<?php
//////**************************************/
//
// LOGIN PAGE
//
// Server-side:
// 1. Start a session
// 2. Clear the session
// 3. Generate a random challenge string
// 4. Save the challenge string in the session
// 5. Expose the challenge string to the page via a hidden input field
//
// Client-side:
// 1. When the completes the form and clicks on Login button
// 2. Validate the form (i.e. verify that all the fields have been filled out)
// 3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password))
// 4. Submit the form
//******************************/
session_start();
session_unset();
srand();
$challenge = "";
for ($i = 0; $i < 80; $i++) {
$challenge .= dechex(rand(0, 15));
}
$_SESSION[challenge] = $challenge;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Superior Mini Trucks</title>
<link href="../site.css" media="screen" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../moo.js"> </script>
<script type="text/javascript" src="/admin/jmd5.js"> </script>
<script type="text/javascript">
var num = 0;
function login(num) {
var loginForm0 = document.getElementById("loginForm0");
var loginForm1 = document.getElementById("loginForm1");
var loginForm2 = document.getElementById("loginForm2");
var loginForm3 = document.getElementById("loginForm3");
var submitForm = document.getElementById("submitForm" + num);
if (loginForm0.username.value == "" && loginForm1.username.value == "" && loginForm2.username.value == "" && loginForm3.username.value == "") {
alert("Please enter your user name.");
return false;
}
if (loginForm0.password.value == "" && loginForm1.password.value == "" && loginForm2.password.value == "" && loginForm3.password.value == "") {
alert("Please enter your password.");
return false;
}
if(num == 0) {
submitForm.username.value = loginForm0.username.value;
submitForm.response.value =
hex_md5(<?php echo $challenge; ?>+loginForm0.password.value);
submitForm.submit(); }
if(num == 1) {
submitForm.username.value = loginForm1.username.value;
submitForm.response.value =
hex_md5(<?php echo $challenge; ?>+loginForm1.password.value);
submitForm.submit(); }
if(num == 2) {
submitForm.username.value = loginForm2.username.value;
submitForm.response.value =
hex_md5(<?php echo $challenge; ?>+loginForm2.password.value);
submitForm.submit(); }
if(num == 3) {
submitForm.username.value = loginForm3.username.value;
submitForm.response.value =
hex_md5(<?php echo $challenge; ?>+loginForm3.password.value);
submitForm.submit(); }
} // end login()
window.addEvent('domready', function() {
var mySlide_inventory = new Fx.Slide('test');
var mySlide_information = new Fx.Slide('test1');
var mySlide_options = new Fx.Slide('test2');
var mySlide_home = new Fx.Slide('test3');
mySlide_inventory.hide();
mySlide_information.hide();
mySlide_options.hide();
mySlide_home.hide();
$('slidein').addEvent('click', function(e){
e = new Event(e);
mySlide_inventory.slideIn();
e.stop();
});
$('slideout').addEvent('click', function(e){
e = new Event(e);
mySlide_inventory.slideOut();
e.stop();
});
$('toggle').addEvent('click', function(e){
e = new Event(e);
mySlide_inventory.toggle();
e.stop();
});
$('hide').addEvent('click', function(e){
e = new Event(e);
mySlide_inventory.hide();
e.stop();
});
$('slidein1').addEvent('click', function(e){
e = new Event(e);
mySlide_information.slideIn();
e.stop();
});
$('slideout1').addEvent('click', function(e){
e = new Event(e);
mySlide_information.slideOut();
e.stop();
});
$('toggle1').addEvent('click', function(e){
e = new Event(e);
mySlide_information.toggle();
e.stop();
});
$('hide1').addEvent('click', function(e){
e = new Event(e);
mySlide_information.hide();
e.stop();
});
$('slidein2').addEvent('click', function(e){
e = new Event(e);
mySlide_options.slideIn();
e.stop();
});
$('slideout2').addEvent('click', function(e){
e = new Event(e);
mySlide_options.slideOut();
e.stop();
});
$('toggle2').addEvent('click', function(e){
e = new Event(e);
mySlide_options.toggle();
e.stop();
});
$('hide2').addEvent('click', function(e){
e = new Event(e);
