Building a CHAP Login System: An Object-Oriented Approach

To clarify things, allow me to explain the function of the PHP session handling class. Essentially, this class will encapsulate all the required code to registering-deregistering “challenge” session variables, in conjunction with onother relevant tasks such as assigning random values to them and cleaning up complete sessions.

Since the class’ functionality will be best understood by example, here is its definition:

class ChallengeGenerator{
  // constructor
  function ChallengeGenerator($clearSession=true){
    if($clearSession){
      $this->clearVars();
    }
    session_start();
  }
  // public method clearVars()
  function clearVars(){
    // destroy existing session
    session_start();
    session_unset();
    session_destroy();
  }
  // public method setChallengeVar()
  function setChallengeVar($name='challenge'){
    if(!is_string($name)||!$name){
      trigger_error('Invalid variable name');
      exit();
    }
    // register session variable
    $_SESSION[$name]=$this->getRandomString();
  }
  // public method getSessionVar()
  function getChallengeVar($name){
    if(!$_SESSION[$name]){
      trigger_error('Invalid variable name');
      exit();
    }
    return $_SESSION[$name];
  }
  function deleteChallengeVar($name){
    if(!$_SESSION[$name]){
      trigger_error('Invalid variable name');
      exit();
    }
    unset($_SESSION[$name]);
  }
  // private method "getRandomString()"
  function getRandomString($length=40){
    if(!is_int($length)||$length<1){
      trigger_error('Invalid length for random string');
      exit();
    }
    $chars=
"abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    $randstring='';
    $maxvalue=strlen($chars)-1;
    for($i=0;$i<$length;$i++){
      $randstring.=substr($chars,rand(0,$maxvalue),1);
    }
    return $randstring;
  }
}

Having listed the class, let’s take a look at the definition of each method, for getting a better understanding of their tasks.

Basically, the constructor cleans up any existing session within the program by calling the “clearVars()” method, unless the $clearSession argument is passed in with a “false” value. Next, the “setChallengeVar()”, “getChallengeVar()” and “deleteChallengeVar()” methods are aimed specifically at performing common session operations, such as registering, obtaining and deleting session variables. This is clearly seen through their respective definitions.

Additionally, whenever the “setChallengeVar()” method is called, it assigns a random string to the given variable, which is quite useful for easily setting up an object-based random seed. As you can see, I’ve simply wrapped most of the functions reviewed in the procedural script, in order to hide all the internal processing for obtaining server-side challenge strings.

Considering the class, setting up a random generator is as simple as this:

// instantiate a ChallengeGenerator object
$chlgen=&new ChallengeGenerator();
// register challenge variable
$chlgen->setChallengeVar();

As you can see, this is much simpler to code and read.

With all the class definition done, there remain only a few tasks to be completed. The next step will consist of integrating the class into the previous CHAP script, so you’re able to work with an object-oriented server mechanism for quick generation of challenge values.