예제 #1
0
function proseswebhash($data, $postedhash)
{
    $signature = $data["hash"];
    $OTP = $data["otp"];
    // $key = pack("H*",$OTP);
    //hitung hmac dengan OTP sebagai key
    $hmacresult = hitunghmacdata($signature, $OTP);
    // echo $signature."\n";
    // echo $OTP."\n";
    // echo $hmacresult."\n";
    // $hmacresult = hitunghmacdata($signature,$key);
    // echo "sig=".$signature." OTP=".$OTP." hmac=".$hmacresult.PHP_EOL;
    if (hash_compare($hmacresult, $postedhash)) {
        return 1;
    }
    return 0;
}
예제 #2
0
<?php

include "conexion.php";
$usuario = mysql_real_escape_string($_POST['usuario']);
$pswd = mysql_real_escape_string($_POST['password']);
$answer = array();
$sel = mysql_query("SELECT  * FROM usuarios WHERE Usuario_usu='{$usuario}' ");
if ($resp = mysql_num_rows($sel) != 0) {
    $resp = mysql_fetch_array($sel);
    $pass = $resp['Pass_usu'];
    $secret = "orius2015";
    $clavex = hash_hmac("sha512", $pswd, $secret);
    if (hash_compare($clavex, $pass)) {
        session_start();
        $_SESSION['usulog'] = $resp['Usuario_usu'];
        $_SESSION['tipousu'] = $resp['Tipo_usu'];
        $answer['redirec'] = 'adminhome';
    } else {
        $answer = 'error';
    }
} else {
    $answer = 'error';
}
echo json_encode($answer);
function hash_compare($a, $b)
{
    if (!is_string($a) || !is_string($b)) {
        return false;
    }
    $len = strlen($a);
    if ($len !== strlen($b)) {
예제 #3
0
 /**
  * Perform timing attack safe string comparison of tokens.
  *
  * @link http://blog.ircmaxell.com/2014/11/its-all-about-time.html
  * @param string $token Known token.
  * @param string $clientToken
  * @return bool
  */
 protected function compare($token, $clientToken)
 {
     if (function_exists('hash_compare')) {
         return hash_compare($token, $clientToken);
     }
     $tokenLength = strlen($token);
     $clientLength = strlen($clientToken);
     if ($clientLength != $tokenLength) {
         return false;
     }
     $result = 0;
     for ($i = 0; $i < $clientLength; $i++) {
         $result |= ord($token[$i]) ^ ord($clientToken[$i]);
     }
     return $result === 0;
 }
예제 #4
0
 /** Check whether a password is valid
  * login_type can be uid, alias (for an email alias), hruid
  */
 private function checkPassword($login, $response, $login_type = 'uid')
 {
     if ($login_type == 'alias') {
         list($forlife, $domain) = explode('@', $login, 2);
         $res = XDB::query('SELECT   s.uid
                              FROM   studies AS s
                         LEFT JOIN   formations AS f ON (f.formation_id = s.formation_id AND f.domain = {?})
                             WHERE   s.forlife = {?}', $domain, $forlife);
         $login = $res->fetchOneCell();
         $login_type = 'uid';
     }
     $res = XDB::query("SELECT   uid, password, hruid\n                             FROM   account\n                            WHERE   {$login_type} = {?} AND state = 'active'", $login);
     if (list($uid, $password, $hruid) = $res->fetchOneRow()) {
         if (hash_compare($password, $response)) {
             if (!S::logged()) {
                 Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
             } else {
                 Platal::page()->trigError('Mot de passe invalide');
             }
             S::logger($uid)->log('auth_fail', 'bad password');
             return null;
         }
         return $uid;
     }
     Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
     return null;
 }