/home/wpollock1/public_html/PHP/login.php

<?php
/*
 * Begin of server-side processing
 */
function getRandomString ( $length = 40 )
{
  if(!is_int($length)||$length<1)
  {
    trigger_error('Invalid length for random string');
    exit();
  }

  $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  $randstring = '';
  $maxvalue = strlen( $chars ) - 1;
  for ( $i=0; $i<$length; $i++ )
  {
     $randstring .= substr( $chars, rand(0, $maxvalue), 1 );
  }
    return $randstring;
}

function setChallengeVar ( $name = 'challenge' )
{
  if ( !is_string($name) || !$name )
  {
    trigger_error( 'Invalid variable name' );
    exit();
  }

  session_start();
  // register session variable:
  $_SESSION[$name] = getRandomString();
}

function getChallengeVar ( $name = 'challenge' )
{
  if ( !$_SESSION[$name] )
  {
    trigger_error( 'Invalid variable name' );
    exit();
  }
  return $_SESSION[$name];
}

setChallengeVar();
/*
 * End of server-side processing
 */
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
               "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>CHAP LOGIN SYSTEM EXAMPLE</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/JavaScript" src="md5.js"></script>

<script type="text/JavaScript">
/*
 * validate form fields &
 * implement the Challenge Handshaking Authentication Protocol
 */
function doCHAP ()
{
  valid = true;
  // get 'userid' field:
  var usrid = document.getElementById( 'userid' );
  if ( !usrid ) { return; }
  if ( !usrid.value ) { showError( usrid, 'Enter your ID' ); }
  // get 'password' field:
  var psw = document.getElementById( 'passwd' );
  if ( !psw ) { return; }
  if ( !psw.value ) { showError( psw, 'Enter your password' ); }
  // get 'challenge' field:
  var chlng = document.getElementById( 'challenge' );
  if ( !chlng ) { return; }

  // make MD5 hash of password and concatenate challenge value
  // next calculate MD5 hash of combined values
  chlng.value = MD5( MD5(psw.value) + '<?php echo getChallengeVar()?>' );
  // clear password field:
  psw.value = '';
  return valid;
}

/*
 * display error messages
 */
function showError ( obj, message )
{
  if ( !obj.errorNode )
  {
    //obj.onchange = hideError;
    var p = document.createElement( 'p' );
    p.appendChild( document.createTextNode(message) );
    obj.parentNode.appendChild( p );
    obj.errorNode = p;
  }
  valid = false;
  return;
}

/*
 * hide error messages
 */
function hideError ()
{
  this.parentNode.removeChild( this.errorNode );
  this.errorNode = null;
  this.onchange = null;
}

/*
 * execute 'doCHAP()' function when page is loaded
 */
window.onload = function(){
  var W3CDOM = document.getElementById && document.getElementsByTagName
               && document.createElement;
  // check if browser is W3CDOM compatible:
  if ( W3CDOM )
  {
    document.getElementsByTagName('form')[0].onsubmit = function(){
      return doCHAP();
    }
  }
}
</script>

</head>
<body>
<!-- login form -->
<form method="post" action="login.php">
User ID <input type="text" name="userid" id="userid"/><br />
Password <input type="password" name="passwd" id="passwd"/><br />
<input type="hidden" name="challenge" id="challenge" />
<input type="submit" name="login" value="Log In" />
</form>
</body>
</html>