Authentication Plugin

These notes are moved as a topic here becausenI wanna kill that Group "Authentication Plugin"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

[Dhrup]

I Need Someone to Develop an Authentication Plugin


[Mike]

I need someone to develop a plugin for me for authentication of new members to a group.  It may involve a little more than a plugin, but I figured we'd start there.  Contact me if you're a plugin developer or if you know of one.


[Dhrup]

@Mike
You most probably should post a few more details re: functiomal specifications on what features you are looking to implement.. if you want to catch the eyes and interest of the Elgg heavyweights rather than the $15/hr "amateurs"


[Mike]

I am creating approximately 150-200 closed groups.  Invitation only.  I am trying to figure out a way to authenticate users automatically.  So I came up with the idea below, but I'm open to suggestions.
My idea is to have the ability to generate thousands of unique 10 digit alphanumeric authentication codes that will be sent to the groups moderator in blocks of 10, 50, 100, or 500 for them to give to new members who want to join.  Once a member is issued the authentication code they will then be prompted to enter this authentication code when they join the group.  Once the authentication code is used it will no longer be valid and deleted from database.  It can only be used once.
I will need someway to get a list of authentication codes to the group moderators via a secure webpage, email, etc...  Can someone assist me with this?  I'm looking for someone who really knows what they are doing.


[jededitor]

Pardon me if I am being a bit thick here but as the group owner will be asked by the user if they can join the group whats wrong with the normal procedure of the group owner just adding them to the group there and then?
Why waste time and effort getting them to enter some random code when the all it takes is a click of the mouse by the group owner?


[Dhrup]

Jed is absolutely right ;-)

Closed Group
Invite to Join
Or Request permission to Join
Owner OKs the user to join
If Owner does not Ok
User is still outside the door..


[Carlos]

I am thinking maybe Mike wants this automated..???!!!
Example: admin issues authentication code.. pass onto user... user enters code.. user accepted into the group.. without the admin interference.
user enter wrong code, user told to f*** off.???
In any case:
This project is probably 3 block:
1. Random Authentication object (letters/numbers)  generating code: too easy.
2. Form as an intermediary between the group and user,, (think of this as an application form to join a group with one text input and maybe one hidden input representing $user->username.
3. Setting access to all groups based on these conditions.
I think this can be done.


[Carlos]

But wait a minute.... if admin wants that user in the group why don't they just add them like jed said??? Maybe they also want the user to have the choice to join or not to join..???
Oh hell.. I don't know.. image..


[jededitor]

This authentication code thing got me thinking....
How many times do we get people who just want a quick look at the site?
If you could hand out an authentication code to be entered on the login page and that would give a one-time acess to your site with a view-only capability I am sure it would come in handy for casual visitors and people who want to see if the site is suitable for them..


[Carlos]

You gotta love how Jed thinks for 30 seconds and creates a job that takes 30 months to do.. LOL


[Mike]

I need the process automated because the project I'm working on could possibly get larger than what I can handle.  If I were to receive hundreds of request at one time then users will have to wait for me to approve them (or someone to approve them).  I work a regular job so they may have to wait for 8-10 hours depending upon when they send the request.  If they have an access code issued to them by the groups moderator (I will not be moderating all groups) then they can input the code and receive immediate access.
I want to eliminate the wait for the person trying to join the group, but I need to make sure that the moderator approved them.  If the moderator gives them an access code that means that they are approved.  No one has time to approve all of the people wanting to join a group if my project goes well.


[Zakary Venturo]

@Jed doesnt some the connectivity that has come about from things like signining in with facebook and twitter do exactly what you are talking about? I mean, this kind of click easy entry makes it real easy to showcase what ELGG can do even in your particular niche... now if you wanted to simply make that access at that point time specific based on whether someone confirms their registration later, then that would really keep things trim from the perspective of knowing the actual user base. I think that doing it this way would be a lot simplier and user friendly even for those who are just curious. It gives them access and if they do not verify the link, they are removed based on the absence of verification and time (like 3 days maybe)


[Mike]

Carlos.....you had it right the first post.  Do you know anyone capable of providing me with this solution?


[Carlos]

Mike... the point both Dhrup and Jed are making, which I would be making now as well, is access and permission, not for the user, but for the admin/moderator... the simple question is: if you will entrust the moderator to generate an authentication code, why not tweak the access level to moderators to actually add the user into the group..??
If you want the entire process to automated, then having the moderator generate that code defeats the automation prupose.
I am very interested in the topic and would monitor to see where it goes.. but surely we need to understand more about the goal you are trying to achieve.


