Home arrow JavaScript arrow Page 3 - Building a CHAP Login System: An Object-Oriented Approach
JAVASCRIPT

Building a CHAP Login System: An Object-Oriented Approach


Welcome to the last part of the series “Building a CHAP login system.” In three parts, this tutorial provides the basics for building secure login forms, by utilizing the Challenge Handshake Authentication Protocol (known popularly as CHAP). The programming foundation of the system resides primarily on the implementation of the cryptographic MD5 hashing algorithm in JavaScript for sending out encrypted data to the server, which in turn authenticates the client.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 30
September 12, 2005
TABLE OF CONTENTS:
  1. · Building a CHAP Login System: An Object-Oriented Approach
  2. · Using a procedural script: a quick overview of the previous login system
  3. · Taking the object-oriented approach: using a session handling class
  4. · Putting the pieces together: integrating the “ChallengeGenerator” class

print this article
SEARCH DEVARTICLES

Building a CHAP Login System: An Object-Oriented Approach - Taking the object-oriented approach: using a session handling class
(Page 3 of 4 )

To clarify things, allow me to explain the function of the PHP session handling class. Essentially, this class will encapsulate all the required code to registering-deregistering “challenge” session variables, in conjunction with onother relevant tasks such as assigning random values to them and cleaning up complete sessions.

Since the class’ functionality will be best understood by example, here is its definition:

class ChallengeGenerator{
  // constructor
  function ChallengeGenerator($clearSession=true){
    if($clearSession){
      $this->clearVars();
    }
    session_start();
  }
  // public method clearVars()
  function clearVars(){
    // destroy existing session
    session_start();
    session_unset();
    session_destroy();
  }
  // public method setChallengeVar()
  function setChallengeVar($name='challenge'){
    if(!is_string($name)||!$name){
      trigger_error('Invalid variable name');
      exit();
    }
    // register session variable
    $_SESSION[$name]=$this->getRandomString();
  }
  // public method getSessionVar()
  function getChallengeVar($name){
    if(!$_SESSION[$name]){
      trigger_error('Invalid variable name');
      exit();
    }
    return $_SESSION[$name];
  }
  function deleteChallengeVar($name){
    if(!$_SESSION[$name]){
      trigger_error('Invalid variable name');
      exit();
    }
    unset($_SESSION[$name]);
  }
  // private method "getRandomString()"
  function getRandomString($length=40){
    if(!is_int($length)||$length<1){
      trigger_error('Invalid length for random string');
      exit();
    }
    $chars=
"abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    $randstring='';
    $maxvalue=strlen($chars)-1;
    for($i=0;$i<$length;$i++){
      $randstring.=substr($chars,rand(0,$maxvalue),1);
    }
    return $randstring;
  }
}

Having listed the class, let’s take a look at the definition of each method, for getting a better understanding of their tasks.

Basically, the constructor cleans up any existing session within the program by calling the “clearVars()” method, unless the $clearSession argument is passed in with a “false” value. Next, the “setChallengeVar()”, “getChallengeVar()” and “deleteChallengeVar()” methods are aimed specifically at performing common session operations, such as registering, obtaining and deleting session variables. This is clearly seen through their respective definitions.

Additionally, whenever the “setChallengeVar()” method is called, it assigns a random string to the given variable, which is quite useful for easily setting up an object-based random seed. As you can see, I’ve simply wrapped most of the functions reviewed in the procedural script, in order to hide all the internal processing for obtaining server-side challenge strings.

Considering the class, setting up a random generator is as simple as this:

// instantiate a ChallengeGenerator object
$chlgen=&new ChallengeGenerator();
// register challenge variable
$chlgen->setChallengeVar();

As you can see, this is much simpler to code and read.

With all the class definition done, there remain only a few tasks to be completed. The next step will consist of integrating the class into the previous CHAP script, so you’re able to work with an object-oriented server mechanism for quick generation of challenge values.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials