General php authenticator based on PDO to check logins.
##Installation
At first install or download composer.phar to your computer. Follow the instructions provided by getcomposer.org.
Create an intermediate directory, cd into it and download the latest distribution without tests:
php ~/php/composer.phar --prefer-dist require outermedia/pdo-authenticatorThis creates files in your current working directory:
├── composer.json
├── composer.lock
└── vendor
│ ...
└── outermedia
└── pdo-authenticator
├── LICENSE
├── README.md
├── composer.json
├── composer.lock
└── src
└── main
└── webapp
├── Om
│ └── Pdo
│ └── Authenticator
│ ├── DatabaseConfiguration.php
│ ├── DatabaseQueryBuilder.php
│ ├── PdoAuthenticator.php
│ └── RequestHandler.php
├── dbconf.php.template
└── index.php
Hint: If you want to run the phpunit tests, additionally run (creates new directoy pdo-authenticator/):
php ~/php/composer.phar --prefer-source create-project outermedia/pdo-authenticator
pushd pdo-authenticator && vendor/bin/phpunit src/test/php/ && popd
Note: The dbunit tests require sqlite3.
###Step 2: Deploy the files
Now copy the files to your destination directory ($DEST)
cp -r vendor/outermedia/pdo-authenticator/src/main/webapp/* $DEST
Rename the file dbconf.php.template:
mv $DEST/dbconf.php.template $DEST/dbconf.php
Edit dbconf.php.
Options are:
- pdoUrl - a PDO connection URL e.g. for a local mysql and a database dbname1 "mysql:host=localhost;dbname=dbname1"
- dbUser - the username used for the database connection
- dbPassword - the password used for the database connection
- table - the database table name which holds the user information
- usernameColumn - the column name which stores the username (of table)
- passwordColumn - the column name which stores a user's password (of table)
Two POST actions are supported:
a) Get a user's salt ("user1"): Encode your form parameters with the specified charset!
curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
--data 'action=getsalt&login=user1' http://localhost/pdo-auth/index.php
should return something like:
{"charset":"latin1","result":true,"salt":"$1$rasmusl1"}
The charset used by the database table, the salt and a success flag ("result").
b) Check a user's login: pwd is the calculated hash.
curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
--data 'action=login&login=user1&pwd=$1$rasmusl1$2ASuKCrDVFQspP8.yIzVl.' \
http://localhost/pdo-auth/index.php
The expected answer is e.g.
{"charset":"latin1","result":true}
The flag "result" indicates the success.