Quite some time ago I published on another site (http://www.teqhead.com) a flash-based tutorial on how to use TrueCrypt, the FREE open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux.

While the version I based the how-to on is a few releases behind now, the principle and the general functionality all remain the same.

You can choose to view on line by going to the following link: http://www.poscribes.com/files/truecrypt.swf

Or you can choose to download the external application for viewing in your own time, at the bottom of this post or here.

Enjoy!

Dave

The script that follows provides for an example way to use PHP to connect to a MySQL database through the use of a PHP Function.

The code that follows I will call db.php


<?php
function connect($sql)
{
// The following values should all be adjusted to suit your MySQL install.
$host="localhost";
$user="root";
$pass="password";
$db="users";
if(!($connect=mysql_connect($host,$user,$pass))){
printf("Error connecting to the database");
email_error("Server Connection Error", mysql_error());
}
if(!($dbselect = mysql_select_db($db, $connect))){
printf("<p>Error connecting to the database</p>");
email_error("Database Connection Error", mysql_error());
}
$result=mysql_query($sql);
if (mysql_errno() == 0){
return $result;
}
else {
email_error($sql, mysql_error());
$result = "Null";
}
}
?>


Being the ever vigilant system administrator we want the site to alert us of failed connection errors, which may be hack attempts. To do so we can get the web server to send out via it's predefined mail connector (look in your php.ini file) an email message with the error details. This could very easily be included as part of another file but sometimes it is just easier to have all of your functions reside in one location and include them from there.


<?php
// Begin the function that will send us email alerts following failure
function email_error($reason, $error)
{
$from = "alert@mydomain.com";
$headers = 'MIME-Version: 1.0\n';
$headers.= "Content-type: text/plain; charset=iso-8859-1\n";
$headers.= "X-Priority: 3\n";
$headers.="X-MSMail-Priority: Normal\n";
$headers.="X-Mailer: php\n";
$headers.="From:\"".$from."\"<".$from.">\n";
$sendto = "me@mydomain.com";
$subject = "MyDomain Error Notice";
$time = date("Y-m-d H:m");
$m1 = 'Site Error - Application Functionality Failed At '.$time."\n\n";
$m2 = 'GENERAL ERROR MESSAGE: '."\n".$reason."\n\n";
$m3 = 'MySQL ERROR MESSAGE: '."\n".$error."\n\n";
$m4 = 'Regards,'."\n\n";
$m5 = 'Automatic Pilot';
$message = $m1.$m2.$m3.$m4.$m5;
mail($sendto, $subject, $message, $headers);
die("<p>There was a problem with the database</p>");
}
?>


Then to use the above database connection function (with integrated email alerts) you would call it in a manner like this:

Example.php


<?php
//include the database connection function file db.php
include("include/db.php");
//remember that the connect function relies on the input supplied through the variable $sql.
$sql = "select * from member where username='dave.evans'";
$resultset = connect($sql);
if ($resultset){
// Do something
while($row=mysql_fetch_array($resultset)) {
echo ("Resultset is: ".$row['username']."<br>");}
}
else {
// Do something else or nothing at all

}
?>

That's all there is to it. Enjoy!

Quite some time ago I put together a proof of concept illustrating the relative simplicity by which a multi factor authentication system, sometimes referred to as two factor authentication could be established for web services.

My basic design concept was to use server-side technologies to create and store an authenticated session key having achieved strong authentication with the client browser.

A couple of design parameters that I set myself early on during the development stage was to ensure ease of integration with existing web sites and the lowest possible cost in development time and maintenance while achieving the primary goal of strong authentication.

Having achieved this basic concept (a demo site can be seen at http://www.david-c-evans.com/mfa) I have now decided to breath new life into the project and improve upon the design while hopefully streamlining the and enhancing the code.

**NOTE: There appears to be a problem with the demo site login right now. I will fix this very shortly. ** - ALL FIXED NOW!!!

This time around my goal is to build upon the original design and include mutual authentication aspects along with adopting a 'captcha' style element for masking the extended authentication request from the server.

To track the design enhancements I have decided to resurrect the forum once attached to this site to show code changes and improvements to this new release not only by myself but also any other individuals who wish to contribute to the project. Of course I am providing this as an Open Source development effort for all to use as they see fit.

I'll update this page when I have the code available for download as a package along with the relevant SQL backend.

Until then watch this space!