PHP Authorization

Version 1.0 released

2009-06-16T16:15:00.000-07:00

We are happy to announce that PHP Authorization 1.0 is out in the market! You can buy it here.

License

2009-06-15T05:16:00.000-07:00

This License Agreement affects all files in the original distribution package except those in 'client' and 'ezpdo' folders.

END USER LICENSE AGREEMENT
Software License Agreement for PHP Authorization

IMPORTANT- PLEASE READ CAREFULLY: BY INSTALLING THE SOFTWARE (AS DEFINED BELOW) AND/OR COPYING THE SOFTWARE, YOU (EITHER ON BEHALF OF YOURSELF AS AN INDIVIDUAL OR ON BEHALF OF AN ENTITY AS ITS AUTHORIZED REPRESENTATIVE) AGREE TO ALL OF THE TERMS OF THIS END USER LICENSE AGREEMENT ('AGREEMENT') REGARDING YOUR USE OF THE SOFTWARE. IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, YOU MUST REMOVE AND DESTROY ALL COPIES OF THE SOFTWARE.

1. GRANT OF LICENSE: Subject to the terms below, Binary Solutions hereby grants you a non-exclusive, non-transferable license to install and to use PHP Authorization ('Software').
Under this license, you may: (i) install and use the Software on a single computer for your personal, internal use (ii) copy the Software for back-up or archival purposes. (iii)You may not distribute the software to others without first obtaining the required licenses, where applicable.
Whether you are licensing the Software as an individual or on behalf of an entity, you may not: (i) modify, or create derivative works based upon, the Software in whole or in part without the express written consent of Binary Solutions; (ii) distribute copies of the Software; (iii) remove any proprietary notices or labels on the Software; (iv) resell, lease, rent, transfer, sublicense, or otherwise transfer rights to the Software.

2. PHP Authorization: You acknowledge that no title to the intellectual property in the Software is transferred to you. Title, ownership, rights, and intellectual property rights in and to the Software shall remain that of Binary Solutions. The Software is protected by copyright.

3. DISCLAIMER OF WARRANTY:
YOU AGREE THAT Binary Solutions HAS MADE NO EXPRESS WARRANTIES, ORAL OR WRITTEN, TO YOU REGARDING THE PRODUCTS AND THAT THE PRODUCTS ARE BEING PROVIDED TO YOU 'AS IS' WITHOUT WARRANTY OF ANY KIND. Binary Solutions DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESSED, IMPLIED, OR STATUTORY. YOUR RIGHTS MAY VARY DEPENDING ON THE STATE IN WHICH YOU LIVE. Binary Solutions SHALL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, COVER, RELIANCE, OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THIS PRODUCT.

4. LIMITATION OF LIABILITY: You use this program solely at your own risk. IN NO EVENT SHALL Binary Solutions BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO ANY LOSS, OR OTHER INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF THE USE OF THE SOFTWARE, EVEN IF Binary Solutions HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL Binary Solutions BE LIABLE FOR ANY CLAIM, WHETHER IN CONTRACT, TORT, OR ANY OTHER THEORY OF LIABILITY, EXCEED THE COST OF THE SOFTWARE. THIS LIMITATION SHALL APPLY TO CLAIMS OF PERSONAL INJURY TO THE EXTENT PERMITTED BY LAW.

5. TERMINATION: This Agreement shall terminate automatically if you fail to comply with the limitations described in this Agreement. No notice shall be required to effectuate such termination. Upon termination, you must remove and destroy all copies of the Software.

6. MISCELLANEOUS:

Severability.
In the event of invalidity of any provision of this Agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this Agreement.

Entire Agreement.
You agree that this is the entire agreement between you and Binary Solutions, which supersedes any prior agreement, whether written or oral, and all other communications between Binary Solutions and you relating to the subject matter of this Agreement.

Reservation of rights.
All rights not expressly granted in this Agreement are reserved by Binary Solutions.

Usage examples

2009-06-14T13:18:00.000-07:00

Integrating PHP Authorizer to your web service or web page is simple as adding the following block of code:

$credit = 1;
if (AuthorizerClient::hasCredit("MyService", "MyKey", $credit)) {
// visitor is authorized to use the service
} else {
// visitor is not authorized to use the service
}

Example 1: limit the number of your website requests to 30 per IP address per day

First you need to enter default values (service name, maximum number of requests and number of days after which the counters are reset) in SQL table named ServiceDefaults. For this example, the following SQL statement does the right thing:

INSERT INTO database_name.ServiceDefaults
VALUES (NULL, 'MySite', 30, 1);

Next, you need to customize ./client/class/AuthorizerClient.class.php file. In line 51 replace default URL with the URL containing your hostname and path to PHP Authorization web service. Keep the trailing slash and question mark.

After this, run ./client/example1.php script. If you have set up everything correctly, you should see the message 'You can use the web site!'. If you open ClientData table you will notice that it looks like:

ID	service	address	key	usedCredit	maxCredit	expireInDays	timestamp
1	MySite	127.0.0.1	default	1	30	1	1245149253

If you re-run the script you will notice that usedCredit is increased by one, etc. After you have used up the limit that you have set, error message will appear.

Basically, AuthorizerClient.class.php file and code snippet from example1.php is all that you need to integrate in your web site to use PHP Authorization service. Each visit to your web site from different IP address will have it's own entry in ClientData table and thus own request counters.

Example 2: set the fixed number of your web service requests for particular customer

In this case we don't set any entries in ServiceDefaults table. We have a particular customer that has subscribed to particular web service for a particular number of requests, so we set everything in ClientData table. For this example we will use the following SQL statement:

INSERT INTO database_name.ClientData VALUES (
NULL, 'MyService', '*', 'SecretKey', 0, 1000, 0,
UNIX_TIMESTAMP(NOW( )));

Basically, we have allowed customer to use the service named MyService from any IP address, using SecretKey as authentication string. User has currently made 0 out of 1000 allowed requests and there is no time constraint for usage of this web service. The last parameter timestamp is mandatory, so we set it to be the time of creation of this entry.

After this, run the ./client/example2.php script. If you check the ClientData table now it will look like:

ID	service	address	key	usedCredit	maxCredit	expireInDays	timestamp
1	MySite	127.0.0.1	default	1	30	1	1245149253
1	MyService	*	SecretKey	1	1000	0	1245169132

So again, AuthorizerClient.class.php file and code snippet from example2.php is all that you need to integrate in your web service to use PHP Authorization. Each customer will be identified by it's own key and each customer will have it's own counter incremented on each request that he makes.

A final note on some special values ... obviously if expireInDays is set to 0, counters do not expire. If maxCredit is set to 0, user is blocked from making requests. However, if it is set to negative value - user has unlimited number of requests available.

Installation instructions

2009-06-14T07:29:00.000-07:00

Step by step instructions:

1. Extract the zip file

2. Set database connection parameters

PHP Authorization service uses database to store data. All most frequently used databases are supported (MySQL, PostgreSQL, SQLite). Database is not accessed directly but through EZPDO, lightweight data persistence library that comes with the product. It is not necessary for you to know anything about the mentioned library, you just need to edit the following two configuration files:

./config.xml
./tools/config.xml

In both files look for <default_dsn> tags and uncomment the one depending on the database type that you use. Put the right username, password and database name in connection string. Please note that the database already has to be created and user has to be given the right credentials, including the one necessary for table creation. The following MySQL statements might be helpful in that task:

CREATE DATABASE databasename DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX ON databasename . * TO 'username'@'localhost';

SET PASSWORD FOR 'username'@'localhost'=PASSWORD('password');

Syntax might differ slightly if you are using database other than MySQL.

3. Call _buildTables.php script

If you have set everything from the previous step correctly, this script will create two tables named ClientData and ServiceDefaults. Also in local file system, folder compiled and file ezpdo.log will be created. After you are done with this step, you can delete _buildTables.php script.

4. Set up cron to run ./tools/removeExpiredClients.php once a day

Instructions for this step are different on each hosting environment. If you don't know how to set up scheduler to run the script in regular intervals, the best would be to ask your hosting provider for help.

That should be it! For further instructions take a look at the usage examples.

About Us

2009-06-14T06:54:00.000-07:00

PHP Authorization is a product of Binary Solutions, software development company based in Split, Croatia.

Company is specialized in web application development and consulting.

Contact

2009-06-14T06:53:00.000-07:00

Sales:	sales@binarysolutions.biz
Support:	support@binarysolutions.biz
General:	info@binarysolutions.biz

Web:	http://www.binarysolutions.biz
Phone:	+385 98 910 2031
Skype:

Address:
	Binarna Rješenja
	Bilanova 2
	21000 Split
	Croatia