This code allows you to use a changing passowrd based on the day of the week and a present code. Good security in a pinch.
By : drastik
<?
// This page creates a changing password scheme that uses a simple 7 number code that
// changes based on the day of the week. For instance, on monday you would increase the
// first of the seven integers by one, on tuesday you would increase by two, on wendsday:
// increase three, and so on through sunday.
// The php code checks this against you schema of passcodes for each day and determines if
// you have entered the code correctly.
// Given that PHP has a great deal of flexibility in the movement oand find replace
// functions for objects in an array, you can use this code as a starting point to develop
// your own codes. The code above is not unbreakable, a good history buff might even know
// the code itself, but a brute force attack could crack it. Of course, if you are using
// integers, increasing the number of ints will make it ore difficult to crack.
// This code is designged to work like a keypad where no user id is required. You could
// build in userid functionality in your prefeered method (database, textfile, etc) or
// create a code for usernames as well! I've left this part out for the sake of brevity.
if (isset($_POST['passcode'])) { // run the functions if a post is enterd
// This is the passCode function set
$passCode = $_POST['passcode'];
$passCode = explode(".",$passCode); // break the post nto an array
$passCode = array_sum($passCode); // sum the array
// This is the checkCode function set
$baseCode = "8.3.0.4.4.2.1"; // Usualy this is a phone number, easy to remember
$codeArr = explode(".",$baseCode); // array the baseCode
// These functions determine the changes to the code based on the day of the week
if (date("D") == "Mon") {
$codeArr[0] = $codeArr[0] + 1;
}
elseif (date("D") == 'Tue') {
$codeArr[1] = $codeArr[1] + 2;
}
elseif (date("D") == 'Wed') {
$codeArr[2] = $codeArr[2] + 3;
}
elseif (date("D") == 'Thu') {
$codeArr[3] = $codeArr[3] + 4;
}
elseif (date("D") == 'Fri') {
$codeArr[4] = $codeArr[4] + 5;
}
elseif (date("D") == 'Sat') {
$codeArr[5] = $codeArr[5] + 6;
}
elseif (date("D") == 'Sun') {
$codeArr[6] = $codeArr[6] + 7;
}
// bring the changed baseCode numbers back into an array
implode($codeArr);
$sumCode = array_sum($codeArr); // sum that array
if ($sumCode == $passCode) { //check sums for equality
print "Access Granted";} // do whatever once you authorize
else { print "Access Denied!"; }
}
else { //if no post is entered, print the code box
print "Enter code as integers seperated by periods.";
print "<form action=\"$PHP_SELF\" method=\"post\">";
print "<input type=\"password\" name=\"passcode\" />";
print "</form>";
}
?>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
You'll get answers to many questions and more from David Barnes, Lead Evangelist for IBM Emerging Internet Technologies. David will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve.
FREE! Go There Now!
|
|
|
|
Join us for this web seminar to learn how you can defend your web applications from attack. Learn about the 3 most common web application attacks, including how they occur and what can be done to prevent them. We’ll also discuss manual versus automated approaches for scanning and identifying web application vulnerabilities and how IBM Rational AppScan, an automated vulnerability scanner, can help you automate more of what you are doing manually today.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download IBM DB2 Express-C 9.5, a no-charge version of DB2 Express 9 database server. DB2 Express-C offers the same core data server base features as other DB2 Express editions and provides a solid base to build and deploy applications developed using C/C++, Java, .NET, PHP, and other programming languages.
FREE! Go There Now!
|
|
|
|
The IBM DB2 Deep Compression ROI tool is designed for DBA’s and IT management personnel to perform a clinical analysis of the cost savings gained from the Storage Optimization feature of DB2 9 for Linux, UNIX and Windows. The feature, also known as Deep Compression, compresses data that lies within a database by up to 80% at times.
FREE! Go There Now!
|
|
|
|
As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change.
FREE! Go There Now!
|
|
|
|
As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves – and these technologies cannot prevent them. This paper explains what you can do to help protect your organization, and it discusses an approach for improving your organization’s Web application security.
FREE! Go There Now!
|
|
|
|
Join this webcast, to learn how the Rational Process Library can help with compliance issues, drive process improvement, and assist in service-oriented architecture (SOA) or Agile development. We will take a peek into the Rational Process Library with content around software and systems engineering (including RUP), operations and systems management, program and portfolio management, and asset and SOA governance.
FREE! Go There Now!
|
|
|
|
Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
FREE! Go There Now!
|
|
|
|
Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered!
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
