Quick and Dirty Single User Authentication System

A quick and dirty, hacked together, simple to use, self-contained, single-user system? Yes there is such a program, authent.php is just that. Also, it's licensed under a quite liberal licence. It doesn't have lockfiles, it doesn't have multiple passwords or one-time passwords or any thing fancy beyond simple hashing. But it does work.

Also, the name is a bit of a misnomer. It is no longer a "dirty" program, and I believe that it is quite an all right program actually.

QDSCSUAP has a number of features, including password hashing, CHAP, black and white lists based on IP addresses and user agent strings, and other things.

Of course, it is susceptible to man-in-the-middle attacks. E.g., someone could easily modify the JavaScript before it reaches you, to make sure the password is sent in the clear so that they can read it. Therefore, use SSL/TSL instead.

The current version of authent.php is .10.1.

Q&A

I keep getting an 'Indeterminate Error', what gives? There are various reasons for this error to come up. Mostly related to how the administrator of the program has set it up. If clearing any cookies for the site doesn't clear up the problem, contact the admin.

I *am* the administrator! Well, if you hadn't have touched anything, then you wouldn't have a problem would you.

Features

authent.php is quick, simple and easy single user authentication program.

At it's simplest it offers a method of protecting PHP based applications. It uses Challenge Handshake Authentication Protocol (CHAP) to prevent both the clear text of the password, and the MD5 hash of the password, from ever being sent 'over the wire'. The password is also hashed before it is stored, so the clear text is not stored or ever transmitted.

Advanced features include:

Issues.

Basically this program is not meant for anything really secure. Seriously, use SSL/TSL if security is important for you. I use it for my news setups and for Generic Tables (though only as a interim measure). It is susceptible to MITM attacks and to password stealing due to the very insecure use of MD5 as the hash function. Make sure to use a different password for all your applications and logins.

license

Copyright 2008 - 2012 by Michael Harris, http://next-nexus.info/harrismw 
This program is free software. Permission to use, copy, modify, and/or 
distribute this software for any purpose with or without fee is hereby 
granted, provided that the above copyright notice and this permission 
notice appear in all copies. 
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR 
BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES 
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, 
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 
SOFTWARE.

Site & page info (footer)

Mostly handcrafted by Michael, this website was designed to standards, with the highest quality in mind, and in result. The code and content is freely available.

This page is located at http://next-nexus.info/webdev/authent/ and was last modified on 2011-04-25.