Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TutsPlus.com:
How to Use AJAX in PHP and jQuery
Jan 07, 2019 @ 17:40:40

The TutsPlus.com site has a new tutorial posted showing you how you can use PHP, jQuery and AJAX together to help make the overall user experience of your application better and more responsive.

Today, we’re going to explore the concept of AJAX with PHP. The AJAX technique helps you to improve your application's user interface and enhance the overall end user experience.

The post starts with an introduction to AJAX - what it is, how it's commonly used and how the normal requests flow. They then show how it works with normal "vanilla" Javascript (no jQuery) and how that compares to the jQuery version. It then dives into the real-world example script, showing how to create a form that sends login information to the backend for evaluation via a POST request.

tagged: ajax tutorial jquery login form introduction

Link: https://code.tutsplus.com/tutorials/how-to-use-ajax-in-php-and-jquery--cms-32494

TutsPlus.com:
Secure, Passwordless Authentication Using Auth0
Jul 10, 2018 @ 16:23:17

On the TutsPlus.com site they've posted a tutorial showing you how to use the Auth0 service to create a passwordless authentication system for your application.

In this article, you'll learn how to set up passwordless authentication using the Auth0 service. Auth0 allows you to outsource authentication features for your app.

Auth0 is an authentication-as-a-service tool that makes implementation of authentication-related features for your app or site a breeze. If you've built an app and you want to just outsource the authentication and authorization features, a service like Auth0 is something you should consider.

The tutorial walks you through the installation and configuration process of their example PHP application including the setup of the .env file to contain the Auth0 secrets. It then provides the code needed to create two kinds of logins:

  • Using email as the identifier
  • Sending the approval via SMS

Both make use of (the Auth0 PHP SDK) to do most of the heavy lifting but there's still a bit of code you'll need to get it up and running.

tagged: passwordless security login auth0 tutorial setup configure

Link: https://code.tutsplus.com/tutorials/secure-passwordless-authentication-using-auth0--cms-31195

SitePoint PHP Blog:
How to Fix Magento Login Issues with Cookies and Sessions
May 21, 2018 @ 16:30:01

On the SitePoint PHP blog there's a new tutorial posted showing how to fix Magento login issue with cookies and sessions. This issue can cause a redirect loop but can be fixed.

In this article are looking at how Magento cookies can create issues with the login functionality of both the customer-facing front-end and admin back-end, the reason it occurs and how it should be resolved.

This is also known as the looping issue, as the screen redirects itself to the same screen, even though the username and password is correct.

The post starts with some basic definitions of "cookie" and "session" and gets into more detail on how Magento stores sessions and the places it can store them. The tutorial then covers each of the cookies used and three reasons the login issues might be happening:

  • Cookie domain does not match server domain
  • Multiple subdomains used and Magento’s cookie configuration is incorrect
  • Double front-end cookies causing intermittent login issues

For each several solutions are included with any code or SQL changes that need to happen to correct it.

tagged: magento tutorial fix login issue cookie session

Link: https://www.sitepoint.com/fix-magento-login-issues-cookies-sessions/

SitePoint PHP Blog:
Easily Add Social Logins to Your App with Socialite
Apr 06, 2017 @ 16:57:20

In the latests post to the SitePoint PHP blog *Reza Lavaryan * shows you how to use Socialite to add social logins to your Laravel application. Unfortunately the Socialite package cannot be used outside of Laravel.

Laravel Socialite is a package developed to abstract away any social authentication complexities and boilerplate code into a fluent and expressive interface.

Socialite only supports Google, Facebook, Twitter, LinkedIn, Github, and Bitbucket as OAuth providers. They won’t be adding any others to the list, however, there’s a community-driven collection called Socialite Providers, which contains plenty of unofficial providers for Socialite. More on this in the next section.

