Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TutsPlus.com:
How to Do User Authentication With the Symfony Security Component
Aug 17, 2018 @ 13:13:03

On the TutsPlus.com site they've posted a new tutorial showing you how to use the Symfony Security component to authenticate users in your system and use role-based access checks.

In this article, you'll learn how to set up user authentication in PHP using the Symfony Security component. As well as authentication, I'll show you how to use its role-based authorization, which you can extend according to your needs.

The tutorial starts with a summary of the Symfony Security component and what subcomponents it includes. It then walks you through the installation of the component via Composer (of version 4.1). They then walk through a more real-world example that uses user credentials and role information pulled from a MySQL database. They provide the code for the User class, a DatabaseProvider class, a DatabaseAuthenticationProvider, and how they all work together. Code is provided to complete the authentication process and to create the database table for the user credential and role details.

tagged: tutorial authenticate authorize symfony security component security

Link: https://code.tutsplus.com/tutorials/how-to-set-up-user-authentication-by-using-the-symfony-security-component--cms-31643

Hasin Hayder's Blog:
Using OAuth PECL Extension to Talk to Twitter
May 04, 2009 @ 10:28:26

In a recent post Hasin Hayder has taken a look at using the OAuth PECL extension (this one I assume) to connect your application's login system with Twitter's authentication backend.

if you are interested in developing twitter applications, you must have read about twitter API and it’s authentication protocol. your application can fetch user’s private data but it has to authenticate itself as the user for that. so there are two ways to do it: asking user to provide his twitter username and password [...] or let twitter handle the authentication on behalf of you.

This second option is where OAuth comes in. Once you've registered your application on Twitter, you can create a token and send it over to their site for validation. The idea is that, since the user has already authenticated on the Twitter site, they can allow an external application to "share" that login information/process and let the remote application fetch information about the user from he Twitter API.

tagged: twitter oauth extension pecl tutorial token authorize

Link:

Padraic Brady's Blog:
Zend Framework Blog Tutorial - Part 7: Authorisation with Zend_Acl & Styling
May 12, 2008 @ 11:15:49

Padraic Brady is up to part seven of his blog creation (with the Zend Framework) series, tracking his development paths and though processes along the way. This new part of the seres looks at using Zend_Acl for user management and changing up some of the style of the site.

We previously covered how to authenticate an author to the blog, but we still have nothing ensuring only authenticated authors can access the new Administration Module. This is the domain of Zend_Acl, an implementation of an Access Control List system which limits access to resources by the roles assigned to a user.

He starts by helping you understand access control lists including roles and privileges. He plans out the different roles that he wants the application to have first (always a good first step) and then implements them in a class extending the Zend_Acl component. He wraps this all in a front controller to make it easy to use.

He also tosses in a bit there at the end about CSS and styling to handle the forms for login and the administration piece of the blog he created earlier.

tagged: zendframework blog application example authorize zendacl styling

Link: