The basic idea is to have a x.509 certificate on your own pc. When you connect to the phpbbs (or any site allowing certificate login), the server can check if you actually have that certificate and can log you in. Password is asked by your www-browser and it is never sent over the line. If you use the same certificate to login to several sites, you only need ONE password for EVERY phpbbs site. And the phpbbs site does not need even to know your password.
Certificate also gives the site a confirmation that the user email address is correct.
Adding the certificate login is not even complicated, there is example code in cacert.org pages. cacert.org is an open community distributing free certificates. You can also test the certificate login on their site.
See more on http://www.cacert.org
Edit: instructions to add the certificate login:
php code is simple:
Code: Select all
if($_SERVER['HTTP_HOST'] == "secure.cacert.org")
{
$query = "select * from `users` where `email`='$_SERVER[SSL_CLIENT_S_DN_Email]'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['profile']['loggedin'] = 1;
header("location: https://secure.cacert.org/account.php");
exit;
}
}
http://www.cacert.org/help.php?id=9