Welcome

High quality MyBB plugins at your disposal

Hi, I am a passionate developer with modernity and simplicity in mind. MyBBoost is my mansion where you can download my plugins and themes, other than receiving support for them. Several free plugins are available as well as premium ones, all compatible with the latest MyBB releases. You can purchase and download items singularly or purchase a lifetime subscription including a combination of premium plugins and:

  • Priority support
  • Future plugins access
  • Total refund if not satisfied 1
1 Terms and conditions apply. For more informations, read the EULA.

Flyover 1.6 development

Shade Administrator 29 Nov 2015 Edited
#21
I have been working on some Flyover enhancements during the weekend, which will be included in the next minor update going live in December 2015. Here are some previews on what's going on with Flyover's development.

Everyone's standard
Every social network chooses the authentication method they find the most suitable for their needs. There are currently 3 protocols used by the majority of them: OAuth 1, OAuth 2 and OpenID. Although they are different regarding the code implementation they don't differ much under the security and usability aspects. Nonetheless, every provider has the chance to choose what informations can or can't be retrieved during an authenticated request, resulting in a complete mess when it comes to handle informations such as users' identifiers. HybridAuth already has a standardized approach to all this pot of data, meaning that if Facebook returns the user's identifier encapsulated in an array and Google passes it in an object, HybridAuth will pass it to Flyover under the same piece of data.

One field that every provider makes available is the identifier, something used to uniquely identify the user on their server. It is equivalent to MyBB's uid, and it is used by Flyover to associate social accounts to MyBB accounts.

Identifiers are passed without any sort of hashing or encryption methods. This is not an issue related to security on the front end part, since the authentication of users is done using the protocols mentioned above; but this may be an issue on the back end part, in case a malicious user obtains a dump of the database. Eventually, he might become aware of someone's identity by tracking down their social account using the plain identifiers stored by Flyover. Plus, some providers still use URIs or usernames as identifiers, which is not fairly secure from a privacy point of view. Note that this is a privacy issue, not a security one.

Flyover 1.2 will no longer store identifiers as plain strings but it will hash them using MyBB's random string known as salt which is already used to hash passwords. This way, no one will ever know user's identifiers and database fields will be set to a defined length, resulting in a cleaner environment.

Email and passwords are for pricks
Logging in with a social network should already come emailless and passwordless by definition. However, MyBB performs tons of checks to ensure that email and passwords are present and they fit admin's preferred settings. I believed there was nothing like a hook to hack and play with the validator, but I was proven wrong: so emailless and passwordless accounts are actually possible.

Registrations should become even quicker and easier with this improvement, as your users won't need to enter an email and you won't need to send a password using the PM system. This feature has been already developed and it is available in beta testing on MyBBoost.
Shade Administrator 1 Dec 2015 Edited
#22
All seems to be working just fine. Passwords and emails have been 100% bypassed, you can now register without using them. Identifiers are now saved hashed (not with salt, but with the provider's name which is available prior the login procedures unlike the salt itself) as 128-bit strings, and old, plain identifiers are updated accordingly when an user logins (you won't need to run any upgrade script for this – the identifiers will be updated the first time someone will login with the new version installed).

Once I put everything in the updater (some templates need to be updated) Flyover 1.2 will be out and ready.
Eldenroot Regular user 15 Aug 2016 Edited
#23
I hope there will be 1.3 soon with support for custom profile fields Winkle Thank you for your hard work! Kep it!
Dr.Jeet Advanced 8 Sep 2016
#24
After registration, PM sended to member but in this PM, Password is not sended means random password is not generated.

I see this PM after registration.
==========================================
Welcome on our Forums, dear XXX!

We appreciate that you have registered with Facebook. We have generated a random password for you which you should take note somewhere if you would like to change your personal infos. We require for security reasons that you specify your password when you change things such as the email, your username and the password itself, so keep it secret!

Your password is:

With regards,
our Team.
=====================================
Random generated password is blank.
can you fix it?
Shade Administrator 8 Sep 2016
#25
The password is not generated if you are using the emailless and passwordless option. The PM is customizable so you can setup your own message and remove the password notice.
lnx1001 Regular user 18 Aug 2017
#26
Is this updated? I see that flyover 1.3 was supposed to be in 2015, 2 years ago. Since then all protocols have changed except facebook. Does it work? If not when will it be updated? Thanks.
Shade Administrator 19 Aug 2017
#27
Hi, you are not a subscriber so I guess you're using a pirated copy? If so, please support me by buying a premium subscription.

Flyover has been recently updated with the latest SDK available and it works fine with every tested provider. The 1.3 update introduces breaking changes like multiple account support which is something I still have to finish. Unfortunately my uni commitments limit myself from being active on its development. However, it's a stable release and works as seamless as it was released back in the days, with no major flaws reported.
WallBB Advanced 16 Sep 2017
#28
Never knew there is an awesome plugin like this, I am now a subscriber Emoji Smiley-02
Zinx Regular user 1 Jul 2018
#29
how do i download the development version?
Shade Administrator 1 Jul 2018
#30
Hi Zinx, the development version is not available to the public. It will be available when it's ready. If you want to suggest or request something you want to see in the upcoming version, please open a thread in this forum, thank you.
  • 7 participants