Alex Chamberlain wrote:
I wish to set up a similar website. Indexed on the modern EAN-13 (used
across the world, and includes ISBNs), the database will store a barcode and
name for *every* product. Additionally, the description of the product can
be stored. In the future, I would like to implement a 'tag-type' system,
whereby a tag, consisting of name (eg Author) and value (eg JK Rowling), can
be assigned to one or more objects. These tags could include links to
publicly available images etc. The country of registration of each product
can be derived from the barcode itself.
While not directly relevant the best book-specific system in this area
I've seen is:
http://www.librarything.com/
It allows you to hook up a barcode scanner and scan in your books pretty
quickly. It's quite nice.
I know a very basic database is easy to setup - I did it in a day or two,
but I am struggling with the user management side, including the
authentication of API access, as well as how to implement a 'pending' list.
Has anybody got any ideas?? Is there any (free) software out there capable
of this?? If anybody else wishes to contribute to this very young project, I
am open to ideas (php@xxxxxxxxxxxxxxxxxxxxx). Hosting is sorted and I own
BarcodeDB.com and .co.uk
I personally perfer the "API Key" approach where a user will generate an
API key that is linked to their user account and can be embedded into
remote applications etc. A simple interface to generate and revoke API
keys should be available somewhere within your application.
You can then use this API key in your requests as you see fit. An API
key would typically take the form of a UUID (try SELECT UUID(); in mysql)
It's obviously open to snooping and other such nefarious acts and if you
want to do a more stringent test you should use some form of digest
authentication which will require two way communication.
If this is too complex, running your API over SSL should cut down on the
snooping risk and grabbing the API keys.
The good thing about using API keys like this is you can setup various
things in your app as you see fit, like a TTL (time to live) or specific
(i.e. restricted) permissions assigned to different API keys generated
by a user.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php