coding

Draft | Register / Login / Forgot Password / Remember Me / Social Login – Steps

Posted on by jakaildesignspegh
  1. Register :
    1. Sign up form with email(or username) and password fields (along with other info)
    2. Save data in database table (~users)
    3. Set a table column (as flag ~status) to 0 (=unverified email)
    4. Set random hash, and store in another column (~email_verification_hash)
    5. #suggestion – Store an expiry timestamp (~1 hour/1 day etc) for the link
    6. Send email with verification link (consisting of the hash above)
    7. Click on email link to verify
    8. Find hash sent from email link (via GET) and check with the DB stored hash (if using link expiry timestamp, then compare with that as well). If link found to be valid then update flag (~status) to 1 (=verified email).
    9. Redirect to a “Thank you” page
    10. Link to login page and automatically redirect to login page(~ 5 seconds)
    11. #Suggestion – Login immediately after successful link verification
  2. Login :
    1. Submit form with email(or username) + password
    2. Check for email in DB + status (verified)
    3. If record found, then hash the password, and compare with stored value of password
    4. Create a session variable based on a unique identifier (encoded ID of the record, or some other parameter that makes sense)
    5. Send user to HTTP REFERRER (if exists and belongs to the hosting domain) or a pre defined home/profile page
  3. Forgot Password :
    1. Sign up / Login > Forgot password form > Enter email
    2. Send hashed link in email (same column can be used as the one used for account verification, as that would not be used anytime after the initial verification)
    3. Clicking on the email link takes user to a page asking to enter new password and confirm password
    4. After successful hash-check and password checks, store new hash for the new password
    5. Show “Thank you” page and automatically redirect to login page
    6. #Suggestion – Login immediately after successful password change
  4. Remember me :
    1. If checked, then save a hash in DB, and store the same hash in browser cookie
    2. In the event of session getting expired, the cookie hash is checked for validity. If the cookie hash is found to match with DB stored hash, then login the user with matching hash
    3. In case of explicit logout, remove the browser cookie, and clear the hash from DB table as well
  5. Social Login :
    1. Get user details from social network (FB / Twitter / Google+ / etc) – via oAuth or any other protocol
    2. Check for the combination of “Type”(Social network) + User ID (shared by the network) in DB – emails are usually not provided by social networks, hence the non-reliance on the email provided by the network
    3. Check if ID is in the system already
      1. If it is, then check if the user is active
        1. If user is active, then login as the user found with the same ID
        2. If not active(or any other status), then take the user back to the login page, with appropriate message
    4. If no, then Check if Social-email is blank or not
      1. If it is NOT blank, check if Social-email is in the system already
      2. If it is, then check if the user is active
      3. If user is active, then login as the user found with the same Social-email
      4. If not active(or any other status), then take the user back to the login page, with appropriate message
      5. If no, then create a new user in the system with ID and Social-email(if not blank) received from the social network
      6. If it is blank, then create a new user in the system with ID and without any email
0
coding

Database structure of user table for a web based application (generic)

Posted on by jakaildesignspegh

Table name = users

first_ name // You don’t want to be called stupid
last _name // Definitely, you wouldn’t want to be called as
email // This is what we need
password // salted/hashed – you know, for security and all
IP address // Why? Why Mr. Anderson?
created // Help us identify the date you were wandering and got stuck
photo // How do you look (I know, I know – looks don’t matter, but still… smile please)
status // By default > Inactive | We want you to click on the link that we sent in the email when you register

email_verified // Default > 0 | When click on signup verification link or forgot password link | Account status is not as same as verified email
phone_verified // Default > 0 | When correct OTP is entered

id_facebook // Facebook profile ID
status_facebook // Default > 0 | In case you are registering with email
photo_facebook // In case you want to make yourself visible using your Facebook photo (really?)

id_twitter
status_twitter
photo_twitter

id_google
status_google
photo_google

forgot_password_hash // When you forgot your password, and we send you a link (which is unique, btw), we keep a copy of the hash in the system (of course, to uniquely identify the link that you will need to click to reset the password)
remember_me_hash // When you click the little checkbox that says “Remember Me” then we create a hash and store it in DB. The same hash is also saved in a cookie, so that when a session is not found (or expired) then before sending the user to login screen,

user_status // Default > 1
adviser_status // Default > 0

username // Adviser username
photo_adviser

timezone_id
currency_id
language_id
newsletter_subscription

 

1. Register : Sign up > Send email with verification link > Click on email link to verify > Thank you page > Link to login + Automatic redirect to login page after some time (5 seconds)

2. Forgot Password : Sign up / Login > Forgot password > Enter email > Send link in email > Click on email link to enter new password and confirm password > After successful password change > Thank you page > Link to login + Automatic redirect to login page after some time (5 seconds)

3. Login : Email + Password > User Profile page

4. Remember me : If checked, then save hash in cookie > If logged out, but cookie hash is valid, then don’t redirect to login page, but login using the hash and send to User Profile page

5. Social Login : Get details from social network (FB / Twitter / Google+) > Type (Social type) + ID (Social ID) > Check if email is available from Social data already exists in system or not > If it exists, then update the Type and Social ID for that user, and login that user, if the social email does exists in our system, then create a new user record and login with that user.

 

 

0
jakaildesignspegh

Seven things

Posted on by jakaildesignspegh

Do these, and ensure success:

  1. Become competitive (if not already)
  2. Finish things (don’t let them hanging – books, assignments, projects, chores)
  3. Ensure your super close circle is better than you(in whatever way you want to improve)
  4. Never let the mind rest
  5. Make sure other credible(successful) people give you credibility
  6. Learn more
  7. Obsess

 

0
coding

CakePHP 2.x | Console | cake bake all | Windows + Linux

Posted on by jakaildesignspegh

In CakePHP the “cake” (console) command can be used to bake scaffolding Model, View and Controller files (to quickly create content management system).

Following is the command
“cake bake all”

“cake” is the actual command.
“bake” and “all” are parameters (other options are available to selectively bake stuff – M/V/C).

“cake” is the Linux shell command.
It will not run on Windows, because it is a Linux shell command.

To run this on Windows you will need to use cake.php (available in the same folder – app/Console).

Since, by default, php path is not available in command line, so you will need to provide php path also.

So, the final command will be something like following:
(assuming, XAMPP is installed – and, you are already in c:\xampp\htdocs\cakeproject\app\Console)

c:\xampp\php\php.exe cake.php bake all

0
coding

Basic Linux shell commands for new users

Posted on by jakaildesignspegh

touch a.txt (to create a new blank file)
ll (to list all the files in this folder)
ll | grep john (to filter the files matching the pattern – john – in this case)
ll | grep tac

chmod 0777 test_file (to make the file fully writable for all users – not recommended for production environment)
chmod 0777 test_folder (if this is a folder, then the permissions are set for this particular folder only)
chmod -R 0777 test_folder (Applies the permissions to all the folders and sub-folders inside this folder)

0