initial migration to test org-mode

1 files changed, 0 insertions, 195 deletions

diff --git a/content/blog/2020-08-29-php-auth-flow.md b/content/blog/2020-08-29-php-auth-flow.md
deleted file mode 100644
index 018a9cb..0000000
--- a/content/blog/2020-08-29-php-auth-flow.md
+++ /dev/null
@@ -1,195 +0,0 @@
-+++
-date = 2020-08-29
-title = "PHP Authentication Flow"
-description = "Learn how to establish and maintain a basic user authentication flow in PHP."
-+++
-
-# Introduction
-
-When creating websites that will allow users to create accounts, the
-developer always needs to consider the proper authentication flow for
-their app. For example, some developers will utilize an API for
-authentication, some will use OAuth, and some may just use their own
-simple database.
-
-For those using pre-built libraries, authentication may simply be a
-problem of copying and pasting the code from their library's
-documentation. For example, here's the code I use to authenticate users
-with the Tumblr OAuth API for my Tumblr client, Vox Populi:
-
-```php
-// Start the session
-session_start();
-
-// Use my key/secret pair to create a new client connection
-$consumer_key = getenv('CONSUMER_KEY');
-$consumer_secret = getenv('CONSUMER_SECRET');
-$client = new Tumblr\API\Client($consumer_key, $consumer_secret);
-$requestHandler = $client->getRequestHandler();
-$requestHandler->setBaseUrl('https://www.tumblr.com/');
-
-// Check the session and cookies to see if the user is authenticated
-// Otherwise, send user to Tumblr authentication page and set tokens from Tumblr's response
-
-// Authenticate client
-$client = new Tumblr\API\Client(
-    $consumer_key,
-    $consumer_secret,
-    $token,
-    $token_secret
-);
-```
-
-However, developers creating authentication flows from scratch will need
-to think carefully about when to make sure a web page will check the
-user's authenticity.
-
-In this article, we're going to look at a simple authentication flow
-using a MySQL database and PHP.
-
-# Creating User Accounts
-
-The beginning to any type of user authentication is to create a user
-account. This process can take many formats, but the simplest is to
-accept user input from a form (e.g., username and password) and send it
-over to your database. For example, here's a snippet that shows how to
-get username and password parameters that would come when a user submits
-a form to your PHP script.
-
-**Note**: Ensure that your password column is large enough to hold the
-hashed value (at least 60 characters or longer).
-
-```php
-// Get the values from the URL
-$username = $_POST['username'];
-$raw_password = $_POST['password'];
-
-// Hash password
-// password_hash() will create a random salt if one isn't provided, and this is generally the easiest and most secure approach.
-$password = password_hash($raw_password, PASSWORD_DEFAULT);
-
-// Save database details as variables
-$servername = "localhost";
-$username = "username";
-$password = "password";
-$dbname = "myDB";
-
-// Create connection to the database
-$conn = new mysqli($servername, $username, $password, $dbname);
-
-// Check connection
-if ($conn->connect_error) {
-  die("Connection failed: " . $conn->connect_error);
-}
-
-$sql = "INSERT INTO users (username, password)
-VALUES ('$username', '$password')";
-
-if ($conn->query($sql) === TRUE) {
-  echo "New record created successfully";
-} else {
-  echo "Error: " . $sql . "<br>" . $conn->error;
-}
-
-$conn->close();
-```
-
-# Validate Returning Users
-
-To be able to verify that a returning user has a valid username and
-password in your database is as simple as having users fill out a form
-and comparing their inputs to your database.
-
-```php
-// Query the database for username and password
-// ...
-
-if(password_verify($password_input, $hashed_password)) {
-    // If the input password matched the hashed password in the database
-    // Do something, log the user in.
-}
-
-// Else, Redirect them back to the login page.
-...
-```
-
-# Storing Authentication State
-
-Once you've created the user's account, now you're ready to
-initialize the user's session. **You will need to do this on every page
-you load while the user is logged in.** To do so, simply enter the
-following code snippet:
-
-```php
-session_start();
-```
-
-Once you've initialized the session, the next step is to store the
-session in a cookie so that you can access it later.
-
-```php
-setcookie(session_name());
-```
-
-Now that the session name has been stored, you'll be able to check if
-there's an active session whenever you load a page.
-
-```php
-if(isset(session_name())) {
-    // The session is active
-}
-```
-
-# Removing User Authentication
-
-The next logical step is to give your users the option to log out once
-they are done using your application. This can be tricky in PHP since a
-few of the standard ways do not always work.
-
-```php
-// Initialize the session.
-// If you are using session_name("something"), don't forget it now!
-session_start();
-
-// Delete authentication cookies
-unset($_COOKIE[session_name()]);
-setcookie(session_name(), "", time() - 3600, "/logged-in/");
-unset($_COOKIE["PHPSESSID"]);
-setcookie("PHPSESSID", "", time() - 3600, "/logged-in/");
-
-// Unset all of the session variables.
-$_SESSION = array();
-session_unset();
-
-// If it's desired to kill the session, also delete the session cookie.
-// Note: This will destroy the session, and not just the session data!
-if (ini_get("session.use_cookies")) {
-    $params = session_get_cookie_params();
-    setcookie(session_name(), '', time() - 42000,
-        $params["path"], $params["domain"],
-        $params["secure"], $params["httponly"]
-    );
-}
-
-// Finally, destroy the session.
-session_destroy();
-session_write_close();
-
-// Go back to sign-in page
-header('Location: https://example.com/logged-out/');
-die();
-```
-
-# Wrapping Up
-
-Now you should be ready to begin your authentication programming with
-PHP. You can create user accounts, create sessions for users across
-different pages of your site, and then destroy the user data when
-they're ready to leave.
-
-For more information on this subject, I recommend reading the [PHP
-Documentation](https://www.php.net/). Specifically, you may want to look
-at [HTTP Authentication with
-PHP](https://www.php.net/manual/en/features.http-auth.php), [session
-handling](https://www.php.net/manual/en/book.session.php), and
-[hash](https://www.php.net/manual/en/function.hash.php).