Kaay eKaay
Hauptseite | Demo     En
This webpage is only available in English.

Preparation Portal Server


The following 6 scripts and snippets have to provided by the portal server. They constitute the interface to the eKaay server.

In total this won't be more than 30 lines of code, see the full-text PHP examples for the 6 scripts and snippets on the bottom of the page.

The following descriptions give the specifications for these scripts and snippets. Once these are supplied and integrated on the portal server side, it will be on the eKaay server side just a matter of settings (steps 2 to 5 of the eKaay-Server implementation procedure) in order to have eKaay up and running.

LOGIN: (1 public script, 1 fixed html line)

(L-1) Spec for the public script ekaayLoginRequest.zzz

There already exists a public script at the portal server which receives a username and a password as parameters, then directly or indirectly calls a script which checks whether the password is valid for that user, and if it is valid the public script opens a browser session for that user.

For eKaay we need the following similar script: We need a public script ekaayLoginRequest.zzz at the portal server which receives a username and a token as parameters of type string, then (instead of asking for the correctness of the password) asks the eKaay server whether the token is valid for that user, and if it is valid the script opens a browser session for that user.

''Asking the ekaay server'' in the previous sentence means in detail: calling the URL
with parameter names 'user' and 'token', and 'https://www.my-ekaay-server.com' replaced by the eKaay server URL. If the reply of the checkToken.php script is 'ok' (2 letters) than the token is valid, otherwise it's not.

(L-2) Spec for the html line on the login page:

Add the following fixed html line to the portal server login page:

<p><iframe frameborder='0' src='https://www.my-ekaay-server.com/ekaay/ekaaycore/proxy/www/' style='margin:10px;width:225px;height:275px'></iframe>

Replace 'https://www.my-ekaay-server.com' by your eKaay Server URL.

ACTIVATION (1 internal database table, 1 internal function, 1 html line, 1 public script)

(A-1) Spec for an internal database table ekaay_revtoken

The database table ekaay_revtoken has to have 3 columns for username, revtoken und timestamp.

(A-2) Spec for an internal function ekaayCreateReverseToken()

The function has a string user as input parameter and returns a string. The function first produces a random string named revtoken consisting of at least 8 letters+digits [a-zA-Z0-9]. It then stores the triple (user, revtoken, current time) in the internal database table ekaay_revtoken. Finally, the function returns the string revtoken.

(A-3) Spec for the html line on the user page:

Add the following html line to the user page of the portal server:

<p><iframe frameborder='0' src='https://www.my-ekaay-server.com/ekaay/ekaay/ekaaycore/proxy/www/?p=register&user=$user&revtoken=$revtoken' style='margin:5px;width:570px;height:450px'></iframe>

The variables $user and $revtoken have to be dynamically replaced by their portal server environment values. $user is the name of the user currently logged in, and $revtoken is the value of the function ekaayCreateReverseToken($user), see above, which has to be executed during the generation of this webpage. See the PHP example below.

Replace 'https://www.my-ekaay-server.com' by your eKaay Server URL.

(A-4) Spec for a public script ekaayCheckReverseToken.zzz

The script has two strings user and revtoken as input parameters (parameter names: 'user' and 'revtoken'). The script looks up in the internal database table whether an entry (user, revtoken, timestamp) exists. If this is the case, it checks whether the entry is still valid, i.e. whether the stored timestamp and the current time do not differ more than n seconds, with 300 (5 minutes) as an recommended value for n. If this check is positive, the script returns the string "ok" (2 letters), in all other cases it returns the string "notok".

Remark. In case the database of the eKaay server and the one of the portal are the same, specs A-1 and A-4 are already put into code by the eKaay package. In other words: In that case the database table is already there, likewise the check reverse token script, i.e. it is enough to take care of specs A-2 and A-3.

PHP/mySQL Example

PHP examples of the 6 scripts and snippets will be shown.


(L-1) Example of the public script ekaayLoginRequest.php

The public script ekaayLoginRequest.php is the most difficult of the 6 snippets.

Let the portal server login script (the one which handles the password login) look like this (the function is_pw_correct checks the correctness of the submitted password)


    $username = $_REQUEST['username'];
    $userpw = $_REQUEST['userpw'];
    if(is_pw_correct($username,$userpw)) {


Make a copy of that login script, name it ekaayLoginRequest.php, save it in the same directory as the login script, and do the following modification:


    $username = $_REQUEST['username'];
    $userpw = $_REQUEST['userpw'];

    if(is_ekaay_token_valid($username,$userpw)) {


function is_ekaay_token_valid($user,$token) {
    $handle = curl_init("https://www.my-ekaay-server.com/ekaay/ekaaycore/server/wwwsrv/_srv/checkToken.php?user=" 
                         . urlencode($user) . "&token=" . $token);
    curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
    $res = trim(curl_exec($handle)); curl_close($handle);
    if ($res =="ok") return true; 
    else return false;
The one line with the if condition is replaced as shown, and the code of the new additional function is placed at - say - the bottom of the script.

You may change the names of the parameters (for example 'token' instead 'userpw') but it is not necessary - the eKaay server can deal with any parameter names. Likewise, the script name ekaayLoginRequest.zzz is just a suggestion.

(L-2) Example of the fixed html line


    <p><iframe frameborder='0' 



(A-1) Example MySQL of creation command of database table ekaay_revtoken
 revtoken_username varchar(63) NOT NULL default '',
 revtoken_revtoken varchar(31) NOT NULL default '',
 revtoken_timestamp timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
 PRIMARY KEY  (revtoken_revtoken)
(A-2) Example PHP of ekaayCreateReverseToken()
function ekaayCreateReverseToken($username) {

    $revtoken  = rand(100000000,999999999) . rand(100000000,999999999);  // create random token 

    $db = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME); // please set the database constants
    $stmt = $db->prepare('insert into ekaay_revtoken (revtoken_username,revtoken_revtoken) values(?,?)');

    return $revtoken;

(A-3) Example PHP of the creation of the html line


    echo "<p><iframe frameborder='0' 
          ."®ister_add' style='margin:5px;width:570px;height:400px'></iframe>";


function ekaayCreateReverseToken($username) { 
    ...  // code see above

(A-4) Example PHP: ekaayCheckReverseToken.php

 $user = trim($_REQUEST['user']);
 $revtoken = trim($_REQUEST['revtoken']);

 if (!preg_match('/[\w \.\@\-\_]{2,50}/', $user)) die("param user notok");
 if (!preg_match('/^[a-zA-Z0-9]{8,}$/', $revtoken)) die("param revtoken notok");

 $timeout = 300;

 $db = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME); // please set the database constants
 $stmt = $db->prepare('select * from ekaay_revtoken 
                                     where revtoken_username = ? 
                                     and revtoken_revtoken = ? 
                                     and unix_timestamp(revtoken_timestamp) + ? > unix_timestamp()');
 $num_of_rows = $stmt->num_rows;

 if ($num_of_rows > 0) die("ok"); else die("notok");


Remark. Remember that in case the database of the eKaay server and the one of the portal are the same, step (A-1) (table creation) and step (A-4) (check script) are not necessary.

Über eKaayeKaay VariantenSicherheitLizenzImplementierungKontakt
Über uns
Entwicklung Smart Login
eKaay original
eKaay PIN
eKaay NFC
eKaay light
eKaay PIN light
eKaay Sign