A quick and dirty, hacked together, simple to use, self-contained, single-user system? Yes there is such a program, authent.php is just that. Also, it's licensed under a quite liberal licence. It doesn't have lockfiles, it doesn't have multiple passwords or one-time passwords or any thing fancy beyond simple hashing. But it does work.
Also, the name is a bit of a misnomer. It is no longer a "dirty" program, and I believe that it is quite an all right program actually.
QDSCSUAP has a number of features, including password hashing, CHAP, black and white lists based on IP addresses and user agent strings, and other things.
The current version of authent.php is .10.1.
I keep getting an 'Indeterminate Error', what gives? There are various reasons for this error to come up. Mostly related to how the administrator of the program has set it up. If clearing any cookies for the site doesn't clear up the problem, contact the admin.
I *am* the administrator! Well, if you hadn't have touched anything, then you wouldn't have a problem would you.
authent.php is quick, simple and easy single user authentication program.
At it's simplest it offers a method of protecting PHP based applications. It uses Challenge Handshake Authentication Protocol (CHAP) to prevent both the clear text of the password, and the MD5 hash of the password, from ever being sent 'over the wire'. The password is also hashed before it is stored, so the clear text is not stored or ever transmitted.
- It is easy to use (simply put require('authent.php') at the top of your PHP program).
- It is easy to install (simply copy the program where it is needed, and modify three constants in it).
Advanced features include:
- Black and white listing, based on IP address and user agent.
- Logging of login attempts, and/or all views of the authentication script.
- Ability to prevent access before, and/or after specified times.
- Easy to have multiple copies of the program protecting different things (change the constant qd_A_AUTHENT_COPY).
- A basic method of locking out users after a set number of failed login attempts.
Basically this program is not meant for anything really secure. Seriously, use SSL/TSL if security is important for you. I use it for my news setups and for Generic Tables (though only as a interim measure). It is susceptible to MITM attacks and to password stealing due to the very insecure use of MD5 as the hash function. Make sure to use a different password for all your applications and logins.
Copyright 2008 - 2012 by Michael Harris, http://next-nexus.info/harrismw This program is free software. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.