Home arrow PHP arrow Page 8 - Socket Programming With PHP

Access Denied - PHP

You might not know this, but PHP comes with a very capable socketprogramming API. These socket functions now include almost everything youwould need for socket-based client-server communication over TCP/IP, andcan be easily deployed to build simple network applications. Find out more,inside.

TABLE OF CONTENTS:
  1. Socket Programming With PHP
  2. Putting It All Together
  3. Fortune's Fool
  4. Looping The Loop
  5. On Web-bed Feet
  6. Different Strokes
  7. POP Goes The Weasel
  8. Access Denied
  9. Game Over
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 204
February 05, 2002

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Here's another example, this one setting up an authentication server that accepts a username and password and verifies them against the standard Unix /etc/passwd file. Take a look:

<? // don't timeout! set_time_limit(0); // set some variables $host = "192.168.1.99"; $port = 1234; // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socket\n"); // bind socket to port $result = socket_bind($socket, $host, $port) or die("Could not bind to socket\n"); // start listening for connections $result = socket_listen($socket, 3) or die("Could not set up socket listener\n"); // accept incoming connections // spawn another socket to handle communication $spawn = socket_accept($socket) or die("Could not accept incoming connection\n"); // read client input $input = socket_read($spawn, 1024) or die("Could not read input\n"); // clean up input string $input = trim($input); // split input into components and authenticate $arr = explode(":", $input); $result = authenticate(trim($arr[0]), trim($arr[1])); socket_write($spawn, $result, strlen ($result)) or die("Could not write output\n"); // close sockets socket_close($spawn); socket_close($socket); // authenticate username/password against /etc/passwd // returns: -1 if user does not exist // 0 if user exists but password is incorrect // 1 if username and password are correct function authenticate($user, $pass) { $result = -1; // make sure that the script has permission to read this file! $data = file("/etc/passwd"); // iterate through file foreach ($data as $line) { $arr = explode(":", $line); // if username matches // test password if ($arr[0] == $user) { // get salt and crypt() $salt = substr($arr[1], 0, 2); if ($arr[1] == crypt($pass, $salt)) { $result = 1; break; } else { $result = 0; break; } } } // return value return $result; } ?>
Most of this should now be familiar to you, so I'm not going to get into the details of the socket connection itself; I will, however, briefly explain how the authentication is carried out.

In this case, the client is expected to provide a username and (cleartext) password in the format "username:password" to the server over the socket connection. The server then reads the system's password file (usually /etc/passwd or /etc/shadow), looks for a line beginning with the specified username, and extracts the first two letters of the corresponding encrypted password string. These two characters serve as the "salt" for the encryption process.

Next, the cleartext password is encrypted with PHP's crypt() function and the extracted "salt", with the result checked against the encrypted value in the password file. If the two match, it implies that the supplied password was correct; if they don't, it implies that the password was wrong. Either way, the result of this authentication procedure is then returned to the client over the socket connection.

Here's the output of a session with this server:

$ telnet 192.168.1.99 1234 Trying 192.168.1.99... Connected to 192.168.1.99. Escape character is '^]'. john:doe 1Connection closed by foreign host $ telnet 192.168.1.99 1234 Trying 192.168.1.99... Connected to 192.168.1.99. Escape character is '^]'. nosuchuser:hahaha -1Connection closed by foreign host


 
 
>>> More PHP Articles          >>> More By icarus, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: