Flat File Login Logoff

I would like to make a flat-file login/logoff with phalcon. Can anyone show me few examples please to get me started ? Please don't recommend Vokuro, it won't work for what I need :-) I want to not use database at all for this. Would love to see site-wide login required and also per page or content (hiding) and login required. Thank you so much for all your help. Love Phalcon :-)

edited Jan '17

Hi, try set session on every page, write a simple form on login page, get POST data login and password (and token to protect your app a bit more), check if they fit your login and password saved in file, if they do - just set some hash to session.

On every secured page check this hash and let the user explore your app. If there's no hash, just redirect the user to login page.

You need to secure your app a bit more.

Get this docs to know:

XSS

Session hijacking

crack password by bruteforce

edited Jan '17

Check this example: https://github.com/phalcon/invo/blob/master/app/controllers/SessionController.php

This is a very minimalist implementation of what you want:

users.txt

foo;hashedPassword
bar;hashedPassword

Auth controller:

class SessionController extends ControllerBase
{
    private function _lookupUser($user, $password)
    {
        $found = false;
        $fh = fopen('users.txt', 'r');
        flock($fh, LOCK_SH);
        while($row = fgetcsv($fh, 512, ';')) {
            if($row[0] == $user && $row[1] == $this->security->hash($password)) {
                $found = true;
                break;
            }
        }
        flock($fh, LOCK_UN);
        fclose($fh);
        return $found;
    }
    private function _registerSession(array $user)
    {
        $this->session->set('auth', $user);
    }
    public function startAction()
    {
        if ($this->request->isPost()) {
            $user = $this->request->getPost('user');
            $password = $this->request->getPost('password');
            if(!$this->_lookupUser($user, $password)) {
                $this->_registerSession(array('user'=>$user));
                $this->flash->success('Welcome ' . $user);
                return $this->dispatcher->forward(
                    [
                        "controller" => "invoices",
                        "action"     => "index",
                    ]
                );
            }
            $this->flash->error('Wrong user/password');
        }
        return $this->dispatcher->forward(
            [
                "controller" => "session",
                "action"     => "index",
            ]
        );
    }
}

Then in any controller, just access $this->session->get("user")