function LoginPrompt($state)
{
    global $_SESSION;
    $salt = $state != 'noPass' ? $_SESSION['admin']['challenge'] : makeNonce();
    $expired = '<h3>Your session has expired and you must login again to continue</h3>';
    $wrong = '<p class="wrong">Thank you Mario! But our princess is in another castle... I mean, wrong password</p>';
    $noPass = '******' . '<h2>You are not allowed to use <code>Tools</code> until you have set a password</h2>' . '<p> The password can be set within <code>Experiment/Settings.php</code></p>' . '</div>';
    $unknown = '<p>We have no idea how you got here.' . 'Post this as an issue on the <a href="http://www.github.com/gikeymarcia/collector">project Github Page</a>.' . '</p>';
    $loginPrompt = '<p>Login to access tools</p>' . '<input type="password" id="pass" class= "collectorInput" autofocus></input>' . '<input id="fauxSubmit" type="submit" value="Submit" class="collectorButton"></input>' . '<form id="hashSubmit" action="login.php" method="post" class="hidden">' . '<span id="nonce">' . $salt . '</span>' . '<input id="realInput" name="response" type="text"></input>' . '</form>';
    echo '<div id="login">';
    switch ($state) {
        case 'noPass':
            echo $noPass;
            break;
        case 'newChallenger':
            echo $loginPrompt;
            break;
        case 'wrongPass':
            echo $wrong . $loginPrompt;
            break;
        case 'expired':
            echo $expired . $loginPrompt;
            break;
        default:
            echo $unknown;
            break;
    }
    echo '</div>';
    echo '<div id="salt""><b>salt=</b>' . $salt . '</div>';
}
示例#2
0
<?php

require '../Code/initiateCollector.php';
require 'loginFunctions.php';
$hash_algo = 'sha256';
$nonce = $_SESSION['admin']['challenge'];
if (isset($_POST['response'])) {
    $response = $_POST['response'];
    if (checkPass($response, $_CONFIG->password, $nonce, $hash_algo) === true) {
        $_SESSION['admin']['challenge'] = makeNonce();
        $_SESSION['admin']['status'] = 'loggedIn';
        $_SESSION['admin']['birth'] = time();
    } else {
        $_SESSION['admin']['status'] = 'failed';
        $_SESSION['admin']['birth'] = time();
    }
}
header('Location: ./');
// go back to root of current folder
示例#3
0
/**
 * Calls "makeNonce()" to generate the NONCE, create a hidden input string, and
 * set the SESSION variable with the generated NONCE value
 * @return String: The hidden NONCE input control for direct echoing in a form
 */
function formCreateNonce() {
  $nonce = makeNonce();
  $control = "<input type='hidden' name='form_nonce' value='$nonce' />\n";
  $_SESSION['form_nonce'] = $nonce;
  return $control;
}