an authentication class

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

an authentication class

Post by timvw »

I'm trying to build a (flexible) class for authentication in PHP5.
If you have any suggestions or hints or whatever, feel free to share them with me so i can improve the code :)

Code: Select all

<?php

// +---------------------------------------------------------------------------
// | Author: Tim Van Wassenhove <timvw@users.sourceforge.net
// |
// | Secure authentication mechanism (preventing session fixation).
// +---------------------------------------------------------------------------

// start session if it is'nt already there
if (!isset($_SESSION))
&#123;
    session_start();
&#125;

abstract class Authentication
&#123;
    private $name;
    private $credentials;

    /**
    * Method to validate credentials.
    * @param $credentials an array with name=value credentials
    * @return true if valid 
    */
    abstract protected function isValidCredentials($credentials);

    /**
    * Default constructor.
    * @param $name the name of this authentication object.
    */
    public __construct($name = null)
    &#123;
        if (is_null($name))
        &#123;
            $name = md5(uniqid());
        &#125;
        $this->name = $name;
        $this->credentials = null;
    &#125;

    /**
    * Get the registered credentials.
    * @return the credentials, null if they don't exist
    */
    public function getCredentials()
    &#123;
        return $this->credentials;
    &#125;

    /**
    * Login with the given credentials.
    * @param $credentials an array with name=value credentials
    * @return true if success
    */
    public function login($credentials)
    &#123;
        session_regenerate_id();

        if (isValidCredentials($credentials))
        &#123;
            $this->credentials = $credentials;
            $_SESSION&#1111;$this->name . 'authenticated'] = true;
            $_SESSION&#1111;$this->name . 'fingerprint'] = $this->getFingerprint();
            return true;
        &#125;
        return false;
    &#125;

    // logout
    function logout()
    &#123;
        $this->credentials = null;
        session_regenerate_id();
        $_SESSION&#1111;$this->name . 'authenticated'] = false;
    &#125;

    // test if user is authenticated
    function isAuthenticated()
    &#123;
        if (array_key_exists($this->name . 'authenticated', $_SESSION)) && $_SESSION&#1111;$this->name . 'authenticated'] === true)
        &#123;
            if ($_SESSION&#1111;$this->name . 'fingerprint'] == $this->getFingerprint())
            &#123;
                session_regenerate_id();
                $_SESSION&#1111;$this->name . 'fingerprint'] = $this->getFingerprint();
                return true;
            &#125;
        &#125;
        return false;
    &#125;

    // get the fingerprint of the user
    function getFingerprint()
    &#123;
        $fingerprint = 'secretstring';
        if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) 
        &#123;
            $fingerprint .= $_SERVER&#1111;'HTTP_USER_AGENT'];
        &#125;
        if (array_key_exists('HTTP_ACCEPT_CHARSET', $_SERVER))
        &#123;
            $fingerprint .= $_SERVER&#1111;'HTTP_ACCEPT_CHARSET'];
        &#125;
        $fingerprint .= session_id();
        $fingerpring = md5($fingerprint);
        return $fingerprint;
    &#125;
&#125;
?>
Post Reply