PHP Classes

PHP Secret URL Path: Authorize access based on user click sequence

Recommend this page to a friend!
  Info   View files Example   View files View files (5)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog (2)    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 78%Total: 542 All time: 5,563 This week: 107Up
Version License PHP version Categories
secret-path 1.1GNU General Publi...5PHP 5, User Management, Security
Description 

Author

This class can authorize access based on user click sequence.

It takes an array of values and checks if the user has clicked on links with parameter values that follow the sequence of values in the array.

The class object is stored in a session variable, so in the next access the class can check if the correct link was clicked passing the next value in the array.

Innovation Award
PHP Programming Innovation award winner
November 2016
Winner


Prize: One downloadable copy of PhpED Professional
Passwords are the most common way to authenticate users. However, if somebody sees a user typing a password, the password may be stolen and the user account may be taken over.

A better approach is used by some bank ATMs. They show a bunch of buttons with lists of letter and number sequences on each button. The user has to use the right buttons by the correct sequence.

Since the buttons show different types of letter and number groups, even if somebody sees which buttons the user pressed, he will not know exactly what is the correct sequence.

This class provides means to implement a similar security system in PHP. It presents a list of links with values that the user needs to click, one after another by the correct sequence to be authenticated successfully.

Manuel Lemos
Picture of Dave Smith
  Performance   Level  
Name: Dave Smith is available for providing paid consulting. Contact Dave Smith .
Classes: 51 packages by
Country: United States United States
Age: 58
All time rank: 618 in United States United States
Week rank: 11 Up3 in United States United States Up
Innovation award
Innovation award
Nominee: 32x

Winner: 7x

Example

<?php
/*
secretPath class
version 1.0 10/21/2016

Authorize access based on the sequence of user clicks
*/

//start session - sequence saved in $_SESSION super global
session_start();

//include class source
include('secretpath.class.php');

//instantiate the class or define class object from saved data
if( empty($_SESSION['secpth']) ){
   
$path = array(1,2,3,2,2);
   
$secpth = new secretPath('link',$path);
}else{
   
$secpth = unserialize($_SESSION['secpth']);
}

//test user click sequence and send to secret page if sequence completed
//correctly
if( $secpth->validatePath() === true ){
   
   
//it is important to save the class object before re-directing
   
$_SESSION['secpth'] = serialize($secpth);
   
header('location: secret.php');
    exit;
   
}

//save class object to session
$_SESSION['secpth'] = serialize($secpth);

?>
<html>
    <head>
        <title>Secret Path Example</title>
    </head>
    <body>
        Default secret path is link: 1,2,3,2,2<br><br>
        <a href="example.php?link=1">Link 1</a><br>
        <a href="example.php?link=2">Link 2</a><br>
        <a href="example.php?link=3">Link 3</a><br>
    </body>
</html>


Details

Class: secretPath Version: 1.0 10/21/2016 Copyright 2015 Wagon Trader, All Rights Reserved Description: This class will track a user's clicks and allow authorized access if they followed a defined sequence. Files: secretpath.class.php - Main class example.php - Simple application example secret.php - Example file requiring authentication Installation: Upload files to a web accessible location on your server (eg. public_html) Configuration: No configuration needed. Usage: Refer to example.php file for a simple usage example. Refer to secretpath.class.php file for instructions on using methods When the class is instantiated you must provide the variable name which is being used as the URL key in the key/value pair and an array of values in the correct sequence for authorization. Changelog 1.1.1 Added method to test users path Added strongReset param to validatePath method 1.1 Changed class construct to support random generation Added random path and tracking generation methods Added method to get tracking variable Added method to get secret path 1.0 Initial release

  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example Usage Example
Accessible without login Plain text file license.txt Lic. License
Accessible without login Plain text file manual.txt Doc. Documentation
Accessible without login Plain text file secret.php Example Authentication Example
Plain text file secretpath.class.php Class Main Class

 Version Control Unique User Downloads Download Rankings  
 0%
Total:542
This week:0
All time:5,563
This week:107Up
User Ratings User Comments (1)
 All time
Utility:100%StarStarStarStarStarStar
Consistency:93%StarStarStarStarStar
Documentation:93%StarStarStarStarStar
Examples:100%StarStarStarStarStarStar
Tests:-
Videos:-
Overall:78%StarStarStarStar
Rank:38