2

I'd like to leverage similar functionality to ASP.NET Forms Authentication in a PHP driven site. I know I can use a "home grown" type of thing (meaning build something from scratch), but I would like to take a look at other options. I'm on a hosted web server for this particular project running Linux, so I don't have access to add any extension I want, but I am running PHP 5.4 with Http, and OAuth extensions availble (there are others, but they are around email, and imaging).

Improve this question
5
  • 1
    From: msdn.microsoft.com/en-us/library/ff647070.aspx It sounds like a session id that auths the user and if that session is invalid throws them to a login page. Your basically looking for a user session and login/register script are you not? Commented Oct 15, 2012 at 17:26
  • That and the "Form" site security, meaning the ability to secure, and unsecure pages through webconfiguration, and classes. PHP's session is what I will have to start with, and build out the rest on my own, which shouldn't be too difficult. Thanks. Commented Oct 15, 2012 at 21:21
  • An authed session effectively allows you to control between secure and unsecure pages, however what you are starting to get into a huge and complex area of web development known as rbac or rbam (role based access management) in which you define a set of rules by which the session must complex in order to attach a certain status that user, you then, in your PHP decide if that user has the ability to view that page or not. Building an rbam system the right way can be very complex. Commented Oct 15, 2012 at 22:54
  • the roles is the other part I want, and is something Forms Authentication provides and easy way to do... do you know a PHP role provider? Commented Oct 16, 2012 at 5:38
  • 1
    Not one that fits generically no, however most PHP frameworks like Yii or CakePHP or Kahona etc etc provide one easily. This is the thing with PHP, these sort of things are not built in so you gotta write them yourself. Hmmm you could use this as a starting point though: phpmaster.com/role-based-access-control-in-php it has flaws in it but will show you the basics, really it is something you gotta Google and look around about. Commented Oct 16, 2012 at 7:13

1 Answer 1

Reset to default
1

As I understand Forms Authentication, it's how ASP tracks a specific user across a site? I would suggest using PHP's session. There are tons of tutorials and example code you could get a big head start with.

http://onlamp.com/pub/a/php/2001/04/26/sessions.html

Just learn the underlying concepts.

http://php.net/manual/en/function.session-start.php

PHP lets you start a session and then save and call session variables.

session_start();
$_SESSION['variable'] = 'this will be on the next page if i start the session';
if(!$_SESSION['mylogincheck']) die(header('Location: loggedout.php'));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I am aware of PHP's session, but FormsAuthentication also let's you define pages on the site that are allowed access with or without a valid session. I'm thinking that part I will have to do from scratch, and sessions will get the rest done for me. Thank you for the response Adam.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.