DevArticles has posted the second in the "Building a CHAP Login System" today - Coding Server-Side Random Seeds.

Welcome to the second part of “Building a CHAP login system.” In three parts, this series introduces the basics of building a web-based login system that uses the Challenge Handshake Authentication Protocol (hence the CHAP acronyms), explaining its benefits, and exploring its implementation.

With the key concepts well understood, over this second part, attention will be turned to the server side, where authentication takes place. For this purpose, I’ll be illustrating some methods for generating random seeds, ranging from simple semi-random string generators to slightly more complex procedural approaches. Since all of the server source code will be developed in PHP, it shall be extremely easy to adapt it to working with the language of your choice.

They start off by taking a look back at the previous setup as a review, then jump right into restructuring it to add the random seeds into the mix. The getRandomString function in the Javascript does the work of creating the seed, then, with the help of some PHP on the server, that seed is verified for the login. Keep an eye out for the next and last article in the series where the PHP will be transofrmed into OOP code versus procedural...