[PHP] PHP programming a members only access site
Can anyone point me to good tutorials/documentation on the subject? I want to add this functionality to one of my sites. I know there are existing solutions for this, but the ones I have found are complex, turnkey and don't really facilitate learning. I consider myself strong in php programming and using MySQL. But I have never used sessions or cookies, and want to learn and do it properly. And I am interested in the security of logins and credentials. Things like detecting sharing of credentials and the appropriate action to take. Also what logs to keep and how to audit them. And, of course, having sample code for functions like creating a new account, sending the confirmation email, handling the response. Dealing with forgotten passwords. I don't want to re-invent the wheel, but I don't want to have to dissect the code for, say, phpBB to see how it is done there, either. Thanks in advance for suggestions! -- Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP programming a members only access site
-Original Message- From: Stephen [mailto:stephe...@rogers.com] Sent: Sunday, January 13, 2013 9:06 AM To: php-general@lists.php.net Subject: [PHP] PHP programming a members only access site Can anyone point me to good tutorials/documentation on the subject? I want to add this functionality to one of my sites. I know there are existing solutions for this, but the ones I have found are complex, turnkey and don't really facilitate learning. I consider myself strong in php programming and using MySQL. But I have never used sessions or cookies, and want to learn and do it properly. And I am interested in the security of logins and credentials. Things like detecting sharing of credentials and the appropriate action to take. Also what logs to keep and how to audit them. And, of course, having sample code for functions like creating a new account, sending the confirmation email, handling the response. Dealing with forgotten passwords. I don't want to re-invent the wheel, but I don't want to have to dissect the code for, say, phpBB to see how it is done there, either. Thanks in advance for suggestions! -- Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Stephen, Chris Shiflett wrote an amazing book on this subject Essential PHP Security he examines specific attacks and the techniques used to protect against them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP programming a members only access site
On Sun, Jan 13, 2013 at 11:05 AM, Stephen stephe...@rogers.com wrote: I know there are existing solutions for this, but the ones I have found are complex, turnkey and don't really facilitate learning. When learning is the goal, writing your own is probably the best course. When deploying a live site, go with something that is time tested and has had many eyes upon it. And, of course, having sample code for functions like creating a new account, sending the confirmation email, handling the response. Dealing with forgotten passwords. I don't want to re-invent the wheel, but I don't want to have to dissect the code for, say, phpBB to see how it is done there, either. I'd be rather hesitant to look into phpBB as well; it's rather old, a lot of security has been bolted on, stuck in, and so on. Plus it has many known exploits. Drupal is somewhat better as it has had major rewrites and releases, but it's not the most accessible of code. Symfony is well written, but it seems to borrow quite a lot from Ruby's DSL concepts in PHP-land. (Incidently, Drupal will be using Symfony for Version 8.) Do spend time perusing the questions and answers at stackoverflow as well: http://stackoverflow.com/questions/tagged/security and this: http://www.owasp.org/index.php/Main_Page +1 for Essential PHP Security. Dated, but still very valid and useful in a learning context. Also, while not really tutorials or documentation, start following the hacker news to see what sorts of exploits are out there in the world. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php