simple secured portal system in PHP
$500-700 USD
Pagado a la entrega
Simple and Highly secured Login/Portal System in PHP easy to integrate with our PHP project for school'
the project will be a school portal, but we need to make sure that some one who has good experince with PHP and security help us secure the site and it's data.
## Deliverables
Login/Portal System in PHP
The system will be in PHP/MySQL/(Optional:Ajax)
We already made some work but we want more perfection (you will be provided with the site address to look at the Ajax function).
The system will be used in two places (main portal and an alumni portal)
The main one in the school will authorize users against Windows AD
The Alumni one will authorize users against table in MySQL
There are few important points:
* The system must be flexible and very well documented (comments in the code) with clear language so we can understand it and make modifications easily.
* The System must be easy to integrate with our project.
* High quality code and high security login (we will not use SSL on the server).
* Has a **config** file where we can specify the type of authorization (LDAP or MySQL) and it’s easy to add later support for other Database if we need (we may re-hire? the coder again to do this part), simply we can add all the main “Static?? variables in this **config** file.
* Utilities classes and check sessions with the user IP and Web browser (agent) to lower the possibilities of session high jacking (again security is a high priority).
The system must have the following functions:
* There will be different user level and we can easily identify them after login, so we can give permission for specified people to a specified pages (teachers, students, staff, administration, administrators, and can be more), all the level information will be store in the same users table (database)
* The user can be a member in more than one group (level).
* A function to reset the password based on the email, where the user will get a link to reset their passwords (Not with the AD Authorization).
* A function to change the password
* A function to auto logout users after XX mints (to XX will be specified in the **config** file)
* For the LDAP authorization, we can have filters for each group based on the Organization or description? (easy to modify the filter for each level to use any kind of filtering, something like? $result = ldap_search($ad, "DC=company,DC=com", "(&(objectclass=*)(sAMAccountName=*)(|(description=staff)(description=teacher)))");]
* The login box will be included in a page (tamplet) and if the user loged in it will show a logout link and change password link.
* No need for user creation (it will be done through another tools we already have)
* Passwords will be encrypted (MD5 or SHA-1) and salted
* For higher security when the user enter his/her password a Jscript function will encrypt it, and the authorization script in PHP will compare it with salted password (the user table will have the passwords filed and a field with random chars/string ? to salt the password)
The work guidelines:
* The system and the work will be tested by different people for bugs and security (some are external people).
* This document may not completely cover the project’s description, but there will not be a major changes or modifications unless there is a miss understanding for our need.
* We are very serious and strict about the work, quality and the documentation or the project.
* ? If we like the work and the developer’s level of communication and response, we are definitely going to hire him/her for more projects (probably bigger).
* After we all are satisfied and done with the project and the support period, any extra consulting or modification done by the developer, he/she will get paid for, we like to be fair with our work and our developer .
Thank you,
Enkidu
* * *This broadcast message was sent to all bidders on Friday Oct 24, 2008 8:31:48 AM:
The Bid got update with more information as some of you requested, cheers
Nº del proyecto: #3335347