Difference between revisions of "ForumIntegration"
(→Still to do:) |
(→Still to do:) |
||
Line 17: | Line 17: | ||
*Mechanism to ensure email address changes get transferred across to phpBB. |
*Mechanism to ensure email address changes get transferred across to phpBB. |
||
*Automatically put people in groups based on statuses |
*Automatically put people in groups based on statuses |
||
+ | ** This can happen when the initial phpBB account is created, however should it also be automatic when a user's status is modified from the member editor (or should this page include options for forum membership as well)? |
||
*Determine what session / cookie settings are required for phpBB login and set it from the filmsoc website. |
*Determine what session / cookie settings are required for phpBB login and set it from the filmsoc website. |
||
**I had a quick look at that, they are a abit esoteric as phpBB uses its own session table and logic, and it is difficult to include phpBB files in the website without breaking our things. The autologin system should be almost as seamless. mattrix |
**I had a quick look at that, they are a abit esoteric as phpBB uses its own session table and logic, and it is difficult to include phpBB files in the website without breaking our things. The autologin system should be almost as seamless. mattrix |
||
Line 35: | Line 36: | ||
* If people have different usernames, why can't they be allowed different passwords |
* If people have different usernames, why can't they be allowed different passwords |
||
* The use of different passwords for different systems is always recommended from a security point of view. If we have the opportunity to allow the option, why not use it. |
* The use of different passwords for different systems is always recommended from a security point of view. If we have the opportunity to allow the option, why not use it. |
||
+ | ** This should be unnecessary since it should essentially be the same system. |
||
* Should the forums be considered as part of a wider [[AuthenticationStratergy]] before we jump into what could be a involved, complicated and proprietary system. |
* Should the forums be considered as part of a wider [[AuthenticationStratergy]] before we jump into what could be a involved, complicated and proprietary system. |
||
[[Category:ToDo]] |
[[Category:ToDo]] |
Revision as of 15:37, 15 October 2006
Done so far:
I've created a table in filmsoc called people_forums that links pid of our system to column in web_users with the user_id in phpBB.
I've created a page on the main website called autologin that looks up the correct user_id, and then redirects to another page called autologin in the forums. This then logs the specified user_id into the forums using a phpBB function called session_begin. A cyptographic token is used to prevent unauthorized use of autologin.
- Automatic phpBB account creation
from website login creation.- This wouldn't neccessarily be very useful - not everybody will want to use the forums
- This could be done on first login redirected from the forums rather than when a website login is created. When they attempt to login to the forums a message pops up saying "Your forum account hasn't been set up, please enter a display name to use".
- That's exactly what happens! Although I should probably write some kind of message to explain to people what's happening.
- Populate people_forums with information for current forum accounts
- Make autologin automatically create a forum account for people without an entry in people_forums, and add a row to it
- Allow autologin to redirect to any forum page, not just the start page (for next part)
- Redirect any login or register page requests on the forums to http://www.filmsoc.warwick.ac.uk/index.php?page=autologin
- Login & register links should be removed from phpBB and be provided solely through the website.
Still to do:
- Mechanism to ensure email address changes get transferred across to phpBB.
- Automatically put people in groups based on statuses
- This can happen when the initial phpBB account is created, however should it also be automatic when a user's status is modified from the member editor (or should this page include options for forum membership as well)?
- Determine what session / cookie settings are required for phpBB login and set it from the filmsoc website.
- I had a quick look at that, they are a abit esoteric as phpBB uses its own session table and logic, and it is difficult to include phpBB files in the website without breaking our things. The autologin system should be almost as seamless. mattrix
Would be nice:
- Make look of forums closer to rest of website
Whould be nice, but particularly difficult:
- Make phpBB use the same user ids as the filmsoc website login
Decide on a policy for transfering people who have different usernames or passwords
- I'm inclined to say let people keep their different usernames - see my email. mattrix
Decide on a policy for people who would like to keep different passwords
- Forum passwords should become irrelevant as there won't be any way to log in to the forums directly. mattrix
Is the facility to have different passwords less important than the facility to have different usernames
- If people have different usernames, why can't they be allowed different passwords
- The use of different passwords for different systems is always recommended from a security point of view. If we have the opportunity to allow the option, why not use it.
- This should be unnecessary since it should essentially be the same system.
- Should the forums be considered as part of a wider AuthenticationStratergy before we jump into what could be a involved, complicated and proprietary system.