Considering this very clever idea, we could try to start something now.

What I suggest: a simple wiki page where anybody interested in clean software design and auth libraries could throw his ideas.

I started something, combining posts or emails from benlm and a&w. Please feel free to add your 2 cents or more… or even correct bad ideas if it’s somehow agreed on this thread.

What I wanted to do first is to create a CIforge project (I love Trac), but we’ll do this only if this thread grows too big.

How about we make a core auth system with the ability to have extensions. Then the extensions using some sort of delegates will add their functionality. Such as captcha. And when new extensions come out and need new delegates we can just add them to the main auth lib. This would also mean it can be easily upgraded without breaking. Of course you would have to write your own view files for it and have alot of doc’s for the extensions but that would seperate the tasks out as not just one person could make the extensions.

We could even go as far as making an admin panel to activate or disable these extensions from the app itself. Of course the core would remain on to limit access to the admin. The you could just have an option to turn on or off captcha rather than the reams of config files to edit.

BTW I thought an effective process for handling flashMessages would be to use PHP’s native $_SESSION super-global array…

Ok, let me just suggest that there be some abstraction in access the database as not everyone uses mySQL…

I have to use FileMaker(via FX.php) and also authenticate via LDAP. I WISH I could use mySQL for this one project!

Thanks and good luck!

you’ll be barely surprise to finish with FAL

it’s always just a question of presentation and modulation, that seem pretty hard to keep it simple, but in fact if we take fal as example, , myfal_validation, extend the validation core, the captcha is not just a library etc. etc.

But at the end, when you take time to read, with Auth and FAL, you have pretty whatever needed for a basic/mid Auth and ACL process.

no ?