PHP Classes

PHP OTP Login: Authenticate users using the computer MAC address

Recommend this page to a friend!
     
  Info   Example   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 72%Total: 797 All time: 4,294 This week: 78Up
Version License PHP version Categories
php-otp-login 1.0.3GNU Free Document...5Networking, PHP 5, Security
Description 

Author

This class can authenticate users using the computer MAC address.

It generates a script that should be downloaded and when executed it will send the computer Mac Address to the server.

Different versions of the script are served according to whether the system is based on Windows, Linux or Mac.

The class stores an OTP session record that is associated to the current logged user and the obtained Mac address for a given period of time.

A session cookie is set with expiry time valid until the OTP session ends. After that the Mac address needs to be verified again.

Innovation Award
PHP Programming Innovation award winner
December 2015
Winner
Logged user session hijacking is security concern that many sites that deal with sensitive information have.

This class implements an higher level of security by tying a logged user session to a given MAC address.

Manuel Lemos
Picture of Bijaya Kumar  Behera
Name: Bijaya Kumar Behera <contact>
Classes: 6 packages by
Country: India India
Age: ???
All time rank: 56035 in India India
Week rank: 227 Up15 in India India Up
Innovation award
Innovation award
Nominee: 1x

Winner: 1x

Example

<?php
@session_start();
#####################################################
require_once('./bin/OTPLogin.php');
#$DB=new mysqli("localhost", "root", "", "test");
#$DB=mysql_connect("localhost", "root", "");mysql_select_db("test", $DB);
$DB= new PDO("mysql:host=localhost;dbname=test", "root", "");
$oOTPLogin=new OTPLogin($DB, 'otplogin', 'OTPLogin_Sess', 2592000, 60 );
#$oOTPLogin->senOTP(1); die;
#####################################################

// Handle page request
dispatch(!isset($_GET['page'])? 'index': $_GET['page'] );
exit(
0);
?>




<?php
/* check login session */
function isLogged() {
    return isset(
$_SESSION['userid']) ? $_SESSION['userid'] : 0;
}

/* Show Page */
function dispatch($page) {
    switch(
$page) {
        case
"index":
                   
indexPage();
                    break;
        case
"login":
                   
loginPage();
                    break;
        case
"otp":
                   
OTPPage();
                    break;
        case
"download":
                   
downloadOTPGenPage();
                    break;
        case
"getotp":
                   
getOTP();
                    break;
        default:
           
show404Page();
    }
}
/* */
function downloadOTPGenPage () {
    global
$oOTPLogin;
    if ( !
isLogged() )
       
redirToLoginPage();
   
$userid = isLogged() ;
   
$info = array('Copyright' => '(c) 2015-16, All Right are reserved.');
   
$otpurl = strtok('http' . (isset($_SERVER['HTTPS'])?'s':'') . '://' . ($_SERVER['HTTP_HOST']) . ( ( isset($_SERVER['SERVER_PORT']) && !in_array($_SERVER['SERVER_PORT'], array(80,443))) ? ":{$_SERVER['SERVER_PORT']}" : "" ) . $_SERVER['REQUEST_URI'], '?');
   
$otpurl .="?page=getotp&";
   
$oOTPLogin->downloadOTPGenFile($otpurl, $userid, $info);
    exit(
0);
}
/* */
function getOTP() {
    global
$oOTPLogin;
   
$userid = isset($_GET['userid']) ? (int) $_GET['userid'] : 0;
   
$macadd = isset($_GET['macadd']) ? $_GET['macadd'] : "";
   
$code = $oOTPLogin->getOTP($userid, $macadd);
    if (
is_int($code)) {
        print
"OTP code is $code.";
        exit(
0);
    }
    print
"FAILED:1000";
    exit(
0);
}

/* */
function show404Page () {
   
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
    echo
"<h1> Page Not Found.";
    exit;
}

/* */
function indexPage() {
    global
$oOTPLogin;
    if ( !
isLogged() )
       
redirToLoginPage();
   
// Validate
   
if ( !$oOTPLogin->isValid(isLogged()) )
    {
       
redirToLoginPage('otp');
        exit ;
    }
ECHO <<<INDEX
<html>
    <head>
    <title> Welcome </title>
    </head>
    <style>
    #login {
        position:fixed;
        top: 50%;
        left: 50%;
        width:30em;
        height:18em;
        margin-top: -9em; /*set to a negative number 1/2 of your height*/
        margin-left: -15em; /*set to a negative number 1/2 of your width*/
        border: 1px solid #ccc;
        background-color: #f3f3f3;
    }
    </style>
    <body>
    <div id="login">
        <center> <h1> Welcome to OTPLogin Page <h1> </center>
        <br />
        <br />
        <br />
        <center><p style="color:green"> Congrats !!, You are in safe place . <p></center>
    </div>
    </body>
    </html>
INDEX;

}


/* Logged */
function logged() {
    global
$oOTPLogin;
    if (!
$PHPLoginJail){askOTPPage();exit;}
}


/* askOTP */
function OTPPage() {
    global
$oOTPLogin;
    if ( !
isLogged() )
       
redirToLoginPage();
    if ( isset(
$_POST['form']['users']['otp'])) {
       
$otp=(int)$_POST['form']['users']['otp'];
        if (
$oOTPLogin->verifyOTP(isLogged(), $otp ) ) {
           
redirToLoginPage('index');
            exit ;
        }
    }
   
$initStatus = $oOTPLogin->initOTP(isLogged());

ECHO <<<askOTP
<html>
    <head>
    <title> Enter OTP </title>
    </head>
    <script>
        var m=
$initStatus;
        var t=window.setInterval(function(){ document.getElementById('tout').innerHTML=(--m); if (!m) window. clearInterval(t); }, 1000);
    </script>
    <style>
    #login {
        position:fixed;
        top: 50%;
        left: 30%;
        width:50em;
        height:18em;
        margin-top: -9em; /*set to a negative number 1/2 of your height*/
        margin-left: -15em; /*set to a negative number 1/2 of your width*/
        border: 1px solid #ccc;
        background-color: #f3f3f3;
    }
    </style>
    <body>
    <div id="login">
    <table border='1' width="100%">
    <tr>
    <td width=60%>
    <i> <b style='color:green'>Your OTP session has been started, Please download your OTP Generator file (if you are not downloaded yet) and just run it to get new OTP.<i>
    </b>
    <br />
    <hr />
    <center><i> Time Left : <span id="tout">
$initStatus</span></center>
    <center style='height:20%'></center>
    <fieldset>
    <legend> OTP </legend>
    <hr />
    <form method="post">
        Enter OTP<input type='text' name='form[users][otp]' value='' />
    <hr />
    <input type='submit' value="Proceed" name='form[users][submit]' />
    </form>
    </fieldset>
    </td>
    <td align="top" valign="middle">
         <center> <span>OTPLogin Generator</span> <a href="?page=download"> download </a> </center>
         <u><b>For window User :</u></b> <br />
         &nbsp;&nbsp;Run the download file i,e OTPLogin-UID-1.cmd<br />
         <u><b>For linux/Mac OS User : </u></b><br />
         &nbsp;&nbsp;1. Open terminal <br />
         &nbsp;&nbsp;2. chmod +x OTPLogin-UID-1.sh<br />
         &nbsp;&nbsp;2. ./OTPLogin-UID-1.sh<br />
         <b>Ouput</b>
         <pre>
##############################################
OTPLoginGenerator V1.0.0
Generated On: Wed, 18 Nov 2015 07:56:03 GMT
Copyright: (c) 2015-16, All Right are reserved.
UserID:1
#############################################
Please wait .... Requesting to server ...
Requesting to server . .. ...
Request completed with status 200
Redirecting response to console . .. ...
+++++++++++++++++++++++[OUTPUT]++++++++++++++
OTP code is 572439.
+++++++++++++++++++++++[OUTPUT]++++++++++++++
         </pre>
    </td>
    </tr>
    </table>
    </div>
    </body>
    </html>
askOTP;
}

/* Login page*/
function loginPage() {
    if ( isset(
$_POST['form'])) {
       
$_SESSION['userid'] = 1 ;
        @
header('Location: OTPLogin_Example.php');
        return ;
    }

    ECHO <<<loginPage
<html>
    <head>
    <title> Login </title>
    </head>
    <style>
    #login {
        position:fixed;
        top: 50%;
        left: 50%;
        width:30em;
        height:18em;
        margin-top: -9em; /*set to a negative number 1/2 of your height*/
        margin-left: -15em; /*set to a negative number 1/2 of your width*/
        border: 1px solid #ccc;
        background-color: #f3f3f3;
    }
    </style>
    <body>
    <div id="login">
    <center style='height:20%'></center>
    <fieldset>
    <legend> Login </legend>
    <form method="post">
    User Name<input type='text' name='form[users][userid]' value='user' />
    Password <input type='password' name='form[users][password]' value='password' />
    <hr />
    <input type='submit' value="Login" name='form[users][submit]' />
    </form>
    </fieldset>
    </div>
    </body>
    </html>
loginPage;
exit;
}

/* redirToLoginPage */
function redirToLoginPage($page = null ) {
   
$page = is_null($page) ? 'login' : $page;
    echo <<<redirToLoginPage
<html>
<head>
<title> Please wait .. redirecting to login page </title>
<meta http-equiv='refresh' content='2;url=?page=
$page'>
</head>
<body>
<h2> Please wait .. redirecting to
$page page
</body>
</html>
redirToLoginPage;
exit;
}
?>


Details

_____ ___________ _ _ __ _____ _____ | _ |_ _| ___ \ | (_) / | | _ || _ | | | | | | | | |_/ / | ___ __ _ _ _ __ `| | | |/' || |/' | | | | | | | | __/| | / _ \ / _` | | '_ \ | | | /| || /| | \ \_/ / | | | | | |___| (_) | (_| | | | | | _| |_\ |_/ /\ |_/ / \___/ \_/ \_| \_____/\___/ \__, |_|_| |_| \___(_)___(_)\___/ __/ | |___/ OTPLogin 1.0.0 @desc This light weight class can be used to add one more step secure after login using OTP from ALL pre registered Machine using MAC Addresss @author Bijaya Kumar Behera <it.bijaya@gmail.com> +91 9911033016 system requirements ---------------------*- 1. HTTP Server with PHP Enabled 2. PHP Version >=5.3 3. Supported OS Window/Linux/Mac How to implement OTPLogin --------------------------------------------------- 1. Create a database "test" if not already exists 2. Import OTPLogin.sql to "test" database 3. Get a MAC Address from your system For Window User : *. Click the Run button in the Windows Start Menu. *. Type cmd in the Open prompt of the Run menu and click OK to launch a command prompt window. *. maximised the window *. Type ipconfig /all at the command prompt to check the network card settings. *. The MAC address is listed by ipconfig under Physical Address. below sample markked between '==>' and '<==' is the mac addresss ----------------------------------------------------------------- |Physical Address. . . . . . . . . : ==>70-54-D2-19-78-C0<== ----------------------------------------------------------------- For Linux Use *. Open terminal *. Type ifconfig and hit enter *. The MAC address is listed by ipconfig under HWaddr. below sample markked between '==>' and '<==' is the mac addresss ---------------------------------------------------- |Link encap:Ethernet HWaddr ==>00:26:18:25:6E:0E<== ---------------------------------------------------- For Mac OS Use *. Open terminal *. Type ifconfig and hit enter *. The MAC address is listed by ipconfig under ether. below sample markked between '==>' and '<==' is the mac addresss ---------------------------------------------------- |ether ==>e0:34:f5:ef:d4:a0<== ---------------------------------------------------- 4. Add MAC Address record to table otplogin_macs Example: Suppose MAC Address is 00-C0-26-C1-2D-6C remove '-' or ':' & changed it UPPERCASE Final MAC Address: 00C026C12D6C Execute SQL Query INSERT INTO otplogin_macs (macadd, name, parent, active ) VALUES ( '00C026C12D6C', 'My Machine', 0, '1' ) ; Continue the above steps for ALl MAC Address 3. create mysql connection $DB=new mysqli("localhost", "root", "", "test"); Or $DB=mysql_connect("localhost", "root", "");mysql_select_db("test", $DB); Or $DB= new PDO("mysql:host=localhost;dbname=test", "root", ""); 4. create OTPLogin object Params are 1. $DB mySQL Connection [resourece/object] 2. $prefix Table prefix text [String] 3. $cookiename OTP Cookie Name [String] 4. $otpcookietimeout OTP Cookie Timeout in sec [Integer] 5. $otpsessiotimeout OTP Session Timeout [Integer] Return $oOTPLogin [Object] $oOTPLogin=new OTPLogin($DB, $prefix, $cookiename, $otpcookietimeout, $otpsessiotimeout ); 5. check valid cookie session Params are: 1. $userid Logged User Id [Integer] Return true/false [boolean] $oOTPLogin->isValid($userid) [true/false] 6. Initialise OTP if not started Params are : 1. $userid Logged user id [Integer] Return : true/false [bollean] $initStatus = $oOTPLogin->initOTP($userid); 7. Download OTPGenerator of your OS Params are : 1. $otpurl OTP URL [String] 2. $userid User ID [Integer] 3. $info Info [Array] 4. $downloadfilename Download File Name [NULL [String] ] NULL for Auto generated file 5. $os OS Name [String] [Window|Mac|Linux] NULL for Auto Detected OS . Reruen : Void [null] $oOTPLogin->downloadOTPGenFile($otpurl, $userid, $info, $downloadfilename, $os); 8. verify OTP Params are : 1. $userid Logged user ID [Integer] 2. $otp User OTP [Integer] Return : true/false [bollean] $oOTPLogin->verifyOTP($userid, $otp)

  Files folder image Files (5)  
File Role Description
Files folder imagebin (1 file, 1 directory)
Accessible without login Plain text file OTPLogin.sql Data Database schema
Accessible without login Plain text file OTPLogin_Example.php Example Example
Accessible without login Plain text file README.md Doc. Help

  Files folder image Files (5)  /  bin  
File Role Description
Files folder imageOTPLogin (1 file)
  Accessible without login Plain text file OTPLogin.php Aux. Including Class

  Files folder image Files (5)  /  bin  /  OTPLogin  
File Role Description
  Plain text file OTPLogin.php Class Main Class

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:797
This week:0
All time:4,294
This week:78Up
User Ratings User Comments (11)
 All time
Utility:91%StarStarStarStarStar
Consistency:91%StarStarStarStarStar
Documentation:91%StarStarStarStarStar
Examples:86%StarStarStarStarStar
Tests:-
Videos:-
Overall:72%StarStarStarStar
Rank:158
 
Everything perfectly set and defined.
8 years ago (Aakash)
80%StarStarStarStarStar
this is good package for me.
8 years ago (Shashi bhushan Kumar)
80%StarStarStarStarStar
Excellent work! The tutorial really helped me to learn new th...
8 years ago (Shivangi)
80%StarStarStarStarStar
Awesome.
8 years ago (Sadbhav Shah)
80%StarStarStarStarStar
This script is very helpful for a young developer to work upon.
8 years ago (Zaid Haider)
80%StarStarStarStarStar
helps me to y organisation
8 years ago (Bijaya Kumar)
80%StarStarStarStarStar
i was searching for it from so many days.
8 years ago (Devender Deep Grover)
80%StarStarStarStarStar
I found this service very helpful for my current system.
8 years ago (Hemlata Pandey)
80%StarStarStarStarStar
well commented code and deployment is explained in easy steps
8 years ago (sachin upmanyu)
80%StarStarStarStarStar
good
8 years ago (Amit Agrahari)
60%StarStarStarStar
good package
8 years ago (AVISHEKH SINGH)
60%StarStarStarStar