He starts off with the generation of the standard "auth" handling in Laravel using the "make:auth" artisan command. He then uses Composer to pull in the Socialite package and updates the Laravel configuration to enable it. Next up is the configuration for the different social services and migrations you'll need to make for database changes (on users table and adding a new "social logins" table). Next come the updates to the models, controllers, routes and providers to hook Socailite into the authentication process. To illustrate the overall flow, they show how to hook the application into GitHub as an auth source. The post finishes out talking about custom providers, using one to authenticate against Spotify and how to create your own.

tagged: social login socialite laravel package tutorial

Link: https://www.sitepoint.com/easily-add-social-logins-to-your-app-with-socialite/

SitePoint PHP Blog:
Social Logins with Oauth.io – Log in with Anything, Anywhere
Dec 22, 2016 @ 19:47:46

The SitePoint PHP blog has a tutorial posted from Meni Allaman showing you how to use the OAuth.io SDK for social logins, integrating multiple social network logins in one centralized place.

Users today often like the idea of logging into websites with a single click using one of their social accounts.

Given that, today we will look at OAuth.io, which is a multi-platform SDK for more than 120 social login providers like Facebook, Twitter, and Google+. Working with such an SDK is not a difficult task, but there are some prerequisites for using it.

The tutorial then breaks down the steps to follow for getting the service set up and getting the required package installed. Following this the author shows how to connect your account to the various services and provides the code you'll need to connect to the OAuth.io service. It finishes up with an example of a page you'd need to provide to your users to let them authorize the connection to the OAuth.io service with the service of their choosing.

tagged: social login oauthio oauth tutorial service package

Link: https://www.sitepoint.com/social-logins-with-oauth-io-log-in-with-anything-anywhere/

SitePoint PHP Blog:
Let’s Kill the Password! Magic Login Links to the Rescue!
Dec 15, 2016 @ 18:36:17

On the SitePoint PHP blog there's a new tutorial posted from Christopher Vundi showing you how to create a password-less login system using "magic links". These links allow users to log into a service without requiring a password using a one-time code and a special URL.

Authentication is something that has evolved over the years. We have seen it change from email – password combination to social authentication, and finally password-less authentication. Actually, more like an “email only” authentication. In the case of a password-less login, the app assumes that you will get the login link from your inbox if the email provided is indeed yours.

[...] In this tutorial, we are going to implement such a system in a Laravel app. The complete code can be found here.

The tutorial then walks you through some of the setup of the application environment - creating the Laravel project, building out the database and running the "make:auth" to generate related controllers/views/models. They show you how to change the login link to point to the new "magic link" functionality and the matching controller and view. The tutorial then shows how to generate the tokens, email them to the user with the special URL and validate them once they come back in.

tagged: password magic login link tutorial token email

Link: https://www.sitepoint.com/lets-kill-the-password-magic-login-links-to-the-rescue/

Laravel News:
Learn how to change Laravel’s login validation
Oct 27, 2016 @ 14:42:34

On the Laravel News site there's a quick post looking at Laravel's login validation and how you can make updates to its handling (and where the changes should be made).

Laravel’s included auth system is a great way of scaffolding out a basic flow for authenticating users through a complete registration, login, logout, and forgot password system.

When it’s all setup the login and password reset validation is stored in an AuthenticatesUsers and ResetsPasswords trait. Even though it’s a little hidden away it’s still easy to adjust this to your needs. Let’s take a look at how to adjust this.

The post then breaks each of these down, showing where in the framework source the code lives and how you can update or override the current handling. The login validation lives in the default "AuthenticatesUsers" trait and the password reset verification is in "ResetsPasswords". These can each be overridden in your own controllers as they're just methods included via traits.

tagged: laravel login validation trait tutorial password

Link: https://laravel-news.com/2016/10/login-validation/

Tighten.co:
Creating a password-less, Medium-style, email-only authentication system in Laravel
Mar 14, 2016 @ 14:29:55

On the Tighten.co blog Matt Stauffer shows how to make a password-less authentication system similar to what the popular site Medium uses centered around emails sent to the account for the user.

