HTTP authentication is quite popular for web applications. It is pretty easy to implement and works for a range of http applications; not to mention your browser.
Too many sites, too many usernames, and not enough cranial capacity to file them all accurately. But there's good news at hand: OpenID, a free, open-source framework for "single sign-on" across different Web sites and applications. The even better news? There already exist a bunch of PHP widgets that allow developers to easily integrate OpenID into a PHP application, and this article is going to show you how to use them. So what are you waiting for? Flip the page, and let's get going!
The normal way to save a state, like the fact that a user is logged in, is to use sessions. Session work really nice, you can save all kind of data on the server (in a temp file) which is identified by a hash which is known on the client in a cookie or by url rewriting.
However if you only need to save a small bit of login info, like a username and timestamp, using sessions is a bit of an overkill. Also, if your system would grow beyond to a size where you need load balancing over multiple servers, having a solution with sessions would be somewhat of a burden. You would need to store them in a centralized place, like a DB server.
Another way to do this, is to create an authentication hash. The idea is fairly simple: Join the information you want to known into a single string and append an md5 key of all the info + a secret word.
We know from the previous article that the user ID is very important, in that it is used to retrieve various information from the database at various stages of the application. The login form sets this userID when you log in. It is the login system that will be the focus of this second part in a four-part series.
For anyone to use the application, they have to be authenticated (be a registered user of the system) or be given an opportunity to become a member. This is what the login system primarily is for. Below is a screen shot of the login page.
When building a web site or application there comes a moment when you will most likely need to implement access restrictions. Two parts come in to play, first there is authentication (ususally implemented as username/password combination) and then authorization (or permission) to make sure a user is allowed to do what he is trying to do.
LiveUser provides you with a framework to make it easy to implement both aspects. It has a container approach giving a lot of flexibility in writing your own schemes if the bundled ones do not meet your needs. All containers use a unified API that makes switching between containers as painless as possible.
We will see one way to integrate the Zend Framework Controller with LiveUser.
In this first part of "Building an Invoicing System," we are going to look at invoice management. Why would anyone want an online invoicing system? Well, if you are a freelance web developer like myself, you will undoubtedly need to invoice your clients so as to be able to get paid at the end of the month. This application will help you to manage your client details as well as your invoices.
In the previous segment of this article, I discussed the various library functions related to user and group management, and also showed you some examples of how they could be used in real-world Web application development.
While the API for user and group management does form the core of the patUser library, it's not all there is on display. patUser also includes a number of utility functions that can come in handy for certain specialized tasks. These functions include identifying users and groups by different criteria (such as name or email address); keeping track of the URLs visited by the user so as to generate a user trail; maintaining user account statistics for auditing purposes; and providing exception-handling routines for more graceful error handling.
All these (and more) are discussed in the following pages - so keep reading!
In the first part of this article, I focused almost entirely on how patUser could simplify the task of adding authentication to your site. I explained the patUser database schema, ran you through the process of initializing a patUser object instance and linking it to a database and template engine, and showed you how built-in patUser methods could simplify the task of verifying user credentials and writing login and logout scripts. However, patUser can do a lot more than just handle user authentication - the library also comes with a large number of methods designed to make the task of managing user data as simple and efficient as possible. Over the course of this second installment, I'm going to show you how these methods work, and how they can be used to quickly create scripts to view, add, edit and delete users (and user attributes) from your database. Keep reading!
Over the past couple of years, Web application development has matured to a point where building a Web application is not quite as random a process as it once was. Most developers are now familiar with what goes into building the fundamental skeleton of a Web application: a database to store content, page templates to simplify maintenance, sessions and cookies for temporary data storage, and an authentication and privilege system to manage users and user security levels.
Authentication is the act of establishing identity via the presentation of information that allows the verifier to know the presenter is who or what it claims. This identity could be any number of things, including:
* People
* Systems
* Applications
* Messages
Why would one want to verify an identity in the first place? Hopefully, most people reading this recognize that as sarcastic humor. If not, here are a few common reasons:
* To control access to a system or application
* To bind some sensitive data to an individual, such as for encryption
* To establish trust between multiple parties to form some interaction with them
* To assure that a piece of information is genuine
Within an application, one or all of these aspects may apply. This article presents different types of authentication and ways of adding it to your applications.
