We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Authentication class in PHP

spandor
spandor asked
on
Medium Priority
696 Views
Last Modified: 2012-05-06
Hi,

Im new in OOP in PHP, Im trying to figure out how to do an authentication class which will connect do a DB to check user/password from a form, check if a user is logged. Anyone has somethng simple what I will be able to develop?
Comment
Watch Question

Ionut A. TudorPHP Programmer
CERTIFIED EXPERT

Commented:
there are lots of examples out there,
here is one: http://www.phpclasses.org/browse/package/1395.html
Ionut A. TudorPHP Programmer
CERTIFIED EXPERT

Commented:

Commented:
Some useful stuff from me

And I use often session_regenerate to make sure the session id can't be stolen and used that easy.
I think you want to write your own class, so here just some ideas.

Cheers


/**
	 * @desc Generate friendley passwords
	 * @return 
	 */
	public static function GenPassword(){
		$consonats 	= array("b","c","d","f","g","h","j","k","l","m","n","p","r","s","t","v","w","x","y","z");
		$vocals		= array("a","e","i","o","u");
		$password	= "";
		srand((double)microtime()*1000000);
		for($f=1; $f<=4; $f++){
			$password.=$consonats[rand(0,19)];
			$password.=$vocals[rand(0,4)];
		}
		return $password;
	}
	
 
##########################
 
/**
	 * @desc Generate a salted hash string
	 * @desc I put the salt in the middle of the hash without any salt signs.
	 * @You can change the substr numbers to get your individual salted hash
	 * 
	 * @param $pwd string 
	 * @return string
	 */
	public static function MakeSaltedPwd($pwd){
		// Get internal Salt from Config Class
		$keyIntern		= "sdf^%$$*^YFoJiuGH(FDF";
		// Get standard md5 hash from $pwd
		$md5pwd			= md5($pwd);
		// Get random salt hash
		$salt 			= substr(md5(pack('N',crc32(microtime()))),0,12);
		// make md5 hash from internal salt and $pwd hash
		$password		= md5($md5pwd.$keyIntern);
		// split this string into two peaces
		$tmp1			= substr($password, 0, 6);
		$tmp2			= substr($password, 6, 32);
		// put the salt in the middle
		$salted_hash	= $tmp1.$salt.$tmp2;
		// Returns the Salted Hash
		return $salted_hash;
	}
 
############ Check the salted password
/**
	 * @desc Removes the salt from the password hash.
	 * @desc To check the hash during a login
	 * 
	 * @param $hash string 
	 * @return string
	 */
	private function CheckPwd($hash){
		$tmp1		= substr($hash, 0, 6);
		$tmp2		= substr($hash, 18, 44);
		$password	= $tmp1.$tmp2;
		return $password;
	}
 
##################
//Check Example
 
$DB = MainController::singleton('MYSQL_DRIVER');
$getData = "SELECT 
us.*,
							gr.admin_groupname,
							gr.admin_group_permissions
							FROM o815_admin_users us LEFT JOIN o815_".$table."_groups gr
								ON us.admin_groupid = gr.admin_groupid 
							WHERE
							MD5(us.admin_username) = '".md5($data['username'])."' 
				";
				
				// Get data from db
				$result = $DB->db_query($getData);
				// Check the user data with the encrypted passwords
		if(self::CheckPwd($result[0]['admin_password']) == self::CheckPwd(self::MakeSaltedPwd($data['password']))){
  print 'yep';
}else{
 print 'nope';
}

Open in new window

Author

Commented:
al3cs12:
Thanks for the links. However, have you used this Admin Pro class? IMO there's a problem with session destroying. Once I clicked logout I can click back in the browser and have still access to the page.... how to solve it?

Ionut A. TudorPHP Programmer
CERTIFIED EXPERT

Commented:
Hi,
in my internet explorer browser if i click logout and then i navigate back one page in history it says the content expired, but in my firefox browser when i log out and i go back it shows me the page i was previously on but if i click on any links it puts me to login again, so this is not a security thread, its just caching and you will need to login again to access any features of the class.
Cheers

Author

Commented:
Hi,

Yes, you are right. It works like this but you have to admitt that it is not a normal situation that you can use back button and see any content.

Cheerio

Commented:
Sorry, but how can you use such a class, it's not even in php5 security features like salted hashes.
All html with tables, that's just crap sorry.

Date: **** @date: 2004-09-04; <--- No way

I recommend not to use stuff like that, how lazy is that.
I will look for an alternative for you
depends on a browser, Opera is the "most cached" one. The back button is not dependent OOP, this is just the browsers issue, you would need to reload the page every time you enter

Author

Commented:
blumi: I dont like this one neither. It would be great if you could advice sth nice and not too complex.
Ionut A. TudorPHP Programmer
CERTIFIED EXPERT

Commented:
Hi spandor, you asked for a starting point, for a skeleton of how a auth class would look like so that you can develop it. As far as i see it you got an solution, but if you're looking for an already build class with extra options i suggest you hire a developer to build one with your needs. Good luck

Author

Commented:
al3cs12: To some point you are right. However, as I wrote, Im new in OOP in PHP. So Im looking for sth uptodate to work on actual things. I dont want any extra options. That one which you recommended was great as functionality but it is not even php5.
Ionut A. TudorPHP Programmer
CERTIFIED EXPERT
Commented:

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
I recommend that you write your own thing. You learn through that and it is easy todo.
The problem with ready stuff from the internet is that the programming is mostly very weak and old.

You should start with the creating of you xhtml files/forms:

For public:
login form
logout button
password forgotten site
activation site

For Administration
user listing and delete users
add user/edit/activate user

That is the most work on that what you want. The php stuff goes very quick then.

If you want to go that way i will give you some code later that you plugin then.
I had a look and couldn't find any good solution on short notice.
My own stuff is included in a framework and I have not the time to make a stand alone version.

It's up to you, cheep and dirty or or with a bit effort a quality and hopefully reusable solution.


Cheers
Commented:
The last one from al3cs12:seems OK if you need it fast
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.