NYCPHP Meetup

[nycphp-talk] best code for Login !.

Hans Zaunere zaunere at yahoo.com
Fri Jun 14 22:03:42 EDT 2002


--- Raymond DeRoo <rainman at deroo.net> wrote:
> Hans--
> 
> > How would this work:
> >
> > $myparadigm = new Paradigm;
> > $myparadigm->Authorize('username','password');
> > if( $myparadigm->Result === LOGGED_IN )
> >   header('Location: http://me.com/protected.php');
> > else
> >   header('Location: http://me.com/login.php');
> 
> I used to use this type of approach. However I found that more and
> more 
> clients have files which they want protected, not just pages. A such
> I've 
> moved towards mod_auth_mysql or mod_auth_ldap (depending up on size
> and 
> availability).

This certainly is an issue; ie this only protects URLs that are parsed
by PHP, even when used in a auto_prepend scheme.  However, for normal
site protection (member's area, for instance) I find this gives much
more flexibility and ease of setup/maintainence than mod_* schemes.

> I realize that I can (and have) write a page that will
> get a file on the file-system and pass it through to the user.
> However the added  URL complexity tends to confuse the most users.

I've done something similar to handle protected files (ie tarballs). 
Generally I use either a script or virtual URL scheme which then maps a
request to a randomly generated (md5 works well) filesystem path.  With
the help of MySQL these mappings have proven easy to implement, and
very secure, since the user never can see what the actual filename is.

I'm working on getting this in a deliverable format, so hopefully it'll
be publicly useful some time soon.

HZ



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com



More information about the talk mailing list