Wiki articles tagged with "authentication"

Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session

After reading the other wiki article regarding token based access, I thought that it might be interesting to share my method.

This article is about implementing authentication to Yii based web services.

implementing some features of yii user and rights.

In this wiki, I try to implement a simple authorization schema without putting much logic inside a file or into database table. We are constructing authorization hierarchy inside the controller. We are getting roles for the current user from database table and assigning only roles to user that are declared in the particular controller. We have brought down the work of loading of auth data at ma...

This article tries to explain the steps required in integrating the HybridAuth into Yii directly, without using an extension.

I recently created a project called Yii-App on GitHub to kickstart my development of smaller Yii applications. The main goal of the project is to provide a ready-to-use application template that includes my bootstrap extension and many other useful extensions. After reading this article you will be able to use...

Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt() built-in function works and why it's important to use it correctly.

After creating an yii app . we need to implement permission, Authentication and Authorization .so the best way is to use the Yii users and Rights modules.

In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts. To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).

If you need simple Role based access control without the long RBAC process then this article is just for you. Lets jump to the point.

• Validate the user input (see below for details).
• Protect (escape) your application output according to context (see below for a few output types, mostly HTML and SQL).
• Test your application in debug mode.
  Set the constant YII_DEBUG to true (by default, it is defined in index.php) and put alongside error_reporting(E_ALL);. Then errors and warnings will stop the execution an...

• iteration_count_log2 controls the number of iterations for key stretching. A setting of 8 means the hash algorithm will be applied 2^⁸ = 256 times. This setting should be kept between 4 and 31.
• portable_hashes controls whether portable hashes should be used or not. Portable hashes are salted MD5 hashes prefixed by $P$.

Please note that this article is a simple example and good security should be taken into account when we play with authentication systems.

Todos los que hemos empezado a utilizar Yii para crear aplicaciones Web, nos hemos dado de bruces cuando hemos intentado poner a funcionar el RBAC (acceso de control basado en roles).

If you want to add module based login to a site without using RBAC, please follow these guidelines.

p.s. latest version of this tutorial is always available unter the docs/ folder of the User Management Module.

In this cookbook I will attempt to explain how to use the lightweight version of Role-Based Access Control using a php file. This version does not use database but a php file and is controlled by CPhpAuthManager class.

Yii does not have an LDAP class itself, but its very easy to implement LDAP in the stock UserIdentity class.

After adding proper form to the main layout, like: