[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

Authentication class in PHP

Hi,

Im new in OOP in PHP, Im trying to figure out how to do an authentication class which will connect do a DB to check user/password from a form, check if a user is logged. Anyone has somethng simple what I will be able to develop?
0
spandor
Asked:
spandor
  • 5
  • 4
  • 4
  • +1
2 Solutions
 
Ionut A. TudorPHP ProgrammerCommented:
there are lots of examples out there,
here is one: http://www.phpclasses.org/browse/package/1395.html
0
 
Ionut A. TudorPHP ProgrammerCommented:
0
 
blumiCommented:
Some useful stuff from me

And I use often session_regenerate to make sure the session id can't be stolen and used that easy.
I think you want to write your own class, so here just some ideas.

Cheers


/**
	 * @desc Generate friendley passwords
	 * @return 
	 */
	public static function GenPassword(){
		$consonats 	= array("b","c","d","f","g","h","j","k","l","m","n","p","r","s","t","v","w","x","y","z");
		$vocals		= array("a","e","i","o","u");
		$password	= "";
		srand((double)microtime()*1000000);
		for($f=1; $f<=4; $f++){
			$password.=$consonats[rand(0,19)];
			$password.=$vocals[rand(0,4)];
		}
		return $password;
	}
	
 
##########################
 
/**
	 * @desc Generate a salted hash string
	 * @desc I put the salt in the middle of the hash without any salt signs.
	 * @You can change the substr numbers to get your individual salted hash
	 * 
	 * @param $pwd string 
	 * @return string
	 */
	public static function MakeSaltedPwd($pwd){
		// Get internal Salt from Config Class
		$keyIntern		= "sdf^%$$*^YFoJiuGH(FDF";
		// Get standard md5 hash from $pwd
		$md5pwd			= md5($pwd);
		// Get random salt hash
		$salt 			= substr(md5(pack('N',crc32(microtime()))),0,12);
		// make md5 hash from internal salt and $pwd hash
		$password		= md5($md5pwd.$keyIntern);
		// split this string into two peaces
		$tmp1			= substr($password, 0, 6);
		$tmp2			= substr($password, 6, 32);
		// put the salt in the middle
		$salted_hash	= $tmp1.$salt.$tmp2;
		// Returns the Salted Hash
		return $salted_hash;
	}
 
############ Check the salted password
/**
	 * @desc Removes the salt from the password hash.
	 * @desc To check the hash during a login
	 * 
	 * @param $hash string 
	 * @return string
	 */
	private function CheckPwd($hash){
		$tmp1		= substr($hash, 0, 6);
		$tmp2		= substr($hash, 18, 44);
		$password	= $tmp1.$tmp2;
		return $password;
	}
 
##################
//Check Example
 
$DB = MainController::singleton('MYSQL_DRIVER');
$getData = "SELECT 
us.*,
							gr.admin_groupname,
							gr.admin_group_permissions
							FROM o815_admin_users us LEFT JOIN o815_".$table."_groups gr
								ON us.admin_groupid = gr.admin_groupid 
							WHERE
							MD5(us.admin_username) = '".md5($data['username'])."' 
				";
				
				// Get data from db
				$result = $DB->db_query($getData);
				// Check the user data with the encrypted passwords
		if(self::CheckPwd($result[0]['admin_password']) == self::CheckPwd(self::MakeSaltedPwd($data['password']))){
  print 'yep';
}else{
 print 'nope';
}

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
spandorAuthor Commented:
al3cs12:
Thanks for the links. However, have you used this Admin Pro class? IMO there's a problem with session destroying. Once I clicked logout I can click back in the browser and have still access to the page.... how to solve it?

0
 
Ionut A. TudorPHP ProgrammerCommented:
Hi,
in my internet explorer browser if i click logout and then i navigate back one page in history it says the content expired, but in my firefox browser when i log out and i go back it shows me the page i was previously on but if i click on any links it puts me to login again, so this is not a security thread, its just caching and you will need to login again to access any features of the class.
Cheers
0
 
spandorAuthor Commented:
Hi,

Yes, you are right. It works like this but you have to admitt that it is not a normal situation that you can use back button and see any content.

Cheerio
0
 
blumiCommented:
Sorry, but how can you use such a class, it's not even in php5 security features like salted hashes.
All html with tables, that's just crap sorry.

Date: **** @date: 2004-09-04; <--- No way

I recommend not to use stuff like that, how lazy is that.
I will look for an alternative for you
0
 
Lukasz ChmielewskiCommented:
depends on a browser, Opera is the "most cached" one. The back button is not dependent OOP, this is just the browsers issue, you would need to reload the page every time you enter
0
 
spandorAuthor Commented:
blumi: I dont like this one neither. It would be great if you could advice sth nice and not too complex.
0
 
Ionut A. TudorPHP ProgrammerCommented:
Hi spandor, you asked for a starting point, for a skeleton of how a auth class would look like so that you can develop it. As far as i see it you got an solution, but if you're looking for an already build class with extra options i suggest you hire a developer to build one with your needs. Good luck
0
 
spandorAuthor Commented:
al3cs12: To some point you are right. However, as I wrote, Im new in OOP in PHP. So Im looking for sth uptodate to work on actual things. I dont want any extra options. That one which you recommended was great as functionality but it is not even php5.
0
 
Ionut A. TudorPHP ProgrammerCommented:
0
 
blumiCommented:
I recommend that you write your own thing. You learn through that and it is easy todo.
The problem with ready stuff from the internet is that the programming is mostly very weak and old.

You should start with the creating of you xhtml files/forms:

For public:
login form
logout button
password forgotten site
activation site

For Administration
user listing and delete users
add user/edit/activate user

That is the most work on that what you want. The php stuff goes very quick then.

If you want to go that way i will give you some code later that you plugin then.
I had a look and couldn't find any good solution on short notice.
My own stuff is included in a framework and I have not the time to make a stand alone version.

It's up to you, cheep and dirty or or with a bit effort a quality and hopefully reusable solution.


Cheers
0
 
blumiCommented:
The last one from al3cs12:seems OK if you need it fast
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now