Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Never Write Another Login Script Again!

by eweaverp (Scribe)
on Jul 09, 2003 at 00:37 UTC ( #272524=note: print w/replies, xml ) Need Help??

in reply to Never Write Another Login Script Again!

I say, if it works, upload it, with your email address, and if people want to use it, they will use it. If there are bugs, they may complain to you, or they may fix it, and _then_ complain to you.

It certainly seems useful; although not for me. You may want to think carefully about extensibility options. Is it easy to add new fields (even required fields?) Is there an clean API exposed that makes it easy to fool with the underlying procedures if it is necessary? Or is everything locked up pretty tightly?

How secure will it be? Plain-text storage? Encryption of some mysterious kind? SSL connections for log-in?

Can it also control access to plain .html files, and not just CGI content? Will it integrate with .htaccess?

No matter what, nobody's going to get hurt. So upload at will.


  • Comment on Re: Never Write Another Login Script Again!

Replies are listed 'Best First'.
Re: Re: Never Write Another Login Script Again!
by jbeninger (Monk) on Jul 09, 2003 at 03:11 UTC
    Thanks everyone for your comments. It's definitely given me some things to think about, as well as a tentative feeling that I'm on the right track :)

    The scope of this project is web apps with a relatively simple login process - PM for instance. It is not meant to be standalone user management system. It's still up to the developer to add the user preferences, admin areas, etc. if they're required. One motivation was that a login system could be implemented quickly, and then refined later.

    When creating a new LoginRequired instance, a number of parameters can be used to customize the login process. These are things like "user_id_field", "password_field" that define database column names and a "confirmation_fields" array defining which fields are used to confirm an identity before emailing a user a password. Just about anything I could make customizable I did.

    I've also worked at making it relatively simple to use different technologies for session and user management. Overloading the "getSession" and "commitSession" functions is all that's required to change the way sessions are stored. There's a similar set of functions in the works for storing user information.

    Given the comments here, I think I'll take a couple of days to refine and document the beast and put it up on CPAN. I was going to go further in describing it, but it's easier when there's some code I can point to.

    Thanks again for the comments.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://272524]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (2)
As of 2018-02-20 04:54 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (267 votes). Check out past polls.