authenticating credentials tutorial
DESCRIPTION
Learn how to authenticate a user in ProdigyView. Involves hashing and encrypting values.TRANSCRIPT
Overview
Objective
Learn how to authenticate a user in ProdigyView. Involves hashing and encrypting values.
Requirements
Installed version of ProdigyView with database
Understanding of creating table and columns in ProgidyView
Estimated Time
12 Minuteswww.prodigyview.com
Follow Along With Code Example
1. Download a copy of the example code at www.prodigyview.com/source.
2.Install the system in an environment you feel comfortable testing in.
3.Proceed to examples/security/Authorization.php
What is Authentication
Authentication is the process of checking that a user credentials match. To protect a user, sensitive information should not be kept in plain text.
In this example for this tutorial, we are going to authenticate on a user’s email address, password, and social security.
The tutorial will deal with hashing and encrypting of values.
www.prodigyview.com
Creating A User Table
The first thing we have to do is create a user table. Below is an example of creating a user table with PVDatabase’s database methods. If you are unsure about this part, review the tutorial on Database Tables and Columns.
Initializing PVSecurityThe first part is initializing PVSecurity’s class. These fields must be set for authentication to work.
1. Set these fields in cookies on successful authentication
2. Set the fields in a session on successful authentication
3. Hash fields in this array 4. Encrypt These Fields 5. The table that contain the fields
Hashing Vs EncryptionIn our previous example we had fields that were hashed and fields that were encrypted.
Whats the difference?
Hashing uses the PVSecurity::hash() method, which is one way. This means that there is no key for decrypting the hash.
Encryption used PVSecurity::encrypt() method, which means there is a key for decrypting the values.
Insert Sample DataNow let’s insert the some sample data. Imagine in a real world experience, the data is retrieved from a user $_POST and is then hashed/encrypted.
1. Encrypt the Social Security Number 2. Hash the password
3. Insert the data into the database
Check The FieldsNow when we want to authenticate the user, we are going to pass the fields in without an encryption or hash. The checkAuth method will take care of everything.
If the passed field match, authentication is true
Custom SaltFor our next example, we are doing to do some customization to the authentication process. First we are going to create a custom salt for each user. This will improve our sites security.
1. Create a custom salt from the ssn
2. Apply custom salt when hashing
Authentication OptionsNow what we have a custom salt, we are going to modify the options for authentication.
1. Set the custom salt in the options
2. Store these fields in the session on successful validation
Custom AuthenticationNow with the custom salt and the new fields to save to a session set in the options, we can authentication a user on these credentials.
1. Pass in the fields 2. Pass in the options
API ReferenceFor a better understanding of access levels and role access in ProdigyView, visit the api by clicking on the link below.
PVSecurity
www.prodigyview.com
More Tutorials
For more tutorials, please visit:
http://www.prodigyview.com/tutorials