I am using Symfony framework in my project and now I am trying to add Steam Authentication to my project, so I could use Steam account informations in my project. Earlier is used only plain PHP, no frameworks and I found this https://github.com/SmItH197/SteamAuthentication and it worked well, but I am not sure that can I use it with Symfony? I mean, how to include it in my controller? Or is there another way to Steam Authenticate with Symfony?
You should write a custom authenticator for this. This way, you can easily adapt it into the current Symfony security system. Take a look at the documentation for this at: http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
Indeed you could, as many others already have, one such example for Symfony2 is here: https://github.com/SirWaddles/SteamAuthBundle :) good luck.
Related
For an existing PHP application, that doesn't make use of any frameworks... is it possible to add/integrate Laravel based authentication to it without trying to convert the entire PHP into a Laravel application?
I am a complete PHP newbie, and was hoping for someone to point me in the right direction. Much appreciated.
Of course you can add JWT to your existing PHP app, it's not "locked" to Laravel, far from it. Most of the frameworks that have these capabilities built in are just supersets of various components to make life easier for developers. You can of course implement these on your own in your application, given that you have the knowledge how to do so.
Since this is a bit abstract question without any provided examples, some answers with code snippets might just confuse you. Instead here are some resources where you can read more on the subject and get going: Sitepoint, JWT in PHP App and PHPClicks Token Based Authentication.
Another approach would be to craft a new Laravel project (or Lumen project if it's only a API and you don't want to render views) and import the current codebase from the other application to it.
If you want to make life easier for you, you can use some SAAS alternative for Authentication like Auth0.
I want to implement Oauth to protect my PHP Web Services,i have been following this link but found that some of them link are not working.And the working example had implemented in slim,flight some different frameworks in php and i'm newbie in it.My problem is i want to implement Oauth in Codeignter framework to protect Web Service and as per oauth site i've got a link by Alex Bilbie which is deprecated and not working. So if someone had done this before in codeigniter please let me know , Simple PHP would be also fine, later on i can modify it to fit in codeigniter.
I find Brent Shaffer's OAuth2 Server Library for PHP an excellent library!
In the cookbook you can find many examples on how to integrate it into certain frameworks, unfortunately CodeIgniter isn't one of them. But the documentation is very good, and you can use the cookbooks on the other frameworks as a guide for doing it in CodeIgniter.
You can find the library on Github.
Reading all about PHP frameworks, CodeIgniter seems really nice in that I like it's speed and raw PHP-ness, but it really misses features that CakePHP has (ACLs, authentication,etc.). I originally thought that it would be ok to write the stuff i needed myself (and CodeIgnitier is definitely the DIY tool), but I'm really missing out on a pre-made thing like that. Is there a PHP-equivilant of Django, but not that extreme, like that provides an admin panel and some automagicness, but is still "flat-packed" and doesn't require command line like CodeIgniter does?
Or does anybody know a good module for CodeIgniter to add (1) an admin panel, (2) a login system and (3) a permissions system?
Or should I just shut up and write my own? (I was avoiding this not really because of effort but I'm not sure that I'll write it securely enough or use proper conventions)
Update: Or should I try and modify a pre-build CMS like PyroCMS to my needs as that is already has built-in authentication and permissions and admin panel, but might be unstable?
And ther is also BackendPro for Codeigniter. I haven't tried it but seem like it does what you want here ...
Other than that you can try TankAuth or Erkana for auth and Zend_Acl for ACL they are pretty simple to use :)
CodeIgniter is a basic framework which is why I love it. It does not provide Authentication, Authorization or Access Control because they are so generic it is incredibly difficult to make one that is very very easy to use.
If you would like to use a really simple authentication system try Ion Auth (the one used in PyroCMS) which works for the majority of situations but not all.
I think Django and Rails are doing a great job but both are going beyond what a normal framework is. CodeIgniter gives you enough space to code in your own conventions are greats ways of doing things instead of forcing you to spend ages working out the developers conventions instead.
Give it a go and look over PyroCMS for examples of how to use Ion Auth. As the Lead Developer of Pyro I can tell you that v1.0.2 is pretty stable. :)
There are numerous PHP frameworks that have their built-in Authentication:
CakePHP
Kohana
Yii Framework
I'm new to Symfony. Is my understanding correct that the User class is actually for controlling sessions? But is there built-in login and account creation? I'm not finding it. But if there's an admin backend generator, how can it function without user logins?
Not sure what version of Symfony you're using, but login and account creation is typically incorporated into an application using either the sfGuardPlugin (for Propel) or sfDoctrineGuardPlugin (for Doctrine).
For Symfony v1.2, see Day 13 of the Jobeet tutorial to get started.
The myUser.class.php file is the session controller/storage, yes. You can create your own security module if you wish, but many use the plugins mentioned in nselikoff's answer. They're not perfect but they do a decent job. Whichever ORM use, you should definitely start with one of these plugins, and extend/improve them if you need too.
Your admin generator modules are not secured by default, no - it is up to you to implement a security layer. As an aside, don't think of admin-generated modules as exclusively for a backend/backoffice purpose, as there may be some reason for a frontend app to require one. Certainly a system you use internally at your company or at home on a local webserver doesn't need a security layer to function.
Changing the security.yml file to secure an app, module or action requires you to specify the login page in your app's settings.yml, but the security plugins will help you configure this.
Apart from what others have said, I find very useful the source code from symfonians, that resolves all these problems: http://symfonians.org/
I'm about to start a new PHP project and I'm going to need to make use of 3rd party forum software.
What's the best way to tackle integration of the forum into my code? Things like user authentication, having the user only have to login once, etc.
I'll be using the CodeIgniter framework if that is of any help. I found the article on integrating Vanilla with CL Auth & CodeIgniter but it wasn't to my liking at all.
Does anyone have any specific recommendations on PHP forum software? I'm open to any suggestions or pointers/help.
In my experience Simple Machines Forums is relatively easy to integrate into existing code.
What comes to authentication, it may be easiest for you to use the forum's authentication in your application, rather than attempting to use your application's authentication in the forum. It doesn't matter which forum you choose to use - this is usually the esiest way, since forums tend to have complex code related to auth and access, which can be tricky to modify to use some other system.
I'm not real familiar with any particular forum software, but my advice when using and integrating 3rd party software is to try and abstract out the specifics as much as possible from your main code base.
Wrap your forum library calls for things such as authentication, etc so that if you need to later change your forum software, you can limit the scope of the changes.