[Dhrup]

If you do not have time to approve manually..
how will you have time to send the invites ?
... bit of a paradox ;-(
ps:
have you found any plugin developers yet  ?  or are you blind ? ;-)


[jededitor]

@Carlos well actually that was nearer 40 secs that time :-)


[Dhrup]

@Jed
LOLZ... I did not know you used a stop-watch
@Mike
You need to put together a "coherent'" design plan and requirements...
There is still a major paradox -
    * Users request membership to a closed group
    * PlugIn kicks in and sends an Auth code to use to join.
    * They are in Group
This is the *same as having the Groups as "Open Groups " ? because there is *no real Group Owner verification !!


[Mike]

I will generate the code and give it out to the moderators.  I will monitor the codes.  This code will work only one time and give permanent access to the group until the member decides to leave or they get kicked out for some reason.  I am working to create a closed secure network.  The moderator will provide the code to people who sign up for their services.  The moderator does not want these people giving access to the group to their friends and family.  The moderator is providing a service and information through the social network and they do not want an email request or any type of electronic request from people asking to be added to the group because it could be someone that they don't know.  The moderator does not know who's on the other end of that request.
The moderator meets and speaks to so many people per day they cannot remember them all thus the reason for the code.  If they have a code then that means they are ok to join.  Every person joining will need to have met with the moderator and receieved the code.  Some of the moderators do not own laptops and cannot authorize people to join on the spot and it would take too much of their time to do this onsite.  Maybe I'm looking at this wrong.  But i must say I appreciate the feedback so I can get this done correctly.


[Mike]

It works like this:
Moderator gives client an access code when they pay for service at office.
The client goes home logs into account
The client then finds the group and clicks join
The client will then be asked for an access code
The client will input the access code
The access code will be verified against a database
If the code is authenticated then they will be joined to the group.
The access code cannot be used a second time

 
[Dhrup]
aahhhh.... now you are talking... and giving away your bisiness plan secrets ;-)
(1)
Generate Lists of Auth Codes to give to your "moderators"  (mind you, Elgg has no way for Admin to choose Group "moderators" yet)
(2)
Moderators "sell" the Group to clients / users
(3)
Users go home with Auth code and click "Join", enter that Auth code and they're in the Group, and that Auth code is killed ( most likely stored as metadata attached to Group )

I'm basically re-wording you requirements within the context of Elgg


[Ukr Programmer]

I read through this thread and it sounded suspicious from the start. My first thought was, is this a gambling site? However, as I read through, this sounds like an Amway or some other pyramid scam site that's being developed, based on the description:
"The moderator is providing a service and information through the social network and they do not want an email request or any type of electronic request from people asking to be added to the group because it could be someone that they don't know.
The moderator does not know who's on the other end of that request.  The moderator meets and speaks to so many people per day they cannot remember them all thus the reason for the code."
Sounds to me like the moderators are sales people. ;-)
I think Mike should show us his cards and tell us what type of site this is.  :-)


[Zakary Venturo]

i am salesperson. i am making money with ELGG based on a business model. So are others. At the base, without much effort, using adsense or another ad service is just the tip of the iceburg for making money.
There are lots of reasons to provide the kind of activity Mike wants without being a pyramid scheme. providing the kind of accesss structure he wishes would be useful for letting people into a repository for other files ... maybe he is selling Office templates with really special macro customization, this kind of thing would be right up the alley of why he wants this kind of generation feature... maybe he is building a specialized coding sight to connect together people who provide this kind of product all around and he is enabling groups to be the power house for making money all the way down the line, but there is good reason for this kind thing that has nothing to do with a pyramid scheme.
 

 [Ukr Programmer]

A serious person would get to know all of the plugin developers on the Elgg community and realize who is good and contact them. Someone working on a get-rich-quick scheme usually starts a thread like this. But, I understand you are trying to give the benefit of the doubt. Just don't put words in people's mouths.  :-)  ;-)


[Mike]

LOL.  I'm not running any kind of scheme.  Just to end all speculation what I have a social network that serves the realestate community.  They are wanting to provide a social network environment for their clients for various reasons.  The only thing they will be selling would be homes or renting them.  No gambling, pyramid schemes, etc....  I do not participate in that kind of stuff.  But I can see how you could jump to conclusions.  I'm new to this forum and to Elgg and this is all I knew to do to get help developing a plugin.  How does one get to know all of the serious plugin developers?  Help me out here :-)


[Mike]

Thanks Zakary


[Ukr Programmer]

Mike, I had thought about Elgg for a realestate community, so, interesting that this is what it turns out to be. ...If you want to know the serious plugin developers, just watch the plugins that are posted. ...For a shortcut, go to my bookmarks. I have all of the serious one's bookmarked. For a plugin like this, you might approach Vazco from ElggDev.com. Jeroen is also amazing and would be worth contacting. Brett is also amazing, but he is working for Curverider now, so I don't know if he is taking jobs like this. Kevin is king, of course and I know he does it as a business. I don't know if Cash is taking jobs like this, but he is awesome.


[Zakary Venturo]

@Mike consider yourself serious first and foremost. Why? because your goal surrounds business.
set up a development enviroment and start destroying ... errrr costumizing ELGG even if you are doing it wrong and get a feel for what you are doing. Some really helpfull tools would be getting yourself an IDE and there are a few free ones out there... and in and of itself, learning how to use them can be an adventure in and of itself. However a good IDE has some advantages to getting to know ELGG or any piece of software, things like code completion will help you understand ELGG specific functions (because ELGG has done a great job of documenting itself internally and it shows up when you use an IDE). A simple place to start would be Komodo Edit, although that lacks a PHP debugger unless you pay for the bigger IDE... Aptana Studio is terrific on this level, so is NetBeans and good ol' Eclipse PHP, they all require a tiny bit of a learning curve to get them going so you know how to use them. Download Firefox and look for all the addons that are tuned for web development, in particular firebug and xdebug helper. XAMP and Winamp are two good Apache servers useful for setting up a local enviroment... all this will lead to a better understanding of what is going on underneath ELGG's hood...
once you get that far, or even if you have gotten that far already... the experience will lead to understanding ELGG in general.
I also suggest learning how to build a theme first. this has a huge advantage of learning how ELGG can override its own structure based on folder hierarchies which leads to you grasping how you might do your own plugins.
Read everything on here.
Make friends with Dhrup through paypal.
Taking yourself seriously will lead to others becoming more involved in your discussions whether privately or in public.
Ultimately do not be afraid to break ELGG on your experimental platform, after all you can just delete and reinstall, it is afterall software.


[Carlos]

Who gives a shit what website it is... Talking for myself, I am only interested in the functionality.. I would still do it even if it was a fetish porn website...
But as other like Dhrup and Zak so rightfully said, it seems to me that the webmaster operates a business website and should perhaps ask for quotes on a job of this nature.. because this not a very simple mod.. if it was, I would do it for free regardless whether it's a biz site or not. I'm sure everyone else would offer help when they can.


[Ukr Programmer]

@Mike - I think there are others where the money would be better spent, others who have put out actual plugins, such as the ones I mentioned. Look at my friends and bookmarks to get you up to speed on the talented people here on Elgg.


[Ukr Programmer]

@Carlos, no reason to get filthy. And I hope you are not producing the kind of sites you mentioned, inside the US, or you'll end up in the slammer.


[Carlos]

@UKR.. I am not being filthy... And if you don't like what I have to say, just ignore it, but never never tell me what I can and what I cannot do... As for the slammer... well, first, I never did a porn wbsite, that is not to say I wont... I am a big boy, have a double major and can handle problems.. so, if I do produce any porn websites, I promise you I'll let you know to see how you gonna have me in the slammer.
Again.. I don't give a fuck about what website it is.... the important thing is to produce the functionality the person is asking.. Having said that, I sould mention that I think I can do this job, but I wouldn't accept it at this time because I am doing a a job for the Department of Education and from there I have another job for a large sports stadium website... So, it wont be fair to take their money and make them wait for me to get my shit together.
That's the way shit goes.


[Ukr Programmer]

I don't think it's suitable or productive to have this kind of language on the Elgg Community.


[Carlos]

I would happily accept technical advice decorated with dirty language... but what I wont accept is bad attitude and fake superiorities.
Take it or leave, jut don't tell me how to make it.
End of story.


[Ukr Programmer]

I agree about the fake superiorities, but your comment reveals exactly why I thought you responded the way you did. You, in your own pride and arrogance couldn't handle me pointing to others as the best on Elgg. So, you got all nasty and filthy. That is real pettiness. The one's I pointed to really are the most talented individuals posting plugins and committing to core, here on Elgg.


