OverviewObjectiveLearn how to authenticate a user in ProdigyView. Involveshashing and encrypting values.Requirements Installed version of ProdigyView with database Understanding of creating table and columns in ProgidyViewEstimated Time12 Minutes www.prodigyview.com
Follow Along With Code Example1. Download a copy of the example code at www.prodigyview.com/source.2. Install the system in an environment you feel comfortable testing in.3. Proceed to examples/security/Authorization.php
What is AuthenticationAuthentication is the process of checking that a usercredentials match. To protect a user, sensitive informationshould not be kept in plain text.In this example for this tutorial, we are going toauthenticate on a user’s email address, password, andsocial security.The tutorial will deal with hashing and encrypting ofvalues. www.prodigyview.com
Creating A User TableThe first thing we have to do is create a user table. Below is anexample of creating a user table with PVDatabase’s databasemethods. If you are unsure about this part, review the tutorialon Database Tables and Columns.
Initializing PVSecurity The first part is initializing PVSecurity’s class. These fields must be set for authentication to work.1. Set these fields in cookies on 2. Set the fields in a session onsuccessful authentication successful authentication3. Hash fields in this array 4. Encrypt These Fields 5. The table that contain the fields
Hashing Vs Encryption In our previous example we had fields that were hashed and fields that were encrypted. Whats the difference?Hashing uses the PVSecurity::hash() method, which is oneway. This means that there is no key for decrypting the hash.Encryption used PVSecurity::encrypt() method, which meansthere is a key for decrypting the values.
Insert Sample DataNow let’s insert the some sample data. Imagine in a real worldexperience, the data is retrieved from a user $_POST and isthen hashed/encrypted. 1. Encrypt the Social Security Number 2. Hash the password 3. Insert the data into the database
Check The FieldsNow when we want to authenticate the user, we are going to passthe fields in without an encryption or hash. The checkAuthmethod will take care of everything. If the passed field match, authentication is true
Custom SaltFor our next example, we are doing to do somecustomization to the authentication process. First we aregoing to create a custom salt for each user. This willimprove our sites security.1. Create a custom salt from the ssn 2. Apply custom salt when hashing
Authentication OptionsNow what we have a custom salt, we are going to modifythe options for authentication.1. Set the custom salt in the options 2. Store these fields in the session on successful validation
Custom AuthenticationNow with the custom salt and the new fields to save to asession set in the options, we can authentication a user onthese credentials.1. Pass in the fields 2. Pass in the options
API ReferenceFor a better understanding of access levels and role accessin ProdigyView, visit the api by clicking on the link below.PVSecurity More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com