Storybook is a web application that builds and hosts web comics. This is the Comics gallery page.
The Storybook Comic Builder app is launched through a hamburger style menu at the top of the gallery page.
This is the landing page for the Login portal.
Clicking the "Login Options Explained" presents this description of the available Login methods.
The first Login method presented, "Login with Facebook", uses the Facebook Oauth API to validate a user as a Facebook member.
If a user is already logged into Facebook then this FB Login screen will not be displayed before the Welcome screen is shown. If a user has never logged in with the Storybook application Facebook will also request permission to share their email address with the application.
If a user is already logged in to Facebook they will see this screen without the FB Login prompt page having been displayed, or they will see this page as a result of logging in. Notice that this user has not yet made any posts to the application, they have no content. In the Footer at the bottom of the page are two tags. One escapes the Login process while the other, labeled "Next", will take the user into the builder app.
If a user logs back into the Storybook application after they have already uploaded/created a hosted web comic as a Facebook user they will be presented with the Welcome page shown next.
For this demo application we only allow a Facebook user to post/upload one comic at a time, so here we allow the user an option to delete their present content if they wish to make another one. We also provide an option for the user to "Share" their presently hosted webcomic to Facebook.
Notice that there is no "Next" tag in this Footer because the user is not currently allowed to enter the builder.
Here we have returned to the Login Portal landing page.
With the exception of the Sign Up menu entry, all of the Storybook choices require an email address to be provided.
If we provide an email address without a Password for the Log In menu choice as shown here...
Then the Portal will advise us that both an Email and a Password entry are required for this menu choice.
As we might expect, if an unregistered Email and Password are entered...
Then the Portal will inform us that this account does not exist. Similar results, a non-existent account warning, will be displayed for the other Login menu choices if no such account is registered.
Now from the Portal landing page in the Storybook panel let's choose the Sign Up option.
this choice will present the form displayed here to request the user profile data and we can fill it out perhaps as shown here.
The data will be rejected if there is already an account with the requested Email.
Otherwise if the data is all acceptable a new User Profile is created and a verification email will be sent to the user.
If a newly registered user attempts to login before verifying their email address...
The login will be refused and the user will be informed that the Email must be verified before they will be allowed to login.
A newly registered user will receive a verification request Email like this one.
If the user replies to the verification Email before it expires, they will be directed to this page which says their Email was verified and they may now login.
If the user does not respond to the Verification Request email before the expire time has lapsed, they will be refused Login and their User profile data will be deleted. As shown here, they will be directed to try the Sign Up procedure again.
Once the User Account data profile is saved and the Email successfully verified we can Login with our newly registered Email and password as shown here.
A successful Log In will bring us to this Portal Exit page where we can continue on to the Srorybook Comic Book Builder application, Log out of the application, Change or profile data, or delete our account.
Next, let's select the Change My Profile Data menu entry.
If we elect to change the User's first name as shown here and then select to Commit Changes...
This screen will be displayed to verify our changes, and if we then select the Exit button...
We will return to the "Dashboard" or Portal exit page where we can see our change in the first name now reflected in the User Profile.
If the user elects to change their Email address as shown here...
A Verify Email request will be sent to the newly specified address. Note again that these verification mailings have a time to live after which they are no longer active.
Further attempts to login to the previous Email...
Will fail with an account does not exist error as shown here.
If the user replies to the Verification request email for the new address before the link expires...
They will be informed of the account status...
And given the opportunity to Login, and now they can use their newly changed Email as shown here...
The new Email is now in the User profile.
As a registered user you may request a Magic Link Login by supplying your Email address.
The Portal will acknowledge your request for the Magic Link as shown here.
And it will send a Magic Link Login to the registered Email.
And if the user selects the Magic Link from the Email they will be logged in as shown here. You may see this concept of the Magic Link Login being used to grant access to resources like documents or other materials for download.
Another method of Login is a One Time Password which is selected with the entry of the registered email address without a Password entry as shown here.
First the Portal will inform the user that an OTP email has been sent.
The OTP email will contain the requested One Time Password with the same time limitations applied for its use.
The OTP from the Email is then used as the Password entry as shown here with One Time Password selected.
And the User is again logged into the Storybook application.
The last selection from the Storybook Login dialog panel is an election to Change Password for a registered user.
It seems unneccessary to ask a user why they might want to change their password, in fact it might be slightly insulting to ask them if they "forgot your password?" If they did then giving them an opportunity to change their user password will address that possibility as well as other potential reasons they might have.
It seems unneccessary to ask a user why they might want to change their password, in fact it might be slightly insulting to ask them if they "forgot your password?" If they did then giving them an opportunity to change their user password will address that possibility as well as other potential reasons they might have.
In any case the portal first informs the user that an email has been sent to respond to their request for the change.
The email informs the user that it is a response to a password change request and provides a time limited link for the user to proceed with the change.
Selecting the link from the email will bring the user to this dialog allowing the entry of a new password. This dialog does not require that the new password be different from the present password.
As a matter of interest, the AuthUR login portal does not ever store or save your password, in fact Storybook doesn't actually use the password itself within the portal code. Instead we use what is called a hash value to represent the password, and the hash is a code value that is uniquely generated for every password. But your password can't be stolen from Storybook because we don't have your password.
As a matter of interest, the AuthUR login portal does not ever store or save your password, in fact Storybook doesn't actually use the password itself within the portal code. Instead we use what is called a hash value to represent the password, and the hash is a code value that is uniquely generated for every password. But your password can't be stolen from Storybook because we don't have your password.
If the user enters a new password the portal will acknowledge the change and offer the user an opportunity to log in with their new password.
Once again upon a successful Login we are presented with the portal exit page.
The remaining menu slection on the portal exit page allows the deletion of the user account and any associated content through the dialog shown here.
As an addendum to this AuthUR Operations Manual we have this example display from a dumpsession.php debug utility we wrote up to dump/display the PHP Session variables we used in our code. The debugger code is available in a github repository.
Finally, as we say in our Emails,
That is all from us, have a nice day!
That is all from us, have a nice day!