PHP Classes

File: gLogin.php

Recommend this page to a friend!
  Classes of Cesar D. Rodas   gLogin   gLogin.php   Download  
File: gLogin.php
Role: Class source
Content type: text/plain
Description: Main class
Class: gLogin
Encode password fields before submitting forms
Author: By
Last change: * fixing bug
Date: 16 years ago
Size: 4,444 bytes
 

Contents

Class file image Download
<?
/*
** glogin
**
** Sends Login information in secure way. The username and password
** has an randomic name, and the password value is encripted and it is imposible
** to deencript.
**
** The username do have a way back (deencription) and the algorithm is a basic encript
** method. this algorith is not strong back gives more work to some one that wants
** to spy us.
**
** It is *almost* imposible to brake this sLogin and get the password value. The
** username is easy to have. But username without password is not useful.
**
** Also this sLogin prevent to login sending the same encripted password as most of
** login system will do, they prevent to not hide the password, but sending that encripted
** value you can login. sLogin encript the password with MD5 + "randomic key".
**
*/

class gLogin {

    var
$fields;
    var
$method;
    var
$fValues; /* form sended values*/

   
   
function gLogin($method = 'post') {
        @
session_start(); /* creating a session */
       
switch( strtolower($method) ) {
            case
'get':
               
$this->fValues = &$_GET;
               
$this->method = 'get';
                break;
            default:
               
$this->fValues = &$_POST;
               
$this->method = 'post';
                break;
        }
    }

    function
getValue($val) {
        return
$this->deencript( $this->fValues[ $_SESSION['sLogin'][$val]['safe'] ] ) ;
    }
   
   
/*
    ** ugly *encriptation* (it is not encriptation at all... but is something ;-) )
    */
   
function deencript($val) {
       
$word = "";
       
$val = strrev($val);

        for(
$i=0; $i < strlen($val)/2; $i++) {
           
$nro = substr($val, $i*2,2);
           
$rep = hexdec($nro);
            if (
$rep == 0) continue;
           
$word .= chr($rep);
        }
       
$word = strrev($word);
        return
$word;
    }
   
    function
isFormSubmited() {
       
$v = true;

        if ( !isset(
$_SESSION['sLogin']) || !is_array($_SESSION['sLogin'])) return false;
       
        foreach (
$_SESSION['sLogin'] as $field => $values) {
           
$v = $v && isset( $this->fValues[ $values['safe'] ] );
       
        }
        return
$v ;
    }
   
    function
match($field, $value) {
       
$value = md5( $value . $_SESSION['sLoginC']['magic'] );
        return
$this->fValues[ $_SESSION['sLogin'][$field]['safe'] ] === $value;
    }
   
   
    function
safeSend($inputName, $safeAsPassword=false) {
       
/*
         * the security is in the $safeFieldName, which is a hidden input which for every query
         * it has a new name assigned to an real input.
         * Also there is a encrypt method the Password and the normal. The normal has a
         * way back (restore the original value). The password is almost inposible to restore
         * back, it implements MD5 of Password and a secret key that change for every request.
         */
       
$safeFieldName = md5( $inputName . time() . microtime() );
       
$this->fields[$inputName]['safe'] = $safeFieldName;
       
$this->fields[$inputName]['password'] = $safeAsPassword === true;
       
$_SESSION['sLogin'][$inputName] = $this->fields[$inputName]; /* Remember ;-) */
   
}

    function
Js() {
       
$_SESSION['sLoginC']['magic'] = md5( session_id() . time() . microtime() );
       
       
$input = "";
       
$js_action = "";
        foreach (
$this->fields as $field => $values) {
           
$input .= "<input type = hidden id = '".$values['safe']."' name = '".$values['safe']."'>\r\n";
           
$js_action .= "\tsLogin_Safe('$field', '".$values['safe']."',".($values['password']===true ? 'true' : 'false').");\r\n";
        }
       
       
       
       
$r = '
<script><!--
var magicCode = "'
.$_SESSION['sLoginC']['magic'].'";
function sLogin_Send() {
'
.$js_action.'
    return true;
}

function sLogin_Safe(field, hidden, password ) {
    f = document.getElementById(field);
    if ( f == null) {
        alert("sLogin could not find the field " + field);
        return false;
    }
    h = document.getElementById(hidden);
    if (password) {
        safe = hex_md5( f.value + magicCode);
    } else {
        safe = reverse(binl2hex( str2binl(reverse(f.value)) )) ;
    }

    h.value = safe;
    f.value = "";
}

function reverse(str) {
    var nstring;
    nstring="";
    for(i= str.length-1; i >= 0; i--) {
        nstring += str[i];
    }
    return nstring;
}

//--></script>'
;
        return
$r.$input;
    }
   
    function
onsubmit() {
        return
'return sLogin_Send()';
    }


   
}
?>