php Password Randomizer . . . - Printable Version

php Password Randomizer . . . - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Webmaster Support (https://www.supportforums.net/forumdisplay.php?fid=36)
+---- Forum: Website Development (https://www.supportforums.net/forumdisplay.php?fid=43)
+---- Thread: php Password Randomizer . . . (/showthread.php?tid=3778)

Pages: 1 2

php Password Randomizer . . . - cortexaz - 12-19-2009

Hello Folks,

I really really need your help . . .

I'm installing the flash xml gallery on my web site, but I want that only certain group of people had access to the files, who share the certain kind of information among each other . . .

So I need the php script that protects the web access with passwords that will change automaticly at every access . . . I mean that when you access the web site there will be a question and the answer will be the password . . . And this question/answer will change randomly at every access . . .

Does anyone know where I can get that script?

Thanks in advance . . .

I count on your help . . . Smile

RE: php Password Randomizer . . . - Grizzly - 12-19-2009

I didn't look too closely, but, try this? http://www.hotscripts.com/listing/random-password-generator-53972/

RE: php Password Randomizer . . . - Gaijin - 12-19-2009

PHP Code:
<?php


if(isset($_POST['submit'])) {
    if(md5($_POST['answer'] == $_POST['check'])) {
        // log in the user
    }
}else{
    $questions = array(
        0 => 'First question',
        1 => 'second and just keep adding as much you want',
    );

    $answers = array(
        0 => 'pass for the first question',
        1 => 'pass for the second question',
    );

    $c = count($access);
    $i = (rand(0, $c) -1);
    foreach($questions as $id => $question) {
        if($id == i) {
            echo $question;
            echo"<input type=\"hidden\" name=\"check\" value=\"".md5($answers[$i])."\" />";
            echo"<input type=\"text\" name=\"answer\" />";
        }
    }
}

?>

RE: php Password Randomizer . . . - cortexaz - 12-19-2009

Thanks very much . . . Smile

I didn't understand cause I'm newbie but thanks anyway for your time and attention . . .

RE: php Password Randomizer . . . - Gaijin - 12-19-2009

Well you just need to update $questions and $answers with your questions and passes.
If I could see a script that you're using I could code the above one to match your settings.

RE: php Password Randomizer . . . - cortexaz - 12-19-2009

This is the php protection code . . . I want to add that function here . . . Is it possible???

PHP Code:
<?php

###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'admin' => 'adminpass'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
  <style>
    input { border: 0px; background-color:38547f; color:ffffff; text-align:center; }
  </style>
  <div style="width:500px; height:308px; background:center; background-image:url(back4.png); 
  margin-top:auto; margin-left:auto; margin-right:auto; text-align:center;">
  <div style="padding-top:30px">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  </div>
  <br />
  <a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://esm-students.org/" title="ESM Students' WebSite">Copyright © 2009, ESM Students, All Right Reserved</a>
  </div>
  </div>
</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

RE: php Password Randomizer . . . - Gaijin - 12-21-2009

Please paste in future your code within [ code ][ /code ] or [ php ][/ php ] tags(without whitespaces)
Here is the updated code, this code takes a question from $LOGIN_QUESTION randomly and prints it to the screen,
the questions are in order with the $LOGIN_INFORMATION array
First member of $LOGIN_QUESTION is for first member of $LOGIN_INFORMATION, the password is saved as md5 hash in a hidden input field and on login the inputed password is checked with this hash.
You will need to input username and password based on the Question.

PHP Code:
<?php

###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
###############################################################
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected.
# Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
'zubrag' => 'root',
'test' => 'testpass',
'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
'root',
'testpass',
'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
# SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
'zubrag' => 'root',
'admin' => 'adminpass'
);

$LOGIN_QUESTION = array(
    0 => "Your question for \$LOGIN_INFORMATION[0] edit this to your question", // root
    1 => "Your question for \$LOGIN_INFORMATION[1] user admin pass adminpass" // adminpass
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
# SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {

    global $LOGIN_INFORMATION;
    global $LOGIN_QUESTION;

?>
<html>
<head>
<title>Please enter password to access this page</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
<style>
input { border: 0px; background-color:38547f; color:ffffff; text-align:center; }
</style>
<div style="width:500px; height:308px; background:center; background-image:url(back4.png);
margin-top:auto; margin-left:auto; margin-right:auto; text-align:center;">
<div style="padding-top:30px">
<form method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php 
    if (USE_USERNAME) {
        $rnd = rand(0, (count($LOGIN_INFORMATION) - 1));
        foreach($LOGIN_QUESTION as $key => $info) {
            if($rnd == $key) {
                $login = array_keys($LOGIN_INFORMATION);
                echo '<input type="hidden" name="hint" value="'.md5($LOGIN_INFORMATION[$login[$key]]).'" />';
                                echo $info; // Show the Login question
                                
                echo 'Hint: '.$info;
                echo'<br />Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; 
            }
        }
    }
?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
</div>
<br />
<a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://esm-students.org/" title="ESM Students' WebSite">Copyright © 2009, ESM Students, All Right Reserved</a>
</div>
</div>
</body>
</html>
<?php
// stop at this point
die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$hidden_pass = $_POST['hint'];
$pass = $_POST['access_password'];
print $LOGIN_INFORMATION[$login]." ".md5($LOGIN_INFORMATION[$login])." ".$hidden_pass;
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || md5($LOGIN_INFORMATION[$login]) != $hidden_pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}

}

else {

// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}

// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}

}

?>

RE: php Password Randomizer . . . - cortexaz - 12-21-2009

Thank you very much . . . Smile

Sorry for overloading page with codes . . .

RE: php Password Randomizer . . . - Gaijin - 12-21-2009

(12-21-2009, 01:58 PM)cortexaz Wrote: Thank you very much . . .

Sorry for overloading page with codes . . .

NP and don't worry you've fixed it! Tongue

Sorry the code was not printing a Question string..
I've updated the above post, look for the line "echo $info".

RE: php Password Randomizer . . . - cortexaz - 12-21-2009

Thanks . . . Smile

I've changed it . . . I know it's too much Smile

, but I'll ask one more question concerning IE8 . . . I've inserted the image in php code, but IE8 doesn't show . . . Have you ever had such kind of a problem??

Thanks for help . . . Smile

If there's anything I can do in return I'm ready . . .

Do you work as a webmaster? Or it's just a hobby?