Re: [phplib-users] PHP 5.2 and PHPlib

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Sat, Aug 23, 2008 at 7:52 AM, Lindsay Haisley <fmo...@fm...>wrote:

> On Fri, 2008-08-22 at 21:14 -0700, aric caley wrote:
> > I think the current default handing of sessions in PHP sucks.  I just
> > got bit by some security holes due to session handling.  I think there
> > is still a need for a top notch, efficient and flexible session
> > handling system.
>
> The session handling in PHPlib is rooted in PHP3, before PHP implemented
> native session management in v4.  It's database-oriented, which it no
> longer _needs_ to be, although I can conceive of situations in which it
> might be advantageous to use db-based session management as opposed to
> the native PHP session management.

multiple web servers where you need to maintain the user's session no matter
which one he ends up on is a good example.  Or using memcache for speed as
well.  It boggles my mind that php by default puts session files into /tmp
where anybody can get to them, with no encryption or filtering..

>
>
> I looked at some of the PHPlib session management code a couple of years
> ago with a view to rewriting some of it, and I came to the conclusion
> that there are some API features in PHPlib's session management that
> can't be easily reproduced using PHP's native session management.

The native sessions are easy to use, they just need better options like
phplib's sessions.

>
>
> > I also like the authentication system and it doesnt seem like there's
> > many other good auth systems out there.
>
> PEAR's Auth module is quite good.  I believe it does challenge
> authentication by default.  I wrote a class which I use frequently,
> based on the PHPlib perm and auth module APIs, using PEAR::Auth which
> combines both, and rides on top of native PHP4+ session management.
>
> PHPlib was written before PEAR came out.  PEAR contains much of the
> functionality that PHPlib contains, and is pretty solid, albeit not
> really well documented sometimes.  It seems silly to re-invent the wheel
> here.  On the other hand, I've found that the PEAR API is often
> excessively rich for simple applications, and using it requires one to
> nail down a lot of configuration params that could easily default to
> reasonable values 90% or so of the time.  This is why I've written
> several classes for my own use which rely on PEAR but present the PHPlib
> API, which is relatively simple, not to mention the fact that I'm
> already familiar with it.

Yeah, it may be that phplib has no real purpose these days, what with PEAR
and the Zend framework, etc.  I am even using a framework (Kohana) for new
development.

But I yearn for the early days of PHP programming.  :)  Well, not really...

>
>
> --
> Lindsay Haisley       | "Everything works    |    Accredited
> FMP Computer Services |       if you let it" |      by the
> 512-259-1190          |    (The Roadie)      |   Austin Better
> http://www.fmp.com    |                      |  Business Bureau
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> phplib-users mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>

-- 
Aric Caley,
Developer, Trixbox CE
Fonality, inc.