-
Notifications
You must be signed in to change notification settings - Fork 0
A3M Account Authentication and Authorization
Current Version: 0.6 Forum Thread: http://codeigniter.com/forums/viewthread/144755/ Project on Google Code: http://code.google.com/p/a3m/ Author's web: http://www.sirwan.me/
A3M is a CodeIgniter Module that leverages on bleeding edge web technologies like OpenID and OAuth to create a user-friendly user experience for Account Authentication & Authorization.
1. Signin/Signup with Facebook, Twitter and OpenID (Google, Yahoo, AOL, MySpace, Others) 2. Traditional Sign Up, Sign In (with remember me) and Sign Out 3. Manage Account/Profile Details (including Profile Picture) 4. Manage Linked Accounts 5. Forgot/Reset Password for native accounts 6. reCAPTCHA support 7. SSL support 8. Language file for i18n (plus all the necessary i18n tables, country, language, ip to country, etc) 9. Semantic XHTML views
1. User Experience (See A3M Demo) 2. Create code that is easily re-purposed - loosely coupled and follows CI PHP Style Guide 3. Adhere to security best practices - salt hash, sql injection, xss 4. Proper MVC separation (working with and without CI's Modular extensions by wiredesignz) 5. Reduce code bloat - by reused CI Core code as far as possible, form_validation, sessions, etc 6. Optimal performance - Minimal autoloading, don’t xss_clean for no good reason, etc 7. Configurable via config file - if it’s not in there it’s was likely a design decision 8. Degrades gracefully - Everything is built layer by layer, CSS and JS are optional and can be stripped away and everything work the same.
1. AJAX validation on client side - Will be built using JQuery but since the code is well separated you can throw it away easily if you don’t want this 2. Signin/Signup with Facebook, Twitter and OpenID (google, yahoo, etc) (done) 3. Flexible Authorization access control based on roles and permissions 4. Change password, email and username (done)
Caveat: This module uses query strings. This might be controversial but I really honestly think not using GET totally is quite inflexible. I always settle for a mixture of segment based and GET. With that said, if you’re a segment based purist the code should be easily modified to remove GET. The other one is that I’m using CI Sessions, I love it! I did modify its certain short comings but it’s does the Session job well (and secure) imo.
Much work went into this and you free to use it as you please. All I ask is that you contribute back any bugs fixes, improvements and other thoughts you have so that we can keep improving this module. This is still unfinished work and i’m just upload it early to get feedback from the community.
Download Package
Installation Steps
- Download, extract, upload the ‘a3m’ folder
- Run sql script a3m/a3m.sql
- Config your database connect
- In module config, turn on reCAPTCHA (optional)
- In module config, turn on SSL (optional)
1. Linked Accounts 2. OAuth Server (with OAuth Test Client)
1. Some minor bug fixes. TBH i forgot to log what i changed but the good news is that as of v0.5. my code is under internal version control (subversion) **2.**Account pages
- Account Settings - change email, fullname, firstname, lastname, dateofbirth, gender, postcode, country, language, timezone
- Change Password
- My Profile - change username, change profile picture
- Linked Accounts (to do in v0.6) 3. Forgot password
1. Total ‘refactor’ of codes. Reorganization of codes 2. Sign in with Google, Yahoo!, AOL, Twitter, MySpace, Facebook and any OpenID Provider 3. Not yet done: forget password, verify email, account management. (to do in v0.5)
1. Uses phpass to hash passwords 2. Signin with Google, Yahoo, AOL, MySpace and OpenID
- with support for SREG, AX and PAPE
Category:Libraries::Authorization Category:Libraries::Authentication Category:Contributions::Libraries::Authentication