Download the PHP package simon_massey/thinbus-php-srp-demo without Composer

On this page you can find all versions of the php package simon_massey/thinbus-php-srp-demo. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of simon_massey/thinbus-php-srp-demo

Informations about the package thinbus-php-srp-demo

Thinbus SRP PHP Demo

Copyright (c) Simon Massey, 2015-2017

This is a demo of the Thinbus SRP PHP implementation of the SRP-6a Secure Remote Password protocol. It demonstrates generating a password verifier at the browser which is saved at the server to use to authenticate the user.

Note Please read the Thinbus documentation page before attempting to use this demo code which is the project where the JavaScript came from which outlines some best practices.

Trying The Demo

This demo lets you test the library with your PHP version and use browser developer tools to inspect the AJAX traffic. Be sure to test locally on your workstation with the exact same version of php on your server before trying to deploy on your server!

Note the built in webserver is very slow compared to the way that a webserver runs PHP. See the recommenations below.

The Demo Application

This work is based on Ruslan Zazvacky's SRP PHP demo and registers users into a SQLite database. You shouldn't be using a SQLite database you should use the main database of your main application (and possibly a distributed cache to store the temporary state created during authentication if you don't want to put that into your main database). This demo is very artificial as it only uses AJAX to confirm that authentication is successful. With a real application after authentication the browser should load a main application page in a traditional (not AJAX) way to force the cleanup of any traces of the password as recommended on the Thinbus page. The demo also doesn't cover authorisation (which uses can see what, which pages are public, which pages are not).

The demo saves the use salt and verifier in an SQLite flat file database at /tmp/srp_db.txt. The location is configured in require.php which also shows where composer installs the Thinbus PHP library code. The demo application comprises of the following top level php demo files that you probably don't want to use in your own application:

It is expected that you create your own code for loading and saving data to a real database. Do not use my SQLLite or RedBean code. Only use the PHP files installed under the vendor folder when you run composer update. It is expected that you use your own code for handling authorisation of which pages users can or cannot access. Trying to modifying the demo files to support your application may be far harder than just modifying your current application to simply use the core Thinbus library at thinbus\*.php.

Please read the recommendations in the main thinbus documentation and take additional steps such as using HTTPS and encrypting the password verifier in the database which are not shown in this demo.

Big Thanks

Cross-browser Testing Platform and Open Source <3 Provided by [Sauce Labs][homepage]

Using Sauce Labs the demo app code thinbus-php-srp-demo has been tested to work on:

Troubleshooting

If you are having problems first check that the PHP unit code runs locally on your worksation using the exact same version of PHP as you run on your server:

If all test pass should output a final line such as OK (xx tests, yyy assertions). If not raise an issue with the exact PHP version and the output of phpinfo();

Next run the local built in webserver on your workstation and try to register then authenticate (note that successfuli authentication only writes "Success" in a green banner on the login page):

If that doesn't work try a couple of different browsers (chrome, firefox, edge/safari) to check if it is a browser JavaScript compatibility problem. Use your favourite browsers developer view to look at the network traffic to see if it corresponds to the diagrams above. Supply the details of the browser traffic in any issue that you raise. Then raise an issue naming all the browser versions you tested with and the results. Bonus marks for using the browser developer tools to capture the network traffic (particularly the AJAX calls) to see if the server put any error messages into the traffic which may break the demo code. Further bonus marks for including any browser JS console output and any PHP scripting engine logs which may indicate what the problem might be.

If you got this far and couldn't find any problems with the demo code running locally then next try deploying the demo code to your main webserver. Your webserver might not have permission to write to /tmp/srp_db.txt see the documentation above about where that is hardcoded in the demo to change it. If the demo works locally but doesnt work on your main server then I suggest you use the browser developer tools to compare the network traffic (particularly the AJAX calls) that happen when running locally verses running on your main server to see if the server traffic indicates a server configuration problem. Typically the AJAX resonpse from the server pukes up a warning message that the browser cannot parse. Try to fix the PHP warning message before raising an issue as its normally something missing from a custom PHP install.

If the PHP code is running very slow on your server then its likely that your server is missing some native libraries that PHP normally uses. When this is the case the PHP engine runs much slower than the webbrowser. This is not something that I can debug for you so please don't raise an issue. Instead ask a question on stackoverflow or another stackexchange site about your OS and PHP version asking whether there are "known issues" of code running slowly that can be fixed by changing settings or installing native libraries. (The typical one is to install openssl and the php library which uses it.)

License

End.

All versions of thinbus-php-srp-demo with dependencies

PHP Build Version
Package Version
Requires php Version ^5.6 || ^7.0
simon_massey/thinbus-php-srp Version ^1.8
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package simon_massey/thinbus-php-srp-demo contains the following files

Loading the files please wait ....