Randomland.net - Test Site Discussion

[Nick]

You can use an OpenID to log into the test site.
Its built into the core and only needed a php module added to work. Its not perfect, but seems to work in most cases.  Actually, I think its fully standard compliant. Its just google that is breaking the standards in some cases (the google-apps randomland-specific page for the OpedID login does not work with it, but the generic one works. And the generic works with all google accounts of all kinds (I think.)

Make sure you have the admin overlay turned off, or access your user config page directly, using /user/USERID/edit in the url. You can get your userid by clicking edit and letting the overlay come up and looking in the url. The overlay breaks the page forwarding for the OpedID authentication check.

Go to your account setting and click nick 'OpenID identities'
enter your openid URL into the box. I set up openid.randomland.net to point to the google one. But this will change if we set up our own provider for this.
click the button and fill out your details. Google should ask if its ok (or yahoo or whoever)

We can add a module that will show icons for major providers (the same one that stackoverflow uses)

Google works, yahoo works after setting it up, and I am sure there are dozens more that work well.

Sould we set up our own provider?
http://wiki.openid.net/w/page/12995226/Run-your-own-identity-server

[zourtney]

Ok, so I maybe kind of get it. But it wasn't exactly self evident that my username should be https://www.google.com/accounts/o8/id. A login screen more tailored to OpenIDs (like the one you mentioned) seems in order. Plus, why does Drupal want email verification? Verification it seems to not even be sending out...for what ever reason.

So, what's the benefit of having our own provider thingy?

[Nick]

The only benefit of having our own provider is it would be compliant with standards and work everywhere. That and a url you might remember. But the openid.randomland.net is easy to remember, though it only goes to google. It could be changed to go to a php redirect page that takes arguments as to what service to forward to. But just making 'click here to choose openid provider' with a bunch of icons is better. 

But the draw back is we lose out on all the advanced security stuff that the big players have had the time to implement. Like the custom verification images that accompany the login page (not that that would be hard in the slightest to do. But they do it in a way that prevents automated bots from making screen grabs and creating spoofs lognis to try and fool you into giving up your password)

I like the idea of OpedID, but I don't think I like the general implementation of it. Its a little fractured and wiggly. With tenticles going every which way.
The google implementation is complex and unstable. There are many pages telling you to use your accounts profile page, but that method no longer works. The current method is probably going to be around for a while, but who knows. And what is with the URL format? Is it really that big a problem to pick something easy to remember?
The yahoo implementation on the other hand, is easy. Just enter yahoo.com OR your profile OR me.yahoo.com.
I haven't tried any others.

With the exception of the openid people themselves, everyone is hiding the fact that openID is being used. Sites mostly just say "click here to log in with X" to avoid confusion. No one who isn't tech-ish knows what it is, and most of those people only know it superficially (like me.) I guess it is a young protocol... it has all the technical stuff ironed out... but none of the user-friendliness. Will one provider win? Will we all have to log into everything with a facebook id?

[Nick]

Also, SMF's openid implementation is broken for any provider that wants to use HTTPS (both google and yahoo do)

So we have to use plain-text transmittal of credentials (not your password, but your identification hash) or not use openid with SMF... or not use SMF.


Update:
The drupal forum module is super ugly....
http://test.randomland.net/forum

[zourtney]

That is ugly. But what is it? SMF embedded in Drupal? Or the Drupal node-based forums?

[Nick]

Its the drupal one. I just enabled it to see how it looked. I am sure there is a way to style it.... but as it is its hideous.

[zourtney]

And doesn't work with my phoney app. Boohoo

[Nick]

Installed the dev version of Advanced Forum module.

Looks much better now. Viewing posts is still ugly.... I don't like having the text box shown by default. And there is too much crap on the screen.

[zourtney]

That certainly is better. Though I don't know...is it worth leaving SMF behind? I could take it or leave it. But now with my little tappyyacker forum app I've been using, I have a compelling reason to stick with SMF... :\

Still, I like the idea of the forums not being off in their own little world and properly bridging logins.

[Nick]

Another option is to give phpbb a try. Its also free, and SMF will migrate to it relatively easily. It has the OpenID as well, but still... we would be missing the drupal->forum bridge.

I am also tempted to just add some code/make a module that runs during registration and login and calls the SMF functions for logging in. It would be about the same as what was being used before. Even better would be to make a SMF module that allows it to use the drupal users as they are. And make it ask drupal/look at the cookie to see is the user is logged in (again, that kinda like what is done with 6 already.)


Edit:

Also, they are making a tapatalk module for drupal, but its not ready (or even close I don't think) at the moment.

[zourtney]

I've been the 514x0rZz¹ and haven't done anything with the test site in [proverbial] ages.

Do we need to figure out the Drupal-forum login thing still? I suppose that and a semi-functioning gallery is really all we need...

[Nick]

Yup. Those are the two biggies.

I think the gallery is 1/2 ok. Need some sort of bulk upload... or better yet something that could interface with picasa or something for the bulk uploads.

The forum just needs to differ to the drupal login credentials. I am sure once we start looking into that it wont be too hard to hack something together.

[zourtney]

Hmmm, uploading through Picasa sounds like a "fun" challenge Maybe I will check out the APIs some day. Though I should probably make it work in Drupal first.

[zourtney]

I just downloaded the Gdata API to my home computer for playing with. My original intent was to make a Randomland-hosted GUI to a data-tracking spreadsheet I've been using lately (gas log).

Anyway, I was thinking, if we need to use it for letting people log in with Google IDs, I'll at least know...well, I'll at least know how to install the framework (not that it's hard or anything)

[Nick]

Grumble cakes.

Not sure picasa would work well, though it would be cool if it would. There needs to be a standardized image server, upload format and interface between a client and server. This would allow all sorts of UIs to use a standard server to source images, all sorts of client utilities to upload images to the server and far fewer headaches with everyone repeatedly recreating the same functionality in a dozen and a half frameworks. All you would need is a module that polled the server for new images added and then create nodes pointing to them, or treat them as nodes doing a query against the images stored in the server.

But until that eventuality (google and flickr already have such things, I am sure. Plus there are some not-so-free solutions already out there.) we can use something else.

There is a thing called plupload.  It has no fewer then six different upload interfaces built in (one for HTML4, HTML5, Flash, Silverlight, Google Gears, and Yahoo BrowserPlus.) We could combine that with a php page that passed the data to drupal functions to create nodes from the uploaded images.

There is a drupal plugin for it... but it has no UI associated with it and I don't know how to use it. As it is, your supposed to integrate it into a module as the upload method. But I don't find documentation as to how. And its in beta.

Whats the thinks amidst the randomnets?