[Beta] phpBB OpenID ver 1.0.1

Post your MODs, receive and provide feedback!
Topics in this forum are not for MOD support, they are for giving the author feedback.
Forum rules
The topics in this forum are not for general MOD support, they are for giving the MOD author some feedback, ideas and bug reports.

Re: [Beta] phpBB OpenID ver 0.2.4

Postby MasterZ » 17 Jan 2010, 13:06

Version 0.3 has been tested and will soon be made public. I just need to make an upgrade xml file for those going from 0.2.4 to 0.3. Should be released by the end of today or tomorrow at the latest.
User avatar
MasterZ
Member
Member
 
Posts: 91
Joined: 07 Jul 2007, 23:46
Location: Colorado Springs, CO
Real name: Jon

Re: [Beta] phpBB OpenID ver 0.3.0

Postby MasterZ » 17 Jan 2010, 20:08

Version 0.3.0 has been officially released!

Version Tests
phpBB 3.0.5
[_] Fresh Install
[X] Update
[_] Prosilver Template
[X] Subsilver2 Template

phpBB 3.0.6
[X] Fresh Install
[_] Update
[X] Prosilver Template
[_] Subsilver2 Template

Future releases will be based on what you want from this MOD. Please Vote Now for what features you want in this MOD.
User avatar
MasterZ
Member
Member
 
Posts: 91
Joined: 07 Jul 2007, 23:46
Location: Colorado Springs, CO
Real name: Jon

Re: [Beta] phpBB OpenID ver 0.3.0

Postby MasterZ » 21 Jan 2010, 23:21

Input needed

Currently when a new user account is created via OpenID a random password is generated for the user. However, this password is never given to the user.

I have 3 possible solutions, neither of which I am 100% satisfied with.

PM the user
We could send the password as a private message to the user as soon as the account is created.
Positives - User always has access to it in their Inbox and is instantly notified of the password in case he/she needs it.
Negatives - If the user's session is saved on that computer and someone else uses it, they will be logged in to the users account already and have access to the password all there on one site, giving them the ability to take ownership of the account (by changing the email).

Email the user
We could send the password as an email message to the user.
Positives - User can recall the password in case they ever lose access to their openid provider and cannot login
Negatives - The password is sent out in plain-text over the internet. I know this is how phpBB does it already but from a security stand point it's dangerous.

Pop-UP window
We could just display the password once for the individual and hope they write it down or memorize it.
Positives - Most secure way to deliver the password
Negatives - If the user does not memorize or write down the password then they will not have the ability to recall it.

Or we could include all options (at least the first 2) and have a configuration option in the ACP to use one or the other or both. Maybe I'm just being paranoid with the negatives I listed above, but from a computer security freak it sends up red flags. Ideally it would be great to make phpBB not require a password for logging in to the ACP or to change the password and just re-authenticate via OpenID, but that will take a lot of changes I think.

Anyway, please give me your input. Thanks :)
User avatar
MasterZ
Member
Member
 
Posts: 91
Joined: 07 Jul 2007, 23:46
Location: Colorado Springs, CO
Real name: Jon

Re: [Beta] phpBB OpenID ver 1.0.1

Postby MasterZ » 28 Feb 2010, 14:19

Updated! If you are upgrading from 0.3.0 you just need to upload the new files. There is an upgrade file to go from 0.2.4 to 0.3.0.

I submitted this to the phpBB MOD DB so hopefully it will be validated soon! (Assuming I didn't make anymore stupid mistakes :p)
User avatar
MasterZ
Member
Member
 
Posts: 91
Joined: 07 Jul 2007, 23:46
Location: Colorado Springs, CO
Real name: Jon

Previous

Return to MOD Feedback

Who is online

Users browsing this forum: No registered users and 1 guest

cron