This package can authenticate users using colored images instead using username and password.
HOW IT WORKS?
1. At registration proccess the system generate's a .PNG Image (let's reffer to it as "the login key").
The standars login system use username and password, this package uses "php microtime()" as username, and all the RGB colors of all pixels from THE LOGIN KEY as password.
Lets take an example for better understanding:
Lets suppose that the registration time is "0.12345600 1404123456" -> this is the output of microtime() function.
The class TimeConvert, take this output of microtime() and convert it into RGB colors. It will generat 3 groups like so:
1. array(100, 101, 102) // array(R, G, B)
2. array(150, 151, 152) // array(R, G, B)
3. array(200, 201, 202) // array(R, G, B)
Lets suppose that this groups are the RGB of HOT PIXELS (pixels which store the registration time)
The conversion algorithm is in SCHEMA.JPG
Once the time is converted, we need the class Positioner to set the position of those 3 pixels.
Lets take a .PNG file of 200 x 200 resolution. What this means? That the image is like a table with 200 columns and 200 rows. Also can be named as MATRIX.
Without moving forward, any color is compound of RGB (RED, GREEN, BLUE) intensity. Every value of intensity is between 0 and 255.
So, lets get back to our 200 x 200 resolution image. THE GOAL IS TO INSERT THE converted time, into the image MATRIX. How we do this?
Well ... first of all, we need a rule, that applies to every LOGIN KEY. I call this "entry Points" because they are using the same "algorithm position" like so:
Even we generate an image on 200 x 200 resolution, or 300 x 300, of whatever you want (even random resolution), the "entry point" will be easy to detect.
first entry point will be the floor(width / 2). This means that the system, take the width, in our case 200, divided by 2. If it is a float number, it will rounded to bottom value. For better understanding use this algo: floor(205 / 2) = floor(102.5) = 102
Back to our 200 x 200. As we can see, the first entry point have the coordinates (100, 0).
The second entry point is calculated based on height which means that have the coordinates (0, 100) on the image MATRIX
Once we have have the entry points, lets take care of converted time, and inserting it into LOGIN KEY matrix. What is a pixel by the way? A pixel is a point of an image defined by position and color intensity. the pixel (0, 0) [R, G, B] is the first pixel of an image. So we have the colors intensity of the registration time, but, they are not pixels yet? Why? because they don't have coordinates (positions). We have to generate positions for the colors generated at step 1, but also we have to keep track of that positions.
Who we solve this?
My bet, was like so:
1st entry point: (100, 0) [R1, G1, B1]
2nd entry point: (0, 100) [R2, G2, B2]
based on this entry points and the generated colors from time, lets combine them, and get the HOT PIXELS (pixel which actually stores the time into LOGIN KEY)
1st time group pixel (R1, R2) [100, 101, 102]
2nd time group pixel (G1, G2) [150, 151, 152]
3rd time group pixel (B1, B2) [200, 201, 202]
In other words, the RED intensity from FIRST entry point and the RED intensity from SECOND entry point define the position of first array generated by TimeConvertor and so on.
Ok, after all of this, the goal was to insert this pixels into the LOGIN KEY:
The class Image take care of this but some little more as follows.
The class Image generats THE LOGIN KEY randomly, and insert the HOT PIXELS. After the HotPixels are inserted, the class is reading the image pixel by pixel, and is building a string based on that key:
Lets suppose a key with resolution 2 x 2 (for simplity)
(0, 0) [100,101,102] (1, 0)[200,201,202]
(1, 0) [103,104,105] (1, 1)[203,204,205]
So the string based on this will be:
$matrix = 00100101102102002012021010310410511203204205
So, at registration, save in your database the $matrix variable, and the microtime. As we said in the first line of this, we use microtime as username, and entire LOGIN KEY matrix as password.
After the matrix is stored in database, ask user to download that LOGIN KEY and keep it safe because he will be able to login only with this key.
At the Login step ... ask the user to provide his key. The class Checker, will take care to reverse the entire algorithm and provide the image matrix and registration time. Once you have this, you can look into your database if the registration time readed from the user provided key exists. If yes, well, we have a potential user, and now, you have to compare if the entire matrix of the provided key is a match with the registered LOGIN KEY.
After all of this, if someone with bad intentions try to change in any form the login key, it will get a big "GET OUT" :)) from our system.
if you change the dimensions of the picture or a small pixel from that key, or a intensity, the key will not be valid.
PRO's for this system:
-> a key with rezolution of 200 x 200 is the equivalent of a 500.000 characters password
-> brute force is for past, I quarantee that anyone who try to brute force this, will get dead until he will guess 10 pixels :))
CON's for this system:
I can't find a proper way for "password recovery".
If you have something in mind please don't hesitate to contact me.