PHP Classes
elePHPant
Icontem

PHP Mnemonic Secret Path Login: Detect human users telling to click on page places

Recommend this page to a friend!
  Info   View files Documentation   Screenshots Screenshots   View files View files (25)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2018-02-10 (6 months ago) RSS 2.0 feedNot yet rated by the usersTotal: 109 All time: 8,914 This week: 445Up
Version License PHP version Categories
php-mnemoniclogin 1.0.0Custom (specified...5PHP 5, Databases, Graphics, Security
Description Author

This package can detect human users telling to click on page places.

It can store a set of images in a database using PDO.

The pictures can be used to display a sequence that the user needs to memorize like a password to authenticate that he is the person that knows the secret image sequence.

The class can display a secret sequence of pictures that the user can tell that he knows the sequence by clicking the pictures by the correct order.

Alternatively, the user may also enter the correct sequence as a password entered by the keyboard.

Innovation Award
PHP Programming Innovation award nominee
April 2018
Number 3
Passwords are a very common way to identify people that know a secret text that is used to verify they are who they claim they are.

However, text passwords are problematic because people tend to forget them, especially on systems that require them to use uncommon characters in the password text.

This package provides a different approach to entering passwords that allows people to either enter a secret password as text, as well as a sequence of images that need to be clicked by the right order.

Manuel Lemos
  Performance   Level  
Name: zinsou A.A.E.Mose is available for providing paid consulting. Contact zinsou A.A.E.Mose .
Classes: 44 packages by
Country: Benin Benin
Age: 28
All time rank: 10831 in Benin Benin
Week rank: 37 Up1 in Benin Benin Equal
Innovation award
Innovation award
Nominee: 16x

Winner: 2x

Details
When i write this package i was hesitating about the name i will choose,
So in the complete lake of inspiration i call it first and simply CTC for 
Click to connect.And after writing it i just forget it somewhere and said to
myself :soon i will publish it.But one day while browsing the PHPCLASSES PACKAGES
BLOG rubric i found an article of Dave Smith that was talking about SECRET PATH.So i decided
finally to call my package PHP MNEMONIC SECRET PATH LOGIN. Secret path for what it means and MNEMONIC 
for the help the package brought to user in the process of keep in head and memory his password...
Finally i think that it will be called as you( developers that will download it) name it.
This package use a secret path approach that consist to make users click on  different cases of 
some table with as background some own chosen picture as many times as they want to build their
own secret path which would be salted and encrypted before saved in a database as login password.  
With this mnemonic they will be able without knowing a difficult password, to connect to their account
securely.The package allows each user to upload many pictures; to choose both keyboard pass and CTC pictures pass;
or just one of the two methods but also allows when users has uploaded at least two pictures with secret path,
to choose a random login picture to connect. One can even  increase the mnemonic level by showing a grill to let
user know exactly where he click even if this is less beautiful.
The package got a constant called complexity that make the password more secure when increased
or less when turned down.

For example a complexity of 10 leads to 100 compartments to click on 
so if we add the detail that user can click 1,2,3...or as many times he want, that leads to 
a secret path seriously complicated to know even for a computer that could be broken while trying
to find it with a force brute algorithm.By default i use 50 as complexity that leads to 50*50(2500) compartments to click.
suppose a second that complexity is 50 and you click 3 times so the possibilities of choice is 15625000000.
then suppose that user is completely lunatic and want to click just 30 times to make a stronger secret path, this increase the number
of possibilities to about 8.6736173798840354720596224069595e+101 as he can click on the same compartment or change ...
The mathematical notion behind this, is :

when we take n the times, user choose to click 
and p the number of compartments, the order of click count but also user can click on the  same compartment so a result is a 
n-list of compartments chosen in a set containing p compartments.The number of possible results is pow(p,n)...


The max of complexity suggested is 100 in order to not break the design.
The min of complexity suggested is 2 .


The main difficulty for a brute force algorithm will be that nobody knows how many times user click and in what order
but also the generated password is salted before hashing.
This way the secret path will be very difficult to guess.
One other  contribution is that the package fortify the human factor that will be no more weak because no more need to write a password
somewhere.And This brings more security to the PHP authentication system.

