PHP的用户认证库/框架...什么选择？ [英] php user authentication libraries / frameworks ... what are the options?

问题描述

我使用PHP和一个项目我工作的codeigniter框架，并要求用户登录/认证系统。

I am using PHP and the codeigniter framework for a project I am working on, and require a user login/authentication system.

现在，我宁可不使用SSL（可能是矫枉过正，而且我使用共享的主机不鼓励这种事实）。我已经使用OpenID考虑，但决定，既然我的目标受众一般是不会的技术，它可能会吓跑用户望而却步（更不用提，它需要镜像登录信息等）。我知道我可以写一个基于散列的认证（如SHA1）由于被传递（我比较敏感到计算器的水平）。

For now I'd rather not use SSL (might be overkill and the fact that I am using shared hosting discourages this). I have considered using openID but decided that since my target audience is generally not technical, it might scare users away (not to mention that it requires mirroring of login information etc.). I know that I could write a hash based authentication (such as sha1) since there is no sensitive data being passed (I'd compare the level of sensitivity to that of stackoverflow).

话虽这么说，做一个定制的解决方案之前，这将是很好知道是否有任何好的库或包在那里，你已经使用提供半安全认证？我是新来codeigniter的事，但与它很好地结合将是preferable。有任何想法吗？ （我接受对我的做法的批评和开放的建议，为什么我可能是疯了不要只使用SSL）。先谢谢了。

That being said, before making a custom solution, it would be nice to know if there are any good libraries or packages out there that you have used to provide semi-secure authentication? I am new to codeigniter, but something that integrates well with it would be preferable. Any ideas? (i'm open to criticism on my approach and open to suggestions as to why I might be crazy not to just use ssl). Thanks in advance.

更新：我已经研究过一些建议。我好奇尝试的Zend-auth的，因为它似乎很好的支持和精心打造。有没有人有在codeigniter使用Zend-auth的（这是太笨重？）的经验和你有与CI整合成为一个很好的参考？我不需要任何复杂的认证schemes..just一个简单的登录/注销/密码管理授权体系。

Update: I've looked into some of the suggestions. I am curious to try out zend-auth since it seems well supported and well built. Does anyone have experience with using zend-auth in codeigniter (is it too bulky?) and do you have a good reference on integrating it with CI? I do not need any complex authentication schemes..just a simple login/logout/password-management authorization system.

此外，dx_auth似乎很有趣，以及，但我很担心，实在是太马车。有其他人有这个成功呢？

Also, dx_auth seems interesting as well, however I am worried that it is too buggy. Has anybody else had success with this?

我意识到，我也想以同样的方式来管理来宾用户（不登录/注册即用户）stackoverflow..so具有此功能将是巨大的任何建议。

I realized that I would also like to manage guest users (i.e. users that do not login/register) in a similar way to stackoverflow..so any suggestions that have this functionality would be great

推荐答案

我发现 dx_auth 将在codeigniter相当不错，并且已经使用过。这当然是为codeigniter最全功能的认证库。

I've found dx_auth to be quite good in Codeigniter, and have used it before. It is certainly the most full featured authentication library for Codeigniter.

有几件事情，我需要做些什么来改变它，所以我扩大了他们的用户类，我的目的了一些功能（其部分功能不这样做正是你所期望的。）。下面是一些我所做的自定义的一个片段：

There were a few things i needed to do to change it, so I extended their User class with a few functions for my purposes (some of their functions don't do exactly what you might expect..). Here is a segment of some of the customizations I made:

     $CI = &get_instance();
     $CI->load->model("dx_auth/users");
     /**
     * For most things, try and use the dx_auth models, 
     * because it's already done, and some stuff is more 
     * annoying to figure out than might be expected.
     *
     * For anything site-specific, use this model instead.
     *
     */

     class UserModel extends Users {
        /**
        * Sometimes when dx_auth sucks, you have to compensate 
        * functions that return useful results.
        *
        * @param int $id id of user to check if banned
        * @return int $banned returns the result (0 or 1)
        */
       public function is_banned($id) {
            $query = "SELECT banned FROM users WHERE id=".(int)$id;
            $result=$this->db->query($query);
            $row = $result->row_array();
            return $row['banned'];
       }


    }

这篇关于PHP的用户认证库/框架...什么选择？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！