mySlide_options.hide();
e.stop();
});
$('slidein3').addEvent('click', function(e){
e = new Event(e);
mySlide_home.slideIn();
e.stop();
});
$('slideout3').addEvent('click', function(e){
e = new Event(e);
mySlide_home.slideOut();
e.stop();
});
$('toggle3').addEvent('click', function(e){
e = new Event(e);
mySlide_home.toggle();
e.stop();
});
$('hide3').addEvent('click', function(e){
e = new Event(e);
mySlide_home.hide();
e.stop();
});
});
</script>
<style type="text/css">
body {
text-align: left;
}
#test, #test1, #test2, #test3 {
background: #222;
color: #fff;
padding: 10px;
margin: 20px;
}
#test {
border: 10px solid saddlebrown;
}
#test1 {
border: 10px solid darkgoldenrod;
}
#test2 {
border: 10px solid darkkhaki;
}
#test3 {
border: 10px solid olive;
}
a {
text-size: large;
font-weight: bold;
text-decoration: none;
outline: none;
color: white;
border-bottom: 2px solid white;
}
</style>
</head>
<body>
<blockquote>
<h3 style="color: white;" class="section">Please Login</h3>
<a id="slideout" href="#"></a><a id="slidein" href="#"></a> <a id="toggle" href="#">Home</a><a id="hide" href="#"></a>
<div id="test">
<form id="loginForm0" action="#" method="post">
<table>
<?php if (isset($_REQUEST[error])) { ?>
<tr>
<td>Error</td>
<td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
</tr>
<?php } ?>
<tr>
<td>User Name</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td> </td>
<td>
<input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
<input type="button" name="submit" value="Login" onclick="login(0);"/>
</td>
</tr>
</table>
</form>
<form id="submitForm0" action="authenticate.php" method="post">
<div>
<input type="hidden" name="username"/>
<input type="hidden" name="response"/>
</div>
</form>
</div>
<a id="slideout1" href="#"></a> <a id="slidein1" href="#"></a> <a id="toggle1" href="#">Inventory</a> <a id="hide1" href="#"></a>
<div id="test1">
<form id="loginForm1" action="#" method="post">
<table>
<?php if (isset($_REQUEST[error])) { ?>
<tr>
<td>Error</td>
<td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
</tr>
<?php } ?>
<tr>
<td>User Name</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td> </td>
<td>
<input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
<input type="button" name="submit" value="Login" onclick="login(1);"/>
</td>
</tr>
</table>
</form>
<form id="submitForm1" action="authenticate1.php" method="post">
<div>
<input type="hidden" name="username"/>
<input type="hidden" name="response"/>
</div>
</form>
</div>
<a id="slideout2" href="#"></a> <a id="slidein2" href="#"></a> <a id="toggle2" href="#">Information</a><a id="hide2" href="#"></a>
<div id="test2">
<form id="loginForm2" action="#" method="post">
<table>
<?php if (isset($_REQUEST[error])) { ?>
<tr>
<td>Error</td>
<td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
</tr>
<?php } ?>
<tr>
<td>User Name</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td> </td>
<td>
<input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
<input type="button" name="submit" value="Login" onclick="login(2);"/>
</td>
</tr>
</table>
</form>
<form id="submitForm2" action="authenticate2.php" method="post">
<div>
<input type="hidden" name="username"/>
<input type="hidden" name="response"/>
</div>
</form>
</div>
<a id="slideout3" href="#"></a><a id="slidein3" href="#"></a> <a id="toggle3" href="#">Options</a><a id="hide3" href="#"></a>
<div id="test3">
<form id="loginForm3" action="#" method="post">
<table>
<?php if (isset($_REQUEST[error])) { ?>
<tr>
<td>Error</td>
<td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
</tr>
<?php } ?>
<tr>
<td>User Name</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td> </td>
<td>
<input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
<input type="button" name="submit" value="Login" onclick="login(3);"/>
</td>
</tr>
</table>
</form>
<form id="submitForm3" action="authenticate3.php" method="post">
<div>
<input type="hidden" name="username"/>
<input type="hidden" name="response"/>
</div>
</form>
</div>
</blockquote>
</body>
</html> 
