PHP Authorisation is designed to be a "quick and easy" alternative to
something like PHPLIB. PHPLIB was too large for my needs, so I wrote this
instead. There is, however, no script to add/edit users (yet, anyway), so
you'll have to do this through the MySQL client for now.
It uses the MySQL 'encrypt()' function to encrypt and match passwords.
It uses the user's username as a salt. Once a match is confirmed, an MD5
checksum is generated and all three identifiers are set in a cookie on the
user's machine. Expiration time on the cookie is configurable.
This is a beatable authentication system. But it wouldn't be easy.
You'd basically have to either have access to the database or to the computer
with the cookie on it to be able to forge an authentication.
http://rapidshare.com/files/207564812/authentication.zip
Tuesday, March 10, 2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment