Connexion | Inscription | FAQ
Anonymous

Comment créer mot de pass à usage unique

+ Publier une réponse

8 messages Page 1 sur 1


Comment créer mot de pass à usage unique

par Sbill06 » Mer Oct 03, 2012 9:38 am

Bonjour,

Je souhaite réaliser une base de données avec des mots de pass pré établis par moi et qui permettraient à ceux qui connaissent leurs password d'accéder à certaines informations. Mais comme il s'agit d'une page qui offrira un bon d'achat, je souhaite que l'utilsateur puisse utiliser une seul fois son mot de pass (car je ne souhaite pas qu'il transmette son mot de pass à un ami) ou qu'il puisse accéder à la page php + qu'une fois.

Merci de vos conseils ou éventuels scripts

Marie

Dernière édition par Sbill06 le Jeu Oct 04, 2012 7:08 am, édité 1 fois au total.

Avatar de l’utilisateur

Sbill06

  • Messages: 2
  • Inscrit le: Mer Oct 03, 2012 9:25 am

Re: Comment créer mot de pass à usage unique

par XainPro » Mer Oct 03, 2012 3:41 pm

vous faire propre.
et de faire comme lui sur la première connexion, l'utilisateur ne devrait avoir à changer leur mot de passe!
Avatar de l’utilisateur

XainPro

  • Messages: 3933
  • Inscrit le: Ven Fév 17, 2012 8:10 pm

Re: Comment créer mot de pass à usage unique

par Sbill06 » Jeu Oct 04, 2012 4:08 pm

XainPro a écrit:vous faire propre.
et de faire comme lui sur la première connexion, l'utilisateur ne devrait avoir à changer leur mot de passe!

J'étais heureux d'avoir une réponse à ma demande, mais snif, snif, je comprends rien à cette réponse
Marie
Avatar de l’utilisateur

Sbill06

  • Messages: 2
  • Inscrit le: Mer Oct 03, 2012 9:25 am

Re: Comment créer mot de pass à usage unique

par XainPro » Ven Oct 05, 2012 11:38 am

désolé
j'ai dit que votre propre script
Avatar de l’utilisateur

XainPro

  • Messages: 3933
  • Inscrit le: Ven Fév 17, 2012 8:10 pm

Re: Comment créer mot de pass à usage unique

par Dawncrichardson » Jeu Mai 02, 2019 11:04 am

Create a One Time Password (OTP) in PHP

Step 1

Create the file otppass.php with the following code:
<?php
/**** ANANT ONE-TIME PASSWORD EXAMPLE ****/

session_start(); //STARTING THE SESSION AND THE

session_set_cookie_params(360);//SESSION EXPIRES IN 6 MINUTES

// USERNAME AND PASSWORD ARRAYS

$user = array(
'user1' => annat,
'scott' => tiger,
‘anat’ => xxxxxxx,
);

$phone = array(
'user1' => '+5353535333,
'scott' => '+44243535353,
anat’ => '+23554444444,
);

// Login information for anant NG - SMS Gateway
$anant_user = "admin";
$anant_password = "abc123";
$anant_url = "http://127.0.0.1:9501/api?";


// Functions used to send the SMS message
function httpRequest($url){
$pattern = "/http...([0-9a-zA-Z-.]*).([0-9]*).(.*)/";
preg_match($pattern,$url,$args);
$in = "";
$fp = fsockopen("$args[1]", $args[2], $errno, $errstr, 30);
if (!$fp) {
return("$errstr ($errno)");
} else {
$out = "GET /$args[3] HTTP/1.1\r\n";
$out .= "Host: $args[1]:$args[2]\r\n";
$out .= "User-agent: anant PHP client\r\n";
$out .= "Accept: */*\r\n";
$out .= "Connection: Close\r\n\r\n";

fwrite($fp, $out);
while (!feof($fp)) {
$in.=fgets($fp, 128);
}
}
fclose($fp);
return($in);
}

function anantSend($phone, $msg, $debug=false){
global $anant_user,$anant_password,$anant_url;
$url = 'username='.$anant_user;
$url.= '&password='.$anant_password;
$url.= '&action=sendmessage';
$url.= '&messagetype=SMS:TEXT';
$url.= '&recipient='.urlencode($phone);
$url.= '&messagedata='.urlencode($msg);

$urltouse = $anant_url.$url;
//if ($debug) { echo "Request: <br>$urltouse<br><br>"; }

//Open the URL to send the message
$response = httpRequest($urltouse);
if ($debug) {
echo "Response: <br><pre>".
str_replace(array("<",">"),array("<",">"),$response).
"</pre><br>"; }
return($response);
}


//FUNCTION TO GENERATE ONE-TIME PASSWORD
function anantOTP($length = 8, $chars = 'abcdefghijklmnopqrstuvwxyz1234567890')
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string))
{
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;}


//IF DEBUG VARIABLE IS TRUE, THE RESPONSE OF THE HTTP REQUEST WILL BE WRITTEN TO THE SCREEN
$debug = false;

// IF NOT POSTED ANYTHING YET, THE LOGIN PAGE IS LOADING
if (emptyempty($_POST)){
$i=0;
echo('
<html>
<body>
<h1>One Time Password Form</h1>
<form method="POST">
<table border=1>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Get Otp" OnClick="anantSend(this.form);"></td>
</tr>
</table>
</form>
</body>
</html>');}

