PHP Authentication System

The PHP Authentication system has served us well but is archaic and requires a rewrite.

How this might work - OpenID

Have become an OpenID identity server. And for example, someone may use any OpenID identity to submit a bug report, add a user comment to the PHP manual, manage my.php, etc. And the identity is required for certain tasks like SVN commits and mirror/user management via master. Basically, anything using a login today.

Activities that use authentication today

  • Dealing with bugs. Some bug activities require accounts.
  • Editing wiki pages
  • Managing accounts, adding/editing (also for pear and pecl)
  • Managing events (cal.php)
  • Managing mirrors
  • Managing user notes
  • User pages at and
  • Activities at
  • Some information (future)


  • Consider doing this before changing version control systems (from CVS to SVN)
  • Consider binding VCS access control on a per-user basis (eliminating the avail file)
  • RIP Magical Cookie, and thanks for all the memories
  • Consider a fallback system for those who prefer separate logins to each site. This suggests a new auth backend that OpenID can be plugged into.


  • All content within this idea is up for discussion
  • It's a desired feature, so find well suited humans to create it in 2009
  • The 2009 redesign efforts are prepared to discuss this idea


Brain Storming.

ideas/phpnetauth.txt · Last modified: 2011/04/06 12:59 (external edit)