Handling user logins with AppEngine PHP and Datastore?

[Alex Kerr]

I'm building a site where I need to have a user log in with a username and password, and I'm running on AppEngine PHP with a Google Datastore database. Very straightforward, but just wondering if anyone can recommend any simple ways of handling user logins, please? Are there any good PHP libraries out there for this sort of thing?

Are there any issues that I need to be aware of with AppEngine or PHP that would affect this?

I was thinking to simply use PHP sessions somehow but not sure how to do this securely or in a way that prevents various attacks.

I don't want to use admin access in the .yaml file or Google Auth APIs because I need to allow users who don't have a Google account.

Many thanks!

Alex

[Tom Walder]

Hi there.

You might want to consider something like one of these
https://github.com/ircmaxell/password_compat
https://github.com/hautelook/phpass

Which do a reasonable job of one way password encryption and then validation.

You'll likely need sessions too - and you tweak the session hash if you want to with these options
http://php.net/manual/en/session.configuration.php

Tom

[Alex Kerr]

Thanks Tom. These look good!

Regards,

Alex