<?php$host="XXXXXXX";$username="XXXXXXXX";$password="XXXXXXX";$db_name="

1. <?php
2. $host="XXXXXXX";
3. $username="XXXXXXXX";
4. $password="XXXXXXX";
5. $db_name="XXXXXXX";
6. $tbl_name="XXXXXX";
7.  
8. mysql_connect("$host", "$username", "$password")or die("cannot connect");
9. mysql_select_db("$db_name")or die("cannot select DB");
10.  
11. $myusername=$_POST['myusername'];
12. #$mypassword=$_POST['mypassword'];
13.  
14. $sql="SELECT password FROM $tbl_name WHERE username='$myusername'";
15. #and password='$mypassword'";
16. $result=mysql_query($sql);
17. $otp=mysql_result($result,0,password);
18. #echo $otp, "<br/>";
19.  
20.  
21.  
22. #$otp=($otp+1);
23. ##echo $otp;
24. #$txt="$otp";
25. ##echo $txt;
26. #$count=mysql_num_rows($result);
27.  
28. #$sql="SELECT Seed FROM $tbl_name WHERE username='$myusername'";
29. #$results=mysql_query($sql);
30. #$currentseed=mysql_result($results,0,seed);
31. #$seed=$currentseed - 1;
32. #if($count==1){
33. #$seed ==<1
34.  
35.  
36. #echo $otp, "<br/>";
37.  
38.  
39.  
40.  
41. "<br/>";
42. "<br/>";
43.  
44. $randnum=mt_rand();
45.  
46. #echo "yo $rand", "<br/>" , "<br/>";
47.  
48. $otp1=$randnum/$otp;
49. #echo $otp1, "<br/>";
50.  
51. $otp2=pow($otp1,1);
52. #echo $otp2,"<br/>";
53.  
54.  
55.  
56. $Hotp=CRYPT('$otp2');
57. #echo $Hotp, "<br/>";
58.  
59. #$Hotp=crypt('SHA1','$otp2');
60. ##echo $Hotp, "<br/>";
61.  
62.  
63. #if (CRYPT_MD5 == 1)
64. #{
65. ##echo "Standard DES: ".crypt("$otp2")."\n<br />";
66. #}
67. #else
68. #{
69. ##echo "Standard DES not supported.\n<br />";
70. #}
71.  
72.  
73.  
74.  
75.  
76. #pow(0,seed)
77.  
78. #round()
79.  
80.  
81. ####Cypherblock puzzle####
82. ###Once the One Time Password is created. It is then broken into sections, and one randomly is assigned as the one time password while another piece is used to as part of the session cookie.#######
83.  
84. $test1=substr($Hotp,0,6);
85. #echo "this string 1 $test1", "<br/>";
86.  
87. $test2=substr($Hotp,6,6);
88. #echo $test2, "<br/>";
89.  
90. $test3=substr($Hotp,12,6);
91. #echo $test3, "<br/>";
92.  
93. $test4=substr($Hotp,18,6);
94. #echo $test4, "<br/>";
95.  
96. $test5=substr($Hotp,24,6);
97. #echo $test5, "<br/>";
98.  
99. $test6=substr($Hotp,30,6);
100. #echo $test5, "<br/>";
101.  
102. ####Rand####
103.  
104. $rand=rand(1,5);
105. #echo "rand $rand", "<br/>";
106.  
107. $rand1=rand(1,5);
108. #echo "rand1 $rand1", "<br/>";
109.  
110. if ("$rand"!="$rand1")
111. #"no issues", "<br/>";
112. #else
113. {
114. while ("$rand"=="$rand1")
115. {
116. $rand1=rand(1,5);
117. #echo "fixed $rand1", "<br/>";
118. }
119. }
120.  
121.  
122. if ($rand == '1')
123. {
124. $USEROTP=($test1);
125. #echo "USER Key $USEROTP","<br/>";
126. }
127. elseif ($rand == '2') {
128. $USEROTP=($test2);
129. #echo "USER Key $USEROTP","<br/>";
130. }
131. elseif ($rand == '3') {
132. $USEROTP=($test3);
133. #echo "USER Key $USEROTP","<br/>";
134. }
135. elseif ($rand == '4') {
136. $USEROTP=($test4);
137. #echo "USER Key $USEROTP","<br/>";
138. }
139. else {
140. $USEROTP=($test5);
141. #echo "USER Key $USEROTP","<br/>";
142. }
143.  
144.  
145.  
146. if ($rand1 == '1')
147. {
148. $cookie=($test1);
149. #echo "cookie value $cookie","<br/>";
150. }
151. elseif ($rand1 == '2') {
152. $cookie=($test2);
153. #echo "cookie value $cookie","<br/>";
154. }
155. elseif ($rand1 == '3') {
156. $cookie=($test3);
157. #echo "cookie value $cookie","<br/>";
158. }
159. elseif ($rand1 == '4') {
160. $cookie=($test4);
161. #echo "cookie value $cookie","<br/>";
162. }
163. else {
164. $cookie=($test5);
165. #echo "cookie value $cookie","<br/>";
166. }
167.  
168.  
169.  
170.  
171. ##tempt Cookie#####
172. #setcookie("user", $username, time()+604800); /* Expires in a week */
173.  
174.  
175. ####Sending the OTP VIA SMS####
176.  
177. $sql1="SELECT Provider FROM $tbl_name WHERE username='$myusername'";
178.  
179. $var1=mysql_query($sql1);
180. $provider=mysql_result($var1,0,Provider);
181.  
182. $sql2="SELECT Phonenumber FROM $tbl_name WHERE username='$myusername'";
183. $var2=mysql_query($sql2);
184. $phonenumber=mysql_result($var2,0,Phonenumber);
185.  
186. $sql3="SELECT Areacode FROM $tbl_name WHERE username='$myusername'";
187. $var3=mysql_query($sql3);
188. $Acode=mysql_result($var3,0,Areacode);
189.  
190. $number=$Acode . $phonenumber;
191.  
192. #echo $provider, "<br/>";
193. #echo $Acode,$phonenumber, "<br/>";
194.  
195. #echo $number, "<br/>","<br/>";
196.  
197. $subject = "One Time Password";
198. $message = "Your One Time Password is $USEROTP ";
199.  
200. #mail("$number@txt.bell.ca",$subject,$message,"From: webserver");
201.  
202. ####Secure Cookie#####
203.  
204. ##temptif
205.  
206. #setcookie("user", $username, $cookie, time()+3600);
207. ##echo $_COOKIE ["user"] ,"<br/>";
208. # print_r($_COOKIE);
209.  
210.  
211.  
212. ##echo "Welcome " . $_COOKIE["user"] . "<br />";
213. #else
214. # #echo "Welcome guest!<br />";
215.  
216.  
217. #if($count==1){
218. #session_register("myusername");
219. #session_register("mypassword");
220. #header("location:login_success.php");
221. #}
222. #else {
223. ##echo "Wrong Username or Password";
224. #}
225.  
226. header("location:OTP_checker.php")
227. ?>