Password protect/key generator for secure server access

Discussion in 'Web Design and Development' started by disconap, Feb 8, 2006.

  1. macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #1
    Hey Mac webbers. I have a bizarre request; we would like to create 1000 randomly generated passwords for access to a folder on our server, and we would like each password to work for only three access attempts. I honestly have no clue how to go about this; any advice/links/people offering to explain it step by step/etc?
     
  2. macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #2

    ok what kind of server is it?
     
  3. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #3
  4. Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #4
    Do you have a mysql server running... and do you know basic php/mysql...?
     
  5. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #5
    Yes and yes, I believe we have unlimited databases as well.
     
  6. Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #6
    This is just my first thought. Very rough outline:

    Make a db with a table containing 2 fields:
    Code:
    password tinytext
    used tinyint default 0
    Make a quick and dirty random generator, something along these lines, and insert the passwords in the table:
    PHP:
    $alphanum = array('a''b''c''d''e''f''g''h''i''j''k''m''n''o''p''q''r''s''t''u''v''w''x''y''z''A''B''C''D''E''F''G''H''J''K''L''M''N''P''Q''R''S''T''U''V''W''X''Y''Z''2''3''4''5''6''7''8''9');
    $chars sizeof($alphanum);
    $passwordlenght 6;
    $a time();
    mt_srand($a);
    for (
    $i=0$i<$passwordlength$i++) {
        
    $randnum intval(mt_rand(0$chars));
        
    $password .= $alphanum[$randnum];
    }
    Then make a login to the folder, and when a certain password is used add 1 to the "used" field in the table. When the maximum is reached, in your case 3, the password is no longer valid.
     
  7. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #7
    Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...
     
  8. macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #8

    you need to either learn php/mysql or hire someone. you are in over your head.
     
  9. Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #9
    superbovine may have a point. It's fairly easy to take the above mentioned code and put it in a for loop and insert as many passwords as you want into the table...
     
  10. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #10
    I'm not in over my head, as I'm not doing anything yet. I've tried to find someone or hire someone, nobody is responding and it's been a week, so I decided to start asking for help since we're under deadline. This is also why I asked for "advice/links/people offering to explain it step by step/etc", to get an idea of where to start...
     
  11. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #11
    Thank you for the help on both counts. I'm looking at more in-depth PHP tutorials over the weekend, so hopefully I'll be able to sort all this out. :)
     
  12. macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #12
    http://rentacoder.com

    you can write out your specs and ppl with will bid on the job. The reason I saw that is, just trying to hack something together of people direction without really knowing what is going on isn't to wise because you are dealing with security. You are going to be the one getting hacked. This is why I recommended hiring someone that knows what they are doing. Knowing how to secure a website and avoid things like SQL Injection exploits probably takes a bit a knowledge that you just won't get off a tutorial. Granted probably someone a rentacoder won't know it either, but they had a better shoot a making it secure.
     
  13. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #13
    That makes a bit more sense, then, as I hadn't really considered the security issues involved with SQL. I'm not too bothered if people can hack the passwords to get access to the files; it's free content anyway, so if someone earns it, they get it, I don't really care. But there are other security risks, I'm sure...
     
  14. Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #14
    php.net is a very good source if you want to try learning a bit more php. Highly recommended.

    And, unless you have state secrets in there a pretty basic login scheme should be adequate... ;)
     
  15. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #15

    Heh. Yeah, it's probably going to be on a url that is currently redirect anyway, so the only access they will have is to the downloadable content. The only worry that Superbovine has now brought up is that I've heard people talk about how PHPbb boards using SQL that have been hacked have caused problems in other parts of servers, though I've never heard anyone say that that has happened to them. Urban legend?
     
  16. thread starter macrumors 68000

    disconap

    Joined:
    Oct 29, 2005
    Location:
    Portland, OR
    #16
    Again, thank you both for your input. And Mitthrawnuruodo, check your PMs. :)
     

Share This Page