README

minimalistic authenticator

About

I wanted some kind of login-system, where I do not have to stick to a specific databse or storage system.

Precautions

in order for this rather flexible module to work, it is needed to define per project at least these additional functions on root:

• tweb_auth_token_remove(string $token): void
  • This function will remove the token for the linked user, which got this token, from the database or storage.
• tweb_auth_token_store(string $token, string $username): void
  • This function will store the given token for the given user.
• tweb_auth_user_from_token(string $token): mixed
  • This function will be able to get a user instance or array (or whatever is needed by the user) from the database or storage by a given token.
• tweb_auth_verify(string $username, string $password): bool
  • This function will be used to implement a databse or storage connection and check with password_verify() the given password against the stored one.

Usage

• tweb_auth_logged_in(): mixed
  • This function will check the cookie with the name, set by the tweb config app.auth.cookiename. The tweb_auth_user_from_token() callable will be used with the given token from the cookie to maybe get the user instance, or array or so. On fail in any way the function will return false.
• tweb_auth_login(string $username, string $password): bool
  • This function can log in a user. The tweb_auth_verify() callable will be used to verify the given password; e.g. against a hashed password in some databse or storage. On success the tweb_auth_token_store() callable will be used to store this token into the database or storage again. This could be used later to get the logged in user only by its token from the databse.
• tweb_auth_logout(): void
  • This function will mainly just remove the token cookie. With the tweb_auth_token_remove() function, though, it will also remove the token for the user, which was linked to this token.