<form id="form1" name="form1">
<table>
<tr>
<td>Username</td>
<td><input type="text" id="username" name="username" size="30" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" id="password" name="password" size="30" /></td>
</tr>
</table>
<input type="hidden" id="key" name="key" />
</form>
<button id="login" disabled="disabled" onclick="login()">LOGIN</button>
<body onload="getKey()">
<div id="results"></div>
If you can see this page =><a href="sample_page.php"> Sample Page </a> then you've successfully registered.
<?php session_start() ?>
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript">
document.oncontextmenu = function() { return false; } //disable right clicking
function getKey()
{
var xmlhttp;
if (window.XMLHttpRequest)
xmlhttp = new XMLHttpRequest();
else
xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST");
xmlhttp.onreadystatechange = function() {
if(xmlhttp.status == 200 && xmlhttp.readyState == 4) {
var str = xmlhttp.responseText;
var expr = /^_SESSION_REGISTERED_/;
if (str.search(expr) == -1 ) {
if (str.length > 32)
//this is only because 000webhost concats a counter to the key and i only need the first 32 characters since my key is 32 chars long
str = str.substr(0, 32);
document.getElementById("key").value = str;
document.getElementById("login").disabled = false;
}
else{
document.getElementById("results").innerHTML = "You are already logged in! " + "Logout <a href=\"logout.php\">Here</a>";
return;
}
}
}
xmlhttp.open("GET", "challenge.php", true);
xmlhttp.send();
}
function login()
{
var xmlhttp;
if (window.XMLHttpRequest)
xmlhttp = new XMLHttpRequest();
else
xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST");
var key = document.getElementById("key").value;
var pass = hex_sha512(document.getElementById("password").value);
var auth = hex_sha512(key + pass);
xmlhttp.onreadystatechange = function() {
if(xmlhttp.status == 200 && xmlhttp.readyState == 4)
document.getElementById("results").innerHTML = xmlhttp.responseText;
}
document.getElementById("results").innerHTML = "Please wait...";
var str = "user=" + document.getElementById("username").value + "&hash=" + auth + "&pass=" + pass;
xmlhttp.open("POST", "auth.php", true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send(str);
}
</script>
<?php
session_start();
$validate = hash('sha512', $_COOKIE["authenticate"] . $_SESSION['key'], false);
$username = hash('sha512', $_SESSION['user'], false);
if (!session_is_registered($_COOKIE["authenticate"]) || !session_is_registered($validate) ||
!session_is_registered($username)) {
$charset = array('A','B','C','','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S',
'T','U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r',
's','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9';
$key = "";
$c = 0;
for(; $c < 32; $c++)
{
$r = rand(0, 61);
$key .= $charset[$r];
}
$_SESSION['key'] = $key;
echo $key;
}
else
echo ("_SESSION_REGISTERED_");
?>
<?php
session_start();
$key = $_SESSION['key'];
$user = $_POST['user'];
$hash = $_POST['hash'];
$pass = $_POST['pass'];
//get password from db but this as an example for now
$username = 'codeprada'; // =D
$password = 'password'; // totally uncrackable
//
$_SESSION['user'] = $username;
$password = hash('sha512', $password, false);
$server_gen_hash = hash('sha512', $key . $password, false);
if(strcmp($hash, $server_gen_hash) == 0 && strcmp($user, $username) == 0)
{
$key2 = hash('sha512', $server_gen_hash . $key, false);
setcookie("authenticate", $server_gen_hash, 0, "/", "", false);
setcookie("validate", $key2, 0, "/", "", false);
session_register($server_gen_hash);
session_register($key2);
session_register(hash('sha512', $username, false));
echo("You have logged in successfully!");
}
else
echo("Please check your username or password and try again");
?>
<?php
session_start();
$validate = hash('sha512', $_COOKIE["authenticate"] . $_SESSION['key'], false);
$username = hash('sha512', $_SESSION['user'], false);
if (!session_is_registered($_COOKIE["authenticate"]) || !session_is_registered($validate) || !session_is_registered($username)) {
header("Location:index.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sample Page</title>
</head>
<body>
<p style="font-size:48px">Congratulations if you're seeing this page!!</p>
<a href="index.php">Back to Login Page</a>
</body>
</html>
<?php
session_start();
session_destroy();
setcookie("authenticate", "", time() - 3600);
setcookie("validate", "", time() - 3600);
header("Location:index.php");
?>
<?php session_start() ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOGIN</title>
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript">
document.oncontextmenu = function() { return false; } //disable right clicking
function getKey()
{
var xmlhttp;
if (window.XMLHttpRequest)
xmlhttp = new XMLHttpRequest();
else
xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST");
xmlhttp.onreadystatechange = function() {
if(xmlhttp.status == 200 && xmlhttp.readyState == 4) {
var str = xmlhttp.responseText;
var expr = /^_SESSION_REGISTERED_/;
if (str.search(expr) == -1 ) {
if (str.length > 32)
//this is only because 000webhost concats a counter to the key and i only need the first 32 characters since my key is 32 chars long
str = str.substr(0, 32);
document.getElementById("key").value = str;
document.getElementById("login").disabled = false;
}
else{
document.getElementById("results").innerHTML = "You are already logged in! " + "Logout <a href=\"logout.php\">Here</a>";
return;
}
}
}
xmlhttp.open("GET", "challenge.php", true);
xmlhttp.send();
}
function login()
{
var xmlhttp;
if (window.XMLHttpRequest)
xmlhttp = new XMLHttpRequest();
else
xmlhttp = new ActiveXObject("Microsoft.XMLHTTPREQUEST");
var key = document.getElementById("key").value;
var pass = hex_sha512(document.getElementById("password").value);
var auth = hex_sha512(key + pass);
xmlhttp.onreadystatechange = function() {
if(xmlhttp.status == 200 && xmlhttp.readyState == 4)
document.getElementById("results").innerHTML = xmlhttp.responseText;
}
document.getElementById("results").innerHTML = "Please wait...";
var str = "user=" + document.getElementById("username").value + "&hash=" + auth + "&pass=" + pass;
xmlhttp.open("POST", "auth.php", true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send(str);
}
</script>
</head>
<body onload="getKey()" style="background-color:#CC">
<div align="center" style="border:thin solid black; width:400px">
<form id="form1" name="form1">
<table>
<tr>
<td>Username</td>
<td><input type="text" id="username" name="username" size="30" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" id="password" name="password" size="30" /></td>
</tr>
</table>
<input type="hidden" id="key" name="key" />
</form>
<button id="login" disabled="disabled" onclick="login()">LOGIN</button>
</div>
<div id="results"></div>
If you can see this page =><a href="sample_page.php"> Sample Page </a> then you've successfully registered.
</body>
</html>
Copyright © 2024, NextGenUpdate.
All Rights Reserved.