a suggestion of creating a abstract layer (something like ci db layer) for authentication to further decouple anything i code i write. still not sure how’s that going to work out at this point, so if anyone has any ideas feel free to chip in smile

 Signature 

http://sg.shownearby.com
http://www.shownearby.com/family/members/pk/
A3M http://code.google.com/p/a3m/

 
1 of 26
1