On the AndroidHive site there's a recent tutorial (plus screencast) about combining PHP, MySQL and SQLite to act as the backend authorization for your Android application.

In my previous article Android Login and Registration Screen Design i explained designing the login and registration interfaces, but it has no functionality. In this tutorial i am explaining how to build complete login and registration system in android using PHP, MySQL and SQLite. Also this tutorial covers how to build simple API using PHP and MySQL.

The tutorial walks you through each step of the process:

• Creating MySQL Database and Tables
• Building PHP API Classes
• Starting Android Project
• Making the JSON Parser, SQLite Database Handler and User Functions Classes
• Designing the Screens
• Switching between Activities
• Finally Updating AndroidManifest.xml

If you want to get started quickly, you can just download the final result and go.

Robert Basic has a recent post showing you how to use the "cookie jar" functionality included with Apache's "ab" benchmarking tool to get behind your PHP-based login with a simple curl and grep combo.

Tonight I decided to relax a bit and what better way of relaxing is there for a geek then to do some bash scripting?! So for fun and no profit I decided to try and benchmark pages with ab, Apache HTTP server benchmarking tool, which are behind a login. Turns out, it's pretty easy after reading some man pages.

He includes an example of the format of the "cookie jar" and the shell script he used to grab the PHP session ID from it and inject it into the "ab" call. The script is on github.

On the Liip blog today, there's a quick post about integrating Symfony2 and Magento, the popular PHP-based ecommerce platform.

So last week four developers sat together on a regular Hackday to see what's needed to hook up Magento into Symfony. To make this short the outcome is a Magento bundle for Symfony2. When we met in the morning we weren't even sure what exactly to try out but soon agreed on implementing a Symfony authentication which uses the Magento customer database.

The post talks about some of the issues they came across in their work - mainly a problem with incompatible autoloaders. There were also problems getting the logins to play nicely with each other and each product's session handling. You can find the current results from their hacking in this bundle posted to github.

Ade Slade has written up a quick new post to his blog today showing how you can use the lightweight Silex framework to link your login with Twitter and validate users from their API.

For those not acquainted with Silex: Silex is a PHP microframework for PHP 5.3 A microframework provides the guts for building simple single-file apps. It's awesome. For the example, I've setup a virtual host of example.local on my development machine.

He includes the contents of the .htaccess you'll need to get the rewrite to work for Silex, a link to the OAuth extension you'll need to install for PHP and the code to make the login and auth routes. You'll need to create a Twitter application for your site to get the OAuth secret key to make the authentication work. You can see the complete code here.

In response to this article from DevShed about creating a "simple and secure login script", Anthony Ferrara has written up this post to help dispel some of the inaccuracies, bad practices and security issues that could result from DevShed's code.

I decided to click the link [in my feed reader] and give the article a read. Not overly shocking was the fact that I didn't find the content of the article to be, how shall I say this..., overly factual. It's not really a "tutorial", but more of a "here's some code that's secure". A quick review of the code found more than one vulnerability, and some significant things that I would change about it (as well as a few "really bad practices").

He walks through each of the files included in the original tutorial - Authenticate.php, Register.php and Logout.php - and talks about things like brute force detection, password verification, registration handling and session serialization. He finishes it off with a list of twelve overall issues he noticed during his work along with solutions for each (usually very simple ones too).

In this new tutorial on DevShed, they walk you through the creation of a secure login script that uses sha256 encryption, a captcha to prevent automated signups, XSS attack protection and several other features.

Recent advancements in PHP offer the developer a variety of tools to improve the security of login systems. [...] This programming tutorial will teach you how to create a simple, yet secure login script utilizing PHP using MySQL and bracing for XSS attack prevention.

Other features include no persistent logins, preventing direct file access, an idle timeout on the user session, protection against session fixation and anti-brute force measures. Full (procedural) code is provided as well as screenshots from phpMyAdmin showing the database table structure. You can grab the code for the project here.

On NetTuts.com today they have a new tutorial showing you how to use two-factor authentication in your CodeIgniter-based application - a login process combining a username/password and access to a device that's authorized for the account.

Two-factor authentication is a way of proving your identity based on your username and password as well as a physical device that you can carry with you. This makes it much harder for crooks to steal your identity, since they will need access to your phone or hardware token - not just your login credentials.

They've chosen the free service offered by Duo Security that lets you approve the device in several ways including a phone call, SMS tokens and push-based authentication. They walk you through the setup of a Duo account, making an "Integration", grabbing the PHP and Javascript files needed to make it work and changing up your user and administration module to send a bcrypted value to the service. They flesh it out with a new version of the view to include the Duo code and generating the signed request.

On PHPBuilder.com there's a new tutorial posted showing you how to create a user authentication system that uses sessions to handle the logged in user's information.

Outside of installation and configuration issues, reader questions pertaining to user authentication and session management almost certainly rank among the most common I receive on an ongoing basis. The logic itself is pretty straightforward; however, even a simple implementation involves a number of small but important details which aren't always so easy to figure out the first time around. This tutorial serves to dispel much of the confusion by guiding you through the implementation of a simple user authentication feature which will subsequently keep the user logged in via a session.

He helps you create the simple login form, a table in MySQL to store the user data in and the PHP script (complete with input filtering) to handle the login. The system also tracks the last login of each user by updating the table with a timestamp each time they successfully log in.

New from the Script-Tutorials.com site there's a guide to getting a modern looking animated login system working on your PHP application. It uses jQuery to do some of the "modern" bits when the user logs in.

Today we will continue PHP lessons, and our article will about creating modern php login system. Possible you already saw similar ways to display login forms, and today we will repeat this by self. In result - it will some small element in your page layout, and after clicking on it - will appear some area, where we will see some welcome message, login form and another useful information. All very user friendly. So, its time to try demo.

You can start with the live demo or grabbing the code in a package to investigate or you can follow along in the post - full code and styling are provided.

In a new post to his phpDevelopment blog Andrei Gabreanu has added the third part of his Zend Framework tutorial series. This time he looks at using a CAPTCHA image in your form via a call to a Zend_Captcha component.

he third part of the tutorial series will present you with a fully functionable solution for a login and signup page that activates a RECaptcha, via Zend_Captcha as a Service, when the user attempts to login/signup 3 times and fails. The tutorial will also show you how to use your models and how to structure your business logic inside your module based application.

They help you set up the database configuration information, create a sample layout for the page, work with the authentication and users controllers and, of course, the form. The inclusion of the CAPTCHA is as easy as adding a Zend_Form_Element_Captcha to the Zend_Form instance and setting up the user/signin process.