Come in! Authentication without login and password, v2

Once it turned out that the audience was not indifferent to such a topic as the creation of one-time (working for some time) links to identify the user.

And especially in the light of what I consider such a solution (which I will publish below) is more acceptable - I decided to write how I see the solution to this problem:

Everything is stored in the database. Mysql only because it is now at hand. For the postgame, oracle and sql server solution will be 99% similar.

Storage table:
')

Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB
Copy Source | Copy HTML CREATE TABLE test.one_time_auth( token CHAR (32), user_id INT (11) UNSIGNED NOT NULL , expire DATETIME DEFAULT NULL , PRIMARY KEY (token) ) ENGINE = INNODB

Well, now the class itself + an example of working with it. In the example, we first create a token for the period until December 31 of this year, and then we get it.

Copy Source | Copy HTML
<? php
$ db = new PDO ( 'mysql: host = 127.0.0.1; dbname = test' , 'root' );
$ db -> setAttribute ( PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
$ auth = new one_time_auth ( $ db );
$ token = $ auth -> remember ( 10 , '2010-12-31' );
$ user_id = $ auth -> remind ( $ token );
echo $ user_id ;
class one_time_auth
{
/ ** * @var PDO * /
private $ db ;
public function __construct ( PDO $ db )
{
$ this -> db = $ db ;
}
public function remember ( $ user_id , $ expire = null )
{
$ sql = 'INSERT INTO one_time_auth (token, user_id, expire) VALUES (: token,: user_id,: expire)' ;
$ stmt = $ this -> db-> prepare ( $ sql );
while ( true ) {
try {
$ stmt -> execute ( array (
': token' => $ token = $ this -> generateToken (),
'user_id' => $ user_id ,
'expire' => $ expire
))
break ;
} catch ( PDOException $ e ) {}
}
return $ token ;
}
public function remind ( $ token )
{
$ sql = 'SELECT user_id FROM one_time_auth WHERE token =: token AND (expire IS NULL OR expire <= NOW ()) LIMIT 1' ;
$ stmt = $ this -> db-> prepare ( $ sql );
$ stmt -> execute ( array ( 'token' => $ token ));
if ( $ row = $ stmt -> fetch ()) {
$ stmt = $ this -> db-> prepare ( 'DELETE FROM one_time_auth WHERE token =: token' );
$ stmt -> execute ( array ( 'token' => $ token ));
return $ row [ 'user_id' ];
}
}
private function generateToken ()
{
return md5 (uniqid ( '' , true ));
}
}

PS: the code was written "on the knee" simply as a response to the topic habrahabr.ru/blogs/php/109421

PPS: I would immediately like to clarify about md5 () - this function in this context does not add any “holes”, this is just a way to get a hash. If desired, you can replace with sha1 (), or any other at will. The main idea is that you do not need to be tied to user data.

Source: https://habr.com/ru/post/109454/

All Articles

Come in! Authentication without login and password, v2

More articles: