Zeta Components - high quality PHP components

Zeta Components Manual :: Docs For Class ezcAuthenticationTokenFilter

Authentication::ezcAuthenticationTokenFilter

Class ezcAuthenticationTokenFilter

Filter to authenticate against a server generated token.

Some uses for this filter:

CAPTCHA tests
security token devices (as used by banks)

The following example shows how to create a CAPTCHA test. The example is divided into 2 parts: the initial request (where the user sees the CAPTCHA image and enters the characters he sees in a form) and the follow-up request (after the user submits the form).

on the initial request:
1. // generate a token and save it in the session or in a file/database
2. $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
3. $token = "";
4. for( $i = 1; $i <= 6 ; $i++ )
5. {
6. $token .= $pattern{rand( 0, 36 )};
7. }
8. $encryptedToken = sha1( $token );
10. // save the $encryptedToken in the session
11. session_start();
12. $_SESSION['encryptedToken'] = $encryptedToken;
14. // also generate a distorted image which contains the symbols from $token and use it

on the follow-up request:
1. // load the $encryptedToken as it was generated on a previous request
2. session_start();
3. $encryptedToken = isset( $_SESSION['encryptedToken'] ) ? $_SESSION['encryptedToken'] : null;
5. // also load the value entered by the user in response to the CAPTCHA image
6. $captcha = isset( $_POST['captcha'] ) ? $_POST['captcha'] : null;
8. $credentials = new ezcAuthenticationIdCredentials( $captcha );
9. $authentication = new ezcAuthentication( $credentials );
10. $authentication->addFilter( new ezcAuthenticationTokenFilter( $encryptedToken, 'sha1' ) );
11. if ( !$authentication->run() )
12. {
13. // CAPTCHA was incorrect, so inform the user to try again, eventually
14. // by generating another token and CAPTCHA image
15. }
16. else
17. {
18. // CAPTCHA was correct, so let the user send his spam or whatever
19. }

Source for this file: /Authentication/src/filters/token/token_filter.php

ezcAuthenticationFilter
   |
   --ezcAuthenticationTokenFilter

Version:

//autogen//

Constants

STATUS_TOKEN_INCORRECT = 1 Token is not the same as the provided one.

Inherited Constants

From ezcAuthenticationFilter:
`ezcAuthenticationFilter::STATUS_OK`	Successful authentication.

Properties

callback	read/write	`$function` The encryption function to use on the user credentials in order to compare it with the stored token.
string	read/write	`$token` The token to check against.

Inherited Member Variables

From ezcAuthenticationFilter
protected	`ezcAuthenticationFilter::$options`

Method Summary

public ezcAuthenticationTokenFilter	`__construct( $token , $function , [ $options = null] )` Creates a new object of this class.
public int	`run( $credentials )` Runs the filter and returns a status code when finished.

Inherited Methods

From ezcAuthenticationFilter
public ezcAuthenticationFilterOptions	`ezcAuthenticationFilter::getOptions()` Returns the options of this class.
public abstract int	`ezcAuthenticationFilter::run()` Runs the filter and returns a status code when finished.
public void	`ezcAuthenticationFilter::setOptions()` Sets the options of this class to $options.

Methods

__construct

ezcAuthenticationTokenFilter __construct( string $token , callback $function , [ezcAuthenticationTokenOptions $options = null] )

Creates a new object of this class.

Parameters:

Name	Type	Description
`$token`	string	A string value generated by the server
`$function`	callback	The encryption function to use when comparing tokens
`$options`	ezcAuthenticationTokenOptions	Options for this class

run

int run( ezcAuthenticationCredentials $credentials )

Runs the filter and returns a status code when finished.

Parameters:

Name	Type	Description
`$credentials`	ezcAuthenticationCredentials	Authentication credentials

Redefinition of:

Method	Description
`ezcAuthenticationFilter::run()`	Runs the filter and returns a status code when finished.

Documentation generated by phpDocumentor 1.4.3