If your reset password link has expired, the link will take you to an error page saying "Sorry, your reset password link has expired.". The formatting is broken. The

There are a lot of inconsistencies within the project. Would you mind if I reformatted the entire project? Say Tabs(4)?

It'll also be a good opportunity to correct some file locations that are still wrong. (.."modules/"..)

Just a quick question as I couldn't find it anywhere.
Is this supposed to pull your Google Account photo and store in either via a URL or a direct upload?

I believe it does it with Facebook, however I haven't tried this since I've disabled all account functionality other than Google and local sign-in

So on my projects I have updated A3M to Bootstrap 3 and I plan to do the same in my development on the CI3 branch.

In addition to that I would like to change how controllers are named. Currently it is account_settings (with path of account/account_settings) and similar. I feel this is needlessly long and not needed since all the account and admin related controllers are in their respective folders. I would like to shorten everything (where possible) to just what the function of the controller is (so the link would be just account/settings).

Both of these are obviously major changes which will prove challenging to implement on webpages where A3M isn't on its own (so pretty much everywhere). At the same time though I think that this is acceptable for the CI3 branch, which will make the URLs look better, upgrade the theme and add new functionality. Since this is also a major upgrade for CI we should use this to do the same.

Thoughts?

Has anybody of you had experience with HMVC (https://bitbucket.org/wiredesignz/codeigniter-modular-extensions-hmvc/overview) + A3M? I think I will have to use it for my project as the scope of it is getting larger really quick and I have slowly started violating the DRY principle.

If you have experience, are there any tips you could share?
Thank you,Jakub

Welcome,

I install A3M Codeigniter library and there is and error when i try to sign in or sign up it returns me to the same page without posting data, when sign up with facebook for example it back to page "Confirm your account information" and still return to this page when i click a submit button called "Complete".

CI output profiler show "No POST data exists"

• Database data is right
• I give a cache folder a 777 permissions
• .htaccess and config url is right
• I add the facebook and twitter appID and secretAppID

What is the reason of this problem.

Thanks.

Hi,

I currently use this library (maybe a bit outdated one) in production, and for the most part it works pretty well. Only problems I have had was when a 3rd party auth provider changed something causing issues for the library.

I like the Trello board you created, it would be nice to have that as a public board where anyone can add suggestions and ideas.

You should setup a roadmap, and then people like me could choose to focus their efforts on that task.

Thanks.

PS - i was looking to contact you, but all there was your twitter handle

I am having problems authenticating using the following providers :

Google
Yahoo
Open ID

In terms of Open ID I have tried using verisign, and Launchpad.net to provide authentication. I have traced the conversation between computer and verisign with regard to HTTP - the final packet always returns :

Line-based text data: text/html
invalidate_handle:f1293d30-6cbc-11e3-87fb-852ae2b2ae78\n
openid.mode:id_res\n
is_valid:false\n

I assume that the same underlying authentication process is used for Google and yahoo.

More information :
(Yahoo example)
When clicking on the yahoo button, the browser is directed to the yahoo sign in page, and then following authentication the bowser is redirected back to the signup page .../account/sign_up

This same pattern seems to happen with Google, Open ID and Yahoo.

I have managed to get Twitter authentication and Facebook authentication working successfully.

I would assume that the issue is most likely permissions or configuration based. Does anyone have any idea regarding this? What is worrying though is that the response from the server seems to consistently be is_valid = false.

thanks

If you have forgot_password_recaptcha_enabled config item set to FALSE, and you request a password reset, receive the email, and click on the email link, it takes you to a page that tries to load ReCaptcha and gives an error message saying you must get a ReCaptcha API key.

Hey there. Is it possible to login via Soundclouds OAuth 2? If not would you accept a pull request in future?

Hi, I converted A3M from MVC to HMVC. Everything works fine, but when I create a new account, account/sign_up says this:

A Database Error Occurred
You must use the "set" method to update an entry.

Filename: C:\wamp\www\mmfv2\system\database\DB_active_rec.php

Line Number: 1272

However, the system creates the new account and when I use the email and password I can access the user area. Would you know how to approach this error?

