Location: PHPKode > scripts > gLogin > glogin/gLogin.php
<?
/*
**	glogin
**
**	Sends Login information in secure way. The username and password 
**	has an randomic name, and the password value is encripted and it is imposible
**	to deencript.
**
**	The username do have a way back (deencription) and the algorithm is a basic encript 
**	method. this algorith is not strong back gives more work to some one that wants
**	to spy us.
**
**	It is *almost* imposible to brake this sLogin and get the password value. The
**	username is easy to have. But username without password is not useful.
**
**	Also this sLogin prevent to login sending the same encripted password as most of
**	login system will do, they prevent to not hide the password, but sending that encripted
**	value you can login. sLogin encript the password with MD5 + "randomic key".  
**
*/

class gLogin {

    var $fields;
    var $method;
    var $fValues; /* form sended values*/

    
    function gLogin($method = 'post') {
        @session_start(); /* creating a session */
        switch( strtolower($method) ) {
            case 'get':
                $this->fValues = &$_GET;
                $this->method = 'get';
                break;
            default:
                $this->fValues = &$_POST;
                $this->method = 'post';
                break;
        }
    }

	function getValue($val) {
		return $this->deencript( $this->fValues[ $_SESSION['sLogin'][$val]['safe'] ] ) ;
	}
	
	/*
	**	ugly *encriptation* (it is not encriptation at all... but is something ;-) )
	*/
	function deencript($val) {
		$word = "";
		$val = strrev($val);

		for($i=0; $i < strlen($val)/2; $i++) {
			$nro = substr($val, $i*2,2);
			$rep = hexdec($nro);
			if ($rep == 0) continue;
			$word .= chr($rep); 
		}
		$word = strrev($word);
		return $word;
	}
	
	function isFormSubmited() {
		$v = true;

		if ( !isset($_SESSION['sLogin']) || !is_array($_SESSION['sLogin'])) return false;
		
		foreach ($_SESSION['sLogin'] as $field => $values)  {
			$v = $v && isset( $this->fValues[ $values['safe'] ] );
		
		}
		return  $v ;
	}
	
	function match($field, $value) {
		$value = md5( $value . $_SESSION['sLoginC']['magic'] );
		return $this->fValues[ $_SESSION['sLogin'][$field]['safe'] ] === $value;
	}
	
	
    function safeSend($inputName, $safeAsPassword=false) {
        /*
         *  the security is in the $safeFieldName, which is a hidden input which for every query
         *  it has a new name assigned to an real input.
         *  Also there is a encrypt method the Password and the normal. The normal has a 
         *  way back (restore the original value). The password is almost inposible to restore
         *  back, it implements MD5 of Password and a secret key that change for every request.
         */
        $safeFieldName = md5( $inputName . time() . microtime() ); 
        $this->fields[$inputName]['safe'] = $safeFieldName;
        $this->fields[$inputName]['password'] = $safeAsPassword === true;
        $_SESSION['sLogin'][$inputName] = $this->fields[$inputName]; /* Remember ;-) */
    }    

    function Js() {
        $_SESSION['sLoginC']['magic'] = md5( session_id() . time() . microtime() );
		
		$input = "";
		$js_action = "";
        foreach ($this->fields as $field => $values)  {
            $input .= "<input type = hidden id = '".$values['safe']."' name = '".$values['safe']."'>\r\n";        
        	$js_action .= "\tsLogin_Safe('$field', '".$values['safe']."',".($values['password']===true ? 'true' : 'false').");\r\n";   
		}
        
		
		
        $r =  ' 
<script><!--
var magicCode = "'.$_SESSION['sLoginC']['magic'].'";
function sLogin_Send() {
'.$js_action.'
	return true;
}

function sLogin_Safe(field, hidden, password ) {
	f = document.getElementById(field);
	if ( f == null) {
		alert("sLogin could not find the field " + field);
		return false;
	}
	h = document.getElementById(hidden);
	if (password) {
		safe = hex_md5( f.value + magicCode);
	} else {
		safe = reverse(binl2hex( str2binl(reverse(f.value)) )) ;
	}

	h.value = safe;
	f.value = "";
}

function reverse(str) {
	var nstring;
	nstring="";
	for(i= str.length-1; i >= 0; i--)  {
		nstring += str[i];
	}
	return nstring;
}        

//--></script>';
        return $r.$input;
    }
    
    function onsubmit() {
        return 'return sLogin_Send()';
    }


    
}
?>
Return current item: gLogin