Socket Programming With PHP - Access Denied (
Page 8 of 9 )
Here's another
example, this one setting up an authentication server that accepts a username
and password and verifies them against the standard Unix /etc/passwd file. Take
a look:
<?
// don't timeout!
set_time_limit(0);
// set some variables
$host = "192.168.1.99";
$port = 1234;
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create
socket\n");
// bind socket to port
$result = socket_bind($socket, $host, $port) or die("Could not bind to
socket\n");
// start listening for connections
$result = socket_listen($socket, 3) or die("Could not set up socket
listener\n");
// accept incoming connections
// spawn another socket to handle communication
$spawn = socket_accept($socket) or die("Could not accept incoming
connection\n");
// read client input
$input = socket_read($spawn, 1024) or die("Could not read input\n");
// clean up input string
$input = trim($input);
// split input into components and authenticate
$arr = explode(":", $input);
$result = authenticate(trim($arr[0]), trim($arr[1]));
socket_write($spawn, $result, strlen ($result)) or die("Could not write
output\n");
// close sockets
socket_close($spawn);
socket_close($socket);
// authenticate username/password against /etc/passwd
// returns: -1 if user does not exist
// 0 if user exists but password is incorrect
// 1 if username and password are correct
function authenticate($user, $pass)
{
$result = -1;
// make sure that the script has permission to read this file!
$data = file("/etc/passwd");
// iterate through file
foreach ($data as $line)
{
$arr = explode(":", $line);
// if username matches
// test password
if ($arr[0] == $user)
{
// get salt and crypt()
$salt = substr($arr[1], 0, 2);
if ($arr[1] == crypt($pass, $salt))
{
$result = 1;
break;
}
else
{
$result = 0;
break;
}
}
}
// return value
return $result;
}
?>
Most of this should now be familiar to you, so I'm not going
to get into the details of the socket connection itself; I will, however,
briefly explain how the authentication is carried out.
In this case, the
client is expected to provide a username and (cleartext) password in the format
"username:password" to the server over the socket connection. The server then
reads the system's password file (usually /etc/passwd or /etc/shadow), looks for
a line beginning with the specified username, and extracts the first two letters
of the corresponding encrypted password string. These two characters serve as
the "salt" for the encryption process.
Next, the cleartext password is
encrypted with PHP's crypt() function and the extracted "salt", with the result
checked against the encrypted value in the password file. If the two match, it
implies that the supplied password was correct; if they don't, it implies that
the password was wrong. Either way, the result of this authentication procedure
is then returned to the client over the socket connection.
Here's the
output of a session with this server:
$ telnet 192.168.1.99 1234
Trying 192.168.1.99...
Connected to 192.168.1.99.
Escape character is '^]'.
john:doe
1Connection closed by foreign host
$ telnet 192.168.1.99 1234
Trying 192.168.1.99...
Connected to 192.168.1.99.
Escape character is '^]'.
nosuchuser:hahaha
-1Connection closed by foreign host
