The project we are looking to create is a password manager/login tool with a twist; we want to create a Firefox plugin which is capable of the following;
When the plugin is installed, the user needs to register or login to our central site. This site is something we require you to make as well.
When the user has a name and password on the site, these need to be entered into the plugin, so the plugin can connect to the server.
When the plugin is logged on to the site and is used for the first time, the user needs to think of a password that he will use to protect his passwords/bookmarks.
The password the user uses is used to encrypt the file with the passwords/users/sites *before* they are sent to the central server. This has to be done in such a way that only the user and not the server owners (us) can possibly read the content of the file. This is obviously a different password than the user would enter to register on our site.
Let's call the site password 'sitepassword' and secret password 'secretpassword' from now.
When the user enters his secretpassword it is stored on the local computer and not asked for again. Make t his an option [x] store secret locally => when the user does not, every time Firefox starts it will ask for the password every time until you use the settings to save it on the local computer.
When the plugin is started, it will check the server for a new version of your passwordfile; this means that if you have the plugin installed on multiple computers using the same user/sitepassword, you are using the same passwordfile. Hence; you have the same passwords + bookmarks on all computers you install the plugin on.
When a site requests a username/password that is not in the file yet, the same happens as Firefox normally does; it requests if you want to store it. If you do it is stored and the passwordfile is (in the background) encrypted and sent to the server.
When a site IS in the passwordfile it logs in immediately no matter to *what* page of the site you are going. So if you go to a specific profile on Facebook but are not logged on yet on Facebook, the plugin checks if it has this domain in it's database and if it has, it logs you in and brings you to the page with the profile. This means ; if you bookmark *any* page in a site and you go there, it'll log you in and deliver you exactly to that page without having to go from page=>login=>page.
- Firefox plugin
- PHP (or what you suggest, but must run on Linux) website / webservices
- Installation documentation
- Code documentation
Must work on Windows, Mac OS X and Linux. Others are fine, but these must fork.