Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I have an existing php website with a user system already set up (registration, authentication, lost password, etc.). I've decided that I want to add a message board and integrate it with the existing website: registration on one should register on the other, and similarly with logging in and changing user information.
Is there a good forum that would make such integration easy? It seems that the most common way this is done is simply to abandon the existing user system and use the forum's user system. But this has downsides: you rely on the forum to properly handle security (on the other hand, this could be a benefit) and you are much more tied to this particular forum (more complex to switch forums, forum problems could cause problems with the entire website, more difficult to have forum on a separate server).
What is a good way to approach this?
If you are going for a stable, popular implementation of forum software, in almost all cases it will be a better idea to use the forum's user authentication rather than your own.
That said, if you are hellbent on using your own authentication system, you could probably keep the two isolated but combined. What I mean is that in the registration system for your own software, call into the forum's registration method. This way, once you register on your website, it will create an account on the forum software as well.
If you wanted to allow one authentication session to authenticate both onto your website and the forum, you would have to load the forum's session information in upon login. Many forum software implementations out there have hook-ins that you can call. SMF, from what I remember, had an API that allowed you to perform many of these tasks.
Do you have the time and resources to write your own? In my experience, integrating an open-source solution into a pre-existing system can take up more time than creating one from scratch.
I'm not sure how efficient this is, since I really just recommend using your forum's user system for this sort of task, but you can technically store the user's ID in a column/table in your database and reference to it from there.
You can use the Single Sign On feature of Simple Machines if you wish. This is exactly what you should do to integrate smoothly a software to another one. Alternatives are also Openid, but it's harder to implement.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I've got a PHP product that clients install on their server. It's a pay-monthly product, and I need to protect it.
I did consider Ioncube (and friends), and have used several of them before. However, they're all fundamentally just deterrents because the client has all the code. There are examples (and services) of the web that crack each of them.
Of course a more secure solution would be to run it as a SaaS project, but that's not possible in this case.
So I'm considering a remote licence system...
The licence system would house a section of the PHP code, and a client requires a valid licence key to access it. This section of code would be corn-related functionality that's essential to the running of the program. So essentially an API. Clients could either be limited by IP, or by # API calls.
Clients would be emailed a licence key when they signup, then they'd enter this into the product. The product would use this API key for all future requests.
Pros:
"Uncrackable" from the client side
No special software required for the client (Ioncube loaders etc)
Cons:
If the licence server goes down no clients can access the software (I'd have redundant load balanced clusters in 3 different geographic regions with 3 different providers)
If the product/business dies, clients are left without access (I'd release the code to them in this situation, because there would be nothing to lose at that stage anyway)
Are there any significant issues I'm missing from the pros/cons list above?
So please, tear my idea to shreds :)
Note: This isn't a discussion about the merits of code protection vs plain source code. For this project, I'm required to protect it. This is in a market where anything insecure appears all over the web several days after release.
If the thing you're giving through API is small and simple, they can just replace it by hiring another engineer for an hour - they have the sources, after all.
If the thing you're giving through API is complex, why not host the entire application on your server in the first place?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I am a new php Developer. As I surf the web learning php, I encountered a problem.
I was going to create a secure login system for my site, with these tutorials [1], [2], but suddenly, I saw this Q&A here which recommend to use third parties framework for login system.
So, now is it really good recommendation? if so, what is the best third party framework to start creating a secure login system?
Thanks in advance.
It is certainly a good idea to use a secure login system developed by someone who is an expert in security, and a framework which has been around a while and is stable is certainly a good choice, rather than implementing yourself if your are a novice programmer.
Now, are you going to develop a production site? Then I would rely on a third party.
However, implementing yourself might be a good teaching exercise, if you are currently learning and not deploying a production site.
Having said that, many bigger php frameworks offer secure login functionality.
Depends what you are trying to do, if you have any experience at all, if there are folks near you who have experience in any framework, etc.
php frameworks:
Yii
symfony
codeigniter
Zend
etc.
It all depends what you are doing.
If it is ultra-mega-security-needing page, then it isn't such a bad idea to use third party framework. As stated in the link by one of the commenter, if you use one, use trusted and known ones, such as google, facebook, etc. It all depends what you want to do exactly. For example, if you want to implement only commenting some specific topic, you can also use disqus, what almost does everything for you. There are also many login libraries, with what you can do login system.
One smart man once said (I have no idea who): There is no point to invent bicycle, if it already exist :).
Now, if there is more specific reasons, why you need to do login in (Like you want to create admin panel and other stuff like that), then making your own custom login isn't bad idea. It is definitely hard, but worth a shot. Prepare to fail plenty of times, but once you get hang of it, it will be worth it.
Do not follow one tutorial though, google around, find different tutorials, solutions and tips. Once you have gathered information, you can try to make your own version, as secure as possible, following different recommendations and such.
It all comes to, what you want to do, for what reason you need to do login system.
Sentry is a framework agnostic libary to handle this in your own application.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I am looking for way to build a plugin system similar to that found in various famous CMSs like Joomla and Wordpress.
I am looking for a PHP base plugin system to get started with easily and that which is not hard to understand and implement/integrate.
Here is what I need is more details:
We have built a business web app. In this web app our clients is asking us to add facility of extending it using a plugin based system so that other developers can develop new features and extend the app.
The system should allow the developer a way to build features/functionality in one or more than one files and zip then and install them. On installation the features programmed should automatically appear in the core application.
The plugin should have both back end and front end interface support also.
If the feature is not required then one has only to remove the plugin and the features should go away!
I have searched the web for this and have also tired to study WordPress's Plugin system to see if I can integrate similar functionality but unfortunately it is way too complex for me to understand let along try to implement it!
TIA
Yogi Yang
This is too general a question for a site like this. There are many different ways to create a plugin system, and they all have their relative strengths & weaknesses.
For more information on how something like WordPress's API works, read about the publish-subscribe pattern. WordPress has a set of actions and filters that it invokes as it processes a page, and plugins can register their interest in receiving notifications about these events.
Drupal's plugin architecture is similar, but it relies on functions having a certain name corresponding to the hook they interact with, and Drupal builds an index of what functions a plugin supports when the plugin is activated. This tends to be faster, but less flexible and couples the code & database in ways some of us aren't comfortable with.
But to bring this back to the scope of a general answer, you need a defined set of signals/events your app generates and a way for plugins to register their interest in acting on them (actions) or modifying the default action (filters). Then, you document that API so people can design their code around it. The rest (like unzipping files) are just implementation details.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
The site that I am working on creates user sites like (domain.com/user). We want to show the users some web traffic statistics relevant to their own site, like how many views from facebook, twitter etc. Can you guys please recommend a solution which we can integrate into our PHP/MySQL based system? Or is it better to build one inside the system ourselves using mangoDB or something similar?
Any pointers would be appreciated.
For preference, unless you are using SSL, I would recommend implementing the sites as user.example.com/ rather than domain.com/user - it's much easier to configure your webserver to write seeprate log files / most off the shelf web analytics packages will split a log file from multiple vhosts into reports per vhost.
There's lots of tools available off the shelf - piwik, awstats, webalizer, analog
Google analytics is amazingly good value compared to most commercial offerings.
If you need to persist with your current naming schema, then consider using a too which relies on page tagging rather than log analysis.
Or is it better to build one inside the system ourselves using mangoDB or something similar?
I'd suggest that's very much a last resort - if you can't find what you need, then I'd recommend forking one of the open source packages.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Our PHP site uses a home-grown forms auth implementation. We're considering making our site into an OpenID provider so that we can authenticate (using our exisitng user accounts) users on a StackExchange site. If we have to add code or UI to our login form or add fields to our database, that's fine-- we just don't want to have to rip out what we have and replace it all in order to get OpenID provider support.
There are several libraries for PHP linked on the OpenID website. Anyone have experience with using any of these libraries to adding OpenID provider capability to a PHP site, and if so which is your favorite and why? Are there particular libraries you would stay away from, and if so, why?
Well, most of the options listed on that page don't have provider support, so I think your options come down to OpenID Enabled's php-openid or Zend_OpenId. I'm partial to the openidenabled libraries myself, but then again, I was on the team that wrote them. php-openid is generally compatible with a wider range of PHP versions, and its test coverage is pretty extensive.
I don't really know much about the Zend offering, but it might be appropriate if you're fortunate enough to not need PHP 4 compatibility and like that framework thing they do.
Start with browsing through the official OpenID developer website # http://openid.net/add-openid/become-a-provider/
There, it gives you three options:
Outsource to a third-party provider
Use an existing library or plugin
Read the specs and OpenID yourself
Option 1 may not be the one you would aiming for, since you want your site to be a provider as you have hinted above.
Option 3 is ok if you have the time and capacity to implement it. Try going through http://openid.net/specs/openid-authentication-2_0.html and see if your development team can stomach that.
Finally, there's option 2, which I think the best choice. There are enough choices of PHP libraries listed in http://openid.net/developers/libraries/#php . I imagine it would be easy to use one of these libraries to extend your existing authentication mechanism to provide OpenID authentication service but I can't be sure as I have not tried any of them yet.
Good luck and godspeed!