https://github.com/donjakobo/A3M/)
[A3M (Account Authentication & Authorization)] (A CodeIgniter 2.x package that leverages bleeding edge web technologies like OpenID and OAuth to create a user-friendly user experience. It gives you the CRUD to get working right away without too much fuss! A3M is a full package meant for building websites from scratch without all that tiresome login / logout / admin stuff thats always required.
Authors
Jakub
- @kubanishku on Twitter
- @donjakobo on GitHub
PengKong
- @pengkong on Github
Key Features & Design Goals
See our app task board on Trello to get a glimps of to-do items
- Native Sign Up, Sign In with 'Remember me' and Sign Out
- Native account Forgot Password and Reset Password
- Facebook/Twitter/Google/Yahoo/OpenID Sign Up, Sign In and Sign Out
- Manage Account Details, Profile Details and Linked Accounts
- reCAPTCHA Support, SSL Support, Language Files Support
- Gravatar support for picture selection (via account profile) (NEW)
- Create a painless user experience for sign up and sign in
- Create code that is easily understood and re-purposed
- Utilize Twitter Bootstrap (a fantastic CSS / JS library)
- Graceful degradation of JavaScript and CSS
- Proper usage of CodeIgniter's libraries, helpers and plugins
- Easily Configurable via config file
Folder structure
/application/
- what you should be editing / creating in/system/
- default CodeIgniter system folder (don't touch!)/resource/
- css / images / javascript (folder configurable viaconstants.php
)/user_guide/
- latest guide for CI (can be deleted, just for CI reference)
3rd Party Libraries & Plugins
- recaptcha_pi.php - recaptcha-php-1.11
- facebook_pi.php - v.3.2.2
- twitter_pi.php - Updated to latest release - Jun 21, 2013
- phpass_pi.php - Version 0.3 / genuine (latest)
- openid_pi.php - php-openid-php5.3
- gravatar.php - codeigniter (6/25/2012) rls
Dependencies
- CURL
- DOM or domxml
- GMP or Bcmatch
Installation Instructions
- Download the latest version of A3M
- Extract to a folder accessible on your webserver (
/
or something like/a3m/
) - Create a database by importing
a3m_database.sql
script found it root folder of package - Configure
/application/config/config.php
&database.php
to match your CI setup (domain + database credentials) - Modify
.htaccess
file if your app location is different than/
(example:domain.com/a3m/
) - Configure
/application/config/account/*
files to reflect your setup (reCAPTCHA, twitter, facebook, openid providers, etc;)
Twitter configuration:
https://dev.twitter.com/apps
)
Twitter site (- Create an App and note down the "Consumer key" and "Consumer secret" values
- Callback URL:
https://www.yoursite.com/account/connect_twitter/
- Allow this application to be used to Sign in with Twitter [X]
A3M
- Edit
application/config/account/twitter.php
and insert your consumer key and consumer secret.
Testing on localhost
- localhost and 127.0.0.1 will not work. Use your internal IP (eg. 192.168.1.10)
Facebook configuration:
https://developers.facebook.com/apps
)
Facebook Developers site (- Create new App
- Note down "App ID" and "App Secret" values
- Tick "Website with Facebook Login" URL:
http://www.yoursite.com
A3M
- Edit
application/config/account/twitter.php
and insert your consumer key and consumer secret.
Testing on localhost
- Facebook login seems to only work on a live environment (see donjakobo#3)
Google / OpenID configuration:
- Those should work out of the box. No further configuration needed.
Testing on localhost
-
Some webservers (XAMMP) have outdated certificates. If you get a
Fatal error: Call to a member function addExtension() on a non-object in
error you must do the following:edit
application/helpers/account/Auth/Yadis/ParanoidHTTPFetcher.php
and addcurl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
after line 140 (beforecurl_exec($c);
)WARNING: DO NOT DO THIS ON YOUR PRODUCTION/LIVE WEB SERVER AS THIS LEAVES YOUR SERVER VURNERABLE TO MITM ATACKS
Yahoo! configuration:
- Those should work out of the box. No further configuration needed.
Testing on localhost
- Testing on localhost works without any changes.
Authorization, Roles, and Permissions:
- Connect to your database and insert a new row into the "a3m_rel_account_role" with the Role ID for Admin (by default this is "1") and the Account ID you want to give Admin Rights to.
- After you login to the website you should see a few new options under your account for Manage Users, Manage Roles, and Manage Permissions.
Example: Create an Authors Role with permissions to "Post New Articles".
-
Go to "Manage Roles" and create the new "Authors" role.
- Name: Authors
- Description: Website Authors that are allowed to post new articles.
- Permissions: None
-
Jump to "Manage Permissions" and create the "Post New Articles" permission:
- Key: post_articles
- Description: Post New Articles
- Roles: Check the "Authors" Role
-
Now you can check if the currently logged in user has access to certain features in your Controllers. You simply pass in the "Key" of the permission you created, in this case that is "post_articles".
$this->authorization->is_permitted('post_articles'); //returns boolean value
Note
- Please fork and help out! Only with your help will this keep growing and getting better.
- Note that twitter doesn't work if your base url is
localhost
and facebook won't work if your base url is127.0.0.1
. Therefore ensure that your base url is something likeyoursite.com
. One way to do that is to simply map the hostname your want to127.0.0.1
on your development machine. Your twitter callback URL should take into account whether or not you have enabled SSL in your a3m config https://domain.com/account/connect_twitter
(SSL Enabled)http://domain.com/account/connect_twitter
(SSL Disabled)
Configuring this wrongly will result in an EpiOAuthUnauthorizedException
exception being thrown.