PHP Classes

PHP Mnemonic Secret Path Login: Detect human users telling to click on page places

Recommend this page to a friend!
  Info   Documentation   Screenshots   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 131 All time: 9,344 This week: 455Up
Version License PHP version Categories
php-mnemoniclogin 1.0.0Custom (specified...5PHP 5, Databases, Graphics, Security
Description 

Author

This package can detect human users telling to click on page places.

It can store a set of images in a database using PDO.

The pictures can be used to display a sequence that the user needs to memorize like a password to authenticate that he is the person that knows the secret image sequence.

The class can display a secret sequence of pictures that the user can tell that he knows the sequence by clicking the pictures by the correct order.

Alternatively, the user may also enter the correct sequence as a password entered by the keyboard.

Innovation Award
PHP Programming Innovation award nominee
April 2018
Number 3
Passwords are a very common way to identify people that know a secret text that is used to verify they are who they claim they are.

However, text passwords are problematic because people tend to forget them, especially on systems that require them to use uncommon characters in the password text.

This package provides a different approach to entering passwords that allows people to either enter a secret password as text, as well as a sequence of images that need to be clicked by the right order.

Manuel Lemos
Picture of zinsou A.A.E.Moïse
  Performance   Level  
Name: zinsou A.A.E.Moïse is available for providing paid consulting. Contact zinsou A.A.E.Moïse .
Classes: 50 packages by
Country: Benin Benin
Age: 34
All time rank: 6761 in Benin Benin
Week rank: 215 Up1 in Benin Benin Equal
Innovation award
Innovation award
Nominee: 23x

Winner: 2x

Documentation

When i write this package i was hesitating about the name i will choose, So in the complete lake of inspiration i call it first and simply CTC for Click to connect.And after writing it i just forget it somewhere and said to myself :soon i will publish it.But one day while browsing the PHPCLASSES PACKAGES BLOG rubric i found an article of Dave Smith that was talking about SECRET PATH.So i decided finally to call my package PHP MNEMONIC SECRET PATH LOGIN. Secret path for what it means and MNEMONIC for the help the package brought to user in the process of keep in head and memory his password... Finally i think that it will be called as you( developers that will download it) name it. This package use a secret path approach that consist to make users click on different cases of some table with as background some own chosen picture as many times as they want to build their own secret path which would be salted and encrypted before saved in a database as login password. With this mnemonic they will be able without knowing a difficult password, to connect to their account securely.The package allows each user to upload many pictures; to choose both keyboard pass and CTC pictures pass; or just one of the two methods but also allows when users has uploaded at least two pictures with secret path, to choose a random login picture to connect. One can even increase the mnemonic level by showing a grill to let user know exactly where he click even if this is less beautiful. The package got a constant called complexity that make the password more secure when increased or less when turned down. For example a complexity of 10 leads to 100 compartments to click on so if we add the detail that user can click 1,2,3...or as many times he want, that leads to a secret path seriously complicated to know even for a computer that could be broken while trying to find it with a force brute algorithm.By default i use 50 as complexity that leads to 50*50(2500) compartments to click. suppose a second that complexity is 50 and you click 3 times so the possibilities of choice is 15 625 000 000. then suppose that user is completely lunatic and want to click just 30 times to make a stronger secret path, this increase the number of possibilities to about 8.6736173798840354720596224069595e+101 as he can click on the same compartment or change ... The mathematical notion behind this, is : when we take n the times, user choose to click and p the number of compartments, the order of click count but also user can click on the same compartment so a result is a n-list of compartments chosen in a set containing p compartments.The number of possible results is pow(p,n)... The max of complexity suggested is 100 in order to not break the design. The min of complexity suggested is 2 . The main difficulty for a brute force algorithm will be that nobody knows how many times user click and in what order but also the generated password is salted before hashing. This way the secret path will be very difficult to guess. One other contribution is that the package fortify the human factor that will be no more weak because no more need to write a password somewhere.And This brings more security to the PHP authentication system. Of course programmers need to combine it with TLS protocol to be sure that there won't be a password sniffing and others.An alternative could also be to use the precious package PHP Form Encryption of Francisco del Aguila <faguila@alboran.net> that can be found in the PHP CLASSES REPOSITORY,to make the form submission more secure.Maybe the next release will include it directly... Sorry for the design too; maybe this will be also changed in the next release. The package doesn't got specific documentation, the only way to know more on the code is to look at the implementation. But the main functionalities of the package come from This file src/ctc.php which contains a class with the same name; And this another file src/clicktoconnect.php.The two files are really easy to understand. For the how to use it is simple: copy the folder where you want to use it; import the database and all is done.Of course you need to change your database details and other in the config.php file. For issues and other, use the forum or contact me at leizmo@gmail.com Ps: the default password is admin for the user mail leizmo@gmail.com ,pseudo zinsou and the fake phone number 069659655. The package doesn't take care of registration and the design is really minimalist. It is just a system to show how to help user to remember of their password with mnemonic secret path. Also keep in my mind that for the development i used Jquery and jquery-ui files which were stored locally But the uploaded package use jquery from http://code.jquery.com so if the package doesn't work as expected open your development tool to be sure that jquery has been really loaded. I know you know but Never forget that your salt must be choose once and definitively before start registering users with this in production or you must have a new salt policy otherwise you and your users couldn't connect if you change the salt. This is because i don't use the password_hash function on each password. An example of policy when you change your salt is: add a field in the table of users that keep track (eg: set(oldsalt,newsalt)) if the user didn't yet change his password on the new salt you keep use the old for him and if he did you can use the new one.

