I need to implement authentication in a php app but using fingerprint as part of credentials.
So, sincerely I'm kind of lost here.
1) Do I need a product (reader) with javascript SDK? I've seen some using ActiveX but obviously this will work just for IE. I would like a cross-browser solution here.
2) On server side, I suppose I'll natively call some C/C++/Java libs from my php code. Is it right?
As you can see, any paper/orientation you could give me would be appreciated.
You cannot do this using PHP - it's a scripting language.
However, you can use .NET technologies like C# or VB for hardware porting.
My idea:
Handle authentication using .NET technologies.
Pass the authentication result to PHP using ASP like embedding result in XML/JSON
I don't know how much success rate you will get from this solution, but it's worth a try.
i have came across a library, php_zklib it does seem to work with biometric devices. But Problem is there is no documentation of it over the internet.. I have seen someone Using Fingerprint device for attendance using this library.
Jaison, "you cannot do it" and "PHP" don't belong in the same sentence.
Berserkpi, you can do this in PHP, but only parts of it. I don't know about the hardware but I can generalize the parameters of your project.
Fingerprinting is going to have to be done on some sort of client machine. That means a fingerprint-reading device hooked up to something like a computer, probably through a USB or other serial connection.
I can't tell you how that fingerprinting is going to work, but you'll need to get a program running on the machine that submits your fingerprints for authentication. Those fingerprints are going to be sent to a server, probably through a POST request and a PHP API you've set up. This is going to be the toughest part.
The tough part is that you need those prints to be consistant -- w/web apps you don't get in with a password that kinds of looks like your password; either the user can be authenticated or the password is rejected. With fingerprints that may not be the case.
Whatever it is, so long as it's consistant you can consider it more or less like an MD5 hash. You match it against a hashed version you store in your database and if it matches you authenticate her by generating a token (maybe another MD5) hash that is good for an hour or so.
we made a small app using c# to handle fingerprint scanning and converted the output to binary file. theoretically it shd be compared with wats available on the server and returns a result which determines if the user gets authenticated or not.
another method is to use a windows app that works with the fingerprint hardware and posses a simple web browser.
once the user gets authenticated it will call a url with and arg that only the coder knows.
Look at here. They have Java, PHP, web app aupported SDK and hardware for biometric authentication.
http://www.m2sys.com/bioplugin/