Comments (14)
See behavior here: http://pcrypt.org/dev/srp6a/register.php
from srp-6a-demo.
The demo expects to be in the top level folder; if you look at the paths in the 'view source' they are expecting to include files at the top level '/'. You can use search and replace to fix that. You can easily see these issues by using chrome/firefox and looking at the developer view which will show errors for not being able to find the .js or .css files.
from srp-6a-demo.
I have made some fixes for this. If you look at the next issue "#6" it has a pull request from my fork where the demo code has some logic in the register.phtml to set the path for all the included files. There are also two lines in the js on that same page to use "./" location for the target of the AJAX posts which are also needed.
from srp-6a-demo.
Downloaded your fork and installed - it seam to work a lot better :-)
NB: Demo same place
But still unable to login as far as I can tell? E.g. it does not jump to login.php and confirm or reject a login attempt.
May just be the lack of instructions. Really missing some sort of simple manual!
from srp-6a-demo.
Looks like the
$.post('./register.php'........
and
$.post('./login.php'........
is not working.
from srp-6a-demo.
That should be fixed on my fork. Issue #6 is the pull request for that.
The idea is you click the Register
button then the Login
button and thats it. To actually use it on a real site you need to do your own programming to save the registration details into a real database and to to add security checks on the parts of the site you want to protect that the user has authenticated properly.
The demo is just enough to show that the SRP library code works; which you can see from the output of the working app which shows what is going on and says "Success" if all the path line up. For today only (as I will recycle the cloud instance) you can see the demo code working over at http://srp6ademo-n00p.rhcloud.com/register.php
from srp-6a-demo.
Just installed your latest files with changes.
And they still do not work - just like to point out that people can not just download the source and make it run! Know that I have to modify it to make it work at a real site.
Will try to find out what the problem is, but it is quite a problem to debug in jquery as it is minimized. Have to modify different things - do not like Git ;-).
The problem is related to $.post that is not working as expected.
from srp-6a-demo.
I wouldn't suspect that jQuery is the problem (although you should check in another browser e.g. firefox,safari,chrome to be sure) it is likely to be that the paths it is attempting to post to dont match up on your server. To check that you use the developer view on either chrome or firefox to see what values it is posting to what url. Check those value against what is posted to the working demo on my server at the link above (e.g. is it posting 'null' not a real value? that could be a js error? any errors in the browser js console?). Then check that if you enter the location it is posting to directly into the browser address bar you dont get a rejection from your server due to some misconfiguration.
from srp-6a-demo.
Think the problem is related to the fact that I have PHP 5.3.3 installed as seen here:
Get this error in the log:
Jan 3 14:18:46 beastserver httpd: PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [14] unable to open database file' in /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php:612 Stack trace: #0 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(612): PDO->__construct('sqlite:srp_db.t...', NULL, NULL, Array) #1 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(791): RedBean_Driver_PDO->connect() #2 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(2002): RedBean_Driver_PDO->Escape('user') #3 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(2632): RedBean_Adapter_DBAdapter->escape('user') #4 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(2592): RedBean_QueryWriter_AQueryWriter->check('user') #5 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(2765): RedBean_QueryWriter_AQueryWriter->safeTable('user') #6 /home/e-smith/files/ibays/pass_ibay/html/dev/srp6a/lib/rb.php(5244): RedBean_QueryWriter_AQueryWri
I will try to install the patch and let you know the outcome!
from srp-6a-demo.
RedBean isn't needed by the core library it is just there to make a demo site. In a real website you would typically use your main database (e.g. MySQL) to store the user details such as email
, salt
and verifier
.
The core library code is only two PHP files which do the cryptography and only five of the javascript files are core:
./srp6ademo/srp/Client/lib/biginteger.js
./srp6ademo/srp/Client/lib/isaac.js
./srp6ademo/srp/Client/lib/random.js
./srp6ademo/srp/Client/lib/sha256.js
./srp6ademo/srp/Client/lib/srp.js
./srp6ademo/srp/Server/BigInteger.php
./srp6ademo/srp/Server/Srp.php
The other files are just for demonstration purposes.
You really should not be using such an old version of php. You should upgrade to the latest 5.5.x.
from srp-6a-demo.
I will upgrade when I get time to install SME Server 9 ;-)
from srp-6a-demo.
After downgrade of RedBean to PHP 5.3.3 and nessesary changes I still had the same problem. So I modified this in require.php:
R::setup('sqlite:' . $root . '/lib/srp_db.txt');
As I have a base_dir restriction on the server
Made registration work but now the log complain about this at login:
PHP Fatal error: Call to undefined function bcmod()
It looks like BCMath is not compiled into my PHP :-(
Will return when I have progress ;-)
from srp-6a-demo.
After install of php-bcmath it works fine - thank you simbo
from srp-6a-demo.
Like to propose this text in readme.md (also see changes to require.php above):
The demo use RedBeanPHP with file based DB SQLite for the demo and your http deamon needs write permissions in the lib folder for the standard setup in require.php (can be changed).
Unpack the source files to a PHP enabled server with at least PHP 5.3.3 and bcmath support.
In case you have a lower PHP version see here: http://redbeanphp.com/install.
Fire up your browser and direct it to http://your-source-location/register.php to test the demo.
from srp-6a-demo.
Related Issues (9)
- Support scrypt into SRP6a in order to avoid weak password storage #8
- Protocol implementation fails at random HOT 3
- Create test cases with behat, to cover full auth cycle
- Authentication failed for 'https://github.com/RuslanZavacky/isaac.js.git/' (Support for password authentication was removed on August 13, 2021.)
- loop generating B looks invalid HOT 1
- empty value in button HOT 1
- demo could leave a session variable to show that authentication was successful HOT 3
- secure random php method could be updated HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from srp-6a-demo.