authentication[Permalink]Xataface AuthenticationXataface comes with authentication ready to roll out of the box. With a couple of configuration options in the conf.ini file, you can activate the default authentication scheme which uses a table (of your choice) in the database to authenticate against. It supports password encryption?, and even includes a registration form if you choose to allow registrations for your application. In addition Xataface's authentication is pluggable, meaning you can write your own plug-ins to integrate your application with any authentication scheme you choose. Some authentication modules that already exist include: See Also:
Depending on the complexity of the authentication scheme, these plugins may be easy or complex to create. Setting up Basic Authentication
Using MD5 Encryption for the PasswordIt is good practice to perform some type of encryption on passwords that you store in a database, so that they will be safe, even if your server's security is compromised. One common form of encryption it MD5. You can apply encryption to your passwords by defining the encryption property to the [password] field's section of the users table [fields.ini file]. E.g.
This tells Xataface to save data to the password field of the users table with MD5 encryption. In order to switch to MD5 encryption with an existing Xataface installation, all un-encrypted (plain text) passwords must be first converted to MD5. There are several ways to do this. One method is to directly convert the passwords in the database with the MySQL MD5 function. This can be done from the command-line or using a tool such as phpMyAdmin. It can also be done solely within Xataface as follows, assuming a small number of users where you either know all of the passwords or are planning to change them:
Limiting Access Based on UserAuthentication and permissions are distinct issues, but they are related. It is quite common to require a user to log in to access a section of an application. Permissions can be defined in either the Application delegate class or a table's delegate class - or both. As an example, if we want to require users to log in to access our application we could define the following getPermissions() method to our application delegate class:
Checking Who Is Logged InThe Dataface_AuthenticationTool class handles all of the dirty work of Xataface's authentication. It provides public methods to check who is logged in and perform authentication if necessary. Anywhere inside your Xataface application you can find out who is logged in using one of the following two methods:
It is quite useful in the getPermissions() method of your delegate classes to find out who is logged in:
Checking Who is Logged In from a TemplateAll templates in Xataface have access to the *$ENV* array that contains references to lots of useful information, including the currently logged in user:
For example:
This example presumes that the users table has 'phone' and 'email' fields.
See Also:
|