//IF OTP HAS POSTED YET, anantOTP FUNCTION WILL GENERATE ONE
if (emptyempty($_POST['otphtml'])){
$_SESSION['otp']=anantOTP();


// CHECKING USER CREDENTIALS
if ($password!=$user[$username] || ((emptyempty($_POST['username']) && (!emptyempty($_POST['password'])))) || (emptyempty($_POST['password']) && (!emptyempty($_POST['username']))))
echo ('Please enter a valid username or password!');
elseif ((!emptyempty($_POST['submit'])) && (emptyempty($_POST['password'])) && (emptyempty($_POST['username'])))
echo ('No username or password entered');

elseif($password=$user[$username]){

//SENDING THE PASSWORD AND LOADING THE OTP-VERIFYING PAGE
anantSend($phone[$_POST['username']],'Dear '.$username.'! Your One-Time password is: '.$_SESSION['otp'],$debug);
echo (' <html>
<body>
<h1>Please enter your One-Time password to enter the site!</h1>
<form method="POST">
<table border=1>
<tr>
<td>Your One-time password:</td>
<td><input type="text" name="otphtml"></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Confirm OTP"></td>
</tr>
</table>
</form>
</body>
</html>');
}}
else{

//IF AN OTP HAS ALREADY SENT, CHECKING ITS VALIDITY AND REDIRECTING TO THE PROTECTED CONTENT
$otp1=$_POST['otphtml'];
include('protectedcontent.php');}

?>
Step 2

Create another file protectedcontent.php.
<?php

if ($_SESSION['otp']==$otp1){
echo('<html>
<body><h2>You\'ve been successfully verified your One-Time Password</h2></body>
</html>');}

else { echo('<html>
<body><h2>Wrong Password!</h2></body>
</html>');}

?>

my review here
Avatar de l’utilisateur

Dawncrichardson

  • Messages: 1
  • Inscrit le: Jeu Mai 02, 2019 10:55 am

Re: Comment créer mot de pass à usage unique

par Curtisaevans1 » Jeu Mai 30, 2019 7:54 am

The on demand passwords are disposable; once they are used, they will not work once again. Which must be reassuring for the massive swaths of individuals that ignore security professionals and utilize the same login across several accounts. Put simply, attackers cannot get the hands of theirs on a single element that could unlock the entire kingdom of yours.

The premise relies completely on you having the smartphone of yours by the side of yours. In that manner, it is much like two factor authentication protocols which kick into action whenever you attempt to sign in (first factor) as well as text you an unlock code (second factor). Several services - like Twitter, Facebook, and Gmail - offer two factor options. Get More Info
Avatar de l’utilisateur

Curtisaevans1

  • Messages: 1
  • Inscrit le: Jeu Mai 30, 2019 7:46 am

Re: Comment créer mot de pass à usage unique

par kevinsbagby » Sam Sep 07, 2019 6:21 am

A few people recommended utilizing the GMail in addition to sign label stunt:

In the event that your email adress is "localname@gmail.com", at that point you use + to include any tag. Anything sent to "tag+localname@gmail.com" or to "localname+tag@gmail.com" will be sent to "localname@gmail.com."

Or on the other hand mailinator, where for all intents and purposes any location can be utilized, in all respects basically.

Both appear to be straightforward enough, however there are gigantic security issues with this, at any rate with the most *typical* client use case:

Bounce is approached to give his email address by a store (ether a block store and additionally on the web). While Bob needs to give a location, yet he doesn't need his fundamental email box traded off overwhelmed with huge amounts of "quit" spam or perhaps, quite possibly, something far and away more terrible. Bounce needs to keep some command over who sends him what and when and how. Sway needs to secure his protection yet not by losing the comfort of online receipts and documenting and stuff.

Weave additionally doesn't need the data to be open in any capacity. And keeping in mind that some email adresses may be incredibly, brief ("Gah, these folks are con artists! Blocking immediately!"), some different adresses may be 100% genuine and Bob qwill need to keep them around for eternity. Additionally, to naturally redict those particular adresses to his fundamental "genuine" email adress.

Get More Info
Avatar de l’utilisateur

kevinsbagby

  • Messages: 1
  • Inscrit le: Sam Sep 07, 2019 6:13 am

Re: Comment créer mot de pass à usage unique

par crystalkmalm » Lun Oct 07, 2019 11:48 am

In order to make a summary of Single Passwords, complete following:

Log in to LastPass and also use the Vault of yours by carrying out either of the following: Go to https://lastpass.com/?ac=1 and sign in with the username of yours and Master Password.
In your internet browser toolbar, click on the LastPass icon LastPass and then click Open The Vault of mine.
Select More Options in the left course-plotting.
Go to Advanced > Single Passwords.
Get into your Master Password, plus simply click OK.
Click Add an innovative Single Password. Enter your Master Password once again, then simply click OK.
Repeat the previous stage as often as you as ideal to make a summary of Single Passwords.
If desired, simply click Print, and maintain the passwords in a safe location, crossing them off because you wear them. If you discover it much more convenient, you are able to click on Print and save as a book editor file you are able to upgrade as you create brand new Single Passwords.
Get More Info
Avatar de l’utilisateur

crystalkmalm

  • Messages: 1
  • Inscrit le: Lun Oct 07, 2019 11:26 am


+ Publier une réponse

Page 1 sur 1