ErikThiart
commented
5 years ago If you find another library @sblionel ping me, please. I am looking for something else.
BTW, you can check out the PHP Boilerplate project by @craigvantonder
Open sblionel opened 6 years ago
ErikThiart
commented
5 years ago If you find another library @sblionel ping me, please. I am looking for something else.
BTW, you can check out the PHP Boilerplate project by @craigvantonder
sblionel
commented
5 years ago I managed to cobble together something based on various web sources, 1 2 3 . I have encrypted sessions with protection against "session fixation", "remember me" and "forgot password", bcrypt encryption (changeable if you have something better available), password strength display (zxcvbn), user privileges and more. Seems to work well for me across two sites.
I'm not really interested in packaging this, but I am willing to share the sources I use on my sites as worked examples. You can find an email link for me at my home page.
ErikThiart
commented
5 years ago Awesome, thank you! (email incoming.)
I was all set to use Gatekeeper as a "drop in" authorization system for a new site I was working on, but I stopped when I realized it had no functions for updating user information, including passwords, and as noted by others, no support for deleting tokens/cookies when a user "logs off". I also found it was relying on deprecated mcrypt functions in the "randomlib" component and ended up being much more complex than my needs. (I could deal with the complexity if I didn't have to start out by adding fundamental missing features.)
It didn't help my view any that it pulls in eight different components that I had to go research independently to see what they did and how they might be useful.
The documentation says that update of users is provided but that's simply untrue. In fact, methods for updating any of the records are not provided. My mood was not improved by having to decipher the "phinx" files to figure out how the database should be laid out, since I was unable to use the provided "migrate" tool (an artifact of my environment.) It all feels half-done and I've decided my time is better spent doing things on my own more simply. I do appreciate the example of how to deal with some more tricky things such as "remember me" and "forgot password".