User Library

From OWASP
Jump to: navigation, search

Introduction

A User Library is for individual users in a system. This library aims to provide functions that could ease the process of creation, maintenance and termination of users easily and safely. Users are the key component in any web application. Thus storing their identity in the system is of utmost important. The users make a base for all other components to work on them. A weakness in user system or improper use of its data may lead to data theft or permanent loss of data. In this library, we have created a basic user system that provides most necessary data about users to be stored such as userID, password, account creation time, etc. and secure functions to manipulate these data and to keep them safe such as "create user", "verification", "password reset" etc. With the help of this library, developers can create their own user database with a few lines without worrying about the underlying implementation.

Extending User Library

As already said, the user library in itself is very plain and simple, with the minimum amount of functionality necessary to create a separate library of its own. The functions and data that is stored in the DB, is very limited. Thus, we have created the library keeping in mind that it needs to be extended. The developers wanting more functionality or more data storage needs such as storing names and age of a user, can extend this library and can create their desired functions on top of this. To extend this library, one can just use the PHP's "extends" keyword, and then can use the DB to store and retrieve data. In their newly created child class, they can add more functions as they see fit. The whole purpose of this library is not to arm developers with all the functions they MIGHT need, but our aim is to provide them with the basic functionality so that they can move on from these tasks to more demanding business.

PHPSEC User Library Implementation

We have created this user library in the most simplest sense we could, providing the developers functions that are secure and simple to use. Simple functions make this library more open and transparent. Some common functions in this library are:
Create a new User: This function is used to create a new user.
Get Existing User: This function is used to request object of an existing user from the system.
Force Login: Function to validate a user without their credentials.
Verify Password: Function to verify a user given string as his password.
Reset Password: Function to reset a user's password to some new password.
Delete Password: Function to delete a user from a system.
Remember Me: Function to imitate the behavior of "remember me" function which allows the users to skip entering their credentials each time they visit the application.
Misc Functions: Other functions that provides common functions to user such as "get Account Creation Time" etc and functions necessary for this library to work.

Other Helpful Links