Of course programmers need to combine it with TLS protocol to be sure that there won't be a password sniffing and others.An alternative could also
be to use the precious package  PHP Form Encryption of Francisco del Aguila <faguila@alboran.net> that can be found in the 
PHP CLASSES REPOSITORY,to make the form submission more secure.Maybe the next release will include it directly...

Sorry for the design too; maybe this will be also changed in the next release.

The package doesn't got specific documentation, the only way to know more on the code is to look at the implementation.
But the  main functionalities of the package come from This file src/ctc.php which contains a class with the same name;
And this another file src/clicktoconnect.php.The two files are really easy to understand.
 
For the how to use it is simple: copy the folder where you want to use it; import the database and all is done.Of course
you need  to change your database details and other in the config.php file.

For issues and other, use the forum or contact me at leizmo@gmail.com
Ps: the default password is   admin for the user mail leizmo@gmail.com  ,pseudo zinsou and the fake
phone number 069659655.
The package doesn't take care of registration and the design is really minimalist.
It is just a system to show how to help user to remember of their password with mnemonic secret path.
 Also keep in my mind that for the development i used Jquery and jquery-ui files which were stored locally
 But the uploaded package use jquery from http://code.jquery.com so if the package doesn't work as expected
 open your development tool to be sure that jquery has been really loaded.
I know you know but Never forget that your salt must be choose once and definitively before start registering users
with this in  production or you must have a new salt policy otherwise you and your users couldn't connect if you change the salt.
This is because i don't use the password_hash function on each password.
An example of policy when you change your salt is:
add a field in the table of users that keep track (eg: set(oldsalt,newsalt))
if the user didn't yet change his password on the new salt you keep use the old for him
and if he did you can use the new one.
Screenshots  
  • ctcsnap6.PNG
  • ctcsnap7.PNG
  • ctcsnap8.PNG
  • ctcsnap9.PNG
  • ctcsnap5.PNG
  • ctcsnap4.PNG
  • ctcsnap1.PNG
  • ctcsnap10.PNG
  • ctcsnap2.PNG
  • ctcsnap3.PNG
  • ctcsnap0.PNG
  Files folder image Files  
File Role Description
Files folder imageassets (3 directories)
Files folder imagedatabase (1 file)
Files folder imagesrc (3 files)
Accessible without login Plain text file addapass.php Aux. auxilliary script
Accessible without login Plain text file addyourpassnow.php Aux. auxilliary script
Accessible without login Plain text file Ajaxcombox.php Aux. auxilliary script
Accessible without login Plain text file array_column.php Aux. auxilliary script
Accessible without login Plain text file besureofsize.php Aux. auxilliary script
Accessible without login Plain text file changepass.php Aux. auxilliary script
Accessible without login Plain text file config.php Conf. config file
Accessible without login Plain text file connexion.php Aux. auxilliary script
Accessible without login Plain text file doconnect.php Aux. auxilliary script
Accessible without login Plain text file dologout.php Aux. auxilliary script
Accessible without login Plain text file getpreferences.php Aux. auxilliary script
Accessible without login Plain text file index.php Aux. auxilliary script
Accessible without login Plain text file license.txt Lic. license file
Accessible without login Plain text file preferences.php Aux. auxilliary script
Accessible without login Plain text file readme.txt Doc. readme
Accessible without login Plain text file setpreferences.php Aux. auxilliary script

  Files folder image Files  /  assets  
File Role Description
Files folder imagecss (1 file)
Files folder imageimg (2 files)
Files folder imagejs (2 files)

  Files folder image Files  /  assets  /  css  
File Role Description
  Accessible without login Plain text file style.css Data css file

  Files folder image Files  /  assets  /  img  
File Role Description
  Accessible without login Image file DONE.png Data Done image
  Accessible without login Image file loader.gif Data loading image

  Files folder image Files  /  assets  /  js  
File Role Description
  Accessible without login Plain text file ahpwcheck.class.min.js Aux. javascript class source to check passwords requirements
  Accessible without login Plain text file jquery.form.js Aux. javascript class source to automatically submit forms

  Files folder image Files  /  database  
File Role Description
  Accessible without login Plain text file clictoc.sql Data mySql database dump file

  Files folder image Files  /  src  
File Role Description
  Plain text file clicktoconnect.php Class class source
  Plain text file combox.php Class class source
  Plain text file ctc.php Class class source

 Version Control Unique User Downloads Download Rankings  
 0%
Total:109
This week:0
All time:8,914
This week:445Up