I'm looking for a framework I can use in my new webproject.
The main concern for me is handling my users, therefore I'm on the lookout for a framwork that can handle them for me. I develop in PHP, so preferably that's the language it should use.
I would like the framework to take care of new users signing up and I would also like it to handle the sessions and authentication process.
What kind of options do I have, and what do people recommend?
if the only thing you want to do is user management then you may use some libraries ( classes ) instead of full framework, because there is nothing ( as far as I know ) called framework for user management only..
I'm working now to make a framework called aiki, and it's gpl, so here is the class I wrote for user management it may help you
<?php
class membership
{
var $permissions;
var $full_name;
var $username;
var $group_level;
function membership(){
session_start();
}
function login ($username, $password){
global $db, $layout;
$password = stripslashes($password);
$password = md5(md5($password));
$get_user = $db->get_row("SELECT * FROM aiki_users where username='".$username."' and password='".$password."' limit 1");
if($get_user->username == $username and $get_user->password == $password){
$host_name = $_SERVER['HTTP_HOST'];
$user_ip = $this->get_ip();
$usersession = $this->generate_session(100);
$_SESSION['aiki'] = $usersession;
$insert_session = $db->query("INSERT INTO aiki_users_sessions (`session_id`,`user_id`,`user_name`,`session_date`,`user_session`, `user_ip`) VALUES ('','$get_user->userid','$username',NOW(),'$usersession','$user_ip')");
$update_acces = $db->query("UPDATE `aiki_users` SET `last_login`= NOW(),`last_ip`='$user_ip', `logins_number`=`logins_number`+1 WHERE `userid`='$get_user->userid' LIMIT 1");
} else{
}
}
function isUserLogged ($userid){
global $db;
$user_session = $db->get_var("SELECT user_id FROM aiki_users_sessions where user_session='$_SESSION[aiki]'");
if ($user_session == $userid){
return true;
}else{
return false;
}
}
function getUserPermissions ($user){
global $db;
$user = mysql_escape_string($user);
$user = $db->get_row("SELECT userid, usergroup, full_name, username FROM aiki_users where username='$user'");
if ($user->userid and $this->isUserLogged($user->userid)){
$group_permissions = $db->get_row("SELECT group_permissions, group_level FROM aiki_users_groups where id='$user->usergroup'");
$this->full_name = $user->full_name;
$this->username = $user->username;
$this->group_level= $group_permissions->group_level;
}else{
$this->permissions = "";
}
$this->permissions = $group_permissions->group_permissions;
}
//function from Membership V1.0
//http://AwesomePHP.com/gpl.txt
function get_ip(){
$ipParts = explode(".", $_SERVER['REMOTE_ADDR']);
if ($ipParts[0] == "165" && $ipParts[1] == "21") {
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif (getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} elseif (getenv("REMOTE_ADDR")) {
$ip = getenv("REMOTE_ADDR");
}
} else {
return $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
//Generate session
function generate_session($strlen){
return substr(md5(uniqid(rand(),true)),1,$strlen);
}
function LogOut(){
global $db, $layout;
$domain = $_SERVER['HTTP_HOST'];
$path = $_SERVER['SCRIPT_NAME'];
$queryString = $_SERVER['QUERY_STRING'];
$thisurlnologout = "http://" . $domain . $path . "?" . $queryString;
$thisurlnologout = str_replace("&operators=logout", "", $thisurlnologout);
$make_offline = $db->query("UPDATE `aiki_guests` SET `is_online`='0' WHERE `guest_session`='$_SESSION[aiki]' LIMIT 1");
$delete_session_data = $db->query("DELETE FROM aiki_users_sessions where user_session='$_SESSION[aiki]'");
unset($_SESSION['aiki']);
session_destroy();
session_unset();
$layout->html_output .= '<META HTTP-EQUIV="refresh" content="1;URL=http://'.$domain.$path.'"><center><b>Logging out</b></center>';
//die();
}
}
?>
and here is a simple sql dump for that
CREATE TABLE IF NOT EXISTS `aiki_guests` (
`userid` int(9) unsigned NOT NULL auto_increment,
`first_login` datetime NOT NULL,
`last_hit` datetime NOT NULL,
`last_hit_unix` int(11) NOT NULL,
`ip` varchar(40) NOT NULL,
`last_ip` varchar(40) NOT NULL,
`username` varchar(255) NOT NULL,
`guest_session` varchar(255) NOT NULL,
`hits` int(11) NOT NULL,
`is_online` int(11) NOT NULL,
PRIMARY KEY (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=54 ;
-- --------------------------------------------------------
--
-- Table structure for table `aiki_users`
--
CREATE TABLE IF NOT EXISTS `aiki_users` (
`userid` int(9) unsigned NOT NULL auto_increment,
`username` varchar(100) NOT NULL default '',
`full_name` varchar(255) NOT NULL,
`country` varchar(255) NOT NULL,
`sex` varchar(25) NOT NULL,
`job` varchar(255) NOT NULL,
`password` varchar(100) NOT NULL default '',
`usergroup` int(10) NOT NULL default '0',
`email` varchar(100) NOT NULL default '',
`avatar` varchar(255) NOT NULL,
`homepage` varchar(100) NOT NULL default '',
`first_ip` varchar(40) NOT NULL default '0',
`first_login` datetime NOT NULL,
`last_login` datetime NOT NULL,
`last_ip` varchar(40) NOT NULL,
`user_permissions` text NOT NULL,
`maillist` int(1) NOT NULL,
`logins_number` int(11) NOT NULL,
`randkey` varchar(255) NOT NULL,
`is_active` int(5) NOT NULL,
PRIMARY KEY (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
-- --------------------------------------------------------
--
-- Table structure for table `aiki_users_groups`
--
CREATE TABLE IF NOT EXISTS `aiki_users_groups` (
`id` int(3) NOT NULL auto_increment,
`app_id` int(11) NOT NULL,
`name` varchar(255) NOT NULL,
`group_permissions` varchar(255) NOT NULL,
`group_level` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=7 ;
-- --------------------------------------------------------
--
-- Table structure for table `aiki_users_sessions`
--
CREATE TABLE IF NOT EXISTS `aiki_users_sessions` (
`session_id` int(11) NOT NULL auto_increment,
`user_id` int(11) NOT NULL,
`user_name` varchar(255) NOT NULL,
`session_date` datetime NOT NULL,
`user_session` varchar(255) NOT NULL,
`user_ip` varchar(100) NOT NULL,
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
now all you need is to add the db and create users inside it
remember that you will have to md5 the password twice, like:
$password = "what ever";
$password = md5(md5($password));
and to use this class:
build a form then
$membership = new membership();
Login:
$membership->login($_POST['username'], $_POST['password']);
and you can build groups inside the groups table then
$membership->getUserPermissions($username);
then you can do thing based on the returned $membership->permissions value
like :
switch ($membership->permissions){
}
If you don't want a full CMS, the Zend Framework is excellent for drop-in components.
You would be most interested in the Zend_Acl, Zend_Auth, and Zend_Session components.
I hope this is what you're looking for.
Is this a project that you could use Drupal for? I've always been impressed with the way that the Drupal framework handles user management/privileges, etc... Of course, it's php based, so you should feel right at home ;)
I don't know if you need a full-fledged CMS, but it may do the trick.