Sunday, May 15, 2016

PHPSS

We may want to apply secutiry system to our web by having users log in. When we want to quickly develop a authentication system like that we can use phpSS class made by Erik Grinaker. 

You can download it here (371k including tutorial and examples).

phpSecureSite is an authentication and session-handling system for PHP. It is primarily intended for use in closed web-applications, where a user is required to enter a username and password to enter the site. It is made to be fully integrated with the web-application, which means that you will have to code a frontend (such as login screens etc) for it yourself.

Authentication is done with the widely used username and password scheme, where a user first identifies himself (the username) and then provides a secret known only to the user (the password) to prove that he is who is he claims to be.

To understand what a session handling system is, we need to take a look at how the web-server sees the world. The HTTP protocol, which is the language that your computer and the web-server uses to communicate, is a so-called stateless protocol. What this means is that when the web-server gets a request for a page it simply returns that page, no questions asked. It does not know, nor does it care, which user a request comes from. A session handling system determines which user makes a request, so that the page returned to the client can be dynamically built for that user.

The most basic use of phpSecureSite is obviously to protect access to an application or a set of
web-pages, but you can also do alot more with it. It comes with a set of modules which provides
functionality such as session variables (which lets you store a piece of data for a session, and retrieve that data in any page), access control lists (for setting which users/groups should be allowed access to a specific page) and much more.

The only downside with phpSecureSite is that it stores all its data in a database. This means that each and every request will result in at least one lookup in the database, which is not good for performance. But to do everything phpSecureSite does there is really no other way to do this. If you just need a light-weight session-handling system, you may be better off with some other package.