Helps to protect against automated flood attacks, and requires the user to use cookies for user authentication.

Can also be used to implement user authentication. Implementing user authentication is not built into the wimpy_auth.php system, but if your familiar with PHP you can edit the wimpy_auth.php file to meet your needs.

NOTE: The wimpyAuth script/system may cause certain features to not perform, or not work due to your server's speed and / or server setup.

Be sure to test the options and features you've established within wimpy thoroughly before implementing this script.

Implementing wimpyAuth

Upload wimpy_auth.php to the same folder as wimpy.php. Click here to download wimpy_auth.php.

If wimpy_auth.php is located in the same folder as wimpy.php, wimpy.php will automatically load wimpy_auth.php.

How wimpyAuth works

In the following explanation wimpyApp refers to the script that provides wimpy.swf with a playlist. (e.g. wimpy.php)

1. Request

wimp.swf issues a request to wimpyApp to load a playlist, or perform an "action."

2. Return encrypted session ID

WimpyApp looks for a file named wimpy_auth.php. (This filename can be changed by editing the referring variable within wimpy.php).

If found, a cookie is set that contains an md5 encrypted session ID.

The encrypted session ID is then sent to wimpy.swf as:

&auth=x&s=[session id]


Wimpy.swf receives and stores these two variables:

Informs wimpy.swf that authentication is required -- "x" is a literal value, yup, just plain old "x"

s=[session id]
A unique identifier that wimpy will use for the entire session. Wimpy will both send and receive this unique ID when interacting with wimpyApp.

3. Request with encrypted ID

Wimpy.swf issues a second request to wimpyApp for a playlist, but this time wimpy.swf includes the encrypted session ID with the request.


4. Validate the Session ID

WimpyApp receives the request and validates the session ID. If the session ID is invalid, wimpy.php exits and does not return any data. If the session ID is valid, wimpy will perform the requested action.

5. Ongoing requests

Each request to wimpyApp thereafter must contain s=[SESSIONID]



Expanding functionality

Since the Wimpy Authentication system is based on cookies and sessions, you can include additional functionality into wimpy_auth.php to provide added levels of protection based on your needs, such as user authentication or access control.

Adding additional functionality will require a certain level of programming knowledge and sophistication. Due to the varying needs of each web site, user authentication / access control are NOT built into the Wimpy Authentication system. It is up to individual developers to author and edit the existing scripts to meet their individual needs.










  ©Copyright Plaino LLC. All rights reserved.