> Software > Software portfolio > Australian Cyclist
Australian Cyclist

Australian Cyclist

Before the days of good open-source content management systems, I wrote one from scratch for Australian Cyclist magazine. In this case the graphic design for the public pages was done by frenchc u r v e. At the time (2003), the closest thing to an open-source CMS that was available was phpnuke, and it became fairly clear to me that it would be more work to adapt phpnuke than it would be to write a CMS from scratch.

The system had a number of unique features, but probably the most notable was the authentication system. Like many CMSs, this one used MySQL as its database, but instead of storing the database password in a configuration file on the web server (like most CMSs do), I invented a better system. I set up 2 database users. The first was for anonymous read-only access, and was used when people browsed the site. The other was the read-write password to be used by content editors. Each content editor had their own username and password, and this information was kept in a "users" table. The trick here was that the value stored in the password field was actually the database read-write password encrypted by a hash of the editor's password. To log in, an editor entered their username and password, and the system would look up the user using the read-only database password, and attempt to decrypt the read-write password using the typed password. If the decryption was successful, the user was allowed access to the editors' interface - all without storing a plaintext database password anywhere. The decrypted read-write password was then re-encrypted using session-specific random data and stored in a browser cookie.