Can also be used to implement user authentication. Implementing user authentication is not built into the wimpy_auth.php system, but if your familiar with PHP you can edit the wimpy_auth.php file to meet your needs.
NOTE: The wimpyAuth script/system may cause certain features to not perform, or not work due to your server's speed and / or server setup.
Be sure to test the options and features you've established within wimpy thoroughly before implementing this script.
Upload wimpy_auth.php to the same folder as wimpy.php. Click here to download wimpy_auth.php.
If wimpy_auth.php is located in the same folder as wimpy.php, wimpy.php will automatically load wimpy_auth.php.
How wimpyAuth works
In the following explanation wimpyApp refers to the script that provides wimpy.swf with a playlist. (e.g. wimpy.php)
wimp.swf issues a request to wimpyApp to load a playlist, or perform an "action."
2. Return encrypted session ID
WimpyApp looks for a file named wimpy_auth.php. (This filename can be changed by editing the referring variable within wimpy.php).
If found, a cookie is set that contains an md5 encrypted session ID.
The encrypted session ID is then sent to wimpy.swf as:
Wimpy.swf receives and stores these two variables:
Informs wimpy.swf that authentication is required -- "x" is a literal value, yup, just plain old "x"
A unique identifier that wimpy will use for the entire session. Wimpy will both send and receive this unique ID when interacting with wimpyApp.
3. Request with encrypted ID
Wimpy.swf issues a second request to wimpyApp for a playlist, but this time wimpy.swf includes the encrypted session ID with the request.
4. Validate the Session ID
WimpyApp receives the request and validates the session ID. If the session ID is invalid, wimpy.php exits and does not return any data. If the session ID is valid, wimpy will perform the requested action.
5. Ongoing requests
Each request to wimpyApp thereafter must contain s=[SESSIONID]
Since the Wimpy Authentication system is based on cookies and sessions, you can include additional functionality into wimpy_auth.php to provide added levels of protection based on your needs, such as user authentication or access control.
Adding additional functionality will require a certain level of programming knowledge and sophistication. Due to the varying needs of each web site, user authentication / access control are NOT built into the Wimpy Authentication system. It is up to individual developers to author and edit the existing scripts to meet their individual needs.