Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*********************************************************************
- *
- * Pure PHP radius class challenge/response demo
- *
- * Change Log
- *
- * 2008-07-07 1.2 SysCo/al Initial release
- * Added Jon Bright (tick Trading Software AG) contribution
- * - challenge/response support demo for the RSA SecurID New-PIN mode
- *
- *********************************************************************/
- require_once('radius.class.php');
- ?>
- <html>
- <head>
- <title>
- Pure PHP radius class challenge/response demo
- </title>
- </head>
- <body>
- <?php
- if ((isset($_POST['user'])) && ('' != trim($_POST['user'])))
- {
- $radius = new Radius('10.140.10.58', 'sRNKM1X$');
- // Enable Debug Mode for the demonstration
- $radius->SetDebugMode(TRUE);
- if (isset($_POST['state']) && strlen($_POST['state'])>0 && strlen($_POST['state'])<254)
- {
- $state = $_POST['state'];
- $state = pack('H*', $state);
- }
- else
- {
- $state = NULL;
- }
- if ($radius->AccessRequest($_POST['user'], $_POST['pass'], 0, $state))
- {
- echo "<strong>Authentication accepted.</strong>";
- }
- else
- {
- if ($radius->GetReceivedPacket()==11) // Access-Challenge, sent by RSA RADIUS when PIN needs changing
- {
- if ($radius->GetAttribute(18)!==NULL)
- {
- // There's a Reply-Message, show it to the user.
- // The standard from RSA for this is "Enter a new PIN having from 4 to 8 digits:\000"
- // Since that \000 looks pretty silly in HTML, get rid of it
- $msg = $radius->GetAttribute(18);
- $msg = str_replace("\000","",$msg);
- }
- else
- {
- $msg = "Challenge received from server";
- }
- echo "<strong>".$msg."</strong>";
- ?>
- <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
- User: <input name="user" type="text" value="<?php echo $_POST["user"]; ?>" />
- <br />
- <?php
- if ($radius->GetAttribute(76)===0) // The RADIUS RFC excludes the possibility of sending this attr, but RSA send it. 0 means "No echo".
- {
- ?>
- Pass: <input name="pass" type="password" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
- <?php
- }
- else
- {
- ?>
- Pass: <input name="pass" type="password" value="" /> <!-- this should *actually* be text - the server didn't tell us to use "no-echo" -->
- <?php
- }
- if ($radius->GetAttribute(24)!==NULL)
- {
- ?>
- <input name="state" type="hidden" value="<?php echo bin2hex($radius->GetAttribute(24)); ?>" />
- <?php
- }
- ?>
- <br />
- <input name="submit" type="submit" value="Check authentication" />
- </form>
- <?php
- }
- else
- {
- echo "<strong>Authentication rejected.</strong>";
- }
- }
- echo "<br />";
- echo "<br /><strong>GetReadableReceivedAttributes</strong><br />";
- echo $radius->GetReadableReceivedAttributes();
- echo "<br />";
- echo "<a href=\"".$_SERVER['PHP_SELF']."\">Reload authentication form</a>";
- }
- else
- {
- ?>
- <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
- Username: <input name="user" type="text" value="user" />
- <br />
- Password: <input name="pass" type="password" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
- <br />
- <input name="submit" type="submit" value="Check authentication" />
- </form>
- <?php
- }
- ?>
- </body>
- <html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement