Hi, everyone: A client of mine has an internal website which will use PHP, Apache, and Fedora. It is served only over HTTPS, specifically for the needs of a few users, each of which has a username and password. However, they do not want to rely on .htaccess files only; they want each page to check session validity so they can have time-outs and stuff. Since I do not have the skills to do this, but they are good clients of mine, I am offering a cash reward (amount negotiable... I was thinking of US$100...) for code which does this. I will proceed to license this code under the GPL and publicly post a HOWTO on my site on how to use it along with the entire code. So anyone who helps me is going to be helping quite a few other people too. Here's what my customer wants: My customer wants PHP code that can be added to each and every page on the site and which should then: 1. Check for an established session (by whatever means... a file on the server or a cookie on the client), and if a session is found then the content of that page should be displayed. 2. If a valid session is not found, either because the user has not logged in or because the session has timed out, then the page should display only a request for the user's credentials. 3. If valid credentials are supplied, then the page should reload (which will display the contents since there is now a valid session). That is all the functionality required, although of course there are some additional conditions: 1. The user's credentials should be stored in some reasonably-secure and reasonably-scalable fashion. I do not have the knowledge to determine whether an htaccess file will work well enough or whether using a database is recommended. There are just over 100 users and *no* growth is projected. However, note that most content on this site will be database-driven so adding another table theoretically should not be a problem. 2. Their current (and limited!) knowledge is of MySQL although they are contemplating a move to PostgreSQL. So code which talks to the database, if any, should be properly abstracted into a separate function to ease migration headaches. 3. The code should be clean, clear, well-written, and well-documented, easy for others to understand and modify. Variables should be clearly named. 4. MOST IMPORTANT of all, the code should be "securely written", which they understand to mean idiot-proof, tamper-proof, and carefully checking for the possibility of buffer overflows or exploits. After all, the point is to increase security, and if the code is exploitable they have less than nothing. ---------- Anyone interested, please contact me off-list! I will select the best submission offered and negotiate the reward individually. Reward will be paid if/when submission is adequate to my satisfaction (of course, nothing will be used without permission and payment). Hopefully this way someone gets paid to do the entire Linux world a small favor. If you know anyone not on these lists who might be interested, forward this email to them please. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
