On Fri, Sep 11, 2009 at 02:43:15PM -0700, Waynn Lue wrote: > Hello all, > > We're building out a system that allows for user account creation/password > management, and we're hoping to use existing open source software so we > don't have to reinvent the wheel. I know of Drupal, and Zend Framework (and > maybe CodeIgniter?), but do people have specific preferences for either, and > recommendations for other products that I haven't heard of? It should just > support basic account creation, being able to login/authenticate, change > your password, storing user information like names and email addresses, etc. > > I tried searching for "account management php" but ended up getting a lot of > CMS suites. It depends on how you want your security to be built. At phpclasses.org, there are a bunch of classes which handle user verification and such. (Of course, you have to build your own screens; these are just classes, after all.) My problem with these classes is that they typically assign users a number to indicate the user "level", and then you decide what "level" is necessary to access a given page. Now, most of what I do is programming for internal use. And my philosophy is that a user has no business accessing *any* page they haven't been trained on. So my access scheme is based on a system where there is a record in a table which has the user ID and the page they're allowed to access. With a couple of hundred pages, that's potentially a couple of hundred records per user. It could be a pain to maintain, but provides the finest grained authorization I can come up with. If you don't need something that complex or solid, then some of the classes at phpclasses.org may suffice. CodeIgniter (as mentioned earlier this week) has no provision for user login or security. The others probably do, but they're a bit like using a steamroller to pound in a nail. Moreover, any framework like these (even the very simple CodeIgniter) requires significant investment in learning how to do things under that framework. Honestly, whipping up a security scheme the way I have done it is a couple of days' work (including login and management screens). I'm not sure why people seem to be averse to it. You just work up your screens, create your tables, populate the tables, and you're away. The user's ID and whatever other pertinent information rides along with them in the session variables. Each page checks to see if the user ID in the session variable is allowed to access this page, etc. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
