/home/wpollock1/public_html/PHP/login.php
1: <?php
2: /*
3: * Begin of server-side processing
4: */
5: function getRandomString ( $length = 40 )
6: {
7: if(!is_int($length)||$length<1)
8: {
9: trigger_error('Invalid length for random string');
10: exit();
11: }
12:
13: $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
14: $randstring = '';
15: $maxvalue = strlen( $chars ) - 1;
16: for ( $i=0; $i<$length; $i++ )
17: {
18: $randstring .= substr( $chars, rand(0, $maxvalue), 1 );
19: }
20: return $randstring;
21: }
22:
23: function setChallengeVar ( $name = 'challenge' )
24: {
25: if ( !is_string($name) || !$name )
26: {
27: trigger_error( 'Invalid variable name' );
28: exit();
29: }
30:
31: session_start();
32: // register session variable:
33: $_SESSION[$name] = getRandomString();
34: }
35:
36: function getChallengeVar ( $name = 'challenge' )
37: {
38: if ( !$_SESSION[$name] )
39: {
40: trigger_error( 'Invalid variable name' );
41: exit();
42: }
43: return $_SESSION[$name];
44: }
45:
46: setChallengeVar();
47: /*
48: * End of server-side processing
49: */
50: ?>
51: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
52: "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
53: <html>
54: <head>
55: <title>CHAP LOGIN SYSTEM EXAMPLE</title>
56: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
57: <script type="text/JavaScript" src="md5.js"></script>
58:
59: <script type="text/JavaScript">
60: /*
61: * validate form fields &
62: * implement the Challenge Handshaking Authentication Protocol
63: */
64: function doCHAP ()
65: {
66: valid = true;
67: // get 'userid' field:
68: var usrid = document.getElementById( 'userid' );
69: if ( !usrid ) { return; }
70: if ( !usrid.value ) { showError( usrid, 'Enter your ID' ); }
71: // get 'password' field:
72: var psw = document.getElementById( 'passwd' );
73: if ( !psw ) { return; }
74: if ( !psw.value ) { showError( psw, 'Enter your password' ); }
75: // get 'challenge' field:
76: var chlng = document.getElementById( 'challenge' );
77: if ( !chlng ) { return; }
78:
79: // make MD5 hash of password and concatenate challenge value
80: // next calculate MD5 hash of combined values
81: chlng.value = MD5( MD5(psw.value) + '<?php echo getChallengeVar()?>' );
82: // clear password field:
83: psw.value = '';
84: return valid;
85: }
86:
87: /*
88: * display error messages
89: */
90: function showError ( obj, message )
91: {
92: if ( !obj.errorNode )
93: {
94: //obj.onchange = hideError;
95: var p = document.createElement( 'p' );
96: p.appendChild( document.createTextNode(message) );
97: obj.parentNode.appendChild( p );
98: obj.errorNode = p;
99: }
100: valid = false;
101: return;
102: }
103:
104: /*
105: * hide error messages
106: */
107: function hideError ()
108: {
109: this.parentNode.removeChild( this.errorNode );
110: this.errorNode = null;
111: this.onchange = null;
112: }
113:
114: /*
115: * execute 'doCHAP()' function when page is loaded
116: */
117: window.onload = function(){
118: var W3CDOM = document.getElementById && document.getElementsByTagName
119: && document.createElement;
120: // check if browser is W3CDOM compatible:
121: if ( W3CDOM )
122: {
123: document.getElementsByTagName('form')[0].onsubmit = function(){
124: return doCHAP();
125: }
126: }
127: }
128: </script>
129:
130: </head>
131: <body>
132: <!-- login form -->
133: <form method="post" action="login.php">
134: User ID <input type="text" name="userid" id="userid"/><br />
135: Password <input type="password" name="passwd" id="passwd"/><br />
136: <input type="hidden" name="challenge" id="challenge" />
137: <input type="submit" name="login" value="Log In" />
138: </form>
139: </body>
140: </html>