[A3M (Account Authentication & Authorization)] (https://github.com/donjakobo/A3M/)

A CodeIgniter 2.x package that leverages bleeding edge web technologies like OpenID and OAuth to create a user-friendly user experience. It gives you the CRUD to get working right away without too much fuss! A3M is a full package meant for building websites from scratch without all that tiresome login / logout / admin stuff thats always required.

Authors

Jakub

• @kubanishku on Twitter
• @donjakobo on GitHub

PengKong

• @pengkong on Github

Key Features & Design Goals

See our app task board on Trello to get a glimps of to-do items

• Native Sign Up, Sign In with 'Remember me' and Sign Out
• Native account Forgot Password and Reset Password
• Facebook/Twitter/Google/Yahoo/OpenID Sign Up, Sign In and Sign Out
• Manage Account Details, Profile Details and Linked Accounts
• reCAPTCHA Support, SSL Support, Language Files Support
• Gravatar support for picture selection (via account profile) (NEW)
• Create a painless user experience for sign up and sign in
• Create code that is easily understood and re-purposed
• Utilize Twitter Bootstrap (a fantastic CSS / JS library)
• Graceful degradation of JavaScript and CSS
• Proper usage of CodeIgniter's libraries, helpers and plugins
• Easily Configurable via config file

Folder structure

• /application/ - what you should be editing / creating in
• /system/ - default CodeIgniter system folder (don't touch!)
• /resource/ - css / images / javascript (folder configurable via constants.php)
• /user_guide/ - latest guide for CI (can be deleted, just for CI reference)

3rd Party Libraries & Plugins

• recaptcha_pi.php - recaptcha-php-1.11
• facebook_pi.php - v.3.2.2
• twitter_pi.php - Updated to latest release - Jun 21, 2013
• phpass_pi.php - Version 0.3 / genuine (latest)
• openid_pi.php - php-openid-php5.3
• gravatar.php - codeigniter (6/25/2012) rls

Dependencies

• CURL
• DOM or domxml
• GMP or Bcmatch

Installation Instructions

• Download the latest version of A3M
• Extract to a folder accessible on your webserver (/ or something like /a3m/ )
• Create a database by importing a3m_database.sql script found it root folder of package
• Configure /application/config/config.php & database.php to match your CI setup (domain + database credentials)
• Modify .htaccess file if your app location is different than / (example: domain.com/a3m/)
• Configure /application/config/account/* files to reflect your setup (reCAPTCHA, twitter, facebook, openid providers, etc;)

Twitter configuration:

Twitter site (https://dev.twitter.com/apps)

• Create an App and note down the "Consumer key" and "Consumer secret" values
• Callback URL: https://www.yoursite.com/account/connect_twitter/
• Allow this application to be used to Sign in with Twitter [X]

A3M

• Edit application/config/account/twitter.php and insert your consumer key and consumer secret.

Testing on localhost

• localhost and 127.0.0.1 will not work. Use your internal IP (eg. 192.168.1.10)

Facebook configuration:

Facebook Developers site (https://developers.facebook.com/apps)

• Create new App
• Note down "App ID" and "App Secret" values
• Tick "Website with Facebook Login" URL: http://www.yoursite.com

A3M

• Edit application/config/account/twitter.php and insert your consumer key and consumer secret.

Testing on localhost

• Facebook login seems to only work on a live environment (see donjakobo#3)

Google / OpenID configuration:

• Those should work out of the box. No further configuration needed.

Testing on localhost

• Some webservers (XAMMP) have outdated certificates. If you get a Fatal error: Call to a member function addExtension() on a non-object in error you must do the following:

  edit application/helpers/account/Auth/Yadis/ParanoidHTTPFetcher.php and add curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); after line 140 (before curl_exec($c);)

  WARNING: DO NOT DO THIS ON YOUR PRODUCTION/LIVE WEB SERVER AS THIS LEAVES YOUR SERVER VURNERABLE TO MITM ATACKS

Yahoo! configuration:

• Those should work out of the box. No further configuration needed.

Testing on localhost

• Testing on localhost works without any changes.

Authorization, Roles, and Permissions:

• Connect to your database and insert a new row into the "a3m_rel_account_role" with the Role ID for Admin (by default this is "1") and the Account ID you want to give Admin Rights to.
• After you login to the website you should see a few new options under your account for Manage Users, Manage Roles, and Manage Permissions.

Example: Create an Authors Role with permissions to "Post New Articles".

• Go to "Manage Roles" and create the new "Authors" role.

  • Name: Authors
  • Description: Website Authors that are allowed to post new articles.
  • Permissions: None

• Jump to "Manage Permissions" and create the "Post New Articles" permission:

  • Key: post_articles
  • Description: Post New Articles
  • Roles: Check the "Authors" Role

• Now you can check if the currently logged in user has access to certain features in your Controllers. You simply pass in the "Key" of the permission you created, in this case that is "post_articles".

  $this->authorization->is_permitted('post_articles'); //returns boolean value

Note

• Please fork and help out! Only with your help will this keep growing and getting better.
• Note that twitter doesn't work if your base url is localhost and facebook won't work if your base url is 127.0.0.1. Therefore ensure that your base url is something like yoursite.com. One way to do that is to simply map the hostname your want to 127.0.0.1 on your development machine. Your twitter callback URL should take into account whether or not you have enabled SSL in your a3m config
• https://domain.com/account/connect_twitter (SSL Enabled)
• http://domain.com/account/connect_twitter (SSL Disabled)

Configuring this wrongly will result in an EpiOAuthUnauthorizedException exception being thrown.