Connexion | Inscription | FAQ
Anonymous

Comment créer mot de pass à usage unique

+ Publier une réponse

9 messages Page 1 sur 1


Comment créer mot de pass à usage unique

par Sbill06 » Mer Oct 03, 2012 9:38 am

Bonjour,

Je souhaite réaliser une base de données avec des mots de pass pré établis par moi et qui permettraient à ceux qui connaissent leurs password d'accéder à certaines informations. Mais comme il s'agit d'une page qui offrira un bon d'achat, je souhaite que l'utilsateur puisse utiliser une seul fois son mot de pass (car je ne souhaite pas qu'il transmette son mot de pass à un ami) ou qu'il puisse accéder à la page php + qu'une fois.

Merci de vos conseils ou éventuels scripts

Marie

Dernière édition par Sbill06 le Jeu Oct 04, 2012 7:08 am, édité 1 fois au total.

Avatar de l’utilisateur

Sbill06

  • Messages: 2
  • Inscrit le: Mer Oct 03, 2012 9:25 am

Re: Comment créer mot de pass à usage unique

par XainPro » Mer Oct 03, 2012 3:41 pm

vous faire propre.
et de faire comme lui sur la première connexion, l'utilisateur ne devrait avoir à changer leur mot de passe!
Avatar de l’utilisateur

XainPro

  • Messages: 3933
  • Inscrit le: Ven Fév 17, 2012 8:10 pm

Re: Comment créer mot de pass à usage unique

par Sbill06 » Jeu Oct 04, 2012 4:08 pm

XainPro a écrit:vous faire propre.
et de faire comme lui sur la première connexion, l'utilisateur ne devrait avoir à changer leur mot de passe!

J'étais heureux d'avoir une réponse à ma demande, mais snif, snif, je comprends rien à cette réponse
Marie
Avatar de l’utilisateur

Sbill06

  • Messages: 2
  • Inscrit le: Mer Oct 03, 2012 9:25 am

Re: Comment créer mot de pass à usage unique

par XainPro » Ven Oct 05, 2012 11:38 am

désolé
j'ai dit que votre propre script
Avatar de l’utilisateur

XainPro

  • Messages: 3933
  • Inscrit le: Ven Fév 17, 2012 8:10 pm

Re: Comment créer mot de pass à usage unique

par Dawncrichardson » Jeu Mai 02, 2019 11:04 am

Create a One Time Password (OTP) in PHP

Step 1

Create the file otppass.php with the following code:
<?php
/**** ANANT ONE-TIME PASSWORD EXAMPLE ****/

session_start(); //STARTING THE SESSION AND THE

session_set_cookie_params(360);//SESSION EXPIRES IN 6 MINUTES

// USERNAME AND PASSWORD ARRAYS

$user = array(
'user1' => annat,
'scott' => tiger,
‘anat’ => xxxxxxx,
);

$phone = array(
'user1' => '+5353535333,
'scott' => '+44243535353,
anat’ => '+23554444444,
);

// Login information for anant NG - SMS Gateway
$anant_user = "admin";
$anant_password = "abc123";
$anant_url = "http://127.0.0.1:9501/api?";


// Functions used to send the SMS message
function httpRequest($url){
$pattern = "/http...([0-9a-zA-Z-.]*).([0-9]*).(.*)/";
preg_match($pattern,$url,$args);
$in = "";
$fp = fsockopen("$args[1]", $args[2], $errno, $errstr, 30);
if (!$fp) {
return("$errstr ($errno)");
} else {
$out = "GET /$args[3] HTTP/1.1\r\n";
$out .= "Host: $args[1]:$args[2]\r\n";
$out .= "User-agent: anant PHP client\r\n";
$out .= "Accept: */*\r\n";
$out .= "Connection: Close\r\n\r\n";

fwrite($fp, $out);
while (!feof($fp)) {
$in.=fgets($fp, 128);
}
}
fclose($fp);
return($in);
}

function anantSend($phone, $msg, $debug=false){
global $anant_user,$anant_password,$anant_url;
$url = 'username='.$anant_user;
$url.= '&password='.$anant_password;
$url.= '&action=sendmessage';
$url.= '&messagetype=SMS:TEXT';
$url.= '&recipient='.urlencode($phone);
$url.= '&messagedata='.urlencode($msg);

$urltouse = $anant_url.$url;
//if ($debug) { echo "Request: <br>$urltouse<br><br>"; }

//Open the URL to send the message
$response = httpRequest($urltouse);
if ($debug) {
echo "Response: <br><pre>".
str_replace(array("<",">"),array("<",">"),$response).
"</pre><br>"; }
return($response);
}


