{"id":1490,"date":"2018-01-19T19:22:54","date_gmt":"2018-01-19T19:22:54","guid":{"rendered":"http:\/\/goofy-trucks.flywheelsites.com\/complete-secure-user-auth-library-page-2\/"},"modified":"2018-01-19T19:24:49","modified_gmt":"2018-01-19T19:24:49","slug":"complete-secure-user-auth-library-page-2","status":"publish","type":"post","link":"https:\/\/phpbuilder.com\/complete-secure-user-auth-library-page-2\/","title":{"rendered":"Complete, Secure User Auth Library Page 2"},"content":{"rendered":"
\n
\n
By Tim Perdue<\/div>\n
on July 30, 2000<\/div>\n<\/p><\/div>\n
\n
\nHere are the two critical functions in this library – the token creation and token verification functions.
\nDon’t worry – the rest of the library is included here as well.<\/div>\n
\n
\n\u00a0
\n
<?php<\/p>\n

$hidden_hash_var<\/span>=<\/span>'your_secret_password_here'<\/span>;<\/p>\n

<\/span>$LOGGED_IN<\/span>=<\/span>false<\/span>;
\n
unset(<\/span>$LOGGED_IN<\/span>);<\/p>\n

function\u00a0<\/span>user_isloggedin<\/span>()\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0global\u00a0<\/span>$user_name<\/span>,<\/span>$id_hash<\/span>,<\/span>$hidden_hash_var<\/span>,<\/span>$LOGGED_IN<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0<\/span>\/\/have\u00a0we\u00a0already\u00a0run\u00a0the\u00a0hash\u00a0checks?
\n
\u00a0\u00a0\u00a0\u00a0\/\/If\u00a0so,\u00a0return\u00a0the\u00a0pre-set,\u00a0trusted\u00a0var
\n
\u00a0\u00a0\u00a0\u00a0<\/span>if\u00a0(\u00a0isset(<\/span>$LOGGED_IN<\/span>)\u00a0)\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0<\/span>$LOGGED_IN<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0}
\n
\u00a0\u00a0\u00a0\u00a0<\/span>\/\/are\u00a0both\u00a0cookies\u00a0present?
\n
\u00a0\u00a0\u00a0\u00a0<\/span>if\u00a0(<\/span>$user_name\u00a0<\/span>&&\u00a0<\/span>$id_hash<\/span>)\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>\/*
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Create\u00a0a\u00a0hash\u00a0of\u00a0the\u00a0user\u00a0name\u00a0that\u00a0was\u00a0
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0passed\u00a0in\u00a0from\u00a0the\u00a0cookie\u00a0as\u00a0well\u00a0as\u00a0the\u00a0
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0trusted\u00a0hidden\u00a0variable<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0If\u00a0this\u00a0hash\u00a0matches\u00a0the\u00a0cookie\u00a0hash,
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0then\u00a0all\u00a0cookie\u00a0vars\u00a0must\u00a0be\u00a0correct\u00a0and
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0thus\u00a0trustable
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*\/
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>$hash<\/span>=<\/span>md5<\/span>(<\/span>$user_name<\/span>.<\/span>$hidden_hash_var<\/span>);
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if\u00a0(<\/span>$hash\u00a0<\/span>==\u00a0<\/span>$id_hash<\/span>)\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>\/\/hashes\u00a0match\u00a0-\u00a0set\u00a0a\u00a0global\u00a0var\u00a0so\u00a0we\u00a0can\u00a0
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/call\u00a0this\u00a0function\u00a0repeatedly\u00a0without\u00a0
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/redoing\u00a0the\u00a0md5()'s
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>$LOGGED_IN<\/span>=<\/span>true<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0<\/span>true<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}\u00a0else\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>\/\/hash\u00a0didn't\u00a0match\u00a0-\u00a0must\u00a0be\u00a0a\u00a0hack\u00a0attempt?
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>$LOGGED_IN<\/span>=<\/span>false<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0<\/span>false<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}
\n
\u00a0\u00a0\u00a0\u00a0}\u00a0else\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>$LOGGED_IN<\/span>=<\/span>false<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0<\/span>false<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0}
\n
}<\/p>\n

function\u00a0<\/span>user_set_tokens<\/span>(<\/span>$user_name_in<\/span>)\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0<\/span>\/*
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0call\u00a0this\u00a0once\u00a0you\u00a0have\u00a0confirmed\u00a0user\u00a0name\u00a0and\u00a0password
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0are\u00a0correct\u00a0in\u00a0the\u00a0database
\n
\u00a0\u00a0\u00a0\u00a0*\/
\n
\u00a0\u00a0\u00a0\u00a0<\/span>global\u00a0<\/span>$hidden_hash_var<\/span>,<\/span>$user_name<\/span>,<\/span>$id_hash<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0if\u00a0(!<\/span>$user_name_in<\/span>)\u00a0{
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>$feedback\u00a0<\/span>.=\u00a0\u00a0<\/span>'\u00a0ERROR\u00a0-\u00a0User\u00a0Name\u00a0Missing\u00a0When\u00a0Setting\u00a0Tokens\u00a0'<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0<\/span>false<\/span>;
\n
\u00a0\u00a0\u00a0\u00a0}
\n
\u00a0\u00a0\u00a0\u00a0<\/span>$user_name<\/span>=<\/span>strtolower<\/span>(<\/span>$user_name_in<\/span>);<\/p>\n

\u00a0\u00a0\u00a0\u00a0<\/span>\/\/create\u00a0a\u00a0hash\u00a0of\u00a0the\u00a0two\u00a0variables\u00a0we\u00a0know
\n
\u00a0\u00a0\u00a0\u00a0<\/span>$id_hash<\/span>=\u00a0<\/span>md5<\/span>(<\/span>$user_name<\/span>.<\/span>$hidden_hash_var<\/span>);<\/p>\n

\u00a0\u00a0\u00a0\u00a0<\/span>\/\/set\u00a0cookies\u00a0for\u00a0one\u00a0month\u00a0-\u00a0set\u00a0to\u00a0any\u00a0amount\u00a0
\n
\u00a0\u00a0\u00a0\u00a0\/\/or\u00a0use\u00a00\u00a0for\u00a0a\u00a0session\u00a0cookie<\/p>\n

\u00a0\u00a0\u00a0\u00a0<\/span>setcookie<\/span>(<\/span>'user_name'<\/span>,<\/span>$user_name<\/span>,(<\/span>time<\/span>()+<\/span>2592000<\/span>),<\/span>'\/'<\/span>,<\/span>''<\/span>,<\/span>0<\/span>);
\n
\u00a0\u00a0\u00a0\u00a0<\/span>setcookie<\/span>(<\/span>'id_hash'<\/span>,<\/span>$id_hash<\/span>,(<\/span>time<\/span>()+<\/span>2592000<\/span>),<\/span>'\/'<\/span>,<\/span>''<\/span>,<\/span>0<\/span>);
\n
}<\/p>\n

<\/span>?>
\n
<\/span>
\n<\/span>
\n<\/code><\/font><\/div>\n<\/div>\n

<\/p>\n

\n
\u00ab Previous Page<\/a><\/div>\n
1<\/a> <\/div>\n
| <\/div>\n
2<\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

By Tim Perdue on July 30, 2000 Here are the two critical functions in this library – the token creation and token verification functions. Don’t worry – the rest of the library is included here as well. \u00a0 <?php $hidden_hash_var=’your_secret_password_here’; $LOGGED_IN=false; unset($LOGGED_IN); function\u00a0user_isloggedin()\u00a0{ \u00a0\u00a0\u00a0\u00a0global\u00a0$user_name,$id_hash,$hidden_hash_var,$LOGGED_IN; \u00a0\u00a0\u00a0\u00a0\/\/have\u00a0we\u00a0already\u00a0run\u00a0the\u00a0hash\u00a0checks? \u00a0\u00a0\u00a0\u00a0\/\/If\u00a0so,\u00a0return\u00a0the\u00a0pre-set,\u00a0trusted\u00a0var \u00a0\u00a0\u00a0\u00a0if\u00a0(\u00a0isset($LOGGED_IN)\u00a0)\u00a0{ \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return\u00a0$LOGGED_IN; \u00a0\u00a0\u00a0\u00a0} \u00a0\u00a0\u00a0\u00a0\/\/are\u00a0both\u00a0cookies\u00a0present?… <\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1490","post","type-post","status-publish","format-standard","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/comments?post=1490"}],"version-history":[{"count":1,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1490\/revisions"}],"predecessor-version":[{"id":3336,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1490\/revisions\/3336"}],"wp:attachment":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/media?parent=1490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/categories?post=1490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/tags?post=1490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}