Thanks,
Jakub

Just found HybridAuth:
http://hybridauth.sourceforge.net/

If we could reasonably integrate this, it would solve the issue of adding additional services and their maintenance.

Thoughts?
@donjakobo

Hello,

New at all of this, but I have managed to get a3m working. After I sign-in with Facebook, however, I get redirected to account/connect_create when I fill in some info for username/email and click submit... the page just flashes and nothing happens.

Same behaviour if I sign-up natively, too - without third party sign-up/in. Not sure what I'm doing wrong...

Any thoughts?

Thanks!

I have a project based on the older A3M, the one pekong hosted, and I'd like to update it with this newer one as it seems some of the facebook bugs have been ironed out. Can I just copy over all the account folders (config, controllers, helpers, libraries, models, views), plus a few other files (photo_helper, gravatar, my_session). Any guidance would be appreciated ...

Google has deprecated OpenID 2.0 and will shut it down after a migration period.
So google accounts that have google+ enabled can't log in/sign up.

I run into this on a specific production environment. After alot of debugging I found a fix, so I'm posting it here:

If you are using lighttpd and have removed index.php (i.e. rewriting) for SEO purposes you will not be able to sign-in/sign-up with openID providers. The culprint is possibly a limitation on lighttpd's rewrite url length. In order to fix this:

edit controllers/account/connect_google (and any other openid providers you are using) and change:

header("Location: ".$auth_request->redirectURL(base_url(), site_url("account/connect_google")));

to

header("Location: ".$auth_request->redirectURL(base_url(), site_url("index.php/account/connect_google")));

and

$response = $consumer->complete(site_url('account/connect_google'));

to

$response = $consumer->complete(site_url('index.php/account/connect_google'));

Error:
unserialize(): Error at offset 386 of 749 bytes
suggest:
TABLE ci_sessions add DEFAULT CHARSET=utf8;

Error:
Undefined property: Connect_create::$account_model
application/controllers/account/Connect_create.php
edit LINE 94/106
return $this->account_model->get_by_username($username) ? TRUE : FALSE;
to
return $this->Account_model->get_by_username($username) ? TRUE : FALSE;

Error:
Undefined index: firstName/lastName/gender/photoURL
controllers/account/Connect_create.php LINE 68

My timezone is stored in the DB as America/Los_Angeles instead of UM8 as it should be. This means time zone cannot be used with Codeigniter's native date functions. Consider changing the timezone menu to the native timezone_menu() function.

Please update twitter_pi:
1.0 has been deprecated as of 11th June 2013. Must use version 1.1.
jmathai/twitter-async@e91490b

Just to inform the change is being made. Also updating the 1.x branch with version fixes and updated homepage design.

• wiki update
• homepage update
• reference that Bootstrap v2.3.2 is used (not latest -- yet)
• make sql default account_id = 1 to be admin user

The "Remember Me" checkbox doesn't seem to do anything. Whether I have it checked or not it always seems to keep me logged in for about the same amount of time regardless of closing the browser. What is it meant to do, and are there some other CI config settings I need to adjust in order for it to work? I'm using Chrome 28.

So that I don't forget and other can comment as well.

Additional option in admin that will force user to reset password after their next login. So after login it will force them to the password page and won't allow them to any other user pages until they reset password.

I'm thinking of utilizing '''resetsendon''' field in the account table for this.

This is useful if DB has been compromised or where accounts are setup by admin and pass from one person to another each year (admin changes the password to something default and then forces the new owner to change password upon sign-up). I get to use this function with annual events a lot.

It seems that is something wrong with the Session Library File in the 2.2.0 version. If we downgrade the file to the 2.1.4 the login works properly. But with the 2.2.0, even if you put your credentials correct, its doesn't log us in in the system.

When i try to log in with google account it returns me to the page "After i allow the google permission page" with a message:

Bad Request
Your browser sent a request that this server could not understand.

