2. Overview
Objective
Learn how to authenticate a user in ProdigyView. Involves
hashing and encrypting values.
Requirements
Installed version of ProdigyView with database
Understanding of creating table and columns in
ProgidyView
Estimated Time
12 Minutes
www.prodigyview.com
3. Follow Along With Code
Example
1. Download a copy of the example code at
www.prodigyview.com/source.
2. Install the system in an environment you feel
comfortable testing in.
3. Proceed to examples/security/Authorization.php
4. What is Authentication
Authentication is the process of checking that a user
credentials match. To protect a user, sensitive information
should not be kept in plain text.
In this example for this tutorial, we are going to
authenticate on a user’s email address, password, and
social security.
The tutorial will deal with hashing and encrypting of
values.
www.prodigyview.com
5. Creating A User Table
The first thing we have to do is create a user table. Below is an
example of creating a user table with PVDatabase’s database
methods. If you are unsure about this part, review the tutorial
on Database Tables and Columns.
6. Initializing PVSecurity
The first part is initializing PVSecurity’s class. These fields
must be set for authentication to work.
1. Set these fields in cookies on 2. Set the fields in a session on
successful authentication successful authentication
3. Hash fields in this array 4. Encrypt These Fields 5. The table that contain
the fields
7. Hashing Vs Encryption
In our previous example we had fields that were hashed and
fields that were encrypted.
Whats the difference?
Hashing uses the PVSecurity::hash() method, which is one
way. This means that there is no key for decrypting the hash.
Encryption used PVSecurity::encrypt() method, which means
there is a key for decrypting the values.
8. Insert Sample Data
Now let’s insert the some sample data. Imagine in a real world
experience, the data is retrieved from a user $_POST and is
then hashed/encrypted.
1. Encrypt the Social Security Number 2. Hash the password
3. Insert the data into the database
9. Check The Fields
Now when we want to authenticate the user, we are going to pass
the fields in without an encryption or hash. The checkAuth
method will take care of everything.
If the passed field match, authentication is true
10. Custom Salt
For our next example, we are doing to do some
customization to the authentication process. First we are
going to create a custom salt for each user. This will
improve our sites security.
1. Create a custom salt from the ssn
2. Apply custom salt when hashing
11. Authentication Options
Now what we have a custom salt, we are going to modify
the options for authentication.
1. Set the custom salt in the options
2. Store these fields in the session on successful validation
12. Custom Authentication
Now with the custom salt and the new fields to save to a
session set in the options, we can authentication a user on
these credentials.
1. Pass in the fields 2. Pass in the options
13. API Reference
For a better understanding of access levels and role access
in ProdigyView, visit the api by clicking on the link below.
PVSecurity
More Tutorials
For more tutorials, please visit:
http://www.prodigyview.com/tutorials
www.prodigyview.com