Home Grown Authentication Method - Secure?
Posted: Sun Mar 13, 2005 5:16 pm
I came up with my own "home grown" security method, but a little bit of math is required to at least understand this. It only has one user as it is, but several could be worked into it. The general idea is that the server sends a random number to the client. The user puts in the passNUMBER which is a big prime. Then the magic...
( passNumber mod rand# ) -> temporaryPassnumber
temporaryPassnumber gets sent to server, which does the same math on its side, and if they get the same answer, then your in
any bad guy could easily find the rand# and the tempPass, but they couldn't do anything with them anymore, and there would be infinite solutions when they try to find the origional pass number. The origional passnumber is not sent through the internet, and one cant work backwards to find it. Now the random number had to be around 1000 to 100000 within reason, and the passnumber i have is a 9-digit prime. This isn't simplifyed, so it will probably take some thinking to figure out.
feyd | Please use
( passNumber mod rand# ) -> temporaryPassnumber
temporaryPassnumber gets sent to server, which does the same math on its side, and if they get the same answer, then your in
any bad guy could easily find the rand# and the tempPass, but they couldn't do anything with them anymore, and there would be infinite solutions when they try to find the origional pass number. The origional passnumber is not sent through the internet, and one cant work backwards to find it. Now the random number had to be around 1000 to 100000 within reason, and the passnumber i have is a 9-digit prime. This isn't simplifyed, so it will probably take some thinking to figure out.
Code: Select all
if ($_GET['search'] == 'edit a file') {
echo "<font size='2' color='#494949'>You are not supposed to be here. Please change your search. If you think this is a problem, please send an email to <a href='mailto:ouremail@address.foo'><font color='#1255b6'>ouremail@address.foo</a></font>.<br/><br/>";
echo "<font size='2' color='#494949'><form action='ymagazine.php' method='POST'>
file: <input type='text' name='file' /><br/><br/>
<input type='submit' />
<input type='hidden' name='op' value='edit' />
</form></font>";
}
else if ($_POST['op'] == 'edit') {
$file = $_POST['file'];
if (preg_match("/[^0-9]/", $file) && $file != "1main.txt") {
echo "<font size='2' color='#494949'>Sorry, Invalid File Name</font>";
} else {
$f = fopen($file, "r");
echo "
<script type='text/javascript'>
function myfunction(){
var getrand = document.security.rand.value
var passnumber = document.passnumber.passnumber.value
var ans = passnumber%getrand
document.security.send.value = ans
document.security.rand.value = 'erased'
document.passnumber.passnumber.value = 'erased'
}
</script>
<font size='2' color='#494949'><form action='ymagazine.php' method='POST' name='security' onSubmit='myfunction()' >
Content: <br/><textarea name='content' cols='60' rows='20' value=''>";
while (!feof($f)) {
$x = fgets($f);
echo $x;
}
$rand = rand(1001, 10001);
$g = fopen("randomnumber", "w");
$write = fwrite($g, $rand);
echo "</textarea><br/><br/>
<input type='submit' value='Submit' />
<input type='hidden' name='rand' value='" . $rand . "'><br/>
<input type='hidden' name='send' value=''>
<input type='hidden' name='op' value='save' />
<input type='hidden' name='file' value='" . $file . "' />
</form>
<form name='passnumber'>
Password: <input type='text' name='passnumber' value=''><br/>
</form>
</font>";
}
}
else if ($_POST['op'] == 'save') {
$file = $_POST['file'];
$content = stripslashes($_POST['content']);
$send = $_POST['send'];
$g = fopen("randomnumber", "r");
$rand = str_replace("\n", "", fgets($g));
$correct = (#########%$rand);
if (preg_match("/[^0-9]/", $file) && $file != "1main.txt") {
echo "<font size='2' color='#494949'>Sorry, Invalid File Name</font>";
}
else if ($correct == $send) {
$f = fopen($file , "w" );
fwrite($f, $content);
echo "<font size='2' color='#494949'>The file has been edited.</font>";
} else {
echo "<font size='2' color='#494949'>Sorry, Security Issue</font>";
}
$rand = rand(1001, 10001);
$g = fopen("randomnumber", "w");
$write = fwrite($g, $rand);
}feyd | Please use
Code: Select all
andCode: Select all
tags where approriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]