phpUserAuth Released!
Posted by Srinath
It's finally done! The package is up for grabs, with a quick starter guide.
Please go through the project page for more details!
The Readme.txt file inside folder "readme" contains instructions for installation and usage
Leave your comments/questions/suggestions on the project page.
Out.
Introducing phpUserAuth
Posted by Srinath
Update: Please visit the project page for more details
After weeks of fighting with myself, I finally got down to work on something that has been on my mind for sometime now. Yes, it is yet another user authentication/management system in PHP. There are already some great ones out there, and some not so good ones. I wanted a system that was secure, flexible, and easy to work with. What took me an entire week of effort is presented below. Without further delay, presenting phpUserAuth
Features
- Secure with support for sessions based and/or cookie based authentication
- Tons of configuration option for those who know what they are doing. For others, its easy as a cake!
- Passwords are *always* hashed before they are sent over the network, with fallback to plain text if JavaScript is not supported in the browser
- Only salted, hashed passwords are saved in the database. Even if the DB is stolen, it is almost impossible to get the original password
- Support for multiple simultaneous sessions or a single active session
- Administrator can choose how users are activated after they signup. It can be automatic activation, manual activation by the admin, or an activation mail can be sent to the user
- Password is NEVER sent over the email. If the user forgets his password, he can request a password reset mail.
- User defined access control levels
- Flexible. If the administrator wants to add another field, simply updated the configuration file, and put the field in the signup form! The rest is taken care of by the script!
- Prevention from XSS attacks - all data sent to the server is cleaned using the excellent InputFilter class
- Support for template based HTML email notifications with changeable templates
- Emailing done through the excellent PHPMailer with support for SMTP+SSL
- Custom redirection after login/logout
- Pre-designed forms
- Snap in install - Simply drop the folder into your existing application, configure a few site options and database settings, and you are done!
Requirements
- PHP 5+ as the core classes are OO
- MySQLi support
- MySQL 5+ database server
Is that too much to ask? That being said, if you run a fairly recent server, all these should be there by default. For testing, you can check out XAMPP which is available for Windows, Mac and Linux!
License
I'm planning to release it under some open source license. If that doesn't work out, it will still be FREE
Download
It is not completely done yet. The admin area needs some work. So it will be released, when its done
Notes
1) As always, it isn't perfect! If you find any bugs, errors, or know a way where things can be done better, please leave a comment!
2) The application hasn't been profiled yet. There WILL be places where I might have complicated things. Will be taken care of after its been released
Why Symfony is THE PHP Framework to work with
Posted by Srinath
I've spent the last few days fruitfully, searching and comparing the most popular and promising of PHP frameworks. Before I get started, I know the automatic follow up will be PHP bashing, and hailing RoR as the savior of the world. This post isn't about a rails vs PHP comparison, though I intend to write on that shortly.
Simple PHP calendar with inline edit
Posted by Srinath
I was working on a project which required a simple calendar with inline edit. The calendar is for a school which marks if the day is working or not, and the comment (told ya, its very simple). Needs PHP, jQuery, jQuery jEditable plugin and a MySQL table to store the data.
The demo is here. If anyone is interested in the code, drop a comment.
P.S: Yea I suck at CSS. If anyone does a better job, please let me know.
PHP bashing has to end!
Posted by Srinath
Of late, I've been noticing a lot of PHP bashing around the web. Most of it is related to one major issue: Security. Granted, PHP's security implementation isn't the best out there, and it is a widely discussed topic. But more often than not, the security loopholes are due to bad/inconsistent programming principles, rather than a core PHP issue.
Also, PHP's lack of support for threaded programming is another major let down. While this is a genuine issue, rewriting the entire PHP core and the parser to support threads is not worth the effort. But I genuinely haven't felt the need for multi-threading in PHP till date. While threading is a must for system programming, the need for it in a web environment is not entirely clear. Also, the major strength of PHP - its simplicity will be compromised if threading is to be introduced.
Another genuine concern is the confusion caused by settings such as "register_globals" , "magic_quotes", "safe_mode" . These three variables have had a major impact on the deployment of PHP scripts. Web hosts allow ways to tweak these settings, but for the layman who just wants to get a blog up and running, its a bit of a hassle. Also its an issue that needs to be addressed by web developers who want maximum compatibility for their applications. The next major release PHP 6.0 aims to completely do away with this settings for good, and that will indeed clear up a lot of mess.
Most of these issues boil down to one thing - the lack of a an official formal specification. Although the PHP Group oversees the continued development, it is still a community effort, and as such requires stringent software engineering and management. Since the original PHP parser was completely rewritten for version 3 and above, there have only been attempts to patch up vulnerabilities, and add new features like Object Oriented Programming, namespace support among others. PHP 6 is touted to be THE release, which will address most of the major concerns.
For all its shortcomings, its still THE easiest server side scripting language to work with. The C/C++ syntax, seamless integration with MYSQL, support by almost all web hosting providers still make it THE web language IMHO. The LAMP stack is undoubtedly the king of the web, and will continue to be so, owing to the simplicity and widespread community support offered by all its components. And not to forget, its completely free.