Recommended:

  • phpclasses.org
  • jsclasses.org
  • jsmag.com
  • siteapps.com
  • View our reviews on Hot Scripts
  • JS Tutorial
  • scripts.com
  • securesignup.com




Recent Comments

Powered by Disqus




Back to articles

Inkblot authentication

Inkblot auth class allows to implement inkblot authentication to your PHP application.

It can generate list of inkblots from directory or array. User may provide amount of letters saved per inkblot, to implement different password generation ways

The idea is from Microsoft Research about using inkblots in authentication for more complex passwords and as password tips. You can also check http://password-test.co.cc/ for more information, examples and statistics

Contents

Download

Example codes

<?php

session_start();
include("./inkblot_auth.php");
//provide path to directory with inkblot images
$ink = new inkblot_auth("./inkblots");

if(isset($_SESSION["pass"]))
{
    //we already created pass for testing
    echo "<h3>You have successfully registered. Now try to login using same password</h3>";
    
    //first we need to provide password which we previously saved
    //usually it is retrieved form database using provided username
    //but for testing we've saved in in session variable
    $ink->set_pass($_SESSION["pass"]);
    
    if(isset($_POST["logpass"]))
    {
        //no we check user provided password
        //only after providing saved password
        if($ink->check_pass($_POST["logpass"]))
        {
            echo "<h3>You provided correct password</h3>";
        }
        else
        {
            echo "<h3>Your password is incorrect</h3>";
        }
    }
    
    //now we will get inkblots that were used in pasword
    $inks = $ink->get_inkblots();
    echo "<div style='overflow: auto; margin-bottom: 50px;'>";
    foreach($inks as $val)
    {
        echo "<img src='".$val."' 
            style='float: left; margin-right: 10px; width: 200px;'/>";
    }
    echo "</div>";
    echo "<p>All you have to do is remember your password while seeing same 
    inkblots, that you saw when you created this password.</p>
    <p>Just insert your first and last letter of your inkblot interpretations 
        in inkblot order (from left to right)</p>";
    echo "<form action='' method='post'>
    <p>Enter your saved password: <input type='text' name='logpass'/> 
    <input type='submit' value='Register'/></p>
    </form>";
}
else
{
    //someone submitted pass
    if(isset($_POST["regpass"]))
    {
        //get encoded pass and save it
        $_SESSION["pass"] = $ink->get_pass($_POST["regpass"]);
        //refresh page
        header("Location: ".$_SERVER["REQUEST_URI"]);
    }
    echo "<h3>Create new password (Simulating registration)</h3>";
    //no pass created
    $inks = $ink->get_inkblots();
    echo "<div style='overflow: auto; margin-bottom: 50px;'>";
    foreach($inks as $val)
    {
        echo "<img src='".$val."' 
            style='float: left; margin-right: 10px; width: 200px;'/>";
    }
    echo "</div>";
    echo "<p>This login is based on user choosing and remembering the password 
        based on inkblot that user see.</p>
<p>Because human mind interprets each inkblot differently, it means, that it is 
    possible that no one else will see a thing that you saw.</p>
<p>You must type first and last letter of each inkblot interpretation based on 
sequence you see those inkblots (from left to right)</p>
<p>Then each time you'll try to login, you'll see same inkblot images only each 
time in different order</p>
<p>Refresh page to change inkblots</p>";
    echo "<form action='' method='post'>
    <p>Enter your password: <input type='text' name='regpass'/> 
    <input type='submit' value='Register'/></p>
    </form>";
}
?>

Examples in action

Example scripts provided with package in action:

Method list

Create instance

Back to method list

Method namenew inkblot_auth($inkblots)
Description

Create class instance with provided inkblot list. You can provide array with inkblots, where keys are inkblot unique identifiers and values ar paths to inkblot images. Or you can provide path to directory with inkblot images as class will load anc create list of inkblots automatically

Input parameters

string or array $inkblots - arrray with inkblot images or path to directory with inkblot images"

Example inputnew inkblot_auth("./inkblots")

Letter count per inkblot

Back to method list

Method nameset_letters($count)
DescriptionProvide amount of letters user must enter per inkblot image. You can think of your own password generation algorythms, like first and last letter, or first, middle and last letter. Only restriction, that users must use same algorythm for both registering and authenticating
Input parameters

int $count - amount of letter user will need to enter per inkblot image

Get inkblots for user

Back to method list

Method nameget_inkblots($count)
Description

Returns an array with specified amount of inkblots to show to user. If password was not set, then returns random inkblot images. If password was set using set_pass method, then this method will return inkblots attached to user password (same inkblots user used to register) only in random order.

Input parameters

int $count - amount of inkblots to return

Get generated password

Back to method list

Method nameget_pass($userinput)
Description

Returns coded inkblot image association with user password as string

Input parameters

string $userinput - user password in provided inkblot order

Set saved user password

Back to method list

Method nameset_pass($password)
Description

Sets saved password, that was generated using get_pass method, so class could provide inkblots used in password generation and compare user input

Input parameters

string $password - generated password from user input associated with inkblot images

Check if user rprovided valid password

Back to method list

Method namecheck_pass($userinput)
Description

Checks user input against saved password, that was set using set_path method

Input parameters

string $userinput - userinput according to inkblot order

Latest changes

None for now

Awards

Inkblot_auth class was nominated to October Innovation Award, please support it by voting.


You may also be interested in:

Powered by BlogAlike.com

blog comments powered by Disqus