Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joshua Thijssen:
Symfony2: logging out
Oct 10, 2014 @ 15:51:03

In this new post to his site Joshua Thijssen talks about something that's usually considered a common task and might be overlooked when it comes to security: logging out (specifically in Symfony-based applications).

One of the “golden rules” of symfony2 is to never hardcode urls or paths inside your code or templates. And letting symfony deal with the generation of your urls and paths makes your life a lot easier as a developer. But one of the things I see regularly is that people are still hardcoding their logout urls like using “/logout”. But logging out is actually a bit more complex than it might seem, and using a simple /logout might work for most cases, but there are better ways to deal with this.

To give some context, he starts with an overview of the Security component of the Symfony framework, mentioning how it can be configured with different "secure" areas and how they handle the user authentication. He includes an example configuration of one of these "firewalls" in a YAML document with three different sections: "dev", "superadminstuff" and "main". He explains what each of these sections are configuring and how they will react when the user visits them. He talks some about the "logout: true" handling and what kind of defaults are also included when it's called. He suggests that, instead of a hard-coded "logout" URL in your application, you make use of the "logout_url" and "logout_path" functions to create the link for you, making it consistent across the application and easier to configure.

tagged: symfony logout security user login component link

Link: https://www.adayinthelifeof.nl/2014/10/06/symfony2-logging-out/

NETTUTS.com:
A Better Login System
Mar 30, 2009 @ 12:55:54

In this recent tutorial from NETTUTS.com they show how to create a "better login system" that supports a bit of access control functionality to even further secure your site.

Net.tuts+ has published several great tutorials on user login systems. Most tutorials only deal with authenticating the user, which allows for two levels of security: logged in and not logged in. For many sites, a finer degree of control is needed to control where users can go and what they can do. Creating an access control list (ACL) system will give you the flexibility for granular permissions.

They walk you through the database creation (user information), coding the ACL and user authentication classes, how to check a user's permissions and how to create a user admin screen to allow for easy maintenance. You can find the complete source of the tutorial here.

tagged: tutorial login logout system acl access control admin interface

Link:

Robert Basic's Blog:
Login example with Zend_Auth
Jan 06, 2009 @ 04:14:39

Robert Basic has posted an example of the use of the Zend_Auth component of the Zend Framework inside of an example controller.

So, here’s what I’m going to do: authenticate an user against a database table using Zend Framework’s Zend_Auth component. It’s really a piece of cake. You can see a working example here: http://robertbasic.com/dev/login/.

He sets up a registry instance, a database table for the logins and the sample controller with both login and logout functionality. Complete code (and links to Zend Framework documentation are included).

tagged: zendframework login logout tutorial zendauth controller

Link:

DevShed:
Authentication Scripts for a User Management Application
Dec 02, 2008 @ 15:31:45

DevShed continues their series looking at user authentication in PHP applications with this third part of the nine part series. The focus is on the creation of the authentication scripts.

In this article we will continue to discuss the application-wide scripts that we started to talk about in the last article. These special scripts are used by all the scripts and pages of the application. We will continue to look at the func.inc script that has several useful functions defined in it.

Their func.inc script contains the helper functions the rest of the application can use (like isAdmin, isAuthd, genpass and checkEamil). They explain each of the the functions and include an example of them in action. The also include the other half of the pair - the logout script.

tagged: user management application tutorial login logout

Link:


DevShed:
Building a Logout Class
Sep 05, 2007 @ 17:36:00

DevShed has posted a new tutorial today about building another common component of a website - the logout component.

The main function of the logout class is to log out a user and then redirect the user to the login page. On a programmatic level, the logout class terminates and destroys the session variables that the login class created for the user and also logs the exit time to the database. This article will show you how to create a logout class. It is part of a series on application framework components.

They build out the simple part of the class first, handling the variables and all and then move on to handling the logout and updating the database to reflect the user's status. They finish the tutorial off by giving both the database structure for the component and an example of it in action.

tagged: devshed logout class tutorial database login devshed logout class tutorial database login

Link:

DevShed:
Building a Logout Class
Sep 05, 2007 @ 17:36:00

DevShed has posted a new tutorial today about building another common component of a website - the logout component.

The main function of the logout class is to log out a user and then redirect the user to the login page. On a programmatic level, the logout class terminates and destroys the session variables that the login class created for the user and also logs the exit time to the database. This article will show you how to create a logout class. It is part of a series on application framework components.

They build out the simple part of the class first, handling the variables and all and then move on to handling the logout and updating the database to reflect the user's status. They finish the tutorial off by giving both the database structure for the component and an example of it in action.

tagged: devshed logout class tutorial database login devshed logout class tutorial database login

Link:

DevShed:
Creating a Login Script for a PHP/MySQL Blogging System (Part 1)
Oct 03, 2006 @ 15:00:31

DevShed is starting up a new series this morning with this new tutorial, part one in the creation of a simple blogging system using PHP and MySQL.

In this three-part tutorial we are going to be creating an open blogging system. We are also going to provide scripts that will make it possible to switch to a closed blogging system. This article, which is the first part, will cover the creation of the login scripts for a closed system.

They start with a definition, the difference between an open blogging system and a closed one (if users have to register or not). They start with the creation of the database to store the users in followed by the PHP code for the simple login page. It uses sessions to keep track of which user is logged in. Of course, where there's a log in, there needs to be a log out and they give the simple code for that. Finally, they include a "forgot your password" script to help users when they can't remember the info they'd signed up with.

tagged: mysql blogging system login logout sessions forgot password mysql blogging system login logout sessions forgot password

Link:

DevShed:
Creating a Login Script for a PHP/MySQL Blogging System (Part 1)
Oct 03, 2006 @ 15:00:31

DevShed is starting up a new series this morning with this new tutorial, part one in the creation of a simple blogging system using PHP and MySQL.

In this three-part tutorial we are going to be creating an open blogging system. We are also going to provide scripts that will make it possible to switch to a closed blogging system. This article, which is the first part, will cover the creation of the login scripts for a closed system.

They start with a definition, the difference between an open blogging system and a closed one (if users have to register or not). They start with the creation of the database to store the users in followed by the PHP code for the simple login page. It uses sessions to keep track of which user is logged in. Of course, where there's a log in, there needs to be a log out and they give the simple code for that. Finally, they include a "forgot your password" script to help users when they can't remember the info they'd signed up with.

tagged: mysql blogging system login logout sessions forgot password mysql blogging system login logout sessions forgot password

Link:


Trending Topics: