Library for authorization through Habrahabr
Good morning to all who are already reading Habrahabr!
Working on the “Club of anonymous Santa Clauses” for Habr, we had to solve the problem with authorization of the user through Habr. On Dirty, the user was offered to place in his profile a special link, the presence of which was checked by their server. We decided to go the other way and simplify authorization as much as possible for the person who decided to take part in the action.
Although in the end, the HabraAuth library, which will be discussed in the topic, was not used, but it uses the same authorization principle as on habra-adm.ru - the user enters his nickname on Habré, and from the account of the mail robot or from the developer account he receives a special link on Habropochta, clicking on which he confirms the ownership of his account.
')
For the end user, when using HabraAuth, the authorization looks even simpler: he enters his nickname, presses “Login” and the server drops it to Habromail, where he can only click the “Login” link again.
Consider an example of connecting HabraAuth for your site. To get started, download the latest version of the library — it's best to do this by cloning the repository on GitHub:
The library itself is in the file
Now we will create a simple form for authorization. For example, such:
And we will write a handler for it:
Now we will create a callback page to which the user will go from Habropochta:
The result was almost OAuth :-)
The only problem that you may encounter is that ReadOnly users will start to type in the form of the names of the innocent Habroofs who will start coming to the Spam in a personal form. To solve this problem, you can put a captcha or enter users into your database in order not to send them a message again.
UPDATE : If you write here , then you can get access to OAuth Habrahabr.
Working on the “Club of anonymous Santa Clauses” for Habr, we had to solve the problem with authorization of the user through Habr. On Dirty, the user was offered to place in his profile a special link, the presence of which was checked by their server. We decided to go the other way and simplify authorization as much as possible for the person who decided to take part in the action.
Although in the end, the HabraAuth library, which will be discussed in the topic, was not used, but it uses the same authorization principle as on habra-adm.ru - the user enters his nickname on Habré, and from the account of the mail robot or from the developer account he receives a special link on Habropochta, clicking on which he confirms the ownership of his account.
')
For the end user, when using HabraAuth, the authorization looks even simpler: he enters his nickname, presses “Login” and the server drops it to Habromail, where he can only click the “Login” link again.
Consider an example of connecting HabraAuth for your site. To get started, download the latest version of the library — it's best to do this by cloning the repository on GitHub:
git clone https://github.com/kafeman/HabraAuth.git The library itself is in the file
HabraAuth.class.php , it needs to be connected first of all:
<?php include('HabraAuth.class.php'); ?>
Now we will create a simple form for authorization. For example, such:
<h1> </h1> <form method="post"> <p> :</p> <p> <input type="text" name="login"> <input type="submit" value=" !"> </p> </form>
And we will write a handler for it:
// , // $config = array( // callback- // 'callback' => 'http://localhost/sample/callback.php', // // - , ;-) 'salt' => 'qwerty', // , // - , // 'cookies' => array( 'PHPSESSID' => '8ba44cc67a851d1c43d740c356665061', 'hsec_id' => 'c086a2c37f395cbb9aa7b064c8c712db', ), ); // HabraAuth // $habraAuth = new HabraAuth($config); // Auth $habraAuth->Auth($_POST['login']); // , header('Location: http://habrahabr.ru/users/none/mail/');
Now we will create a callback page to which the user will go from Habropochta:
<?php // , if (empty($_GET['user']) || empty($_GET['hash'])) { header('Location: /sample/login.php'); exit(); } // include __DIR__ . '/../HabraAuth.class.php'; // , $config = array('salt' => 'qwerty'); // HabraAuth $habraAuth = new HabraAuth($config); // if (!$habraAuth->CheckAuth($_GET['user'], $_GET['hash'])) { header('Location: /sample/login.php'); exit(); } // TODO - echo ', ' . $_GET['user'] . ', ?'; ?>
The result was almost OAuth :-)
The only problem that you may encounter is that ReadOnly users will start to type in the form of the names of the innocent Habroofs who will start coming to the Spam in a personal form. To solve this problem, you can put a captcha or enter users into your database in order not to send them a message again.
UPDATE : If you write here , then you can get access to OAuth Habrahabr.
Source: https://habr.com/ru/post/157255/
All Articles