Screenshots (11)  
  • ctcsnap0.PNG
  • ctcsnap1.PNG
  • ctcsnap10.PNG
  • ctcsnap2.PNG
  • ctcsnap3.PNG
  • ctcsnap4.PNG
  • ctcsnap5.PNG
  • ctcsnap6.PNG
  • ctcsnap7.PNG
  • ctcsnap8.PNG
  • ctcsnap9.PNG
  Files folder image Files (36)  
File Role Description
Files folder imageassets (3 directories)
Files folder imagedatabase (1 file)
Files folder imagesrc (3 files)
Accessible without login Plain text file addapass.php Aux. auxilliary script
Accessible without login Plain text file addyourpassnow.php Aux. auxilliary script
Accessible without login Plain text file Ajaxcombox.php Aux. auxilliary script
Accessible without login Plain text file array_column.php Aux. auxilliary script
Accessible without login Plain text file besureofsize.php Aux. auxilliary script
Accessible without login Plain text file changepass.php Aux. auxilliary script
Accessible without login Plain text file config.php Conf. config file
Accessible without login Plain text file connexion.php Aux. auxilliary script
Accessible without login Plain text file doconnect.php Aux. auxilliary script
Accessible without login Plain text file dologout.php Aux. auxilliary script
Accessible without login Plain text file getpreferences.php Aux. auxilliary script
Accessible without login Plain text file index.php Aux. auxilliary script
Accessible without login Plain text file license.txt Lic. license file
Accessible without login Plain text file preferences.php Aux. auxilliary script
Accessible without login Plain text file readme.txt Doc. readme
Accessible without login Plain text file setpreferences.php Aux. auxilliary script

  Files folder image Files (36)  /  assets  
File Role Description
Files folder imagecss (1 file)
Files folder imageimg (2 files)
Files folder imagejs (2 files)

  Files folder image Files (36)  /  assets  /  css  
File Role Description
  Accessible without login Plain text file style.css Data css file

  Files folder image Files (36)  /  assets  /  img  
File Role Description
  Accessible without login Image file DONE.png Data Done image
  Accessible without login Image file loader.gif Data loading image

  Files folder image Files (36)  /  assets  /  js  
File Role Description
  Accessible without login Plain text file ahpwcheck.class.min.js Aux. javascript class source to check passwords requirements
  Accessible without login Plain text file jquery.form.js Aux. javascript class source to automatically submit forms

  Files folder image Files (36)  /  database  
File Role Description
  Accessible without login Plain text file clictoc.sql Data mySql database dump file

  Files folder image Files (36)  /  src  
File Role Description
  Plain text file clicktoconnect.php Class class source
  Plain text file combox.php Class class source
  Plain text file ctc.php Class class source

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 0%
Total:131
This week:0
All time:9,344
This week:455Up