API reference
Classical user authentication with username and password is not the only way to log on to a Topincs system. Alternatively you can provide an URL with a ticket. When visiting the URL in the browser, the user will automatically log in without further action. The ticket is a special query parameter _t
with a very long and unique random sequence of digits and characters. Here is an example that automatically logs in the user Demo in the trial movie database:
A ticket is linked to a user account and has an expiry date. It depends very much on your requirements if you want to provide tickets. You can even do it in combination with ordinary credentials. You can send the ticket to the user in any channel, but be aware that anyone who knows the URL, can access the system. The most common channel is email. Some reasons for using tickets are:
When you are in an environment with strict and strong confidentiality requirements, it is not recommended to provide users with this easy way to log in. Keep in mind: every person with the URL has the same rights as the user account tied to the ticket. While it is possible to invalidate a ticket after issuing, there is currently no easy way to do this in Topincs.
API reference
Tickets are created with the function ticket
. It has three arguments, which we will explain now one by one.
You always need to specify the user account the ticket is created for. You can do this with a string holding the user name, or with a tobject representing the user or the user account. For more information on the difference between the last two, please refer to the section on User management.
You may specify how long it should be valid, by providing a DateTime
or a DateInterval
object. Only in case of an interval there is a tolerance applied in order to avoid excessive and unnecessary ticket creation. To understand the reason for this, imagine your code issues a ticket, that is valid for a year. Then the next day, another one for one year. And so on. Now you have many tickets which expire in roundabout a year. This is unnecessary, so we reuse it until the year is almost over, and then a new ticket will be created.
By default Topincs removes the ticket from the URL once it was used to log in. This has some downsides:
By making a ticket sticky, you avoid these problems. The ticket will disappear, once the user navigates away from the page.
API reference
// Simple usage – Santa forgets his password all the time.
$ticket = ticket("Santa Claus");
// Using a DateInterval. The url function helps.
$login_url = url("?" . ticket($user, new DateInterval("P1Y"));
// Making a sticky ticket for one week, the default validity.
$login_url = url("?" . ticket($user_account, null, true));
This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.
Saving …