The page URL is like:

http://domain.com/a3m/account/connect_google?janrain_nonce=2014-04-17T12:12:25ZCIxXGf&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2014-04-17T12%3A12%3A25ZFHP0autzNLbQpQ&openid.return_to=http%3A%2F%2Fdomain.com%2Fkids%2Faccount%2Fconnect_google%3Fjanrain_nonce%3D2014-04-17T12%3A12%3A25ZCIxXGf&openid.assoc_handle=1.AMlYA9UgAE7xy1pgDRTJ4dfAYOhH1woPMe56S9XAkCNXro2lIHVA8MJqqB6z_Q&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.firstname%2Cext1.value.firstname%2Cext1.type.lastname%2Cext1.value.lastname%2Cext1.type.language%2Cext1.value.language%2Cext1.type.country%2Cext1.value.country%2Cext1.type.email%2Cext1.value.email&openid.sig=hTiYUbVuDKcyWJ%2BuCHUBREVnxSk%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlt5HrkQ_ihHQtNztbfA9o4Eg7pMCfbf8Q&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlt5HrkQ_ihHQtNztbfA9o4Eg7pMCfbf8Q&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.firstname=Ahmed&openid.ext1.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ext1.value.lastname=Soliman&openid.ext1.type.language=http%3A%2F%2Faxschema.org%2Fpref%2Flanguage&openid.ext1.value.language=en&openid.ext1.type.country=http%3A%2F%2Faxschema.org%2Fcontact%2Fcountry%2Fhome&openid.ext1.value.country=EG&openid.ext1.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email=ahmedsliman%40gmail.com#

Is there an option to delete your account from the system?

danieljonesorg/twitter-async@92d82fb

I would like to propose the removal of full name and postal code fields from the account settings.

In case of full name we have First name and Last name fields, so that's kind of duplication.

In case of postal code for most websites that's a useless information (especially on its own without a full address) and it doesn't serve any additional purpose.

FB, Twitter and all the others are working. But when I try to login using Google, it's giving me a 403 error. Any clue how to solve the issue? My site is hosted with hostgator.

/account/connect_yahoo
application/controllers/account/connect_yahoo.php on line 114

Make sure that whenever the site name is being used that it gets its value from the general lang using the site name variable.

Final question I promise.
Are there any plans include the new Google+ sign in which allows for all the additional features?
https://developers.google.com/+/

Hi,
as you advised me I migrate from older version of A3M - I downloaded and run this branch of A3M which is really great but still I don't quite get how do the permissions and roles work?
I don't need an admin panel right now (I will do some changes manually in database) - but I would like to ask you how I can create two registration forms: one registering new users as readers and the other one registering them as publishers (2 separated user groups).
And how can I detect in the app if the user is logged in and assigned to the particular group?
Thanks in advance for your reply.

http://*****/account/connect_create

How do you change the scope of the permissions to post a status message to facebook? I did my research and the public function getLoginUrl () from helpers/account/base_facebook.php works with $params, but I cannot find the function anywhere else in the project, where the parameters originate. Where to set the params and providing that I dont want to hardcode it to the base_facebook?

Thanks, Jakub

What about including "vkontakte" (Vkontakte.ru) api to sign in with a3m ?

Or maybe explain me how can i do this personally.

I don't know if I'm doing something wrong, but this is my problem:

I have used the "signup with Twitter" button to create an account, and granted the app permission to my Twitter account. Now every time I want to log in (using Twitter of course), I need to give permission again.

Is this normal practice?

The database schema is included as an .sql file. Would be great if we also had it as a migration that uses the db forge to build the schema. Might make it easier to deploy, and integrate better with apps that are developed using migrations.

As the development of CodeIgniter 3 is nearing its end I think it's important to account for the changes in CI3. In my fork I started a new branch with CI3. https://github.com/AdwinTrave/A3M/tree/CI3

The first issue is the change of the session library to drivers which doesn't allow us to use the session library extension any more. This currently mainly means that Remember me functionality is not working.

I also encountered an issue when loading multiple models in an array gives an error when trying to call functions from those models (e.g. Fatal error: Call to a member function get_by_id() on a non-object in), I originally though this was a CI3 issue, but I failed every time I tried to replicate it with my own models, so I have no clue what the issue is. Loading the models individually seems to fix the issue. Problem is if you autoload these models.

Next when attempting to connect to OpenID site I get page full of runtime errors (e.g. Non-static method Auth_OpenID_Message::fromOpenIDArgs() should not be called statically, assuming $this from incompatible context) since it's similar to the models error I think those might be related somehow.

