PHP Classes
elePHPant
Icontem

PHP Image Based Login: Authenticate users using colored images

Recommend this page to a friend!
  Info   View files Example   Screenshots Screenshots   View files View files (8)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2014-07-23 (2 years ago) RSS 2.0 feedNot enough user ratingsTotal: 535 This week: 1All time: 5,329 This week: 1,047Up
Version License PHP version Categories
image-based-login 1.0Free for non-comm...5.0PHP 5, Graphics, User Management
Description Author

This package can authenticate users using colored images.

It creates an image file in PNG format with random colored pixels.and 5 hot pixels placed based on registration time.

A separate class can check if a given image is the correct one by verifying the RGB values and position of all pixels.

Innovation Award
PHP Programming Innovation award nominee
July 2014
Number 2


Prize: One copy of the Zend Studio
Users are often able to remember better images and colors than text.

This class takes advantage of that principle by letting users authenticate by correctly identifying colored images on login that match the ones presented during registration.

Manuel Lemos
Picture of Alexandru Ocheana
  Performance   Level  
Name: Alexandru Ocheana <contact>
Classes: 1 package by
Country: Romania Romania
Innovation award
Innovation award
Nominee: 1x

Details
This package can authenticate users using colored images instead using username and password.

HOW IT WORKS?
==============
1. At registration proccess the system generate's a .PNG Image (let's reffer to it as "the login key").
   The standars login system use username and password, this package uses "php microtime()" as username, and all the RGB colors of all pixels from THE LOGIN KEY as password.

   Lets take an example for better understanding:
   
Lets suppose that the registration time is "0.12345600 1404123456" -> this is the output of microtime() function.
The class TimeConvert, take this output of microtime() and convert it into RGB colors. It will generat 3 groups like so:
1. array(100, 101, 102) // array(R, G, B)
2. array(150, 151, 152) // array(R, G, B)
3. array(200, 201, 202) // array(R, G, B)

Lets suppose that this groups are the RGB of HOT PIXELS (pixels which store the registration time)
The conversion algorithm is in SCHEMA.JPG

Once the time is converted, we need the class Positioner to set the position of those 3 pixels.
Lets take a .PNG file of 200 x 200 resolution. What this means? That the image is like a table with 200 columns and 200 rows. Also can be named as MATRIX.

Without moving forward, any color is compound of RGB (RED, GREEN, BLUE) intensity. Every value of intensity is between 0 and 255.

So, lets get back to our 200 x 200 resolution image. THE GOAL IS TO INSERT THE converted time, into the image MATRIX. How we do this?
Well ... first of all, we need a rule, that applies to every LOGIN KEY. I call this "entry Points" because they are using the same "algorithm position" like so:

Even we generate an image on 200 x 200 resolution, or 300 x 300, of whatever you want (even random resolution), the "entry point" will be easy to detect.
first entry point will be the floor(width / 2). This means that the system, take the width, in our case 200, divided by 2. If it is a float number, it will rounded to bottom value. For better understanding use this algo: floor(205 / 2) = floor(102.5) = 102

Back to our 200 x 200. As we can see, the first entry point have the coordinates (100, 0).

The second entry point is calculated based on height which means that have the coordinates (0, 100) on the image MATRIX

Once we have have the entry points, lets take care of converted time, and inserting it into LOGIN KEY matrix. What is a pixel by the way? A pixel is a point of an image defined by position and color intensity. the pixel (0, 0) [R, G, B] is the first pixel of an image. So we have the colors intensity of the registration time, but, they are not pixels yet? Why? because they don't have coordinates (positions). We have to generate positions for the colors generated at step 1, but also we have to keep track of that positions.

Who we solve this?
My bet, was like so: 
1st entry point: (100, 0) [R1, G1, B1]
2nd entry point: (0, 100) [R2, G2, B2]

based on this entry points and the generated colors from time, lets combine them, and get the HOT PIXELS (pixel which actually stores the time into LOGIN KEY)

1st time group pixel (R1, R2) [100, 101, 102]
2nd time group pixel (G1, G2) [150, 151, 152]
3rd time group pixel (B1, B2) [200, 201, 202]

In other words, the RED intensity from FIRST entry point and the RED intensity from SECOND entry point define the position of first array generated by TimeConvertor and so on.


Ok, after all of this, the goal was to insert this pixels into the LOGIN KEY:
The class Image take care of this but some little more as follows.

The class Image generats THE LOGIN KEY randomly, and insert the HOT PIXELS. After the HotPixels are inserted, the class is reading the image pixel by pixel, and is building a string based on that key:
Lets suppose a key with resolution 2 x 2 (for simplity)

Matrix:
(0, 0) [100,101,102]	(1, 0)[200,201,202]
(1, 0) [103,104,105]	(1, 1)[203,204,205]

So the string based on this will be:
$matrix = 00100101102102002012021010310410511203204205

So, at registration, save in your database the $matrix variable, and the microtime. As we said in the first line of this, we use microtime as username, and entire LOGIN KEY matrix as password.

After the matrix is stored in database, ask user to download that LOGIN KEY and keep it safe because he will be able to login only with this key.
==============================

At the Login step ... ask the user to provide his key. The class Checker, will take care to reverse the entire algorithm and provide the image matrix and registration time. Once you have this, you can look into your database if the registration time readed from the user provided key exists. If yes, well, we have a potential user, and now, you have to compare if the entire matrix of the provided key is a match with the registered LOGIN KEY.

==============================

After all of this, if someone with bad intentions try to change in any form the login key, it will get a big "GET OUT" :)) from our system.
if you change the dimensions of the picture or a small pixel from that key, or a intensity, the key will not be valid.
==============================

PRO's for this system:
-> a key with rezolution of 200 x 200 is the equivalent of a 500.000 characters password
-> brute force is for past, I quarantee that anyone who try to brute force this, will get dead until he will guess 10 pixels :))

CON's for this system:
I can't find a proper way for "password recovery".
If you have something in mind please don't hesitate to contact me.




Screenshots  
  • Schema.jpg
  Files folder image Files  
File Role Description
Plain text file class.checker.php Class class.checker.php
Plain text file class.hotpixel.php Class class.hotpixel.php
Plain text file class.image.php Class class.image.php
Plain text file class.pixel.php Class class.pixel.php
Plain text file class.positioner.php Class class.positioner.php
Plain text file class.timeconvertor.php Class class.timeconvertor.php
Accessible without login Plain text file index.php Example Example file
Accessible without login Plain text file readme.txt Doc. Read Me

 Version Control Unique User Downloads Download Rankings  
 0%
Total:535
This week:1
All time:5,329
This week:1,047Up