Developers

How to use CorePlexus services with your site.

June 2010

The following guide uses the PHP package to explain how to enable your site with CorePlexus.

Create an account with coreplexus.com.

To register a domain you will need to have an account with coreplexus.com. You can create an account here.

Register an application.

  1. Go to developers page.

    • Log in to CorePlexus Spaces.
    • Click the options button.
    • Click the developer's link.

    click here

  2. Click on 'Register an application' link.

    click here

  3. Enter an application name.

  4. Click Submit.

  5. Go back to the developer's page. You will see your new application listed with an Application Key. Make note of this.

Register a domain.

  1. Register a domain to an application.

    After you have created an application you will need to register domains that access this application. This was done like this as multiple domains may access the same application. You will need to prove you control the domain by confirming each domain via an email.

    • Log in to CorePlexus Spaces.
    • Click the options button.
    • Click the developer's link.
    • Click the Add Domain link under the relevant application.

    You will now see a form asking for the domain and an email. Enter the domain in the format example.com or http://example.com. You can also enter https://example.com. Note: Sub domains will need to be registered separately except www. Enter an email with the same domain e.g. email@example.com. You will then be sent an email to confirm the details, so make sure that the email is active.

  2. Confirm the domain.

    When you receive the email click on the link (or copy and paste the URL) to confirm the domain. Make sure you are already logged into coreplexus.com otherwise you will be redirected to login.

Site Preparation.

  1. Download a package.

    Download the appropriate package from the packages page.

  2. Set up your website.

    Unzip the package and place it in a directory (this could be include path) in your website. Then create a webpage to suit the application you are using e.g. PHP.

    NOTE: At time of writing we only have a PHP package. Other languages we be created in the future.

  3. Create a webpage.

    We advise using the UTF-8 charset when creating new pages, as we support internationalisation.

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

  4. Load the javascript.

    Copy and paste the following javascript into the head of your webpage.

    <script language="javascript" type="text/javascript" src="http://coreplexus.com/services/userpanel/preload.djs"></script>

  5. Create a DIV container.

    Copy and paste the following html and paste in your webpage were you would like the CorePlexus user panel to display. Make sure you allow for the size to change vertically in your designs.

    NOTE: Currently the width is set to 200px. This may change in the future. We will be creating different panel layouts as well.

    <div id="CP_USER_PANEL"> </div>

  6. Create the PHP code.

    Create the initial PHP code above your HTML code. Load the CorePlexus package using require_once(). Create a variable to store your Application Key. Finally create an object from the cpUserValidation() class.

    <?php

require_once('coreplexus.php');

$myCPAppKey = 'your-application-key-goes-here';

$myObject = new cpUserValidation();

?>

An example.

Below is example code of a PHP page at its most basic. If you displayed this in your browser the CorePlexus user panel will be displayed showing a login link. It will also load the cpUserValidation() class ready for action.

<?php

require_once('coreplexus.php');

$myCPAppKey = 'your-application-key-goes-here';

$myObject = new cpUserValidation();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test</title>

<script language="javascript" type="text/javascript" src="http://coreplexus.com/services/userpanel/preload.djs"></script>

</head>
<body>

<div id="CP_USER_PANEL"> </div>

</body>
</html>

Using the package.

  • Get the UserID - getUID()

    Returns the users OneID. This is the ID used to identify different users.

    DATA: Integer (20 digits max)

    $myObject->getUID();

  • Get the Authentication Log ID - getAID()

    Every time a user logs in a unique ID is created for that authenticated session. When the user then visits a website a unique authentication id is passed to that site. As the user interacts with the site any changes made are referenced by this ID. In the event a user realises there account has been breached the user will set that authenticated session as breached. The breached sessions will then be relayed to third party websites where they can undo any changes made under that authenticated session.

    This system only works if data is properly logged for full auditing, and all changes are recorded.

    DATA: Integer (20 digits max)

    $myObject->getAID();

  • Get Security Level - getSL()

    When a user is logged in through CorePlexus and browsing your website. CorePlexus can provide real time updates on how secure the logged in session is. This occurs when a page is loaded, or if a verification occurs via the validateUserXMLRPC() method. You can use this security level to decide whether a user can make changes to data on your site.

    E.g. you have forum website. Under a normal operation you want the user to be able to post comments. If the security level of the authenticated session becomes suspect you may not want the user to alter data during this session.

    • getSL() = 0 : No user is logged in.

    • getSL() = 1 : A user is logged in and there are no security issues.

