Created
December 10, 2013 10:00
-
-
Save Rudis1261/7888309 to your computer and use it in GitHub Desktop.
2nd Factory Authentication. The idea is for a second layer of authentication. This way it's a password which you need to complete a section of. i would possibly rather use a db to track the attempts etc as sessions could possibly be tampered with.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<style> | |
#passwordContainer | |
{ | |
line-height: 30px; | |
font-size: 30px; | |
} | |
input.passwordInput | |
{ | |
line-height: 30px; | |
font-size: 30px; | |
margin: 0px 4px; | |
padding: 0px; | |
border: 1px solid #ccc; | |
color: #ccc; | |
text-align: center; | |
} | |
input.passwordLogin | |
{ | |
padding: 10px 20px; | |
line-height: 20px; | |
font-size: 16px; | |
} | |
</style> | |
</head> | |
<body> | |
<?php | |
# Start the session | |
session_start(); | |
$max = 5; | |
# Define the password | |
$password = 'eukunuba'; | |
# Get the random keys from session | |
$_SESSION['comparison'] = (isset($_SESSION['comparison'])) ? $_SESSION['comparison'] : array_rand(str_split($password), ceil(strlen($password) / 3)); | |
$_SESSION['attempts'] = (isset($_SESSION['attempts'])) ? $_SESSION['attempts'] + 1 : 0; | |
# DELETE THIS AFTER TESTING | |
if (isset($_REQUEST['clear'])) | |
{ | |
unset($_SESSION['attempts']); | |
unset($_SESSION['comparison']); | |
} | |
# DELETE THIS AFTER TESTING | |
# Block a user should they exceed attempts | |
if ($_SESSION['attempts'] > $max) | |
{ | |
die("Maximum attempts exceeded!"); | |
} | |
# Function to generate the password prompt | |
function getPasswordPrompt($password) | |
{ | |
# Split the password into an array | |
$split = str_split($password); | |
$out = '<div id="passwordContainer">'; | |
# Loop through the split password | |
foreach($split as $id => $char) | |
{ | |
# Is it one of the characters that should be hidden | |
if (in_array($id, $_SESSION['comparison'])) | |
{ | |
$out .= '<input type="password" name="answer[]" class="passwordInput" size="1" />'; | |
} | |
# Otherwise just print the character | |
else | |
{ | |
$out .= strtoupper($char); | |
} | |
} | |
$out .= '</div>'; | |
return $out; | |
} | |
function validatePassword($password) | |
{ | |
# Split the password into an array | |
$split = str_split($password); | |
# Attempt to get the answer | |
$answer = (isset($_REQUEST['answer'])) ? $_REQUEST['answer'] : false; | |
$indexes = array(); | |
$error = 0; | |
# Attempt to find the character in the password | |
foreach($answer as $i=>$find) | |
{ | |
# Ensure that the index exists and that it is in the right place | |
//echo $split[$_SESSION['comparison'][$i]] . " - " . $find; | |
if ((isset($split[$_SESSION['comparison'][$i]])) AND ($split[$_SESSION['comparison'][$i]] !== $find)) | |
{ | |
$error += 1; | |
} | |
} | |
# Success | |
if ($error == 0) | |
{ | |
# Unset attempts and return true | |
if (isset($_SESSION['attempts'])) unset($_SESSION['attempts']); | |
return true; | |
} | |
# Default to a false | |
return false; | |
} | |
# Check if the form has been submitted and validate the password. | |
if (isset($_REQUEST['attemptSypherLogin'])) | |
{ | |
# Validate the user's input | |
$validate = validatePassword($password); | |
# Auth Success | |
if ($validate) | |
{ | |
echo "<h1>Welcome user!</h1>"; | |
die(); | |
} | |
# Auth Failure | |
else | |
{ | |
echo "<h1 style='color: red;'>Sorry, I don't know you!</h1>"; | |
} | |
} | |
echo "<form method='post'> | |
Attempt: " . (int)$_SESSION['attempts'] . "/" . $max . "<br />" | |
. getPasswordPrompt($password) . " | |
<br /> | |
<input type='submit' class='passwordLogin' name='attemptSypherLogin' value='Login' /> | |
</form>"; | |
?> | |
</body> | |
<script src="//code.jquery.com/jquery-1.10.2.min.js"></script> | |
<script> | |
// Hook into the document ready | |
$( document ).ready(function() { | |
// When things are started | |
$(".passwordInput").bind("click focus", function() { | |
$(this).css({ 'color' : 'black' }); | |
}); | |
// Detect a keyup event to move on | |
$(".passwordInput").bind("keyup", function(event) { | |
//console.log(event.keyCode); | |
if ((event.keyCode != 8) && (event.keyCode != 9) && (event.keyCode !== 16) && ($(this).val() != "")) | |
{ | |
// Move to the next item automatically | |
$(this).next('input.passwordInput').focus(); | |
} | |
}); | |
}); | |
</script> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment