File "keynum06.php"

Full Path: /home/analogde/www/RaspBerry/HTML/keynum06.php
File size: 4.52 KB
MIME-type: text/x-php
Charset: utf-8

<?php
// This is the authentication page where the user has to give his password 
// This password is composed of 8 digits where user will have to give only 4
// To prevent brute force, account will be disabled after 20 wrong tries.

$keypad_layout=array(); //a 24 blobk array with key value inside 
$keys=arary(); // a 8 block array with keypad postion inside 
$keystar=array(); // a 4 block array with password postion stared 
$is_position_stared()=array() // a 8 block array defining if password digit is stared 


/////////////////////// PHP FUNCTIONS PART///////////////////// 
function generate_keypad_layout(){
  srand ((int) ((double) microtime() * 1234567)); // If needed
  for ($i=0;$i<8;$i++){ // For each possible key

    while($keys[$i]=rand (0,23)){ // We try to find a free block in a 24 block array 
      if (!$keypad_layout[$keys[$i]]) {
        $keypad_layout[$keys[$i]]=$i;
        break; 
      }
    }
  } 
} 

function chose_star_positions(){
  for ($i=0;$i<8;$i++){ // place false in is_position_stared
    $is_position_stared[$i]=false;
  }

  srand ((int) ((double) microtime() * 2345678)); // If needed
  for ($i=0;$i<4;$i++){ // For each possible key

    while($keystar[$i]=rand (1,8)){ // We define which password digits will be stared 
      if (!$is_position_stared[$keystar[$i]]) {
        $is_position_stared[$keystar[$i]]=true;
        break; 
      }
    }
  } 
} 


/////////////////////// INIT PART/////////////////////
// We generate a random keypad to prevent mouse capture 
generate_keypad_layout();
// We will obfuscate some digits from password so that the password will never be visible completely. 
chose_star_positions();
srand ((int) ((double) microtime() * 3456789))
$password_seed=rand(1000,9999);


/////////////////////// SESSION PART/////////////////////
session_start();
// We suppose we have received the user identifier value from a previous POST (may be the identification page) 
$_SESSION['user'] = $_POST['user_id']; 
$_SESSION['seed'] = $password_seed;
$_SESSION['keys'] = serialize($keys);
$_SESSION['is_position_stared'] = serialize($is_position_stared); 

?>

<!-- HTML PART -->
<html>
<body>
<!-- Write whatever you want here -->

<!-- JAVASCRIPT PART --> 


<script language="javascript" src="sha-1.js">
  // This script willl be download from http://pajhome.org.uk/crypt/md5/sha1.js
</script>


<script>

function clear(){
 document.passform.password.value=document.passform.password_cleared.value;
 document.passform.code_position.value='';
}

function hash(a_string){
 // We call the hex_sha1 function from the sha-1.js script
 // With this technique, even a formgraber trojan won't get much information 
  document.passform.code_position.value=hex_sha1(a_string);
}

function fill(position){
 document.passform.code_position.value.=position.'-';
 var old_password=document.passform.password.value;
 //Next instruction will replace the first space by a star 
 var new_password=old_password.replace(/ /,'*');
 document.passform.password.value=new_password;
}

</script>


Please insert your missing digits below. <br>

<? 
/////////////////////// KEYPAD PART/////////////////////
// We place the keypad at a random position to prevent static mouse capture 
echo "<span style='position: absolute;top: ".rand (0,700)."px;left: ".rand (0,400)."px;filter:alpha(opacity=25);-moz-opacity:.25;opacity:.25;'>";
echo "<table>";
for ($i=0;$i<4;$i++){ //for each line
  echo " <tr>";
  for ($j=0;$j<5;$j++){ //for each row
    if ($keypad_layout($i*5+$j)){ // if a digit is at this position 
      echo "<td onmousedown=\"fill(".$keypad_layout($i*5+$j)".))\">".$keypad_layout($i*5+$j)." </td>";
    }
    else{
      echo "<td> </td>";
    }
  } 
  echo " </tr>";
} 
echo "</table> ";
echo "<form action='verify.php' name='passform' method='POST' >";
// We define the password view when cleared depending on the stars 
$password_cleared=""; 
for ($i=0;$i<7;$i++){
  if ($is_position_stared[$i]) $password_cleared.="*-";
  else $password_cleared.=" -";
} 
if ($is_position_stared[7]) $password_cleared.="*";
else $password_cleared.=" ";

// We fill the password with 4 random stars 
echo "<input type='text' size='15' maxlength='15' name='password' value='".$password_cleared."'>";
echo "<input type='hidden' name='password_cleared' value='".$password_cleared."'>";
echo "<input type='hidden' name='code_position' value=''>";
echo "<input type='button' value='OK' onmousedown='hash(document.passform.code_position.value.".$password_seed.");this.submit'>"; 
echo "<input type='button' value='Clear' onmousedown='clear()'>";
echo "</form>";

echo "</span>"; 

?>

</body>
</html>