PHP Classes

Secure Token Grid Authentication: Generate grid of tokens, authenticate user with it

Recommend this page to a friend!
  Info   Screenshots Screenshots   View files View files (9)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 62%Total: 1,740 This week: 1All time: 2,257 This week: 560Up
Version License PHP version Categories
tokengrid 1.3GNU Lesser Genera...5.0HTML, User Management, Security
Description 

Author

This class can be used to generate a grid of tokens to authenticate users similar to those that banks provided to users to avoid account abuses after phishing attacks.

It generates a bidimensional array of tokens of limited length with letters and digits.

The generated grid is seeded by a given secret salt string and a specific id that may be used to generate unique grids for different applications and users.

The class may also verify whether a token entered by the user corresponds to a token of a random grid position.

The grid tokens may also be formatted in an HTML table for presentation in Web pages. A sample PDF extended class is also provided to create PDF documents with included grid (using the LGPL http://www.tcpdf.org library)

Innovation Award
PHP Programming Innovation award nominee
April 2008
Number 7


Prize: One copy of VS.PHP
Phishing attacks have been causing many victims that have their bank accounts robbed by crackers that steal their account passwords.

Many banks are now giving their clients special cards with tables of token codes to increase the security and make it harder to steal accounts of phishing attack victims.

This class provides a solution to generate token code tables from PHP, as well to validate the codes entered by a site user.

Manuel Lemos
Picture of André Liechti
  Performance   Level  
Name: André Liechti <contact>
Classes: 9 packages by
Country: Switzerland Switzerland
Age: 55
All time rank: 4016 in Switzerland Switzerland
Week rank: 106 Up1 in Switzerland Switzerland Up
Innovation award
Innovation award
Nominee: 8x

Winner: 2x

Details

tokengrid, a strong authentication token grid PHP class Last update: 2008-04-23, release 1.3 The tokengrid class is a Strong Authentication Token Grid solution to secure the access to sensitive data through the Internet. It is a good protection against Sniffing and Phishing processes. This kind of token cards are also used by some Swiss Banks for authentication purpose. This class provides everything to implement a complete solution, including ready to print token grids in XHTML format. Array-based intermediate output can be used to produce PDF token grids using for example TCPDF (www.tcpdf.org). USAGE require_once('tokengrid.class.php'); $token_grid = new TokenGrid([$x_grid_size = 10[, $y_grid_size = 10[, $token_length = 4[, $grid_salt = 'T@kenGr!D']]]]) EXAMPLES Example 1 (create a grid) require_once('tokengrid.class.php'); $token_grid = new TokenGrid(10, 10, 4, "MySalt"); echo $token_grid->GetXhtmlGrid("SpecificUserId"); Example 2 (ask for a token) require_once('tokengrid.class.php'); $token_grid = new TokenGrid(10, 10, 4, "MySalt"); $random_position = $token_grid->GetRandomGridPosition("SpecificUserId"); echo "Please enter the token at the position ".$random_position; Example 3 (check a token) require_once('tokengrid.class.php'); $token_grid = new TokenGrid(10, 10, 4, "MySalt"); if ($token_grid->CheckToken($_POST['random_position'], 'SpecificUserId', $_POST['token'])) { echo "Token is valid"; } LICENCE Copyright (c) 2008, SysCo systemes de communication sa SysCo (tm) is a trademark of SysCo systemes de communication sa (http://www.sysco.ch/) All rights reserved. The tokengrid class is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. The tokengrid class is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the tokengrid class If not, see <http://www.gnu.org/licenses/>.

Screenshots  
  • tokencard.png
  Files folder image Files  
File Role Description
Plain text file tokengrid.class.php Class Main file, class definition
Accessible without login Plain text file tokengrid.demo.php Example Simple demo file
Accessible without login Plain text file tokengrid.pdf.class.php Example OPTIONAL - PDF token creation extended class demo (needs www.tcpdf.org)
Accessible without login Plain text file tokengrid.pdf.demo.php Example OPTIONAL - PDF token creation demo (needs www.tcpdf.org)
Accessible without login Image file demo.bank.png Data Clipart for PDF demo output
Accessible without login Image file demo.logo.jpg Data Clipart for PDF demo output
Accessible without login Plain text file README.TXT Doc. README FILE
Accessible without login Plain text file COPYING.LESSER Lic. LGPL Version 3.0
Accessible without login Plain text file COPYING Lic. GPL Version 3.0

 Version Control Unique User Downloads Download Rankings  
 0%
Total:1,740
This week:1
All time:2,257
This week:560Up
 User Ratings  
 
 All time
Utility:83%StarStarStarStarStar
Consistency:75%StarStarStarStar
Documentation:58%StarStarStar
Examples:75%StarStarStarStar
Tests:-
Videos:-
Overall:62%StarStarStarStar
Rank:922