Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
The Definitive Guide To Forms based Website Authentication
  • JeroenJeroen
    Hi, i'm new here. I just bumbed on a stackoverflow article that is rather interesting. I'm currently learning (as always) by looking into dozens of php framework authentication code. I'm not an expert, but as said, i'm learning... Is it possible to build a authentication (out of the box) with some of the best practices as described here?
    http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication Some highlights of this post caught my interest;
    - PART VII: Distributed Brute Force Attacks
    - PART VI: Much More - Or: Preventing Rapid-Fire Login Attempts I also like the knowledge that goes into this post.. Some of the (easy 'solvable') problems should be addressed and abstracted in the fuelphp auth docs. Overall, me personaly had some great insights from this post. ooh yeah.. i love fuelphp, thanks for all the effort guys update: i would like this topic title a bit less bombastic, but can't edit.. Sorry.
  • JumeJume
    hey dpetri? how is the progress looking on this auth?
  • dpetriedpetrie
    Primoz Rome wrote on Saturday 10th of December 2011:
    Any progress dpetrie?

    Talked to our team about it today. We're aiming to have it released sometime this coming weekend. It is in a usable state as it stands now, but we're going to make some decent sized changes to it this week.
  • jimmysessionsjimmysessions
    Primoz Rome wrote on Monday 7th of November 2011:
    Daniel Petrie wrote on Monday 7th of November 2011:
    Within a week or two, maybe sooner. If you're looking for social login I would look for something else. That is not on our to do list for now.

    Not looking for social login just standard authentication system that works with FuelPHP and can be integrated cross the site with support of user roles. I will only add social login as extra login option... for that Ninjauth looks perfect.

    Jume - I am looking for social auth where are you with your boiler plate setup? I have also started down this path using simpleAuth and BootStrap from twitter and would like to add ninjauth next.
  • JumeJume
    Daniel Petrie wrote on Monday 10th of October 2011:
    Eh.. i guess its "secret" has been blown. Still under quite a bit of development but you can find it here: https://github.com/cartalyst/sentry/tree/develop

    Hi there. How can this package be used?
  • dpetriedpetrie
    Primoz Rome wrote on Sunday 6th of November 2011:
    Daniel Petrie wrote on Monday 10th of October 2011:
    Eh.. i guess its "secret" has been blown. Still under quite a bit of development but you can find it here: https://github.com/cartalyst/sentry/tree/develop

    Hi there. How can this package be used?

    The package is still in development but should be released fairly soon. We will be adding documentation and hopefully a few tutorials shortly after that.
  • dpetriedpetrie
    Forgot to update it here, we just launched Sentry on Friday. You can get more information on the post in the Code Share forum below.
  • JumeJume
    Thanks for your answer dpetrie. What should be threaded as "fairly soon"? Matter of days, weeks or months :)? I am creating a FuelPHP starter app repo which will include common configured stuff out of the box for starting a new web project: - FuelPHP core
    - authentication controllers (login, signup, forgot, social login),
    - caching
    - template (HTML5 Bolierplate http://html5boilerplate.com/)
    - standard packages reqauired (email, auth, oath, oatug2, ninjauth) I am currently struggling with the authentication controllers because I see different approaches from current FuelPHP applications and I am not sure which one is the best to go. Then I saw this Sentry package being developed and I wanted to check it out. What is actually the purpose of this package and what will it do? My starter repo will be available from GitHub, fully configured and implemented with mentioned stuff. Will save some time when starting new project! I was just recently searching for a new PHP framework for my new projects. I was using Kohana 2.3 last 5 years. I was somehow unable to switch to Kohana 3.x. There is no documentation/tuts available which is a big downsider. Reading at available posts about Kohana 3.x I see there are major changes at every new release (3.0, 3.1 and now 3.2). I was trying to create a similar starter package but was very hard since there was almost always need to hack existing modules to work with latest Kohana release... This is how I decided I will go with another framework. Almost ended with Yii, but soon recognized I don't like it! Then mostly by mistake I discovered FuelPHP and I immediately liked it. It also seems very fast and has enough power out of the box to get you started. I was choosing between Lithium (http://lithify.me/) and FuelPHP at the end. I decided to go with FuelPHP since the concept of framework is familiar to me from Kohana and Lithium is kind of very "different" framework (though looks very promising). Thanks,
    Jume
  • JumeJume
    Hi Jimmy. It will be available on GitHub. Already is but it is still work in progress and missing authentication. I am waiting to check out this sentry (https://github.com/cartalyst/sentry/tree/develop) auth package that is in development currently. Once done I will publish link.
  • JumeJume
    Hey dpetri. I am just installing sentry in my app. I have a question regardign DB tabels. Is there any special reason you are using MyISAM engine instead of InnoDB? Thanks
  • dpetriedpetrie
    Within a week or two, maybe sooner. If you're looking for social login I would look for something else. That is not on our to do list for now.
  • JumeJume
    Daniel Petrie wrote on Monday 7th of November 2011:
    Within a week or two, maybe sooner. If you're looking for social login I would look for something else. That is not on our to do list for now.

    Not looking for social login just standard authentication system that works with FuelPHP and can be integrated cross the site with support of user roles. I will only add social login as extra login option... for that Ninjauth looks perfect.
  • dpetriedpetrie
    We are launching it with another app we're working on that has had some unexpected delays. Should be going live fairly soon.
  • arbmearbme
    Hi, First off, really good read the link you posted Jeroen for anyone thinking of building or extending an auth lib, as it goes into much detail of the problems and solutions you will face and has more relevant links. I agree I would like to see protection agaist Distributed Brute Force Attacks with a front door and cat flap + throttling approach to be built into fuel. This would make fuel more appealing over other frameworks. Most people don't really look at the names in the development team more the number of reviews + community activity, to judge a framework. Personally I like to look at the code... Sexy. Keep up the great work ;)
  • dpetriedpetrie
    There is a project underway that is using that article as a guideline and should be released within a few weeks hopefully. I am going to leave the project unnamed for now as it is in early development, but it will be in its own package for fuel.
  • dpetriedpetrie
    Eh.. i guess its "secret" has been blown. Still under quite a bit of development but you can find it here: https://github.com/cartalyst/sentry/tree/develop
  • VanitasVanitas
    Very interesting article.
    I will try to use Diffie-Hellman: http://phpcrossref.com/zendframework/library/Zend/Crypt/DiffieHellman.php.html as it's been mentioned at StackOverflow to users login. @EDIT
    Ok, I will not implement it by myself because I will mess it up for sure. Instead I'll just use OpenSSL.
  • JumeJume
    Any progress dpetrie?
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion