update ;)
also support non-javascript browser
<?php
session_start();
if ( function_exists("session_regenerate_id") ) session_regenerate_id();
// pour les tests, sinon, a recuperer dans la base
$lepass = md5("1234");
$lelogin = "login";
$l = &$_GET["login"];
$p = &$_GET["pass"];
if ( isset($l) && $l==$lelogin && isset($p) &&
isset($_SESSION["graindesel"]) && ($p ==
md5($lepass.$_SESSION["graindesel"]) || md5($p)==$lepass) ){
$logged = true;
unset($_SESSION["graindesel"]);
} else {
srand(time());
$grain = sha1( rand() );
$_SESSION["graindesel"] = $grain;
$logged = false;
}
echo '<?xml version="1.0" encoding="iso-8859-1"?">';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<title>auth md5</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php if ( !$logged ) { ?>
<script type="text/javascript" src="md5.js"></script>
<script type="text/javascript">
<!--
function goForm(){
motdepasse = document.formul.pass.value;
md5 = hex_md5(hex_md5(motdepasse)+"<?php echo $grain; ?>");
document.formul.pass.value = md5;
document.formul.action = "<?php echo $_SERVER["PHP_SELF"]; ?>";
document.formul.submit();
}
-->
</script>
<?php } ?>
</head>
<body>
<?php if ( !$logged ) { ?>
<form method="GET" action="<?php echo $_SERVER["PHP_SELF"]; ?>" name="formul">
<input type="text" name="login" id="login" /><br />
<input type="password" name="pass" id="pass" /><br />
<input type="submit" value="envoyer" />
</form>
<script type="text/javascript">
<!--
document.formul.action = "javascript:goForm()";
-->
</script>
<?php } else { ?>
ok ;)
<?php } ?>
</body>
</html>
it's not as secure as https, but it's better than without it.
what do you think about it ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
