PHP Classes
elePHPant
Icontem

Secure Token Grid Authentication: Generate grid of tokens, authenticate user with it

Recommend this page to a friend!
  Info   Screenshots Screenshots   View files View files (9)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2008-04-22 (8 years ago) RSS 2.0 feedNot enough user ratingsTotal: 1,723 All time: 2,206 This week: 906Up
Version License PHP version Categories
tokengrid 1.3GNU Lesser Genera...5.0HTML, User Management, Security
Description Author

This class can be used to generate a grid of tokens to authenticate users similar to those that banks provided to users to avoid account abuses after phishing attacks.

It generates a bidimensional array of tokens of limited length with letters and digits.

The generated grid is seeded by a given secret salt string and a specific id that may be used to generate unique grids for different applications and users.

The class may also verify whether a token entered by the user corresponds to a token of a random grid position.

The grid tokens may also be formatted in an HTML table for presentation in Web pages. A sample PDF extended class is also provided to create PDF documents with included grid (using the LGPL http://www.tcpdf.org library)

Innovation Award
PHP Programming Innovation award nominee
April 2008
Number 7


Prize: One copy of VS.PHP
Phishing attacks have been causing many victims that have their bank accounts robbed by crackers that steal their account passwords.

Many banks are now giving their clients special cards with tables of token codes to increase the security and make it harder to steal accounts of phishing attack victims.

This class provides a solution to generate token code tables from PHP, as well to validate the codes entered by a site user.

Manuel Lemos
Picture of André Liechti
  Performance   Level  
Name: André Liechti <contact>
Classes: 7 packages by
Country: Switzerland Switzerland
Innovation award
Innovation award
Nominee: 7x

Winner: 2x

Details
tokengrid, a strong authentication token grid PHP class

Last update: 2008-04-23, release 1.3

The tokengrid class is a Strong Authentication Token Grid solution
to secure the access to sensitive data through the Internet.
It is a good protection against Sniffing and Phishing processes.

This kind of token cards are also used by some Swiss Banks for
authentication purpose.

This class provides everything to implement a complete solution,
including ready to print token grids in XHTML format.

Array-based intermediate output can be used to produce
PDF token grids using for example TCPDF (www.tcpdf.org).



USAGE

require_once('tokengrid.class.php');
$token_grid = new TokenGrid([$x_grid_size = 10[, $y_grid_size = 10[, $token_length = 4[, $grid_salt = 'T@kenGr!D']]]])



EXAMPLES

Example 1 (create a grid)

    require_once('tokengrid.class.php');
    $token_grid = new TokenGrid(10, 10, 4, "MySalt");
    echo $token_grid->GetXhtmlGrid("SpecificUserId");


Example 2 (ask for a token)

    require_once('tokengrid.class.php');
    $token_grid = new TokenGrid(10, 10, 4, "MySalt");
    $random_position = $token_grid->GetRandomGridPosition("SpecificUserId");
    echo "Please enter the token at the position ".$random_position;


Example 3 (check a token)

    require_once('tokengrid.class.php');
    $token_grid = new TokenGrid(10, 10, 4, "MySalt");
    if ($token_grid->CheckToken($_POST['random_position'], 'SpecificUserId', $_POST['token']))
    {
        echo "Token is valid";
    }



LICENCE

Copyright (c) 2008, SysCo systemes de communication sa
SysCo (tm) is a trademark of SysCo systemes de communication sa
(http://www.sysco.ch/)
All rights reserved.

The tokengrid class is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.

The tokengrid class is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with the tokengrid class
If not, see <http://www.gnu.org/licenses/>.
Screenshots  
  • tokencard.png
  Files folder image Files  
File Role Description
Plain text file tokengrid.class.php Class Main file, class definition
Accessible without login Plain text file tokengrid.demo.php Example Simple demo file
Accessible without login Plain text file tokengrid.pdf.class.php Example OPTIONAL - PDF token creation extended class demo (needs www.tcpdf.org)
Accessible without login Plain text file tokengrid.pdf.demo.php Example OPTIONAL - PDF token creation demo (needs www.tcpdf.org)
Accessible without login Image file demo.bank.png Data Clipart for PDF demo output
Accessible without login Image file demo.logo.jpg Data Clipart for PDF demo output
Accessible without login Plain text file README.TXT Doc. README FILE
Accessible without login Plain text file COPYING.LESSER Lic. LGPL Version 3.0
Accessible without login Plain text file COPYING Lic. GPL Version 3.0

 Version Control Unique User Downloads Download Rankings  
 0%
Total:1,723
This week:0
All time:2,206
This week:906Up