PHP Classes

File: radius.challenge.response.demo.php

Recommend this page to a friend!
  Classes of André Liechti   Pure PHP radius class   radius.challenge.response.demo.php   Download  
File: radius.challenge.response.demo.php
Role: Example script
Content type: text/plain
Description: Challenge/response demo file
Class: Pure PHP radius class
Authenticate users with a RADIUS server
Author: By
Last change: Lsting priority
Date: 15 years ago
Size: 4,773 bytes
 

Contents

Class file image Download
<?php

/*********************************************************************
 *
 * Pure PHP radius class challenge/response demo
 *
 * Change Log
 *
 * 2008-07-07 1.2 SysCo/al Initial release
 * Added Jon Bright (tick Trading Software AG) contribution
 * - challenge/response support demo for the RSA SecurID New-PIN mode
 *
 *********************************************************************/
 
require_once('radius.class.php');

?>
<html>
    <head>
        <title>
            Pure PHP radius class challenge/response demo
        </title>
    </head>
    <body>
        <?php
       
if ((isset($_POST['user'])) && ('' != trim($_POST['user'])))
        {
           
$radius = new Radius('127.0.0.1', 'secret');

           
// Enable Debug Mode for the demonstration
           
$radius->SetDebugMode(TRUE);

            if (isset(
$_POST['state']) && strlen($_POST['state'])>0 && strlen($_POST['state'])<254)
            {
               
$state = $_POST['state'];
               
$state = pack('H*', $state);
            }
            else
            {
               
$state = NULL;
            }

            if (
$radius->AccessRequest($_POST['user'], $_POST['pass'], 0, $state))
            {
                echo
"<strong>Authentication accepted.</strong>";
            }
            else
            {
                if (
$radius->GetReceivedPacket()==11) // Access-Challenge, sent by RSA RADIUS when PIN needs changing
               
{
                    if (
$radius->GetAttribute(18)!==NULL)
                    {
                       
// There's a Reply-Message, show it to the user.
                        // The standard from RSA for this is "Enter a new PIN having from 4 to 8 digits:\000"
                        // Since that \000 looks pretty silly in HTML, get rid of it
                       
$msg = $radius->GetAttribute(18);
                       
$msg = str_replace("\000","",$msg);
                    }
                    else
                    {
                       
$msg = "Challenge received from server";
                    }
                    echo
"<strong>".$msg."</strong>";
                   
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                    User: <input name="user" type="text" value="<?php echo $_POST["user"]; ?>" />
                    <br />

                    <?php
                   
if ($radius->GetAttribute(76)===0) // The RADIUS RFC excludes the possibility of sending this attr, but RSA send it. 0 means "No echo".
                   
{
                       
?>
Pass: <input name="pass" type="text" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
                        <?php
                   
}
                    else
                    {
                       
?>
Pass: <input name="pass" type="text" value="" /> <!-- this should *actually* be text - the server didn't tell us to use "no-echo" -->
                        <?php
                   
}
                    if (
$radius->GetAttribute(24)!==NULL)
                    {
                       
?>
<input name="state" type="hidden" value="<?php echo bin2hex($radius->GetAttribute(24)); ?>" />
                        <?php
                   
}
                   
?>
<br />

                    <input name="submit" type="submit" value="Check authentication" />
                    </form>
                    <?php
               
}
                else
                {
                    echo
"<strong>Authentication rejected.</strong>";
                }
            }
            echo
"<br />";

            echo
"<br /><strong>GetReadableReceivedAttributes</strong><br />";
            echo
$radius->GetReadableReceivedAttributes();

            echo
"<br />";
            echo
"<a href=\"".$_SERVER['PHP_SELF']."\">Reload authentication form</a>";
        }
        else
        {
           
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                User: <input name="user" type="text" value="user" />
                <br />

                Pass: <input name="pass" type="text" value="" /> (text type for educational purpose only) <!-- type="text" for educational purpose only ! -->
                <br />
               
                <input name="submit" type="submit" value="Check authentication" />
            </form>
            <?php
       
}
       
?>
</body>
<html>