Home arrow JavaScript arrow Page 3 - Building a CHAP Login System: Coding Server-Side Random Seeds
JAVASCRIPT

Building a CHAP Login System: Coding Server-Side Random Seeds


Welcome to the second part of “Building a CHAP login system.” In three parts, this series introduces the basics of building a web-based login system that uses the Challenge Handshake Authentication Protocol (hence the CHAP acronyms), explaining its benefits, and exploring its implementation.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 23
September 06, 2005
TABLE OF CONTENTS:
  1. · Building a CHAP Login System: Coding Server-Side Random Seeds
  2. · Stepping back: a quick look at the previous CHAP login system
  3. · Moving forward: Improving the random seed generator
  4. · Refactoring the CHAP login system: Adding functionality to the JavaScript program

print this article
SEARCH DEVARTICLES

Building a CHAP Login System: Coding Server-Side Random Seeds - Moving forward: Improving the random seed generator
(Page 3 of 4 )

As a matter of fact, the random seed generator written to work with the prior example is pretty poor to include in real web applications. It’s precisely for that reason that I’ll define, first, a PHP function aimed specifically at generating true random strings, then another session-wrapping function, tasked with registering session variables, and finally a third function for obtaining their values. The combination of these functions will be the core engine for generating random challenge values, used at a later time by the JavaScript program.

Having provided an introduction to these functions, here is the definition for the “getRandomString()” function:

function getRandomString($length=40){

  if(!is_int($length)||$length<1){

    trigger_error('Invalid length for random string');

    exit();

  }

  $chars=
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

  $randstring='';

  $maxvalue=strlen($chars)-1;

  for($i=0;$i<$length;$i++){

    $randstring.=substr($chars,rand(0,$maxvalue),1);

  }

  return $randstring;

}

Essentially, what this function does is generate a random string of a given length, which will be used as the challenge string sent by the server. At first glance, you can see that its logic is fairly simple to grasp, and of course provides the required flexibility to adjust the length of random strings to specific values. For this case, I’ve set up a default string length of 40 characters.

Now, let’s pay attention to the next function, “setChallengeVar()”, which acts as a wrapper for registering session variables and assigning random strings to them. It looks like this:

function setChallengeVar($name='challenge'){

  if(!is_string($name)||!$name){

    trigger_error('Invalid variable name');

    exit();

  }

  session_start();

  // register session variable

  $_SESSION[$name]=getRandomString();

}

With reference to the above function, it merely registers a new session variable specified by the $name key and assigns to it the random string returned by the “getRandomString()” function. Since the function is extremely simple, I won’t stop you long with boring details. Instead, I’ll show the next “getSessionVar()” function, which returns a specified session variable. Its source code is the following:

function getChallengeVar($name='challenge'){

  if(!$_SESSION[$name]){

    trigger_error('Invalid variable name');

    exit();

  }

  return $_SESSION[$name];

}

Now, I’m able to obtain a server-side challenge string, by invoking the “setChallengeVar()” function, like this:

setChallengeVar();

This simple one-liner registers a “challenge” session variable, and populates it with a 40-digit random string, which will be used as the challenge value by the JavaScript code.

The next thing to explain is how the JavaScript program integrates the power of the above-listed functions, in order to boost the login system.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials