File "main.php"

Full Path: /home/analogde/www/Prog/Serrure/main.php
File size: 4.94 KB
MIME-type: text/html
Charset: utf-8

 
Open Edit   Advanced Editor   Back 


    <?php
    // This is the authentication page where the user has to give his password
    // This password is composed of 8 digits where user will have to give only 4
    // To prevent brute force, account will be disabled after 20 wrong tries.

    $keypad_layout=array(); //a 24 blobk array with key value inside
    $keys=arary(); // a 8 block array with keypad postion inside
    $keystar=array(); // a 4 block array with password postion stared
    $is_position_stared()=array(); // a 8 block array defining if password digit is stared


    /////////////////////// PHP FUNCTIONS PART/////////////////////
    function generate_keypad_layout(){
      srand ((int) ((double) microtime() * 1234567)); // If needed
      for ($i=0;$i<8;$i++){ // For each possible key

        while($keys[$i]=rand (0,23)){ // We try to find a free block in a 24 block array
          if (!$keypad_layout[$keys[$i]]) {
            $keypad_layout[$keys[$i]]=$i;
            break;
          }
        }
      }
    }

    function chose_star_positions(){
      for ($i=0;$i<8;$i++){ // place false in is_position_stared
        $is_position_stared[$i]=false;
      }

      srand ((int) ((double) microtime() * 2345678)); // If needed
      for ($i=0;$i<4;$i++){ // For each possible key

        while($keystar[$i]=rand (1,8)){ // We define which password digits will be stared
          if (!$is_position_stared[$keystar[$i]]) {
            $is_position_stared[$keystar[$i]]=true;
            break;
          }
        }
      }
    }


    /////////////////////// INIT PART/////////////////////
    // We generate a random keypad to prevent mouse capture
    generate_keypad_layout();
    // We will obfuscate some digits from password so that the password will never be visible completely.
    chose_star_positions();
    srand ((int) ((double) microtime() * 3456789))
    $password_seed=rand(1000,9999);


    /////////////////////// SESSION PART/////////////////////
    session_start();
    // We suppose we have received the user identifier value from a previous POST (may be the identification page)
    $_SESSION['user'] = $_POST['user_id'];
    $_SESSION['seed'] = $password_seed;
    $_SESSION['keys'] = serialize($keys);
    $_SESSION['is_position_stared'] = serialize($is_position_stared);

    ?>

    <!-- HTML PART -->
    <html>
    <body>
    <!-- Write whatever you want here -->

    <!-- JAVASCRIPT PART -->


    <script language="javascript" src="sha-1.js">
      // This script willl be download from http://pajhome.org.uk/crypt/md5/sha1.js
    </script>


    <script>

    function clear(){
     document.passform.password.value=document.passform.password_cleared.value;
     document.passform.code_position.value='';
    }

    function hash(a_string){
     // We call the hex_sha1 function from the sha-1.js script
     // With this technique, even a formgraber trojan won't get much information
      document.passform.code_position.value=hex_sha1(a_string);
    }

    function fill(position){
     document.passform.code_position.value.=position.'-';
     var old_password=document.passform.password.value;
     //Next instruction will replace the first space by a star
     var new_password=old_password.replace(/ /,'*');
     document.passform.password.value=new_password;
    }

    </script>


    Please insert your missing digits below. <br>

    <?
    /////////////////////// KEYPAD PART/////////////////////
    // We place the keypad at a random position to prevent static mouse capture
    echo "<span style='position: absolute;top: ".rand (0,700)."px;left: ".rand (0,400)."px;filter:alpha(opacity=25);-moz-opacity:.25;opacity:.25;'>";
    echo "<table>";
    for ($i=0;$i<4;$i++){ //for each line
      echo " <tr>";
      for ($j=0;$j<5;$j++){ //for each row
        if ($keypad_layout($i*5+$j)){ // if a digit is at this position
          echo "<td onmousedown=\"fill(".$keypad_layout($i*5+$j)".))\">".$keypad_layout($i*5+$j)." </td>";
        }
        else{
          echo "<td> </td>";
        }
      }
      echo " </tr>";
    }
    echo "</table> ";
    echo "<form action='verify.php' name='passform' method='POST' >";
    // We define the password view when cleared depending on the stars
    $password_cleared="";
    for ($i=0;$i<7;$i++){
      if ($is_position_stared[$i]) $password_cleared.="*-";
      else $password_cleared.=" -";
    }
    if ($is_position_stared[7]) $password_cleared.="*";
    else $password_cleared.=" ";

    // We fill the password with 4 random stars
    echo "<input type='text' size='15' maxlength='15' name='password' value='".$password_cleared."'>";
    echo "<input type='hidden' name='password_cleared' value='".$password_cleared."'>";
    echo "<input type='hidden' name='code_position' value=''>";
    echo "<input type='button' value='OK' onmousedown='hash(document.passform.code_position.value.".$password_seed.");this.submit'>";
    echo "<input type='button' value='Clear' onmousedown='clear()'>";
    echo "</form>";

    echo "</span>";

    ?>

    </body>
    </html>