Basic authentication and session management library for PHP?

Question

I know questions like this have been asked numerous times, but not quite this one. Forgive me if I overlooked an obvious duplicate.

In the core of many of my web applications is a self-written user/session management class that in its origins dates back to 2002. I have decided that it is time for a fundamental re-write or, preferably, the introduction of a ready-made standard library.

My requirements for that library would be:

• Object oriented, clean, excellent code
• Full session management: Wrapper to session_start() and consorts
• Would ideally provide various storage methods (PHP Standard /tmp, database based)
• Would ideally be able to connect to different types of user data storage, but mySQL will do fine
• Would ideally provide convenient functions for supporting OpenID, but that's a fancy thought, no requirement right now
• Methods: Verify session, get user data, get session data, log in user, log out user
• Settings: Session lifetime, password encryption
• Must be Open Source

And if it's very generic, a user management API or a generic connector to the user management of the surrounding application would be nice:

• Create/Update/delete user records
• Fetch and modify data of currently logged in user

this is so basic, and so security relevant, that I would expect that there is a standard solution to this, however I don't know of any, and all the big CMSs and blogs seem to be rolling their own.

My two questions:

• Do you know such a component as a generic, stand-alone library?

• Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?

Answer 1

May I suggest the authentication library that I have written? It is a generic library (not written for or part of a framework): http://ulogin.sourceforge.net