Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Flat File Login Logoff

I would like to make a flat-file login/logoff with phalcon. Can anyone show me few examples please to get me started ? Please don't recommend Vokuro, it won't work for what I need :-) I want to not use database at all for this. Would love to see site-wide login required and also per page or content (hiding) and login required. Thank you so much for all your help. Love Phalcon :-)

edited Jan '17

Hi, try set session on every page, write a simple form on login page, get POST data login and password (and token to protect your app a bit more), check if they fit your login and password saved in file, if they do - just set some hash to session.

On every secured page check this hash and let the user explore your app. If there's no hash, just redirect the user to login page.

You need to secure your app a bit more.

Get this docs to know:

XSS

Session hijacking

crack password by bruteforce



29.5k
Accepted
answer
edited Jan '17

Check this example: https://github.com/phalcon/invo/blob/master/app/controllers/SessionController.php

This is a very minimalist implementation of what you want:

users.txt

foo;hashedPassword
bar;hashedPassword

Auth controller:

class SessionController extends ControllerBase
{
    private function _lookupUser($user, $password)
    {
        $found = false;
        $fh = fopen('users.txt', 'r');
        flock($fh, LOCK_SH);
        while($row = fgetcsv($fh, 512, ';')) {
            if($row[0] == $user && $row[1] == $this->security->hash($password)) {
                $found = true;
                break;
            }
        }
        flock($fh, LOCK_UN);
        fclose($fh);
        return $found;
    }
    private function _registerSession(array $user)
    {
        $this->session->set('auth', $user);
    }
    public function startAction()
    {
        if ($this->request->isPost()) {
            $user = $this->request->getPost('user');
            $password = $this->request->getPost('password');
            if(!$this->_lookupUser($user, $password)) {
                $this->_registerSession(array('user'=>$user));
                $this->flash->success('Welcome ' . $user);
                return $this->dispatcher->forward(
                    [
                        "controller" => "invoices",
                        "action"     => "index",
                    ]
                );
            }
            $this->flash->error('Wrong user/password');
        }
        return $this->dispatcher->forward(
            [
                "controller" => "session",
                "action"     => "index",
            ]
        );
    }
}

Then in any controller, just access $this->session->get("user")

@PolDeveloper, thank you for your recommendations but I was looking more for an actual example an not just theories :-)

@Lajos Bencz, Thank you so much. This is perfect, exactly what I need. More such examples are more then welcome. For example, how to also do ACL in flat file would be amazing.

Again thank you so much for all this examples!

edited Mar '17

If ya will be copy/paste code instead of thinking by yourself, your learning will be so slow ;-)

@PolDeveloper, thank you for your recommendations but I was looking more for an actual example an not just theories :-)

@Lajos Bencz, Thank you so much. This is perfect, exactly what I need. More such examples are more then welcome. For example, how to also do ACL in flat file would be amazing.

Again thank you so much for all this examples!