- Introduction
- Getting Started
- Creating a Password for Our AJAX Requests
- Making a Password-Protected AJAX Request
- Verifying the AJAX Request
- Conclusion
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Creating a Password for Our AJAX Requests
In order to make a password-protected AJAX request, we’ll need to create a method that produces the password. Since this is a password that we’re creating for security reasons, we should use a server-side language to produce the password, so that the code is hidden from the client. This wouldn’t be the case if we used JavaScript to produce the password, because the code would be accessible to any savvy web user. For these reasons, we’ll use PHP to produce the password that we’ll send along with our AJAX request.
First, we need to create a PHP class that will contain all of the code that we write for password management. Let’s name this class PasswordManager. We’ll make this class a Singleton, meaning that it can be instantiated only once. The idea is that we can access it from anywhere in our application without having multiple instances of the object. Here’s the code to create the class and make it a Singleton:
<?
class PasswordManager
{
private function PasswordManager(){}
public static function getInstance()
{
static $instance;
if (!is_object($instance))
{
$instance = new PasswordManager();
}
return $instance;
}
}
?>
Now that we have our Singleton object created, we’ll add a string named $pass, which will be equal to any custom string that we choose. This property should be changed to something unique; I simply used the value mypassword as a default. (If you’re planning to use this object in your AJAX applications, it’s very important to change the password to your own string—and possibly change it frequently.) Here’s the code to add the $pass array to our PasswordManager object:
private $pass;
private function PasswordManager()
{
$this->pass = "mypassword";
}
We have made the $pass property private so that the password cannot be retrieved from outside of the class. When we have our password ready, we can add a method to be used to create a cookie version of our password on the server side and use it to protect our requests. We’ll create a method named createPassword to handle this functionality:
public function createPassword()
{
// Set a cookie with an encrypted version of the password for one day
setcookie("uid", md5($this->pass), time() + 86400, "/", ".krishadlock.com", false);
}
The createPassword method is fairly simple, as it doesn’t take any parameters and returns a unique password with little effort. The code in this method sets a cookie named uid on the server with a value that’s an MD5-encrypted version of our $pass property. The cookie is set to expire in a day in case the user is on a shared computer and other users have access to the application that we’re creating. The next parameter is the domain in which the cookie is saved, which makes it harder for a hacker to fabricate a cookie. The last parameter is a Boolean value that indicates whether the server is secure or HTTPS, which in this case is equal to false.