I know questions like this have been asked numerous times, but not quite this one. Forgive me if I overlooked an obvious duplicate.
In the core of many of my web applications is a self-written user/session management class that in its origins dates back to 2002. I have decided that it is time for a fundamental re-write or, preferably, the introduction of a ready-made standard library.
My requirements for that library would be:
- Object oriented, clean, excellent code
- Full session management: Wrapper to session_start() and consorts
- Would ideally provide various storage methods (PHP Standard /tmp, database based)
- Would ideally be able to connect to different types of user data storage, but mySQL will do fine
- Would ideally provide convenient functions for supporting OpenID, but that's a fancy thought, no requirement right now
- Methods: Verify session, get user data, get session data, log in user, log out user
- Settings: Session lifetime, password encryption
- Must be Open Source
And if it's very generic, a user management API or a generic connector to the user management of the surrounding application would be nice:
- Create/Update/delete user records
- Fetch and modify data of currently logged in user
this is so basic, and so security relevant, that I would expect that there is a standard solution to this, however I don't know of any, and all the big CMSs and blogs seem to be rolling their own.
My two questions:
Do you know such a component as a generic, stand-alone library?
Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?