Authenticating Credentials Tutorial
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Authenticating Credentials Tutorial

  • 1,074 views
Uploaded on

Learn how to authenticate a user in ProdigyView. Involves hashing and encrypting values.

Learn how to authenticate a user in ProdigyView. Involves hashing and encrypting values.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,074
On Slideshare
1,063
From Embeds
11
Number of Embeds
1

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 11

http://www.prodigyview.com 11

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Authentication www.prodigyview.com
  • 2. OverviewObjectiveLearn how to authenticate a user in ProdigyView. Involveshashing and encrypting values.Requirements Installed version of ProdigyView with database Understanding of creating table and columns in ProgidyViewEstimated Time12 Minutes www.prodigyview.com
  • 3. Follow Along With Code Example1. Download a copy of the example code at www.prodigyview.com/source.2. Install the system in an environment you feel comfortable testing in.3. Proceed to examples/security/Authorization.php
  • 4. What is AuthenticationAuthentication is the process of checking that a usercredentials match. To protect a user, sensitive informationshould not be kept in plain text.In this example for this tutorial, we are going toauthenticate on a user’s email address, password, andsocial security.The tutorial will deal with hashing and encrypting ofvalues. www.prodigyview.com
  • 5. Creating A User TableThe first thing we have to do is create a user table. Below is anexample of creating a user table with PVDatabase’s databasemethods. If you are unsure about this part, review the tutorialon Database Tables and Columns.
  • 6. Initializing PVSecurity The first part is initializing PVSecurity’s class. These fields must be set for authentication to work.1. Set these fields in cookies on 2. Set the fields in a session onsuccessful authentication successful authentication3. Hash fields in this array 4. Encrypt These Fields 5. The table that contain the fields
  • 7. Hashing Vs Encryption In our previous example we had fields that were hashed and fields that were encrypted. Whats the difference?Hashing uses the PVSecurity::hash() method, which is oneway. This means that there is no key for decrypting the hash.Encryption used PVSecurity::encrypt() method, which meansthere is a key for decrypting the values.
  • 8. Insert Sample DataNow let’s insert the some sample data. Imagine in a real worldexperience, the data is retrieved from a user $_POST and isthen hashed/encrypted. 1. Encrypt the Social Security Number 2. Hash the password 3. Insert the data into the database
  • 9. Check The FieldsNow when we want to authenticate the user, we are going to passthe fields in without an encryption or hash. The checkAuthmethod will take care of everything. If the passed field match, authentication is true
  • 10. Custom SaltFor our next example, we are doing to do somecustomization to the authentication process. First we aregoing to create a custom salt for each user. This willimprove our sites security.1. Create a custom salt from the ssn 2. Apply custom salt when hashing
  • 11. Authentication OptionsNow what we have a custom salt, we are going to modifythe options for authentication.1. Set the custom salt in the options 2. Store these fields in the session on successful validation
  • 12. Custom AuthenticationNow with the custom salt and the new fields to save to asession set in the options, we can authentication a user onthese credentials.1. Pass in the fields 2. Pass in the options
  • 13. API ReferenceFor a better understanding of access levels and role accessin ProdigyView, visit the api by clicking on the link below.PVSecurity More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com