[ANN] Bitshares SMF login plugin

[cn-members]

Great Work!

just want to double confirm that, wouldn't this method access your private key, right?
Cuz in GUI wallet you have to unlock to do everything, not just transaction.

Also, I think it would be great if this login method can use bitshares_client, not just qt-wallet.

[gamey]

I am not sure what you could do.  Most of the user interaction is done on web side and the actual interaction with bitshares wallet is minimal.

Here is a list of commnads.  You could make the wallet go to the transaction of the payment in your shopping cart.  Either that or lock the wallet?

I'm trying to see if there is any functionality to put in the bts login plugin that makes a lot of sense.

Perhaps if a user is a delegate and then putting the 'vote for me' link in their profile but that sort of stuff requires a lot more effort.  However if you couple it with the membergroups on registration you have a system where delegates could have their own membergroup and likely work off that.. So 3 tiers = unreg/reg/delegates.  For delegates we could pull out special fields etc.

anyway.. thinking outloud but if anyone has any ideas on functionality tell me now why i am still actively working on this project because ramp-up time/learning curve is what always kicks you in the balls.  It is more likely I will do it now then later if someone has a good idea that isn't difficult.

• Go to profile
  xts:profile-name
  
• Add new contact with name
  xts:name:XTSaccountkey
  
• Request Payment
  xts:name/transfer/[amount/amount/][memo/memo text/][from/sender name/][asset/asset name] (registered accounts)
  xts:name:XTSaccountkey/transfer/[amount/amount/][memo/memo text/][from/sender name/][asset/asset name] (unregistered accounts) (Not Yet Implemented)
  The ordering of the amount, memo, from and asset fields is unimportant.
  
• Vote for delegate
  xts:delegate-name/{approve|disapprove}
  
• Go to block
  xts:Block/num/block-number
  xts:Block/block-id
  
• Go to transaction
  xts:Trx/transaction-id
  Note that transaction-id above may be a prefix, as long as at least 8 characters are present
  
• Login to website
  xts:Login/server-one-time-public-key/signature-of-one-time-public-key-with-account-key/www.server.com:port/path/to/login.php
  For more information on the BitShares XT Login protocol, see here.
  

[jsidhu]

So I'm trying to think how I can use this stuff... am I able to redirect users based on an encoded URL inside the BTS URI scheme? Would be cool to redirect users to a completed screen after an action is complete...

[gamey]

sweet it works...

How is it ensuring security for authentication? Something like OAuth?

It is a modified oauth (google/gplus) plugin which has been used for years + recent updates so I assume it is secure.  My general approach is to just duplicate the functionality it uses.  Oauth is very similar to BTS login protocol.  google bitshares xts login protocol.  I would like to make a drop-in replacement for google's oauth library.

I need to go test the security myself, AFAIK it might ok invalid requests.  Not sure about your specific question.

I'm just trying to get feedback at the moment.

[jsidhu]

sweet it works...

How is it ensuring security for authentication? Something like OAuth?

[gamey]

Pardon my ignorance.... what is this site supposed to do?  Or what was the goal?

It was an old site which is being used as test site for the plugin.  It was never used for anything previously and has no purpose past testing the SMF plugin and having the plugin integrated onto bitsharestalk.org.  Thats why I don't clean up the spammers. 

edit - You don't actually see anything until you utilize bitshares login which opens up a private forum where a few people have posted.

[bitmarket]

Pardon my ignorance.... what is this site supposed to do?  Or what was the goal?

[gamey]

Down for me for about 2h already, as well.

 I just fixed it.  Missing semicolon on a  nonchalant change I made. <shamed> 

[zerosum]

Down for me for about 2h already, as well.

[gamey]

Excited to check it out but site seems down

http://bitsharesnation.org/

It works for me except on my phone.  It must be a network hiccup.  I assume it'll fix itself for you.  Perhaps this VPS provider isn't that great for a delegate. hahaha

edit - it is back up.  Was actually a php error on a minor change.  I didn't see the problem since my accounts were logged in and not executing login code.  Ooops. 

[roadscape]

Excited to check it out but site seems down

http://bitsharesnation.org/

[gamey]

Think every spam bot on the net is hitting it lol

Yea, it is amusing.  I've whitelisted IPs to help me with debugging and those bots come back within minutes of the whitelist code being disabled.  If the forum had some real potential I'd fix it, but I hate captchas and the challenge question doesn't work. 

However if you want any bootleg shoes, purses, or headphones I suspect there are many many leads..... There is a forum that is only readable once you create an account with BTS login.

[gamey]

how does automode work? You can skip the password somehow in the wallet? I can probably use this for my shopping carts which use the URI scheme..

Btw the uri is well known and is handled by the os and browser.. it is setup when you run the installer.. so maybe osx installer needs tweaking.

automode?  The plugin I modified has an automatic login feature.  I haven't tried it.

Then there is a registration mode - automatic/manual.  We are in automatic mode as it does 0 prompting for extra info.

edit - the modes I am talking about are all affecting the php side and not the wallet.

[islandking]

Think every spam bot on the net is hitting it lol

Yeah probably xrumer bots.

[Riverhead]

Think every spam bot on the net is hitting it lol