Php Programming Code Examples

This code generates an MD5 protected string, which can be used to hand off to other web pages, or even other sites <?php class authticket { var $secret = "setme"; // you WILL want to change this var $realm = ""; // the realm of this identity var $lifetime = 2 * 60 *60; // tickets good for 2 hours var $authenticated = 0; // the data here is valid iff non-zero var $identity; // the remote identity, if decoded correctly var $issue; // the time the ticket was issued var $remote_addr; // the remote address of the client var $hash; // the hash value. Probably of little use. var $autherr; // if verification faild, this contains why // // helper function which just zeros out the ticket data // function zerodata() { $this->authenticated = 0; $this->identity = ""; $this->issue = 0; $this->remote_addr = ""; $this->hash = ""; $this->autherr = ""; } // // Take a string ($identity) and a time ($time) and the internal // secret value, and generate a string that can be used to verify // that the remote user is known to us. The result of this function // is a single string, that can be passed along in a hidden form // or even a cookie. // // If ($time) is 0, the current time is used instead. // // ($identity) _cannot_ contain a ``:'' character. If you need // one in there, you will have to change it to some sort of escape // sequence. // // Some care should be used. I recommend using this only over SSL, // unless the actual ticket contents are encrypted using something // stronger than XOR. // function makeauth($identity, $time) { global $REMOTE_ADDR; $this->zerodata(); if ($time == 0) $time = time(); $ticket_items[] = (string)$time; $ticket_items[] = $this->realm; $ticket_items[] = $REMOTE_ADDR; $ticket_items[] = $identity; $ticket = implode($ticket_items, ":"); $hash = md5($this->secret . $ticket); $ticket = $hash . ':' . $ticket; $this->identity = $identity; $this->issue = $time; $this->remote_addr = $REMOTE_ADDR; $this->hash = $hash; $this->authenticated = 1; /* data is valid */ $this->autherr = ""; return $ticket; } // // Take a ($ticket) string generated by makeauth(), and a ($time), // and verify that the ticket is valid and not expired. // // If ($time) is 0, the current time will be used. // // On error, the function returns the empty string "", // $authenticated is 0, and $autherr contains the reason // the authentication failed. // // On success, the identity encoded in the ticket is returned, // $authenticated is non-zero, and $autherr is to be ignored. // function checkauth($ticket, $time) { global $REMOTE_ADDR; $this->zerodata(); if ($time == 0) $time = time(); /* * Item order: hash time realm remote_addr identity */ $ticket_items = explode( ":", $ticket); /* * if the remote address doesn't match the one in the ticket, * drop them. */ if ($ticket_items[3] != $REMOTE_ADDR) { $this->autherr = "Address mismatch"; return ""; } // // if we are supposed to check for expired tickets, do that // here. // if ($this->lifetime != 0) if ($time > (int)$ticket_items[1] + $this->lifetime) { $this->autherr = "Ticket expired"; return ""; } // // make certain that the ticket is not being used before // it was issued. // if ($time < (int)$ticket_items[1]) { $this->autherr = "Ticket used before issued"; return ""; } // // verify that the realms match // if ($this->realm != $ticket_items[2]) { $this->autherr = "Realm mismatch"; return ""; } // // This could be done better... Reassemble the components // of the ticket passed to us, and rehash. Compare this // to the hash we were sent. // $tmp_items[] = $ticket_items[1]; $tmp_items[] = $ticket_items[2]; $tmp_items[] = $ticket_items[3]; $tmp_items[] = $ticket_items[4]; $tmp_ticket = implode($tmp_items, ":"); $hash = md5($this->secret . $tmp_ticket); if ($hash != $ticket_items[0]) { $this->autherr = "Integrity check failed"; return ""; } // // well, it all checks out. Might as well claim we know // who this person is. // $this->hash = $hash; $this->issue = $ticket_items[1]; $this->remote_addr = $ticket_items[3]; $this->identity = $ticket_items[4]; $this->authenticated = 1; return $this->identity; } }; ?>