This,code,generates,MD5,protected,string,php

Yavuz 9/1/2016 0

This code generates an MD5 protected string in PHP, which can be used to hand off to other web pages, or even other sites

PHP
<?php 
class  authticket  { 
        var  $secret  =  "setme";                //  you  WILL  want  to  change  this 
        var  $realm  =  "";                //  the  realm  of  this  identity 
        var  $lifetime  =  2  *  60  *60;        //  tickets  good  for  2  hours 
        var  $authenticated  =  0;                //  the  data  here  is  valid  iff  non-zero 

        var  $identity;                //  the  remote  identity,  if  decoded  correctly 
        var  $issue;                //  the  time  the  ticket  was  issued 
        var  $remote_addr;        //  the  remote  address  of  the  client 
        var  $hash;                //  the  hash  value.    Probably  of  little  use. 

        var  $autherr;                //  if  verification  faild,  this  contains  why 

        // 
        //  helper  function  which  just  zeros  out  the  ticket  data 
        // 
        function  zerodata() 
        { 
                $this->authenticated  =  0; 
                $this->identity  =  ""; 
                $this->issue  =  0; 
                $this->remote_addr  =  ""; 
                $this->hash  =  ""; 
                $this->autherr  =  ""; 
        } 

        // 
        //  Take  a  string  ($identity)  and  a  time  ($time)  and  the  internal 
        //  secret  value,  and  generate  a  string  that  can  be  used  to  verify 
        //  that  the  remote  user  is  known  to  us.    The  result  of  this  function 
        //  is  a  single  string,  that  can  be  passed  along  in  a  hidden  form 
        //  or  even  a  cookie. 
        // 
        //  If  ($time)  is  0,  the  current  time  is  used  instead. 
        // 
        //  ($identity)  _cannot_  contain  a  ``:''  character.    If  you  need 
        //  one  in  there,  you  will  have  to  change  it  to  some  sort  of  escape 
        //  sequence. 
        // 
        //  Some  care  should  be  used.    I  recommend  using  this  only  over  SSL, 
        //  unless  the  actual  ticket  contents  are  encrypted  using  something 
        //  stronger  than  XOR. 
        // 
        function  makeauth($identity,  $time) 
        { 
                global  $REMOTE_ADDR; 

                $this->zerodata(); 

                if  ($time  ==  0) 
                        $time  =  time(); 

                $ticket_items[]  =  (string)$time; 
                $ticket_items[]  =  $this->realm; 
                $ticket_items[]  =  $REMOTE_ADDR; 
                $ticket_items[]  =  $identity; 

                $ticket  =  implode($ticket_items,  ":"); 

                $hash  =  md5($this->secret  .  $ticket); 

                $ticket  =  $hash  .  ':'  .  $ticket; 

                $this->identity  =  $identity; 
                $this->issue  =  $time; 
                $this->remote_addr  =  $REMOTE_ADDR; 
                $this->hash  =  $hash; 
                $this->authenticated  =  1;    /*  data  is  valid  */ 
                $this->autherr  =  ""; 

                return  $ticket; 
        } 

        // 
        //  Take  a  ($ticket)  string  generated  by  makeauth(),  and  a  ($time), 
        //  and  verify  that  the  ticket  is  valid  and  not  expired. 
        // 
        //  If  ($time)  is  0,  the  current  time  will  be  used. 
        // 
        //  On  error,  the  function  returns  the  empty  string  "", 
        //  $authenticated  is  0,  and  $autherr  contains  the  reason 
        //  the  authentication  failed. 
        // 
        //  On  success,  the  identity  encoded  in  the  ticket  is  returned, 
        //  $authenticated  is  non-zero,  and  $autherr  is  to  be  ignored. 
        // 
        function  checkauth($ticket,  $time) 
        { 
                global  $REMOTE_ADDR; 

                $this->zerodata(); 

                if  ($time  ==  0) 
                        $time  =  time(); 

                /* 
                  *  Item  order:    hash  time  realm  remote_addr  identity 
                  */ 
                $ticket_items  =  explode( ":",  $ticket); 

                /* 
                  *  if  the  remote  address  doesn't  match  the  one  in  the  ticket, 
                  *  drop  them. 
                  */ 
                if  ($ticket_items[3]  !=  $REMOTE_ADDR)  { 
                        $this->autherr  =  "Address  mismatch"; 
                        return  ""; 
                } 

                // 
                //  if  we  are  supposed  to  check  for  expired  tickets,  do  that 
                //  here. 
                // 
                if  ($this->lifetime  !=  0) 
                        if  ($time  >  (int)$ticket_items[1]     $this->lifetime)  { 
                                $this->autherr  =  "Ticket  expired"; 
                                return  ""; 
                        } 

                // 
                //  make  certain  that  the  ticket  is  not  being  used  before 
                //  it  was  issued. 
                // 
                if  ($time  <  (int)$ticket_items[1])  { 
                        $this->autherr  =  "Ticket  used  before  issued"; 
                        return  ""; 
                } 

                // 
                //  verify  that  the  realms  match 
                // 
                if  ($this->realm  !=  $ticket_items[2])  { 
                        $this->autherr  =  "Realm  mismatch"; 
                        return  ""; 
                } 

                // 
                //  This  could  be  done  better...    Reassemble  the  components 
                //  of  the  ticket  passed  to  us,  and  rehash.    Compare  this 
                //  to  the  hash  we  were  sent. 
                // 
                $tmp_items[]  =  $ticket_items[1]; 
                $tmp_items[]  =  $ticket_items[2]; 
                $tmp_items[]  =  $ticket_items[3]; 
                $tmp_items[]  =  $ticket_items[4]; 

                $tmp_ticket  =  implode($tmp_items,  ":"); 

                $hash  =  md5($this->secret  .  $tmp_ticket); 

                if  ($hash  !=  $ticket_items[0])  { 
                        $this->autherr  =  "Integrity  check  failed"; 
                        return  ""; 
                } 

                // 
                //  well,  it  all  checks  out.    Might  as  well  claim  we  know 
                //  who  this  person  is. 
                // 
                $this->hash  =  $hash; 
                $this->issue  =  $ticket_items[1]; 
                $this->remote_addr  =  $ticket_items[3]; 
                $this->identity  =  $ticket_items[4]; 
                $this->authenticated  =  1; 

                return  $this->identity; 
        } 
}; 

?>
 

Report Bug

Please Login to Report Bug

Reported Bugs

Comments

Please Login to Comment

Comments