Login   Register  
PHP Classes
elePHPant
Icontem

File: radius.challenge.response.demo.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of André Liechti  >  Pure PHP radius class  >  radius.challenge.response.demo.php  >  Download  
File: radius.challenge.response.demo.php
Role: Example script
Content type: text/plain
Description: Challenge/response demo file
Class: Pure PHP radius class
Authenticate users with a RADIUS server
Author: By
Last change: Lsting priority
Date: 2008-07-06 15:26
Size: 4,773 bytes
 

Contents

Class file image Download
<?php

/*********************************************************************
 *
 * Pure PHP radius class challenge/response demo
 *
 * Change Log
 *
 *   2008-07-07 1.2   SysCo/al Initial release
 *                             Added Jon Bright (tick Trading Software AG) contribution
 *                              - challenge/response support demo for the RSA SecurID New-PIN mode
 *
 *********************************************************************/
 
require_once('radius.class.php');

?>
<html>
    <head>
        <title>
            Pure PHP radius class challenge/response demo
        </title>
    </head>
    <body>
        <?php
        
if ((isset($_POST['user'])) && ('' != trim($_POST['user'])))
        {
            
$radius = new Radius('127.0.0.1''secret');

            
// Enable Debug Mode for the demonstration
            
$radius->SetDebugMode(TRUE);

            if (isset(
$_POST['state']) && strlen($_POST['state'])>&& strlen($_POST['state'])<254)
            {
                
$state $_POST['state'];
                
$state pack('H*'$state);
            }
            else
            {
                
$state NULL;
            }

            if (
$radius->AccessRequest($_POST['user'], $_POST['pass'], 0$state))
            {
                echo 
"<strong>Authentication accepted.</strong>";
            }
            else
            {
                if (
$radius->GetReceivedPacket()==11// Access-Challenge, sent by RSA RADIUS when PIN needs changing
                
{
                    if (
$radius->GetAttribute(18)!==NULL)
                    {
                        
// There's a Reply-Message, show it to the user.
                        // The standard from RSA for this is "Enter a new PIN having from 4 to 8 digits:\000"
                        // Since that \000 looks pretty silly in HTML, get rid of it
                        
$msg $radius->GetAttribute(18);
                        
$msg str_replace("\000","",$msg);
                    }
                    else
                    {
                        
$msg "Challenge received from server";
                    }
                    echo 
"<strong>".$msg."</strong>";
                    
?>
                    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                    User: <input name="user" type="text" value="<?php echo $_POST["user"]; ?>" />
                    <br />

                    <?php
                    
if ($radius->GetAttribute(76)===0// The RADIUS RFC excludes the possibility of sending this attr, but RSA send it.  0 means "No echo".
                    
{
                        
?>
                        Pass: <input name="pass" type="text" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
                        <?php
                    
}
                    else
                    {
                        
?>
                        Pass: <input name="pass" type="text" value="" /> <!-- this should *actually* be text - the server didn't tell us to use "no-echo" -->
                        <?php
                    
}
                    if (
$radius->GetAttribute(24)!==NULL)
                    {
                        
?>
                        <input name="state" type="hidden" value="<?php echo bin2hex($radius->GetAttribute(24)); ?>" />
                        <?php
                    
}
                    
?>
                    <br />

                    <input name="submit" type="submit" value="Check authentication" />
                    </form>
                    <?php
                
}
                else
                {
                    echo 
"<strong>Authentication rejected.</strong>";
                }
            }
            echo 
"<br />";

            echo 
"<br /><strong>GetReadableReceivedAttributes</strong><br />";
            echo 
$radius->GetReadableReceivedAttributes();

            echo 
"<br />";
            echo 
"<a href=\"".$_SERVER['PHP_SELF']."\">Reload authentication form</a>";
        }
        else
        {
            
?>
            <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                User: <input name="user" type="text" value="user" />
                <br />

                Pass: <input name="pass" type="text" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
                <br />
                
                <input name="submit" type="submit" value="Check authentication" />
            </form>
            <?php
        
}
        
?>
    </body>
<html>