2015-12-27, 02:18 PM
Last update: 28-12-2015 15:41:
Hi!
Welcome to our new development topic regarding our new plugin 'UA-NoPassword'! This time we are developing a plugin where users can login with only their username and our app.
The user needs to install our app and scan their personal QR code. This QR code is linked to their forum, username and account ID.
The plugin communicates trough ‘php CURL’ requests with our server with certain must-have information.
But, how does it works?
The user has to scan the QR code that’s being shown on his profile, every code is unique so be sure no one can see it. To be able to see the QR code, first of the user has to fill in his regular password. SCREENSHOTS AND INFORMATION ARE BEING ADDED LATER REGARDING THIS STEP.
When scanning the QR code, the app sends the following data to our server: username, user ID and on what forum you try to log in.
When you enter your username on the login page, the server double checks if the details are correct. If everything went fine, the request’s being saved in the database and the user is being redirected to another page.
Checking process:
![[Image: 7ee3b278ade7ba86b551873900a7695a.gif]](https://camo.mybb.com/fa812265591279584ddd244fd7a21f8054c66250/68747470733a2f2f692e6779617a6f2e636f6d2f37656533623237386164653762613836623535313837333930306137363935612e676966)
(or https://gyazo.com/7ee3b278ade7ba86b551873900a7695a)
No respond to your request (App wasn't open, or the user took no action):
![[Image: bc22eb88db1946dc0214359e71331a6a.gif]](https://camo.mybb.com/a66edcf6589c40c868ef6617ce3f65a552e1e7ff/68747470733a2f2f692e6779617a6f2e636f6d2f62633232656238386462313934366463303231343335396537313333316136612e676966)
(or https://gyazo.com/bc22eb88db1946dc0214359e71331a6a )
The app
When the user opens the app on phone or tablet, the user will receive a notification: “Someone wants to login into your account. Account: Jasper - Forum: UA Development Forum". There’s being asked what action you want to complete.
At the bottom of your screen you’ll have two buttons: “Accept” and “Deny”. You have to accept the request within 15 seconds. When no action is being taken, the request is being marked as ‘not answered’ and denied.
When you click on “Deny”, this is being shown on the login page:
![[Image: 063adf26d514370385cccaf2c085944e.gif]](https://camo.mybb.com/1f5b9b0421851b241717771f87ad8e400640e539/68747470733a2f2f692e6779617a6f2e636f6d2f30363361646632366435313433373033383563636361663263303835393434652e676966)
(or https://gyazo.com/063adf26d514370385cccaf2c085944e )
When you click on “Accept” the request is being accepted and you login without entering a password:
![[Image: 3110dfb0b2c6429112e2b26adf84c326.gif]](https://camo.mybb.com/be733b165d6648439619f0d57b0117e8d586bb0c/68747470733a2f2f692e6779617a6f2e636f6d2f33313130646662306232633634323931313265326232366164663834633332362e676966)
(or https://gyazo.com/3110dfb0b2c6429112e2b26adf84c326 )
API KEYS?
Each forum creator has to register his/her forum in our database and fill in a form where receiving API keys after the registration. All the traffic goes trough our server and we guarantee you everything is highly secured. Make sure the API keys are correctly pasted in the config file, if it’s not the sever will automatically deny the request due to security reasons to avoid further issues.
Make sure no one knows what your API keys are because if someone’ll find out they can send requests from another forum to your users, which is unacceptable. To be assured against everything we also save a MyBB base URL, which is also being checked with the API keys. This means everything is checked 3 times before someone's able to login.
Safety?
We certainly appreciate safety. We want to make clear the plugin is not a replacement of the original login, but an extra way to login easier if you forgot your password or you have a long password.
As forum creator you can not send requests for other users from other forums, as they have other API keys.
Example API key 1: UA4G-H3H4BF-TUHRB-OY Like: XXXX-XXXXXX-XXXXX-XX
Example API key 2: 876486533 Like: 123456789
The plugin works only when both API keys are matching with the keys in our database. If not, you'll be linked to our website to register your forum.
How will the app look like?
That’s a small secret. Well, the only thing we can tell is that you can download it when having an Iphone, Windows Phone or Android.