//FUNCTION TO GENERATE ONE-TIME PASSWORD
function anantOTP($length = 8, $chars = 'abcdefghijklmnopqrstuvwxyz1234567890')
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string))
{
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;}


//IF DEBUG VARIABLE IS TRUE, THE RESPONSE OF THE HTTP REQUEST WILL BE WRITTEN TO THE SCREEN
$debug = false;

// IF NOT POSTED ANYTHING YET, THE LOGIN PAGE IS LOADING
if (emptyempty($_POST)){
$i=0;
echo('
<html>
<body>
<h1>One Time Password Form</h1>
<form method="POST">
<table border=1>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Get Otp" OnClick="anantSend(this.form);"></td>
</tr>
</table>
</form>
</body>
</html>');}

//IF OTP HAS POSTED YET, anantOTP FUNCTION WILL GENERATE ONE
if (emptyempty($_POST['otphtml'])){
$_SESSION['otp']=anantOTP();


// CHECKING USER CREDENTIALS
if ($password!=$user[$username] || ((emptyempty($_POST['username']) && (!emptyempty($_POST['password'])))) || (emptyempty($_POST['password']) && (!emptyempty($_POST['username']))))
echo ('Please enter a valid username or password!');
elseif ((!emptyempty($_POST['submit'])) && (emptyempty($_POST['password'])) && (emptyempty($_POST['username'])))
echo ('No username or password entered');

elseif($password=$user[$username]){

//SENDING THE PASSWORD AND LOADING THE OTP-VERIFYING PAGE
anantSend($phone[$_POST['username']],'Dear '.$username.'! Your One-Time password is: '.$_SESSION['otp'],$debug);
echo (' <html>
<body>
<h1>Please enter your One-Time password to enter the site!</h1>
<form method="POST">
<table border=1>
<tr>
<td>Your One-time password:</td>
<td><input type="text" name="otphtml"></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Confirm OTP"></td>
</tr>
</table>
</form>
</body>
</html>');
}}
else{

//IF AN OTP HAS ALREADY SENT, CHECKING ITS VALIDITY AND REDIRECTING TO THE PROTECTED CONTENT
$otp1=$_POST['otphtml'];
include('protectedcontent.php');}

?>
Step 2

Create another file protectedcontent.php.
<?php

if ($_SESSION['otp']==$otp1){
echo('<html>
<body><h2>You\'ve been successfully verified your One-Time Password</h2></body>
</html>');}

else { echo('<html>
<body><h2>Wrong Password!</h2></body>
</html>');}

?>

my review here
Avatar de l’utilisateur

Dawncrichardson

  • Messages: 1
  • Inscrit le: Jeu Mai 02, 2019 10:55 am

Re: Comment créer mot de pass à usage unique

par Curtisaevans1 » Jeu Mai 30, 2019 7:54 am

The on demand passwords are disposable; once they are used, they will not work once again. Which must be reassuring for the massive swaths of individuals that ignore security professionals and utilize the same login across several accounts. Put simply, attackers cannot get the hands of theirs on a single element that could unlock the entire kingdom of yours.

The premise relies completely on you having the smartphone of yours by the side of yours. In that manner, it is much like two factor authentication protocols which kick into action whenever you attempt to sign in (first factor) as well as text you an unlock code (second factor). Several services - like Twitter, Facebook, and Gmail - offer two factor options. Get More Info
Avatar de l’utilisateur

Curtisaevans1

  • Messages: 1
  • Inscrit le: Jeu Mai 30, 2019 7:46 am

Re: Comment créer mot de pass à usage unique

par kevinsbagby » Sam Sep 07, 2019 6:21 am

A few people recommended utilizing the GMail in addition to sign label stunt:

In the event that your email adress is "localname@gmail.com", at that point you use + to include any tag. Anything sent to "tag+localname@gmail.com" or to "localname+tag@gmail.com" will be sent to "localname@gmail.com."

Or on the other hand mailinator, where for all intents and purposes any location can be utilized, in all respects basically.

Both appear to be straightforward enough, however there are gigantic security issues with this, at any rate with the most *typical* client use case:

Bounce is approached to give his email address by a store (ether a block store and additionally on the web). While Bob needs to give a location, yet he doesn't need his fundamental email box traded off overwhelmed with huge amounts of "quit" spam or perhaps, quite possibly, something far and away more terrible. Bounce needs to keep some command over who sends him what and when and how. Sway needs to secure his protection yet not by losing the comfort of online receipts and documenting and stuff.

