M
M
max20212020-09-29 13:39:33
PHP
max2021, 2020-09-29 13:39:33

How to make authorization through Firebase on a multi-page site?

Hello.

I'm making a small website in html/php/js.
The main nuance is that the site pages should be available only to those users who have logged in by phone number.

Ready-made and convenient solutions (for a novice developer like me) through SMS services are expensive. Authorization by call is cheaper, but also costs money. I found quite a suitable solution - SMS authorization through Google Firebase. The free limit is more than enough for me.

In the Firebase repository https://github.com/firebase/firebaseui-web took an example implementation. There is also an example of tracking whether the user is authorized on the site or not.

Everything would be fine, but the examples on the Firebase page are in JS.
Tell me how to make authorization on a multi-page site using JS? If I correctly understood the capabilities of the JS implementation, then the process of tracking authorization in JS cannot be done, otherwise the authorization sign will somehow be transmitted either in cookies or in the get / post request parameters. Those. after executing the JS script from the Firebase example, I see the user's cell number, token, and some other information. But how, based on this information, to close access to the page - I can’t figure it out.

I started looking for ways to implement this code in php.
- It seems like a good option to pass a variable about the authorization status from JS to PHP. But again, the variable will be transmitted in an accessible form and it is easy to replace it.
- I found a JWT library (including for php), which allows you to check the status by token. This option seems to be perfect. But the difficulty is that the library is installed via composer, and I have a simple hosting and no ssh support. Maybe there are some specific php files that I can copy from the repositories of JWT solution developers (but there are so many files that it is not clear which files I need for this library to work and how to connect them correctly)?

Another option that I managed to find is closing access to site pages through htaccess. Those. make the page with authorization open, and password-protect others. And if the authorization is correct, then give the user access to other pages. But I don't understand if this is even possible. After all, the password is written fixed and I don’t understand how to add users to the exception list in this case.

I would appreciate any help and advice on this matter.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
max2021, 2020-09-29
@max2021

While I was writing the post, another idea came up - maybe it is more viable?
1. Upon successful authorization using JS, write the token to cookie #1.
2. When opening any other page of the site, execute the JS code (from the Firebase example) to check the authorization status and write the result of the token into cookie #2.
3. From the php script, match these two tokens and if they match, load the desired page from php.
True, in this solution it is also not obvious to me how to correctly implement the comparison of these two tokens so that they cannot be subsumed. Those. the user will write arbitrary values ​​to cookie #1, write a similar value to cookie #2, and the php script will simply match them without even suspecting a trick.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question