5

I have seen a few things that look like part of what I want, but I don't feel like I have found the right thing. I am looking for a php based membership library/framework. It should do the following:

  • Allow members to join through a web form
  • Allow members to login and see secured pages
  • Lightweight library
  • No CMS module necessary

I have written these scripts in the past, but I feel like writing one from scratch right now is sort of like reinventing the wheel.

Michael Irigoyen
  • 22,513
  • 17
  • 89
  • 131
Adam
  • 51
  • 2

4 Answers4

2

Perhaps Dingos':

EDIT: Or the Flourish fAuthorization class.

Alix Axel
  • 151,645
  • 95
  • 393
  • 500
1

I would suggest CodeIgniter (CI, free but you'll have to roll your own signup/authentication setup) or Expression Engine (EE) if you want to pay for it.

The reason I suggest CodeIgniter is that, unless you literally want something very simple, CI gives you a complete codebase to build on, and EE gives you a specific implementation almost exactly like what you seem to be suggesting you want. EE is built on CI.

Although it appears as if there are some CI authentication plugins available.

Community
  • 1
  • 1
Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
  • I've used both CI and EE, but was curious what other people would recommend. I could see using CI, EE is way too much for what I want here. – Adam Jul 17 '11 at 23:05
  • I think CI or @Alix Axel's Dingos would probably be good alternatives. – Jared Farrish Jul 17 '11 at 23:07
1

Framework

Just use any framework you like. I would probably advice you to use Codeigniter, because it is the framework which is not like most other frameworks which make your site slow as hell because they do to much work. You have to remember that PHP is a scripting language which can't do optimizations with a compiler. I advice you to read these articles:

Authentication(Membership).

just use openID to do authentication. LightOpenID is very simple library. I would advice you to read Jeff's (Stackoverflow author) post on his blog.

Alfred
  • 60,935
  • 33
  • 147
  • 186
  • The authentication piece is dependent on who you are wanting to signup, although it is a good point. +1. – Jared Farrish Jul 17 '11 at 23:28
  • @Jared what do you mean with `Who you want to signup`. You can protect openID also by sending unique link via email. Only then user can register unique openID identifier. Else you will just deny access because identifier is not matching with allowed in database? – Alfred Jul 18 '11 at 02:16
  • The user base you were using would have to be using a service which supported OpenID. Am I wrong? – Jared Farrish Jul 18 '11 at 02:21
  • @Jared everybody can support openID. You can even run your own openID provider. The nice thing about openID is that you don't have to create yet another set of credentials. I would advice you to have a look at a little demo on my hosting at westerveld.name/php-openid/. You can login with Google, Yahoo or just create an identity with any of them. I have a link in the top which creates an MyOpenID and sents you back to my site. You could take a quick peek I guess... – Alfred Jul 18 '11 at 02:32
  • 1
    I understand how OpenID providers work, thank you. My point was, you don't always have control over that. If I wanted to use OpenID at my job to signup users for an app I had written, I would be out of luck, since I do not control that. I would have to convince someone else that THEY needed to do that (or be a rogue IT provider). – Jared Farrish Jul 18 '11 at 02:34
  • @Jared I had that to once and I thought it was really lame. It is very hard to store passwords securely and you should NOT do it. You should try and convince your job to use OpenID. I know that sometimes that is not possible. Then at least use phpass(http://www.openwall.com/phpass/) to hash your passwords the right way :$.... – Alfred Jul 18 '11 at 02:43
  • We have Shibboleth and Active Directory (eDirectory previously). I don't store passwords, but I don't use OpenID either. Supporting yet another protocol is not always the best way forward for an organization. Hence my caveat. – Jared Farrish Jul 18 '11 at 02:46
  • You might be right, but when you use open standards like OpenID I think you are helping pushing the web forward in the right direction. – Alfred Jul 18 '11 at 07:43
0

take a look at symfony. http://symfony.com/doc/current/book/security.html

are you already using any framework?

Rui Lima
  • 7,185
  • 4
  • 31
  • 42