auth-sample.php
--- run ---
<?php
/*
Swekey Authentication Sample
(c) Musbe, Inc. 2008
This is a very simple authentication sample.
It is not very secure because all the data is passed in the url.
*/
// include the file enclosed in the swekey SDK
include "swekey.php";
?>
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>Swekey Php Authentication Sample</TITLE>
</HEAD>
<body>
<center>
<h1>Swekey Php Authentication Sample<br><br><br></h1>
<?php
if (! isset($_GET['swekey_id']))
{
?>
<!-- include the file enclosed in the swekey SDK -->
<script type="text/javascript" src="swekey.js"></script>
<script>
// Get the ids of the plugged swekeys
var swekey_ids = Swekey_ListKeyIds();
// in case of we have multiple swekey plugged we take only
// the first one (32 = length of a swekey id)
var swekey_id = swekey_ids.substr(0, 32);
window.location.search = "?swekey_id=" + swekey_id;
</script>
<?php
}
else if (strlen($_GET['swekey_id']) != 32)
{
?>
No keys are plugged.
<?php
}
else if (strlen($_GET['otp']) != 64 || strlen($_GET['rt']) != 64)
{
echo 'Authenticating step 1...'.$_GET['swekey_id'];
// we get the random token from the server
$rt = Swekey_GetFastRndToken();
?>
<script type="text/javascript" src="swekey.js"></script>
<script>
// we get the otp from the swekey
var otp = Swekey_GetOtp("<?php echo $_GET['swekey_id'] ?>", "<?php echo $rt ?>");
if (otp.length != 64)
window.location.search = ""; // swekey was unplugged we restart the demo
else
window.location.search = "?swekey_id=<?php echo $_GET['swekey_id'] ?>&rt=<?php echo $rt ?>&otp=" + otp;
</script>
<?php
}
else
{
if (Swekey_CheckOtp($_GET['swekey_id'], $_GET['rt'], $_GET['otp']))
{
echo 'Swekey '.$_GET['swekey_id'].' is connected and validated';
}
else
{
echo 'Swekey '.$_GET['swekey_id'].' is connected but can not be validated because of error '.Swekey_GetLastError();
}
}
?>
<br><br><br>
<a href="./auth-sample.php">retry</a>
</body>
</html>
--- run ---