VB icon

authticket

Email
Submitted on: 1/1/2015 12:06:00 AM
By: PHP Code Exchange (from psc cd)  
Level: Intermediate
User Rating: By 2 Users
Compatibility: PHP 4.0
Views: 2600
 
     This code generates an MD5 protected string, which can be used to hand off to other web pages, or even other sites. If someone can read the ticket, they can use it, so this works best over encrypted connections, but since the ticket only lasts for a short time (2 hours, definable) I think it's better than sending a password around. By Michael Graff.
 
code:
Can't Copy and Paste this?
Click here for a copy-and-paste friendly version of this code!
				
//**************************************
// Name: authticket
// Description:This code generates an MD5 protected string, which can be used to hand off to other web pages, or even other sites. If someone can read the ticket, they can use it, so this works best over encrypted connections, but since the ticket only lasts for a short time (2 hours, definable) I think it's better than sending a password around. By Michael Graff.
// By: PHP Code Exchange (from psc cd)
//**************************************

<?php
// $Id: authticket.phl,v 1.3 1998/02/11 16:45:34 explorer Exp $
//
// Copyright (c) 1998 Michael Graff <explorer@flame.org>
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
// 1. Redistributions of source code must retain the above copyright
//notice, this list of conditions and the following disclaimer.
// 2. Redistributions in binary form must reproduce the above copyright
//notice, this list of conditions and the following disclaimer in the
//documentation and/or other materials provided with the distribution.
// 3. Neither the name of author nor the names of its contributors may be
//used to endorse or promote products derived from this software
//without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
// SUCH DAMAGE.
//
class authticket {
	var $secret = "setme";		// you WILL want to change this
	var $realm = "";		// the realm of this identity
	var $lifetime = 2 * 60 *60;	// tickets good for 2 hours
	var $authenticated = 0;		// the data here is valid iff non-zero
	var $identity;		// the remote identity, if decoded correctly
	var $issue;		// the time the ticket was issued
	var $remote_addr;	// the remote address of the client
	var $hash;		// the hash value. Probably of little use.
	var $autherr;		// if verification faild, this contains why
	//
	// helper function which just zeros out the ticket data
	//
	function zerodata()
	{
		$this->authenticated = 0;
		$this->identity = "";
		$this->issue = 0;
		$this->remote_addr = "";
		$this->hash = "";
		$this->autherr = "";
	}
	//
	// Take a string ($identity) and a time ($time) and the internal
	// secret value, and generate a string that can be used to verify
	// that the remote user is known to us. The result of this function
	// is a single string, that can be passed along in a hidden form
	// or even a cookie.
	//
	// If ($time) is 0, the current time is used instead.
	//
	// ($identity) _cannot_ contain a ``:'' character. If you need
	// one in there, you will have to change it to some sort of escape
	// sequence.
	//
	// Some care should be used. I recommend using this only over SSL,
	// unless the actual ticket contents are encrypted using something
	// stronger than XOR.
	//
	function makeauth($identity, $time)
	{
		global $REMOTE_ADDR;
		$this->zerodata();
		if ($time == 0)
			$time = time();
		$ticket_items[] = (string)$time;
		$ticket_items[] = $this->realm;
		$ticket_items[] = $REMOTE_ADDR;
		$ticket_items[] = $identity;
		$ticket = implode($ticket_items, ":");
		$hash = md5($this->secret . $ticket);
		$ticket = $hash . ':' . $ticket;
		$this->identity = $identity;
		$this->issue = $time;
		$this->remote_addr = $REMOTE_ADDR;
		$this->hash = $hash;
		$this->authenticated = 1; /* data is valid */
		$this->autherr = "";
		return $ticket;
	}
	//
	// Take a ($ticket) string generated by makeauth(), and a ($time),
	// and verify that the ticket is valid and not expired.
	//
	// If ($time) is 0, the current time will be used.
	//
	// On error, the function returns the empty string "",
	// $authenticated is 0, and $autherr contains the reason
	// the authentication failed.
	//
	// On success, the identity encoded in the ticket is returned,
	// $authenticated is non-zero, and $autherr is to be ignored.
	//
	function checkauth($ticket, $time)
	{
		global $REMOTE_ADDR;
		$this->zerodata();
		if ($time == 0)
			$time = time();
		/*
		 * Item order: hash time realm remote_addr identity
		 */
		$ticket_items = explode(":", $ticket);
		/*
		 * if the remote address doesn't match the one in the ticket,
		 * drop them.
		 */
		if ($ticket_items[3] != $REMOTE_ADDR) {
			$this->autherr = "Address mismatch";
			return "";
		}
		//
		// if we are supposed to check for expired tickets, do that
		// here.
		//
		if ($this->lifetime != 0)
			if ($time > (int)$ticket_items[1] + $this->lifetime) {
				$this->autherr = "Ticket expired";
				return "";
			}
		//
		// make certain that the ticket is not being used before
		// it was issued.
		//
		if ($time < (int)$ticket_items[1]) {
			$this->autherr = "Ticket used before issued";
			return "";
		}
		//
		// verify that the realms match
		//
		if ($this->realm != $ticket_items[2]) {
			$this->autherr = "Realm mismatch";
			return "";
		}
		//
		// This could be done better... Reassemble the components
		// of the ticket passed to us, and rehash. Compare this
		// to the hash we were sent.
		//
		$tmp_items[] = $ticket_items[1];
		$tmp_items[] = $ticket_items[2];
		$tmp_items[] = $ticket_items[3];
		$tmp_items[] = $ticket_items[4];
		$tmp_ticket = implode($tmp_items, ":");
		$hash = md5($this->secret . $tmp_ticket);
		if ($hash != $ticket_items[0]) {
			$this->autherr = "Integrity check failed";
			return "";
		}
		//
		// well, it all checks out. Might as well claim we know
		// who this person is.
		//
		$this->hash = $hash;
		$this->issue = $ticket_items[1];
		$this->remote_addr = $ticket_items[3];
		$this->identity = $ticket_items[4];
		$this->authenticated = 1;
		return $this->identity;
	}
};
?>


Other 13 submission(s) by this author

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this code (in the Intermediate category)?
(The code with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular code, please click here instead.)
 

To post feedback, first please login.