Weave additionally doesn't need the data to be open in any capacity. And keeping in mind that some email adresses may be incredibly, brief ("Gah, these folks are con artists! Blocking immediately!"), some different adresses may be 100% genuine and Bob qwill need to keep them around for eternity. Additionally, to naturally redict those particular adresses to his fundamental "genuine" email adress.

Get More Info
Avatar de l’utilisateur

kevinsbagby

  • Messages: 1
  • Inscrit le: Sam Sep 07, 2019 6:13 am

Re: Comment créer mot de pass à usage unique

par crystalkmalm » Lun Oct 07, 2019 11:48 am

In order to make a summary of Single Passwords, complete following:

Log in to LastPass and also use the Vault of yours by carrying out either of the following: Go to https://lastpass.com/?ac=1 and sign in with the username of yours and Master Password.
In your internet browser toolbar, click on the LastPass icon LastPass and then click Open The Vault of mine.
Select More Options in the left course-plotting.
Go to Advanced > Single Passwords.
Get into your Master Password, plus simply click OK.
Click Add an innovative Single Password. Enter your Master Password once again, then simply click OK.
Repeat the previous stage as often as you as ideal to make a summary of Single Passwords.
If desired, simply click Print, and maintain the passwords in a safe location, crossing them off because you wear them. If you discover it much more convenient, you are able to click on Print and save as a book editor file you are able to upgrade as you create brand new Single Passwords.
Get More Info
Avatar de l’utilisateur

crystalkmalm

  • Messages: 1
  • Inscrit le: Lun Oct 07, 2019 11:26 am

Re: Comment créer mot de pass à usage unique

par dorisrwinans » Lun Déc 23, 2019 11:54 am

How to Configure One-Time Password (OTP) Authentication

One-time passwords (OTPs) are passwords that will just be worn one time in a predefined time frame, generally just minutes. You are able to configure the Barracuda SSL VPN to send out the OTP to owners by whether email or maybe SMS. OTPs don't need some specific hardware or perhaps infrastructure. Almost any device that gets SMS or maybe email can be used to get the OTP.

In order to configure the Barracuda SSL VPN to send OTPs by e-mail, configure the SMTP server and also the OTP settings.
In order to configure the Barracuda SSL VPN to send out the OTPs by SMS, configure the SMTP server, the OTP options, as well as an SMTP to SMS service.
Prerequisites for sending OTPs by SMS
When you would like to transmit OTPs by SMS:

You have to have an account for an SMTP to SMS company which could send SMS to cell phones in your nation Determine the address format for delivering SMS over email. Each service provider relies on a different structure.
Every person should have the mobile.number attribute established.
Phase one. Configure the SMTP server
Configure the SMTP server which is used to transmit the OTPs.

Select the person database that you would like to configure the SMTP server for. In order to configure an SMTP server for those user databases, select Global View.
Go to the Manage System > BASIC > Configuration webpage.
In the SMTP area, get into the adjustments for the SMTP server.
Click Save Changes.
Phase two. Configure the OTP settings
Specify when OTPs are sent, the way they're sent, and what sort of OTPs are produced by the Barracuda SSL VPN.

Go on the Manage System > ACCESS CONTROL > Security Settings page.
In the One Time Password component, configure the next settings: Send Mode? Select At Login to send out the OTP during consumer logins.
Approach to password delivery? You are able to choose either Email to send out the OTP via SMS or maybe e-mail over Email to send out the OTP to users' cellular phones.
Generation Type? Choose the kind of OTP which you would like the appliance to produce. In case you experience issues with character encoding in your SMS or maybe emails, select ASCII.
Click Save Changes.
In case you configured the Barracuda SSL VPN to send OTPs by e-mail, no extra configurations are needed. When the machine transmits an OTP, it acquires the email address on the person from the person website.

Step 3. (If sending OTPs via SMS) Configure the SMTP to SMS service
In case you configured the Barracuda SSL VPN to send out the OTPs by SMS, supply the info required to come in contact with the SMTP to SMS service that you're using.

check my site

Open the Manage System > ACCESS CONTROL > Configuration webpage.
In the SMS section, get into the following info, based on the demands of your respective SMTP to SMS program provider:
SMS Gateway Address? The e-mail address for the SMS gateway. A typical example would be:
$userAttributes.mobileNumberexample
SMS Provider Credentials? Usually the text and the credentials are entered .
Click Save Changes.
Avatar de l’utilisateur

dorisrwinans

  • Messages: 3
  • Inscrit le: Lun Déc 23, 2019 11:30 am


+ Publier une réponse

Page 1 sur 1