A New Proposal for a global Login System Using OAuth 2

Possible mentor: Sherif Ramadan

The website serves as a foundation for the PHP documentation, downloading the PHP source code, and finding user-contributed notes to the PHP docs. This coupled with the fact that there is additional realestate tied to the domain, such as:,,, etc… is what makes up the bulk of the infrastructure needed to keep the PHP Project online for the world.

The Problem

There is no central system for keeping track of user information throughout the infrastructure. This poses a number of small, but collectively serious, problems for organizing and enabling users on the website. For example, to file a bug report on bugs-web you provide a separate password and email address that's specific to and is only stored and maintained there. To access the wiki at you either login with your git/svn account credentials or the username/password you signed up with if you do not have a git/svn account. To access you either login with your git/svn account credentials or you can use your facebook/Google login or login anonymously. These things, however, are all isolated and distinct. For users of these various services that do not have a git/svn account or the required karma, they cannot reuse their sign-in information elsewhere.

The Proposed Solution

Build and provide a unified API for all of the various mirrors and servers to utilize for making user authentication (outside of the karma system) available where necessary through the OAuth2 protocol. This can be used to better track and maintain user information for things like adding user notes to the manual, providing doc patches, submitting bug reports, tracking wiki karma/access, etc…

This can additionally help us thwart spam in user notes (something we currently don't have good safe guards against) and be able to hold users accountable for their actions on


Writing the first draft of this wiki page…


To be determined.

ideas/phplogin.txt · Last modified: 2017/09/22 13:28 (external edit)