simple secured portal system in PHP

Completado Publicado Oct 24, 2008 Pagado a la entrega
Completado Pagado a la entrega

Simple and Highly secured Login/Portal System in PHP easy to integrate with our PHP project for school'

the project will be a school portal, but we need to make sure that some one who has good experince with PHP and security help us secure the site and it's data.

## Deliverables

Login/Portal System in PHP

The system will be in PHP/MySQL/(Optional:Ajax)

We already made some work but we want more perfection (you will be provided with the site address to look at the Ajax function).

The system will be used in two places (main portal and an alumni portal)

The main one in the school will authorize users against Windows AD

The Alumni one will authorize users against table in MySQL

There are few important points:

* The system must be flexible and very well documented (comments in the code) with clear language so we can understand it and make modifications easily.

* The System must be easy to integrate with our project.

* High quality code and high security login (we will not use SSL on the server).

* Has a **config** file where we can specify the type of authorization (LDAP or MySQL) and it’s easy to add later support for other Database if we need (we may re-hire? the coder again to do this part), simply we can add all the main “Static?? variables in this **config** file.

* Utilities classes and check sessions with the user IP and Web browser (agent) to lower the possibilities of session high jacking (again security is a high priority).

The system must have the following functions:

* There will be different user level and we can easily identify them after login, so we can give permission for specified people to a specified pages (teachers, students, staff, administration, administrators, and can be more), all the level information will be store in the same users table (database)

* The user can be a member in more than one group (level).

* A function to reset the password based on the email, where the user will get a link to reset their passwords (Not with the AD Authorization).

* A function to change the password

* A function to auto logout users after XX mints (to XX will be specified in the **config** file)

* For the LDAP authorization, we can have filters for each group based on the Organization or description? (easy to modify the filter for each level to use any kind of filtering, something like? $result = ldap_search($ad, "DC=company,DC=com", "(&(objectclass=*)(sAMAccountName=*)(|(description=staff)(description=teacher)))");]

* The login box will be included in a page (tamplet) and if the user loged in it will show a logout link and change password link.

* No need for user creation (it will be done through another tools we already have)

* Passwords will be encrypted (MD5 or SHA-1) and salted

* For higher security when the user enter his/her password a Jscript function will encrypt it, and the authorization script in PHP will compare it with salted password (the user table will have the passwords filed and a field with random chars/string ? to salt the password)

The work guidelines:

* The system and the work will be tested by different people for bugs and security (some are external people).

* This document may not completely cover the project’s description, but there will not be a major changes or modifications unless there is a miss understanding for our need.

* We are very serious and strict about the work, quality and the documentation or the project.

* ? If we like the work and the developer’s level of communication and response, we are definitely going to hire him/her for more projects (probably bigger).

* After we all are satisfied and done with the project and the support period, any extra consulting or modification done by the developer, he/she will get paid for, we like to be fair with our work and our developer .

Thank you,

Enkidu

* * *This broadcast message was sent to all bidders on Friday Oct 24, 2008 8:31:48 AM:

The Bid got update with more information as some of you requested, cheers

Administración de bases de datos Ingeniería JavaScript MySQL PHP Gestión de proyectos Arquitectura de software Verificación de software SQL Web Hosting Gestión de páginas web Verificación de páginas web

Nº del proyecto: #3335347

Sobre el proyecto

17 propuestas Proyecto remoto Activo Oct 27, 2008

Adjudicado a:

jmper

See private message.

$595 USD en 14 días
(99 comentarios)
7.2

17 freelancers están ofertando un promedio de $555 por este trabajo

jawadh

See private message.

$595 USD en 14 días
(76 comentarios)
5.9
jkmcoders

See private message.

$595 USD en 14 días
(13 comentarios)
5.8
sunjove

See private message.

$509.15 USD en 14 días
(32 comentarios)
5.4
technologybox

See private message.

$595 USD en 14 días
(45 comentarios)
5.2
venturekeen

See private message.

$578 USD en 14 días
(15 comentarios)
5.1
aruhat

See private message.

$595 USD en 14 días
(12 comentarios)
5.2
24bits

See private message.

$595 USD en 14 días
(35 comentarios)
4.4
amcozarish

See private message.

$595 USD en 14 días
(4 comentarios)
4.7
arkotechvw

See private message.

$595 USD en 14 días
(4 comentarios)
3.6
innoappz

See private message.

$510 USD en 14 días
(2 comentarios)
0.0
creati21

See private message.

$595 USD en 14 días
(3 comentarios)
1.9
luciarux

See private message.

$425 USD en 14 días
(0 comentarios)
0.0
vw7059595vw

See private message.

$527 USD en 14 días
(2 comentarios)
0.0
g4freelancers

See private message.

$425 USD en 14 días
(0 comentarios)
0.0
sswarsi

See private message.

$595 USD en 14 días
(0 comentarios)
0.0
singingbowlvw

See private message.

$510 USD en 14 días
(1 comentario)
0.8