Security Questions

Gatekeeper includes the concept of security questions to act as a secondary mechanism for authenticating the user. Instead of trying to provide a set of questions with the installation, the tool only provides the functionality to create and verify the answers.

The answers for the questions are stored as bcrypt strings instead of in plain-text to prevent simple exposure if the database is compromised. It currently uses the password hashing handling in PHP for hash creation and verification. It evaluates the hashes directly and, as such, the answer is case sensitive and must match the answer exactly.

Additionally, Gatekeeper also prevents the user from providing an answer that's the same as their current password.

Adding a question

To add a security question for a user, you'll need to first find the user then call the addSecurityQuestion method on that user object:

<?php
$user = Gatekeeper::findUserById(1);
$result = $user->addSecurityQuestion(array(
    'question' => 'What...is your favorite color?',
    'answer' => 'Blue...no, yellow!'
));

if ($result === true) {
    echo 'Question added successfully';
}

?>

Getting a user's questions and answers

You can get the list of questions for a user by using the securityQuestions property:

<?php
$user = Gatekeeper::findUserById(1);

// Returns a collection object of the user's questions
$questions = $user->securityQuestions;
?>

Validating the answer given

You can use the verifyAnswer method on the SecurityQuestionModel object to verify the answer to the given question. For example, we can pull the questions and check to be sure the answer to the first one is correct:

<?php
$questions = Gatekeeper::findUserById(1)->securityQuestions;
$answer = "this is my answer that's correct";

if ($questions[0]->verifyAnswer($answer) === true) {
    echo 'The answer was correct!';
}
?>