Lastly the Facebook redirect, sometimes the Facebook server won't respond so for my project I just got the all.js from Facebook and placed it on my server, which works great, although I would like to figure out how to improve this even further.

In general, while working on this I plan to add #30 , make sure that all pages are HTML5 valid and many more minor improvements. Hopefully I'll be able to fix everything so that it is all backward compatible with CI 2.

I'm using A3M on a project for this summer so I plan to have most of this done by the end of summer.
My testing site: http://a3m.freedombase.net/

Any help would be greatly appreciated.

So that I don't forget and other can comment as well.

This feature will include an option in admin when creating a user to send the given user the login information to their e-mail.

This will be an option (presented by checkbox).

Hello,

I just started a new website using this project. I was wondering if you are planning on flushing out the Roles and Permissions system? I noticed the tables were created but I couldn't seem to find any models or code related to making use of them.

I am using the site as an admin and out of a sudden while browsing the site, I found that I've been logged out and redirected to the login page eventhough I've set $config['sess_expiration'] to 0, it's still happening randomly and I don'te seem to be able to repeat the steps. Anyone is facing the same problem? I am using CI version 2.1.4

I have verified that curl is installed and works, dom is installed and enabled, gmp is installed and enabled

My twitter app has callback url
http://a3m.mydomain.com/account/connect_twitter/

Allow this application to be used to Sign in with Twitter is ticked

in the codeigniter error logs I was seeing
ERROR - 2014-04-18 04:52:26 --> Severity: Warning --> preg_replace_callback(): No ending delimiter '/' found /home/test_user/A3M/application/helpers/account/jmathai-twitter-async/EpiTwitter.php 81

so I changed
$endpoint = '/'.preg_replace('/[A-Z]|[0-9]+/e', "'/'.strtolower('\0')", $parts).'.json';

to
$endpoint = '/'. preg_replace_callback('/[A-Z]|[0-9]+/', function($m){ return strtolower($m[0]);}, $parts).'.json';

should this sort of error be fixed in this repo or https://github.com/jmathai/twitter-async/ ?

When i using 4 account facebook to login test A3M.
Only 2 account facebook after login: account/connect_facebook redirect to account/connect_create. It ok
2 account facebook after login: account/connect_facebook redirect to / (home) It error

Demo site: http://thaoduocsonghuong.com

When i debug: i detect error with set_userdata session.
Line 37 file: controllers/account/connect_create
if ( ! $this->session->userdata('connect_create')) redirect('');

Which 2 account facebook first:
$this->session->userdata('connect_create') is not null ---> not redirect to '' (home)
Which 2 account facebook remain:
$this->session->userdata('connect_create') is null ---> redirect to '' (home)

I'm test php 5.3 5.4 5.5 but all error.
How to fix issue?

Maybe I should change something in the config but I just do not see it

This is a style issue (and possible legal issue), and obviously people can change the icons to their liking, but I think it would greatly improve the presentation of A3M to have better default icons. Refer to each service's official icon style guides. They publish resources and rules on how to use their official icons and how they may/may not be modified. For example Twitter's logo guide (https://twitter.com/logo) specifically shows that the current "t" icon is not allowed. In order to use a disallowed icon you'd have to have an agreement with their legal team.

Do you have a plan to integrate linkedin to a3m? I really like this library, currently learning to use this. It has everything I need except for linkedin integration.

Is it possible to set sess_use_database to False with A3M?

i've updated with ur new code and testing it to signin / signup with facebook but still find error.

Unable to locate the model you have specified: account_facebook_model

Is anyone planning on implementing this?

http://i.imgur.com/nvGXDxe.png

So, there are no form validation rules on the account_settings controller. If someone enters <script>alert('You just found a XSS vulnerability')</script> for example, it will be accepted as is.

If we are displaying the account settings info somewhere in our site (outside a INPUT box ofc), say last 10 joined users or whatever, we run the risk of being subjected to a XSS exploits.

For the DOB stuff its easy, just allow integers. For textual input (like name etc) we need to html escape (or better yet remove <> tags all together)

There are a lot of code snippets and libraries out there that do that, I've used a couple in my other projects, I'll refresh my memory and get back on this with a solution.