Preventing dictionary user names for registration - user-registration

When I was setting up an account with gmail few years back (probably this is still a case, haven't check) I've noticed that system doesn't allow to register common terms, nouns as username, it seemed that it used a sort of dictionary for screening. I would like to implement similar feature in my app, anyone have idea how to tackle this? App is written in PHP but understand I'll have to hook it up with online service.
Thanks

Wordpress MU has such feature too, you fill a list of possible usernames that you want to avoid and they become unavailable for users. You can check its source to get their approach...
Sinan.

Well the API will vary from service to service so I'd suggest you find one, look at their developer docs and then if you have a question ask it here.

Related

How to access information from other sites based on specific parameters provided by a user to my website?

So I am currently working on this project and I am confused on how to tackle this issue I am having.
I am creating this website that will go behind the scenes and input the data the user is providing us with and checking to see availability on various websites. I am confused on how the logistics of this would work. Would it make more sense to use API's rather than create maybe a bot (I don't even know if this would work) or even if there was a way to code it in myself.
A similar platform to what the general idea behind what operations would be used is vaccines.gov where the system will display the availability of vaccines nearby (a value inputted by user is zipcode). I just need to be pushed in a general direction as I am unsure how to approach this.
Thank you!

CakePHP ACL Auth Trouble

I love CakePHP, but cannot wrap my head around the ACL/Auth subject. Everything else comes together nicely, but when it comes to this, I am lost. On top of it, I cannot finish my application if this is not solved. Therefore, I desperately need your help.
Things to note:
I have tried a few of the plugins available, but to no avail.
I have used tutorials online as well as the latest CakePHP book by Mariano, with no success.
I have tried on my own, also to no avail
Why is it so hard to get this accomplished?
These are my questions:
Is there any other way to handle Access Rights in a CakePHP application with Multiple Admin, users, etc?
For the possibility that ACL is the only/best way, how else could I approach this?
What could I possibly be doing wrong?
As you say that you have already tried a few of the available plugins, you have maybe already tried my own one: http://www.alaxos.net/blaxos/pages/view/plugin_acl It is mainly a graphical interface that allows to set the ACL permissions when they are used to grant/deny access to actions.
My point here is that in addition to the plugin itself, I made available a very simple sample application http://www.alaxos.net/blaxos/pages/view/demo_plugins that uses this plugin. It may help you if you install it and look at the code, as the application has some public parts, and some parts protected by the ACLComponent.
This is one of the pains in Cake, the complexity of ACL..
Is there any other way? Well, yes. Yes, in the sense that you can cook up your own access rights management, and simply go around the cake's ACL implementation. For example, you could have a role based ACL where roles would be pretty much a fixed list. This can be accomplished in many ways, one of which was demonstrated with DarkAuth.
Further more, don't try to fit your app into the cake's ACL scheme if it doesn't suit you. Bake your own, cake offers you the option of plugging in your own objects for auth/ACL stuff, so use it!
But do note that any feature-rich ACL system you want to create yourself might end up looking much like cake's ACL..so first decide exactly what you need, and then look for a way to do it.
In any case, good luck!
I just recently wrote the probably most simple Auth - I called it "Tiny":
http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
It should be just about what you need.
It does need the roles to be present in the Session Auth, though and that you manage user roles yourself.
So you might have to add this to your login method if you want to use multi role Auth.

Drupal 7, Domain Access, and SSO (Single Sign-On)

Has anyone made any headway with coming up with a single sign on solution
with Domain access to date for Drupal 7? I've been looking closely at two old
modules, one no longer maintained (SSO for D6) and one still maintained (CAS). I've also read that SAML might be a key to unlocking this, but am uncertain.
Facebook's FBConnect might be another option too or another way could be integrating OpenID from what I've read, and experienced on StackOverflow's sub sites.
I know that OpenID can do this since we are logged into all of *Overflows sub sites at the same time using one login. The question is how does it cross DNS servers? Does it handshake with one half of a matching hash? I cannot find any documentation on this, so am at a loss.
So, are there any solutions that are known to date, or information on what to start
looking into? I think I've made a good point at the possibilities. I read this thread, Domain Access SSO but am uncertain to what version it pertains to (Drupal. DA, SSO or otherwise). It looks like the "Solution" is to create a master table set with users and permissions, then share those across the domains? How might this work if there are already multiple sites created under Domain Access? Would you clone and rebuild the entire installation, or would you need to start from scratch? It really raises more questions than answers. I contacted the author with no response, so the questions still stand.
Any opinions out there on the who what or why would be greatly appreciated, I just need a start point to get the ball rolling. Thanks everyone.
I'm the author of the Domain Access SSO article mentioned in the original question. I don't recall being contacted about it, but then again I recently learned that my "contact" page on bleen.net hasn't been working in a while... but anyway, here is a bit of info:
That post referred to Drupal 6, SSO Module 6.x-1.0-rc1, and Domain Access module 6.x-2.0 (I think). That solution basically revolves around creating two separate drupal installs, one the master and one the client (there can be multiple clients). Basically, what happens is the necessary user tables for all teh clients are pointed instead to the master. In doing so, the master becomes (essentially) a shell site that does nothing but hold and verify user data.
Hope that makes sense and/or helps... to be honest i havent looked at that code in a long while now.
SAML is a good option. Check this module to integrate it with drupal:
http://drupal.org/project/simplesamlphp_auth
If you need a demo with this plugin working check this.

Using gdata with only one user in app engine, need to decide

I am building an GAE app that allows users to share documents over different contexts. Nothing too fancy.
I want to use Gdata in such a way that it is the app that owns the documents, and not the users. This way, I shouldn't need any kind of tokens --one would think.
This is the main idea:
App user creates doc --> App creates doc and owns it --> user can RUD & share the doc
Is there any recommended way to authenticate using just a hard coded user & password?
The ClientLogin, up to now, seems to be the way to go.
http://code.google.com/apis/gdata/docs/auth/clientlogin.html
But I still have some doubts about the following:
Am I putting myself in a scenario of possible restrictions over other alternatives?
Is really ClientLogin the best way to go?
Could really use advice from others' experience here. Procrastination is killing me.
Cheers,
A.
If this is a personal project, and you've only got a very small group of users, the design might be OK.
One really good reason to use OAuth is that you won't need to store the account password somewhere. Instead you'll be able to implement a simple 'setup' process to get and store an access token. OAuth is also nice since you'll be able to restrict the access scope.
However, I must say, I find your question very vague -- so more specific answers are difficult.

1 data, many applications

I have a forum with >400 registered users. It's powered by vBulletin-4.0.4. I want to build up several websites with kohana-3.1, but keep existing forum users too. I will use seperate databases for each application (I want to keep apps as independent as possible).
So my solution is:
step 1. create special app users.mydomain.com where each user can register and update their details (birthdate/email/password). This app will catch all changes and write them to forum database and application databases.
step 2. modify default auth module to handle forum authentication. vBulletin uses algorithm: $hash=MD5(MD5($password)+$salt) for pass hashing.
Am I in the right direction? Is it OK?
Someone has already done this: Kohana vBulletin Bridge. You will need to contact the author of the module as the source code is no longer online. It wont be too difficult to upgrade it to 3 if you get it.
I haven't used vBulletin so I can't give you much advice on the subject, but you're right about the hashing algorithm. You'll also need to make sure your session is read and written as they are in vBulletin.
A quick search of vBulletin SSO to get you started.

Resources