PHPBuilder - Complete, Secure User Auth Library Page 2



RSS Twitter
Articles Application Architecture

Complete, Secure User Auth Library - Page 2

by: Tim Perdue
|
July 30, 2000

Here are the two critical functions in this library - the token creation and token verification functions. Don't worry - the rest of the library is included here as well.
 
<?php

$hidden_hash_var
='your_secret_password_here';

$LOGGED_IN=false;
unset(
$LOGGED_IN);

function 
user_isloggedin() {
    global 
$user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;
    
//have we already run the hash checks?
    //If so, return the pre-set, trusted var
    
if ( isset($LOGGED_IN) ) {
        return 
$LOGGED_IN;
    }
    
//are both cookies present?
    
if ($user_name && $id_hash) {
        
/*
            Create a hash of the user name that was 
            passed in from the cookie as well as the 
            trusted hidden variable

            If this hash matches the cookie hash,
            then all cookie vars must be correct and
            thus trustable
        */
        
$hash=md5($user_name.$hidden_hash_var);
        if (
$hash == $id_hash) {
            
//hashes match - set a global var so we can 
            //call this function repeatedly without 
            //redoing the md5()'s
            
$LOGGED_IN=true;
            return 
true;
        } else {
            
//hash didn't match - must be a hack attempt?
            
$LOGGED_IN=false;
            return 
false;
        }
    } else {
        
$LOGGED_IN=false;
        return 
false;
    }
}

function 
user_set_tokens($user_name_in) {
    
/*
        call this once you have confirmed user name and password
        are correct in the database
    */
    
global $hidden_hash_var,$user_name,$id_hash;
    if (!
$user_name_in) {
        
$feedback .=  ' ERROR - User Name Missing When Setting Tokens ';
        return 
false;
    }
    
$user_name=strtolower($user_name_in);

    
//create a hash of the two variables we know
    
$id_hashmd5($user_name.$hidden_hash_var);

    
//set cookies for one month - set to any amount 
    //or use 0 for a session cookie

    
setcookie('user_name',$user_name,(time()+2592000),'/','',0);
    
setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}

?>

« Previous Page
1
|
2

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Tim Perdue

Comment:



Comment:

(Maximum characters: 1200). You have characters left.