    • getSL() = 2 : The user has more than one authenticated session, but from the same IP address.

        This could happen if
      • The user is using more than one browser on the same computer.
      • The user has more than one authenticated session on more than one computer within the same network (e.g. behind a router or proxy).

    • getSL() = 3 : The user has authenticated sessions coming from more than one IP address.

    When the security level is set to 1 it is safe for a user to modify data on your website. If the security level is set to 2 or 3 you may not want the user to make any changes to your sites data.

    DATA: Integer (1 digit)

    $myObject->getSL();

  • Get CorePlexus System state - getSYS()

    This value provides a level of feedback on the state of the CorePlexus servers. If there is a technical issue or the site is under an update process and can't provide full services then this value will reflect what's happening.

    • 0 = Down
    • 1 = Live
    • 2 = Update

    NOTE: If there are server power outages, or network issues, etc, then obviously you will get no response from anything!

    DATA: Integer (1 digit)

    $myObject->getSYS();

  • Get domain state - getDS()

    This returns a value representing the state of your domain. If your site is not receiving a userID or authentication log ID you can use getDS() to check the state of your domain.

    • 0 = Domain is unknown (not registered).
    • 1 = Domain is active.
    • 2 = Domain has been banned by the user.
    • 3 = Domain has been registered, but the email is not confirmed.

    Your site will only be given a userID if getDS() = 1.

    DATA: Integer (1 digit)

    $myObject->getDS();

  • Get Breached Sessions - getBreachedSessions('your-application-key')

    When a user's account is illegally accessed the person may go to your site and make changes. Obviously you wouldn't want this to happen, but there's no way for you to tell as the authentication was approved. When the real owner of the account realises that the account has been hacked they can set that authenticated session as a breached session. When this is done all the changes made in the breached session are reversed. To take advantage of this on your website you will need to audit all changes in databases or data sources. When a change is made by a user you record the Authenticated Session ID as well. So if a user's account is breached and changes are made on your site, then you will be able to reverse the changes once the breach is discovered.

    You use the getBreachedSessions('your-application-key') method to return an array of breached sessions the user has identified.

    DATA: Integer (20 digits max) for each array item

    $myObject->getBreachedSessions('your-application-key');

  • Validate the user via XMLRPC - validateUserXMLRPC('your-application-key')

    CorePlexus uses cookies to pass the user information to the 3rd party server. This creates a potential security issue if the cookies are modified or created (on the browser) to try a trick your application into thinking they are someone they are not. So CorePlexus offers a validation service via XMLRPC for your site to confirm the user is who the cookie says they are.

    The method can be called at any time during the authenticated session, though we recommend confirming the user before a change to your system (e.g. inserting, modifying, etc data in a database).

    The method will return a true or false. If the user details match then the user details are correct. If it returns false disable access to your application.

    $myObject->validateUserXMLRPC('your-application-key');

A complete example.

Below is a simple example that will show the user panel and validate the user via the cpUserValidation() class.

The initial test just checks that the domain state, system state and security level are good, it then validates the user via the XMLRPC method which confirms the user. Then the userID and authLogID is set and $userValidated set to true.

You can modify the testing script to suit your application.

NOTE: In practice you don't need to call validateUserXMLRPC($myCPAppKey) on every page request, more so when changes are made to your system by the user.

<?php
require_once('coreplexus.php');
$myCPAppKey = 'your-application-key-goes-here';
$myObject = new cpUserValidation();

$userValidated = false;
if ($myObject->getDS() == '1' && $myObject->getSYS() == '1' && $myObject->getSL() == '1' OR '2') {
	if ($myObject->validateUserXMLRPC($myCPAppKey)) {
		if ($cpUserID = $myObject->getUID()) {
			$cpUserAID = $myObject->getAID();
			$userValidated = true;
		}
	}
}

if ($userValidated) {
	# Do stuff
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CorePlexus Test</title>

<script language="javascript" type="text/javascript" src="http://coreplexus.com/services/userpanel/preload.djs"></script>

</head>
<body>
<h1>CorePlexus Test</h1>

<div id="CP_USER_PANEL"> </div>

<?php
if ($userValidated) {
	echo "The user is validated";
} else {
	echo "The user validation failed";
}
?>

</body>
</html>

If you have any questions regarding the service and setup, please contact us.


About

Developers

CorePlexus

© CorePlexus.com

  • Follow us on Twitter
    • Bookmark and Share

    Close This Alert X _ _