CakeOTP is a reference implementation of User Registration with a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.
Sometimes you need to enable silent (implicit) login for your users. A good example of this would be this - after a registration process, you would want to automatically login the user, rather then having him retype the user name and password.
In CakePHP there is a simple method in the Auth components that lets you login on the user's behave.
Here is how it is done:
I have been using CakePHP for a long time now and enjoy every second. It provides a productive, easy to use and well document platform for PHP application. The key advantages for me are – transparent OR mapping, a strong Model View Controller framework, and tons of extra utilities that make your life better.
I have came across a possible security issue in one of cakePHP code examples. This section of code is responsible to authorize or un-authorize clients access to a certain action (MVC flow)
CakeOTP is a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.
A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.
The problem is that most one-time password implementation involve maintaining additional database tables and batch process that handle the persistence and expire date of the one time password. This adds complexity and reduces performance.
I have started to implement the algorithm for tableless, secure One time password.
Here is a link to the Demo, and here is a link to the beta release.
The only thing you need to do other then the regular cakePHP setup is to create a user table (used by the CakePHP Auth component):