Authenticating Credentials Tutorial

986 views
877 views

Published on

Learn how to authenticate a user in ProdigyView. Involves hashing and encrypting values.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
986
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Authenticating Credentials Tutorial

  1. 1. Authentication www.prodigyview.com
  2. 2. OverviewObjectiveLearn how to authenticate a user in ProdigyView. Involveshashing and encrypting values.Requirements Installed version of ProdigyView with database Understanding of creating table and columns in ProgidyViewEstimated Time12 Minutes www.prodigyview.com
  3. 3. Follow Along With Code Example1. Download a copy of the example code at www.prodigyview.com/source.2. Install the system in an environment you feel comfortable testing in.3. Proceed to examples/security/Authorization.php
  4. 4. What is AuthenticationAuthentication is the process of checking that a usercredentials match. To protect a user, sensitive informationshould not be kept in plain text.In this example for this tutorial, we are going toauthenticate on a user’s email address, password, andsocial security.The tutorial will deal with hashing and encrypting ofvalues. www.prodigyview.com
  5. 5. Creating A User TableThe first thing we have to do is create a user table. Below is anexample of creating a user table with PVDatabase’s databasemethods. If you are unsure about this part, review the tutorialon Database Tables and Columns.
  6. 6. Initializing PVSecurity The first part is initializing PVSecurity’s class. These fields must be set for authentication to work.1. Set these fields in cookies on 2. Set the fields in a session onsuccessful authentication successful authentication3. Hash fields in this array 4. Encrypt These Fields 5. The table that contain the fields
  7. 7. Hashing Vs Encryption In our previous example we had fields that were hashed and fields that were encrypted. Whats the difference?Hashing uses the PVSecurity::hash() method, which is oneway. This means that there is no key for decrypting the hash.Encryption used PVSecurity::encrypt() method, which meansthere is a key for decrypting the values.
  8. 8. Insert Sample DataNow let’s insert the some sample data. Imagine in a real worldexperience, the data is retrieved from a user $_POST and isthen hashed/encrypted. 1. Encrypt the Social Security Number 2. Hash the password 3. Insert the data into the database
  9. 9. Check The FieldsNow when we want to authenticate the user, we are going to passthe fields in without an encryption or hash. The checkAuthmethod will take care of everything. If the passed field match, authentication is true
  10. 10. Custom SaltFor our next example, we are doing to do somecustomization to the authentication process. First we aregoing to create a custom salt for each user. This willimprove our sites security.1. Create a custom salt from the ssn 2. Apply custom salt when hashing
  11. 11. Authentication OptionsNow what we have a custom salt, we are going to modifythe options for authentication.1. Set the custom salt in the options 2. Store these fields in the session on successful validation
  12. 12. Custom AuthenticationNow with the custom salt and the new fields to save to asession set in the options, we can authentication a user onthese credentials.1. Pass in the fields 2. Pass in the options
  13. 13. API ReferenceFor a better understanding of access levels and role accessin ProdigyView, visit the api by clicking on the link below.PVSecurity More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com

×