current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 1 down vote favorite

Authentication and keeping information secure is my goal with writing my Authentication class while making sure it is extendable completely as possible over making it usable for anything over just hashing passwords.

I believe I have made it simple as possible to allow it to hold its own as a class by itself for hashing, generating strings, and making sure that the majority of the data that will be passed through the class is secure as possible.

<?php

/**
 *   Package:  reAuth Class
 *   Authros:  Traven West
 *   Created:  June 2014
**/

/**
 *   Base Authentication Class
 *   Returns, generates, and hashes string values securely with proven 
 *   algorithms and class structure.
**/

class Authentication {

    //  Information for this authentication object
    protected $_data = array();

    //  The object used to generate salts and passwords
    protected $_hashFunction;

    //  Authentication key object
    protected $_authKey = 'PS1eFzMWSGImNOhFfdAliW9maPPm6t4TJBGW31yViVVP9WC0umF6l2F3TOD0kkZj';


    public function __construct() {
      $this->_authKey = $authKey;
      $this->_setupHash() = $hashMethod;

      //  Sets the authentication as sha512/sha256
      $authKey = $hashMethod();

      return $authKey;
    }

    protected function _setupHash() {
        if($this->_hashFunction) {
            return;
        }

        if(extension_loaded('hash')) {
            //  Default hashing algorithm
            $this->_hashFunction = 'sha512';
        }
        else {
            //  Backup option if not sha512 not supported
            $this->_hashFunction = 'sha256';
        }
    }

    //  Perform the generation of the hash based on the function set
    protected function generateHash($data) {
        $this->_setupHash();
        switch($this->_hashFunction) {
            case 'sha512':
                return hash('sha512', $data);
            case 'sha256':
                return hash('sha256', $data);
            default:
                $message = 'Unknown hash type.'
                throw new Exception($message);
        }
    }

}

I strongly believe that SHA512 is supported on all machines now, but I do have to allow the occasion that it may not and revert back to SHA256. Another goal is to create a 64-bit string as the output, if not longer.

share|improve this question

closed as off-topic by Elias Van Ootegem, Malachi, Simon André Forsberg, Marc-Andre, palacsint Jun 29 at 17:40

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • "Questions containing broken code or asking for advice about code not yet written are off-topic, as the code is not ready for review. Such questions may be suitable for Stack Overflow or Programmers. After the question has been edited to contain working code, we will consider reopening it." – Elias Van Ootegem, Malachi, Simon André Forsberg, Marc-Andre, palacsint
If this question can be reworded to fit the rules in the help center, please edit the question.
    
Does this code work? Are $authKey and $hashMethod supposed to be constructor args? The statement $this->_setupHash() = $hashMethod; is illegal since you cannot write to a function's return value. Why don't you use _authKey or _data in the class? –  David Harkness Jun 29 at 7:29
    
Voted to close: questions containing incomplete or broken code are considered off-topic on this site. What is broken is not ready to be polished, yet: fix it first, then beautify it –  Elias Van Ootegem Jun 29 at 13:33

1 Answer 1

up vote 3 down vote

What exactly are you authenticating, i only see "password" in your question, in which case take a look at the following:

I learned recently that PHP has its own function for password hashing password_hash() http://www.php.net/manual/en/function.password-hash.php

As of PHP 5.3.2 SHA512 has been supported natively with the PHP libraries, you shouldn't have a problem using it.

If you want encryption/decryption I would recommend you look at AES encryption algos - either through MySQL if you have your data stored in the database, otherwise mcrypt can also manage AES.

http://uk3.php.net/manual/en/book.mcrypt.php

share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.