<?php/*********************************************************************

1. <?php
2.  
3. /*********************************************************************
4. *
5. * Pure PHP radius class challenge/response demo
6. *
7. * Change Log
8. *
9. * 2008-07-07 1.2 SysCo/al Initial release
10. * Added Jon Bright (tick Trading Software AG) contribution
11. * - challenge/response support demo for the RSA SecurID New-PIN mode
12. *
13. *********************************************************************/
14.  
15. require_once('radius.class.php');
16.  
17. ?>
18. <html>
19. <head>
20. <title>
21. Pure PHP radius class challenge/response demo
22. </title>
23. </head>
24. <body>
25. <?php
26. if ((isset($_POST['user'])) && ('' != trim($_POST['user'])))
27. {
28. $radius = new Radius('10.140.10.58', 'sRNKM1X$');
29.  
30. // Enable Debug Mode for the demonstration
31. $radius->SetDebugMode(TRUE);
32.  
33. if (isset($_POST['state']) && strlen($_POST['state'])>0 && strlen($_POST['state'])<254)
34. {
35. $state = $_POST['state'];
36. $state = pack('H*', $state);
37. }
38. else
39. {
40. $state = NULL;
41. }
42.  
43. if ($radius->AccessRequest($_POST['user'], $_POST['pass'], 0, $state))
44. {
45. echo "<strong>Authentication accepted.</strong>";
46. }
47. else
48. {
49. if ($radius->GetReceivedPacket()==11) // Access-Challenge, sent by RSA RADIUS when PIN needs changing
50. {
51. if ($radius->GetAttribute(18)!==NULL)
52. {
53. // There's a Reply-Message, show it to the user.
54. // The standard from RSA for this is "Enter a new PIN having from 4 to 8 digits:\000"
55. // Since that \000 looks pretty silly in HTML, get rid of it
56. $msg = $radius->GetAttribute(18);
57. $msg = str_replace("\000","",$msg);
58. }
59. else
60. {
61. $msg = "Challenge received from server";
62. }
63. echo "<strong>".$msg."</strong>";
64. ?>
65. <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
66. User: <input name="user" type="text" value="<?php echo $_POST["user"]; ?>" />
67. <br />
68.  
69. <?php
70. if ($radius->GetAttribute(76)===0) // The RADIUS RFC excludes the possibility of sending this attr, but RSA send it. 0 means "No echo".
71. {
72. ?>
73. Pass: <input name="pass" type="password" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
74. <?php
75. }
76. else
77. {
78. ?>
79. Pass: <input name="pass" type="password" value="" /> <!-- this should *actually* be text - the server didn't tell us to use "no-echo" -->
80. <?php
81. }
82. if ($radius->GetAttribute(24)!==NULL)
83. {
84. ?>
85. <input name="state" type="hidden" value="<?php echo bin2hex($radius->GetAttribute(24)); ?>" />
86. <?php
87. }
88. ?>
89. <br />
90.  
91. <input name="submit" type="submit" value="Check authentication" />
92. </form>
93. <?php
94. }
95. else
96. {
97. echo "<strong>Authentication rejected.</strong>";
98. }
99. }
100. echo "<br />";
101.  
102. echo "<br /><strong>GetReadableReceivedAttributes</strong><br />";
103. echo $radius->GetReadableReceivedAttributes();
104.  
105. echo "<br />";
106. echo "<a href=\"".$_SERVER['PHP_SELF']."\">Reload authentication form</a>";
107. }
108. else
109. {
110. ?>
111. <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
112. Username: <input name="user" type="text" value="user" />
113. <br />
114.  
115. Password: <input name="pass" type="password" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
116. <br />
117.  
118. <input name="submit" type="submit" value="Check authentication" />
119. </form>
120. <?php
121. }
122. ?>
123. </body>
124. <html>