[Dhrup]


@UKR
Please post some Elgg Php  code so that everyone will know what you are talking about, thank you.

 
[goofbucket]

@Ukr  rename on topic or leave the tread others may have interest.


[Ukr Programmer]

@Dhrup, please post a plugin so that people know you are worth more than $5 an hour.


[Dhrup]

I have searched thru all the PlugIn listings.. not a single one says "by Ukr Programmer" LOLZ ;-)


[Zakary Venturo]

http://community.elgg.org/pg/plugins/Dhrup2000


[jededitor]

Please do not feed the trolls...


[Ukr Programmer]

I think you should stop acting like this is your community, Dhrup. This is my primary irritation with you. You are everywhere. Every thread, every plugin, everywhere. And you act like some hot-shot programmer when it is obvious you are not. Stop acting that way and stop making condescending comments toward others and you won't get the reactions from me like that. And I did not appreciate all of the filthy language from Carlos either. Rather unprofessional. So, you can call names all you want, about trolls, but the only trolls I see are the ones that are the fakers here.


[Zakary Venturo]

Zakary Venturo

ive been thinking about this. not that i don't have a list of things to do already, but its real possible this idea could become something i get focused on.
for me, at present, i am very much in the learning stages in both my programming ability and understand ELGG underneathe the hood. I can imagine that tackling this even from an academic standpoint would benefit me greatly.
I can also see the potential of this kind of thing in many different areas.


[jededitor]

Okay get to work programmming slaves ;-)


[Carlos]

Great... we bust our balls writing code and Mr Jed over there rewards us with a good ass whooping..LOL

Ok.. what are we doing...?? what's the objective..?? and make it challenging please.. :D

-Carlos


[Dhrup]

Y'all ;-)
I moved to here because that UKR guys is just s-o-o-o bad flaming so many people.
I have written to Admin Brett Proffit explaining and asking to have UKR banned.


[Zakary Venturo]

well, I am about to delve into creating an anonamoyous posting feature for the wire for a project. I dont think its that hard though.

[Carlos]

@Zak.. anonamoyous posting ?? I'm not sure if I understand.. what exactly is it..?
Cheers.
-Carlos


[Zakary Venturo]

its because i am building a social support network. its simply meant to protect a person when they wish to talk and need that level of security.


[Zakary Venturo]

well thats one of my projects at any rate. but the most current thing i am doing.


[Carlos]

Ok.. do you mean if a person make a post on the wire, it wont show who made the post..??
-Carlos


[Zakary Venturo]

yeah basically i am going put in an anonymous profile and relate all anonymous post associatted to that guid, so when someone chooses to be anon, it wraps the post in that profile protecting the identity.


[Dhrup]

Won't this also open up to trolls and spammers ? probably should log IP# for annon posters.. or for that matter all wire posts, messages should log IP# in case there is ever trouble.


[Carlos]

Ok.. I know we all have different approaches.. but prolly Dhrup will tell you that I like simple approaches..
The approach I would use:
Modify the dashboard display of the 'Username' to 'A member'... so, it will read (example):
A member: blah blah blah.
The advantage of this:
If admin needs to ever check to see the origin of a post, it will take them back to the real member who posted it.
So, the backend will retain its integrity while only the echo is modified.
Just a thought.

-Carlos


[Zakary Venturo]

@Dhrup, yes there is some need to make sure things can be controlled from a general standpoint. i was thinking that my admins can keep tabs on this through the messaging system. I am working with a good team of folks, and people i can beat up in real life (:P) so I am not worried about the breaking of confidentiality. but for the masses online, identity can be masked so that there is an ability to communicate there personal need if they desire to use the anonymous feature.

[Zakary Venturo]

@Carlos

this is meant as an option, so will post with something member or something that cloaks identity. but you can also post as yourself. thats simple enough to do.
I am tying this to a profile, albiet an anonymous one, so that it can be referenced by the community and maintain the overall importance of this feature.
third, i have admins who i know and its their baby really, so monitoring for abuse can still be done by sending this through the internal messaging system with a note on the original poster.


[jededitor]

What we do need is a visitor profile that will allow anyone to use it once - said profile will allow the user to view everything (public?) but not actually post anything.

[Zakary Venturo]

guest profiles would be interesting. and whether you want or don't want everything public would be a case by case situation.
I have also been mulling over a very low tech card table. Something where basic games can be played, but really not make it all computer controlled exactly... people already know how to play cards, so it could be simply done.