Skip to content

Instantly share code, notes, and snippets.

@Rudis1261
Created December 10, 2013 10:00
Show Gist options
  • Save Rudis1261/7888309 to your computer and use it in GitHub Desktop.
Save Rudis1261/7888309 to your computer and use it in GitHub Desktop.
2nd Factory Authentication. The idea is for a second layer of authentication. This way it's a password which you need to complete a section of. i would possibly rather use a db to track the attempts etc as sessions could possibly be tampered with.
<html>
<head>
<style>
#passwordContainer
{
line-height: 30px;
font-size: 30px;
}
input.passwordInput
{
line-height: 30px;
font-size: 30px;
margin: 0px 4px;
padding: 0px;
border: 1px solid #ccc;
color: #ccc;
text-align: center;
}
input.passwordLogin
{
padding: 10px 20px;
line-height: 20px;
font-size: 16px;
}
</style>
</head>
<body>
<?php
# Start the session
session_start();
$max = 5;
# Define the password
$password = 'eukunuba';
# Get the random keys from session
$_SESSION['comparison'] = (isset($_SESSION['comparison'])) ? $_SESSION['comparison'] : array_rand(str_split($password), ceil(strlen($password) / 3));
$_SESSION['attempts'] = (isset($_SESSION['attempts'])) ? $_SESSION['attempts'] + 1 : 0;
# DELETE THIS AFTER TESTING
if (isset($_REQUEST['clear']))
{
unset($_SESSION['attempts']);
unset($_SESSION['comparison']);
}
# DELETE THIS AFTER TESTING
# Block a user should they exceed attempts
if ($_SESSION['attempts'] > $max)
{
die("Maximum attempts exceeded!");
}
# Function to generate the password prompt
function getPasswordPrompt($password)
{
# Split the password into an array
$split = str_split($password);
$out = '<div id="passwordContainer">';
# Loop through the split password
foreach($split as $id => $char)
{
# Is it one of the characters that should be hidden
if (in_array($id, $_SESSION['comparison']))
{
$out .= '<input type="password" name="answer[]" class="passwordInput" size="1" />';
}
# Otherwise just print the character
else
{
$out .= strtoupper($char);
}
}
$out .= '</div>';
return $out;
}
function validatePassword($password)
{
# Split the password into an array
$split = str_split($password);
# Attempt to get the answer
$answer = (isset($_REQUEST['answer'])) ? $_REQUEST['answer'] : false;
$indexes = array();
$error = 0;
# Attempt to find the character in the password
foreach($answer as $i=>$find)
{
# Ensure that the index exists and that it is in the right place
//echo $split[$_SESSION['comparison'][$i]] . " - " . $find;
if ((isset($split[$_SESSION['comparison'][$i]])) AND ($split[$_SESSION['comparison'][$i]] !== $find))
{
$error += 1;
}
}
# Success
if ($error == 0)
{
# Unset attempts and return true
if (isset($_SESSION['attempts'])) unset($_SESSION['attempts']);
return true;
}
# Default to a false
return false;
}
# Check if the form has been submitted and validate the password.
if (isset($_REQUEST['attemptSypherLogin']))
{
# Validate the user's input
$validate = validatePassword($password);
# Auth Success
if ($validate)
{
echo "<h1>Welcome user!</h1>";
die();
}
# Auth Failure
else
{
echo "<h1 style='color: red;'>Sorry, I don't know you!</h1>";
}
}
echo "<form method='post'>
Attempt: " . (int)$_SESSION['attempts'] . "/" . $max . "<br />"
. getPasswordPrompt($password) . "
<br />
<input type='submit' class='passwordLogin' name='attemptSypherLogin' value='Login' />
</form>";
?>
</body>
<script src="//code.jquery.com/jquery-1.10.2.min.js"></script>
<script>
// Hook into the document ready
$( document ).ready(function() {
// When things are started
$(".passwordInput").bind("click focus", function() {
$(this).css({ 'color' : 'black' });
});
// Detect a keyup event to move on
$(".passwordInput").bind("keyup", function(event) {
//console.log(event.keyCode);
if ((event.keyCode != 8) && (event.keyCode != 9) && (event.keyCode !== 16) && ($(this).val() != ""))
{
// Move to the next item automatically
$(this).next('input.passwordInput').focus();
}
});
});
</script>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment