authentication - Possible to switch a large PHP backend from HTTP Auth to a session-based system? -

-

i'm working add better authentication system mature backend site. i've been using http authentication because it's easy setup. site has grown, downsides method have become more , more pronounced; specifically, lack of security on standard http connections, , lack of standard mechanism log users out.

i've read on every php authentication question can find on so, still haven't found satisfactory solution upgrading large existing codebase use session-based system. takeaway answers seems be:

  1. don't roll own if don't know you're doing
  2. session-based authentication really involved subject

i have rolled own user registration system before, , indeed, seems woefully insecure looking @ now. can see taking months polish, when want doing working on backend itself.

i imagine common problem. pretty every website i've built has required @ least minimal backend, , think few developers have chops ("expertise") build airtight system.

i've looked @ solutions using zend framework, codeigniter, , cakephp — presume specific coding style (or seems), , prospect of reorganizing of code is, in word, deflating. (and beyond that, inefficiency of including 1 of these massive frameworks just authentication rubs me wrong way.)

is there better solution? can isolate authentication class 1 of these frameworks? (because backend site (closed), don't need worry registration, or captchas — or of ancillary features of authorization system.)

thanks consideration.

yes, possible , can moderately straightforward. key need isolate all security checks in few places possible, ideally in common files. don't want copy same security-oriented code on place.

the structure of session-based login system 3 pieces:

  1. the session setup
  2. the security confirmation
  3. the login page

the first 2 require have common set of files all pages include. projects have these; things setup database connection , load utility classes or functions. somewhere in that, need add session_start(). can use sessions (the $_session superglobal).

also in these common files , after session started, need check session says user logged in (and has). if are, can setup whatever global structures pages need work current login.

if session says not logged in, common files need hijack page request , redirect user login page. login page can , should use common structure, needs set control variable bypass security check, because user (obviously) not logged in. need same thing process post login screen boring password checks, setup session they're logged in , redirect either default page or whichever page trying go to.


Comments

Post a Comment

Popular posts from this blog

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have
Read more

html - Instapaper-like algorithm -

-
does of algorithm extracts contents webpage? instapaper ? there 2 steps instapaper does: find main content block on page (excluding headers, footers, menus etc) from content block extract , format text to find content block (typically html block element, div containing key page text content) instapaper uses algorithm 1 used readability . can @ source of readability.js see what's going on, @ core tries find area on page highest text/link ratio, although has other simple scoring metrics (e.g. off top of head, things ratio of text commas, para elements etc) go heuristics. once have identified root node element, relevant content, you'll need format it, if want can pull node element containing text out of source document , insert yours, in reality you'll want remove existing styles , apply own, standard , feel. if want output nice text-only can use jericho's renderer . update1 : should mention else instapaper - follow 'pagination' links (
Read more

c# - How to execute a particular part of code asynchronously in a class -

-
i creating speech recognition engine that's going respond user commands.i have created button enable , disable speech recognition per user convenience.i have used dispose() of speech engine disable speech recoginition.here code private void button1_click(object sender, routedeventargs e) { engineon = !engineon; if (engineon) { speechengine = speech.createspeechengine(); //speech class creates , returns new speech engine. speechengine.audiolevelupdated += new eventhandler<audiolevelupdatedeventargs>(speechengine_audiolevelupdated); // use system's default microphone speechengine.setinputtodefaultaudiodevice(); speechengine.loadgrammar(new dictationgrammar()); // start listening speechengine.recognizeasync(recognizemode.multiple); } else { speechclass.myengine.dispose(); } } but disposal of speech obj
Read more