Recently I was working on a project where one of our major pain points was users' passwords. Users were added to the application by administrators, so they didn't have passwords when they were first added, and forcing them to set and remember passwords was a big hitch on the project's usability.

So, we decided to try out a Medium/Slack-inspired password-less login. If you've never had the chance to work with this, the login system works like this: enter your email address on the login page, get emailed a login link, click the link, and now you're logged in. Access to your email address proves your identity without the need for a password.

He walks you through the process of disabling the current password-based flow by creating and modifying the default "make:auth" results. When the user comes to the site, they're asked to log in via sending an email. This email contains a unique token attached to a link that matches one on the server side related to the user. He shows how to build out this relation table, the matching model and the endpoint used to verify the hash once the user clicks on the link.

tagged: laravel password email login medium link random hash tutorial

Link: http://blog.tighten.co/creating-a-password-less-medium-style-email-only-authentication-system-in-laravel

Paragon Initiative:
One Login To Rule them All - Seamless and Secure Cross-Domain Authentication
Feb 24, 2016 @ 17:48:28

On the Paragon Initiative site they've posted a new tutorial sharing a method for creating "one login to rule them all" for your PHP-based applications. The goal is to make one system that can provides a single authentication point and secure credential storage.

Problem: You want to create a system whereby when a user authenticates to example.com, they're also automatically logged in at foo.com, bar.com, baz.com, and any other domains that you decide to add to the list at a later date. Okay, great, that seems straightforward, except there's a complication: The Same Origin Policy prevents you from getting/setting cookies on domains other than the one you control.

[...] Let's narrow it down a little bit further: Unlike a situation where e.g. "Login with Facebook" would be appropriate, you control all of the domains. They just happen to be different, so the Same Origin Policy kicks in. For simplicity, feel free to assume they're on the same server and application codebase, but you have a multi-site architecture in place where some of the sites have a different domain name.

Let's work around this limitation with as few moving parts as possible.

He then shoes how to use libsodium (via the Halite wrapper) to secure your credentials (passwords) and hooking it into a custom API endpoint that takes in a hex-encoded JSON string and a signature for the payload. He then expands this to provide "automatic login" handling making use of another endpoint to fetch an image to and log in the user by passing it the payload and signature values. He ends the post with a few security concerns around using this method and some things that it assumes are correct (and robust enough).

tagged: login single seamless crossdomain payload signature libsodium tutorial api

Link: https://paragonie.com/blog/2016/02/one-login-rule-them-all-seamless-and-secure-cross-domain-authentication

SitePoint PHP Blog:
How to Consume Laravel API with AngularJS
Feb 22, 2016 @ 17:23:10

The SitePoint PHP blog has posted a new tutorial from author Francesco Malatesta that continues their series looking at combining AngularJS and PHP, more specifically Laravel, to create a basic application. In this part of series he builds on the server-side code created in part one and creates the Angular frontend.

In part 1, we built our server part. Now we can build our client. We are going to use AngularJS to make a Single Page Application. We will use a very basic bootstrap template, built on the fly.

The application is simple enough and will consist of three "screens" (not "pages" since it's a single page application): a login, a signup and a main screen. He walks you through the setup of a standard frontend development environment including tools and software you'll need to get started. He makes the simple route and Blade template for the single-page app and defines some AngularJS routes for each of the screens. He then includes the code to set up both the signup and login controllers and how to detect if the user is successfully logged in. From there he gets into the functional part of the application: managing the books and the user's wishlist with the standard CRUD (create, read, update and delete) operations. Screenshots are also included at some spots so you can ensure your progress matches the tutorial.

tagged: tutorial angularjs laravel part2 screen login signup book wishlist

Link: http://www.sitepoint.com/how-to-consume-laravel-api-with-angularjs/


Trending Topics: