When using PHP programming, I have a habit, do not like to use ready-made library files, such as Phplib or other similar libraries, in this system, I also intend to write a library file, it needs to process authentication, confirm email, update account (password, email) and other things.
In order to ensure the security of the system, it will not aggravate the burden of my existing database. So the new system relies on cookies. This is really a dilemma, because if just set a user name of the cookie is very insecure, this does not work, but from the burden of the database, I can not add a simple unordered code to my database for verification.
The workaround is to set up two cookies at the same time, one for the user name and one for the unordered code. This unordered code is actually generated by the combination of the user name and a super password (known only to the program designer) through the MD5 () function operation. Because MD5 () is a one-way unordered code, it is not cracked. When the user changes the email, I can also use the email and Super password to generate an unordered code, so that users confirm the changes. This is actually a public key/private key class system. Don't understand? It doesn't matter, the following is slowly explained.
Interestingly, the scalability of this system can be infinite, because the system's main work is to calculate the value of the MD5 () function, and by the Web server, when the load increases, you can join other servers to share the load, although the authentication system does not drag across a database, But doing so allows the ultimate bottleneck to appear only on the database.
Here are the two functions in the library--token generation and token authentication functions.
$hidden _hash_var= ' Your_secret_password_here ';
$LOGGED _in=false;
unset ($LOGGED _in);
function User_isloggedin () {
Global $user _name, $id _hash, $hidden _hash_var, $LOGGED _in;
file://already tested for random code?
file://If yes, return the variable
if (Isset ($LOGGED _in)) {
return $LOGGED _in;
}
File://are both cookies present?
if ($user _name && $id _hash) {
/*
The user name and system Super password generated by the cookie generate an out-of-order code for authentication if the unordered code is the same as the unordered code in the cookie, the variable in the cookies is trustworthy and the user is logged in
*/
$hash =md5 ($user _name. $hidden _hash_var);
if ($hash = = $id _hash) {
file://unordered code matches, set a global variable, so that when we call the function again,
file://no need to perform MD5 () operation again
$LOGGED _in=true;
return true;
} else {
file://two unordered codes not compliant, no login
$LOGGED _in=false;
return false;
}
} else {
$LOGGED _in=false;
return false;
}
}
function User_set_tokens ($user _name_in) {
/*
Once the username and password are authenticated, this function is called
http://www.bkjia.com/PHPjc/629782.html www.bkjia.com true http://www.bkjia.com/PHPjc/629782.html techarticle when using PHP programming, I have a habit, not very much like the use of ready-made library files, such as Phplib or other similar libraries, in this system, I also intend to write a library of the text ...