Update 28-12-2015 15:41:
We have created the app now. We are styling the app at the moment. But, the dialog, checking for a request, accepting and denying the request and adding your device to your account works right now!
Privacy?
We do not save any personal data in our database, we only save user-related information. The only thing we know is who tries to login and on what forum, we do not save any passwords or phone related information.
We assure this information will not be shared with anyone, there’s no other place where the data is being saved and the server is highly secured. For the connection with our server we use SSL (HTTPS), an encrypted connection.
Questions?
We hypothesize there will be a lot of questions, we will answer as soon as possible. Please feel free to ask us anything you want!
Hi!
Welcome to our new development topic regarding our new plugin 'UA-NoPassword'! This time we are developing a plugin where users can login with only their username and our app.
The user needs to install our app and scan their personal QR code. This QR code is linked to their forum, username and account ID.
The plugin communicates trough ‘php CURL’ requests with our server with certain must-have information.
But, how does it works?
The user has to scan the QR code that’s being shown on his profile, every code is unique so be sure no one can see it. To be able to see the QR code, first of the user has to fill in his regular password. SCREENSHOTS AND INFORMATION ARE BEING ADDED LATER REGARDING THIS STEP.
When scanning the QR code, the app sends the following data to our server: username, user ID and on what forum you try to log in.
When you enter your username on the login page, the server double checks if the details are correct. If everything went fine, the request’s being saved in the database and the user is being redirected to another page.
Checking process:
(or https://gyazo.com/7ee3b278ade7ba86b551873900a7695a)
No respond to your request (App wasn't open, or the user took no action):
(or https://gyazo.com/bc22eb88db1946dc0214359e71331a6a )
The app
When the user opens the app on phone or tablet, the user will receive a notification: “Someone wants to login into your account. Account: Jasper - Forum: UA Development Forum". There’s being asked what action you want to complete.
At the bottom of your screen you’ll have two buttons: “Accept” and “Deny”. You have to accept the request within 15 seconds. When no action is being taken, the request is being marked as ‘not answered’ and denied.
When you click on “Deny”, this is being shown on the login page:
(or https://gyazo.com/063adf26d514370385cccaf2c085944e )
When you click on “Accept” the request is being accepted and you login without entering a password:
(or https://gyazo.com/3110dfb0b2c6429112e2b26adf84c326 )
API KEYS?
Each forum creator has to register his/her forum in our database and fill in a form where receiving API keys after the registration. All the traffic goes trough our server and we guarantee you everything is highly secured. Make sure the API keys are correctly pasted in the config file, if it’s not the sever will automatically deny the request due to security reasons to avoid further issues.
Make sure no one knows what your API keys are because if someone’ll find out they can send requests from another forum to your users, which is unacceptable. To be assured against everything we also save a MyBB base URL, which is also being checked with the API keys. This means everything is checked 3 times before someone's able to login.
Safety?
We certainly appreciate safety. We want to make clear the plugin is not a replacement of the original login, but an extra way to login easier if you forgot your password or you have a long password.
As forum creator you can not send requests for other users from other forums, as they have other API keys.
Example API key 1: UA4G-H3H4BF-TUHRB-OY Like: XXXX-XXXXXX-XXXXX-XX
Example API key 2: 876486533 Like: 123456789
The plugin works only when both API keys are matching with the keys in our database. If not, you'll be linked to our website to register your forum.
How will the app look like?
That’s a small secret. Well, the only thing we can tell is that you can download it when having an Iphone, Windows Phone or Android.
Update 28-12-2015 15:41:
We have created the app now. We are styling the app at the moment. But, the dialog, checking for a request, accepting and denying the request and adding your device to your account works right now!
Privacy?
We do not save any personal data in our database, we only save user-related information. The only thing we know is who tries to login and on what forum, we do not save any passwords or phone related information.
We assure this information will not be shared with anyone, there’s no other place where the data is being saved and the server is highly secured. For the connection with our server we use SSL (HTTPS), an encrypted connection.
Questions?
We hypothesize there will be a lot of questions, we will answer as soon as possible. Please feel free to ask us anything you want!