No More PHP 4, Pt 3: Play Nice with Authentication

Posted by Double Compile on Tuesday, January 22. 2008 in PHP

PHP 4 is end-of-life very soon. In addition to offering projects the chance to refactor and improve their application design, PHP 5 offers many things PHP 4 just doesn't. This series of posts will deal with things projects can get their fingers into that will benefit everyone.

The third: play nice with authentication.

Your application isn't the only kid on the block, especially if it's a single-purpose application like a forum or an issue tracker. Nothing is more frustrating than having to hack your application so my users don't have to login to different parts of my Web site.

Clay Loveless made a post in June of '06 stressing the stupidity of "loner applications".

You can remedy your application's isolation using one of two things: OpenID authentication or some kind of authentication plugin API or adapter.

Implementing OpenID is perhaps the lesser solution. Users would still have to put their OpenID address into each application on a site to login; it's not nearly as bad as having separate passwords, but still less convenient than a unified sign-on.

The preferred solution to this mess is to provide an API for others to write pluggable authentication modules and then pick which one is being used in a configuration somewhere. I applaud DokuWiki for their very simple and effective implementation of such an adapter. I also have experience with MediaWiki's plugin system, but don't get me started on the MediaWiki source code. Mantis has a decent start on an authentication plugin, but it still leaves much to be desired.

If you're going to start an authentication adapter system from scratch, may I suggest Zend_Auth? Adapters are a breeze to implement and Zend_Auth takes care of persisting a user's session. If you're using the Zend_Controller MVC, may I also suggest Xyster_Controller_Plugin_Auth? It gives you the ability to specify the MVC dispatch locations for login prompting, success, and failure.

Actually, adapters and plugins are a good idea for any software. If I have to edit a single source file for your application, you're doing a poor job at keeping extensibility in mind.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Pavatar, Gravatar, Identica, Twitter, Favatar, Identicon/Ycon author images supported.


Search for an entry in /dev/weblog:

Did not find what you were looking for? Post a comment for an entry or contact us via email!