Proposed changes to the authentication sign in screens

I’ve spent some time thinking about design of the authentication pages that we show to users when they (currently) sign in to Zendesk, Get Satisfaction, My Calendar or Linking You.

The current design uses a cut down version of the Common Web Design (CWD) v2.3. The main problem is that it doesn’t easily convert into a mobile design. Additionally, CWD v2.3 itself is full of cross browser hacks and lacks support for new browsers.


Current sign in page
Current sign in page


The proposed design uses our new 3.0 version of the CWD which has excellent browser and mobile support. With a move to OAuth 2.0 for more services, including Blogs and My Player (and hopefully Blackboard too), in the new academic year staff and students are going to be seeing this screens increasingly more and so for sign in screens for external applications I took a leaf out Facebook’s and Twitter’s books and a list of permissions that external applications are asking for.


External sign in page
External sign in page


Internal application sign in will just feature a sign in form.


Internal sign in page
Internal sign in page


Mobile sign in screen
Mobile sign in screen


We are planning on updating the screens over the summer period.

What do you think?

Updates to CodeIgniter MongoDB library

This library can now be found at and has been updated with numerous bug fixes since this post was written. If you find a new bug please add it to the issue tracker. Thanks!

I’ve spent some time this evening updating my CodeIgniter MongoDB library. You can get the latest release (4.0.1 at time of writing) at

hg clone

Or if you’re one of the cool kids and using Sparks run

php tools/spark install -v4.0.1 mongodb

So what’s new?

You can now pass a mongo id in where and it will automatically be converted to the correct MongoId object type. You can also pass a field and value to the where function instead of an array. Thanks to Phil Sturgeon for this.

$this->mongo_db->where('_id', 'ced141265b96c037a3cab9dee0f3b4fa')->get('post')

I’ve also added a lot of new update functions which should make expressing updates much easier. Now you can write queries like:

->where('_id', 'ced141265b96c037a3cab9dee0f3b4fa')
->set('title', 'My new blog post')
->inc('comment_count', 1)
->push('comments', array('id'=>1, 'name'=>'Alex', 'text'=>'Hello, world!'))

The new functions you can use are:

  • inc – increment the (integer) value of a field
  • dec – decrement the (integer) value of a field
  • set – sets the field to a new value
  • unset – unsets a field
  • push – pushes a new element into an array
  • pop – pops the last element from an array
  • pull – removes all occurrences of value from field
  • rename_field – renames a field (key remains intact)

There are a few missing functions that I couldn’t get to work this evening but I’ll add them shortly:

  • push_all – appends each value (where value is an array) to field
  • pull_all – removes all occurrences of value (where value is an array) in field
  • bit – does a bitwise update of a field
  • add_to_set – adds value to the array only if its not in the array already, if field is an existing array, otherwise sets field to the array value if field is not present

There are a number of other small enhancements, and I’ve updated the licence to the MIT License.

Linking You to Safe Sites

Our URI shortening service, Linking You, has been slowly increasing in usage since we launched it last year. We’ve now shortened over 2,500 URIs which have been visited over 80,000 times. As Linking You becomes further rooted into the University, and is used by increasingly more and more people we’ve decided that we ought to spend some time ensuring that our service is not being used for malicious purposes.

I’ve just implemented a new feature which will help protect you against malicious links shortened by Linking You. Every new URI shortened as of this evening is now checked against Google’s Safe Browsing service and SURBL’s URI reputation database.

In the interest of keeping the Internets working, URIs that are considered dangerous by either of the above services will still be shortened however when you visit the short link you’ll be presented with a warning message instead of being forwarded on.

In the coming weeks we’re going to require all users of the API to use an API key in order to prevent misuse.