1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ZICS : A *NEW* Way to Store User Password

Discussion in 'Web Design, HTML And CSS' started by ManzZup, Aug 7, 2011.

  1. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    This is just a quick Guide for the my new script : ZICS [ZONTEK's Interactive Combination System]. Pretty crazy, yup but this would be a nice feature to added to your site to catch up the users eyes. To tell the truth the idea is not original but I have rarely seen this implement within websites. So here what it is.

    This script provides a simple grid where the user will be drawing or connecting dots and making a pattern of his wish. And then THIS WILL BE HIS PASSWORD. What actually given out by this is an array with 1's for the dots enabled and 0's for the dots disabled. hence the password given out is pretty long and it will be a another security advantage that once it is hashed it would be a hell lot to crack.

    Preview:
    [​IMG]

    Live Demo : http://expementa.freezoka.net/zics/index.php

    Requirements:

    Download the zics.zip file first.

    Usage


    1. There's only few steps to use the thing, first let's extract the file content to the folder login. You will have several files from that DELETE the index.php and demo.png [They are for testing]. Now let's make our own index.php. Add a link to the zicomb.css style on the header and a link to the JQUERY script of google's. This is really important as the script uses many jQuery functions. Now at last before the </body> tag add a link to the zicomb.js script. This is how it looks like.

      index.php

      PHP:
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <
      html xmlns="http://www.w3.org/1999/xhtml">
      <
      head>
      <
      meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <
      title>ZONTEK's Interactive Combination based Password System</title>
      <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script>
      <link href="zicomb.css" rel="stylesheet" type="text/css" />
      </head>
      <body>
      <script type="text/javascript" src="zicomb.js"></script>
      </body>
      </html>
    2. It's almost over but we just need to specify where to add the Combination Selector. For that we can place a div with id="pwd" anywhere in the script. And the script will add a hidden field with name pass which will later hold the input of the user. So we do better use the div inside a form so we can submit the password like we submit it with a usual boring text box :)

      index.php
      PHP:
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <
      html xmlns="http://www.w3.org/1999/xhtml">
      <
      head>
      <
      meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <
      title>ZONTEK's Interactive Combination based Password System</title>
      <script type="text/javascript" src="../newest/script/jquery.js"></script>
      <link href="zicomb.css" rel="stylesheet" type="text/css" />
      </head>
      <body>

      <form action="index.php" method="post">
      Username : <input type="text" name="user" size="25" /><br />
      Password :
      <div id="pwd">
      <!-- This is the block where everything is added
      and here another field is adden secretly
      ex: <input type=hidden name="pass" value="11100101010...." />
      and that holds our data -->
      </div>
       

      <input type="submit" name="done" value="Login" />
      </form>
      <script type="text/javascript" src="zicomb.js"></script>
      </body>
      </html>
    3. There you go! But there's a little bit remaining. That's some functions allowed by the script for customization.

      PHP:
      setSize(row,col//This will change the default number of rows and columns to your number.
      PHP:
      allowMulti() //If you call this function, it will make the buttons get activated while hovring above them
    4. Let's see index.php covering all those function and an example of getting the password with php

      index.php
      PHP:
      <?php
      if(isset($_POST['done'])){
          
      $pwd $_POST['pass'];
          if(
      md5($pwd) == md5("111110001000100010001111")){
               echo 
      "Login Succesfull! <br />";
          }else echo 
      "LOGIN FAILED!";
      }
      ?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <title>ZONTEK's Interactive Combination based Password System</title>
      <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script>
      <link href="zicomb.css" rel="stylesheet" type="text/css" />
      </head>
      <body>
      <h1 align="center">ZONTEK's Interactive Combination System (ZICS)</h1>
      <p align="center">The new way of typing your password, by ZONTEK. To use just click the necessary dots.<br />
      Implementation details available from the <a href="http://manzzup.blogspot.com">blog.</a><br />
      @company: ZONTEK<br />
      @author: ManZzup@zonware<br />
      Coded on: 07/08/2011<br />
      </p>
      <form action="index.php" method="post">
      Username : <input type="text" name="user" size="25" /><br />
      Password :
      <div id="pwd">
      </div>
      <input type="button" value="Allow MouseOver Selection" onclick="allowMulti();" />
      <br />
      <input type="submit" name="done" value="Login" />
      </form>
      <br />
      Use the following to test the DEMO:<br />
      <img src="demo.png" />
      <script type="text/javascript" src="zicomb.js"></script>
      </body>
      </html>
    That's it! This script if all your to try/change/ edit or do anything but if you dont mind put up a link back :)

    So that sum up the Guide for ZICS, newer versions with many fixes will come soon, till then enjoy !
     

    Attached Files:

    alssadi likes this.
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,283
    Likes Received:
    364
    Trophy Points:
    83
    Really innovative and it is used in Android for screen unlocking
     
  3. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    @shabbir
    thanx and yup, i got the idea from my A-Pad, i tried searching for similar existing plugin first
    but seems others were not interested in this :S :D
     
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,283
    Likes Received:
    364
    Trophy Points:
    83
    Why you think others were not interested?
     
  5. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    ah i phrased it wrong
    i wanted to say others were not interested in making a web based plugin or implementing this for web pages
    as i couldnt find any other made ones like this [may be i used the wrong keyowrds to search :D]
     
  6. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    edit:
    setSize() method is not working [as i have porrly implemented it :S]
    anyway to increase the no. of sqare, you can edit the zicomb.js, the first 2 lines are the rows and columns
    would fix this in the next release
     
  7. pein87

    pein87 New Member

    Joined:
    Aug 6, 2010
    Messages:
    173
    Likes Received:
    47
    Trophy Points:
    0
    Occupation:
    Web Dev
    Location:
    Limbo
    I think your passwords would be easy to crack. One they appear to be set to a max length of 25 characters. Add on the fact that it only allows two digits 0 and 1, this makes it super easy to crack. A program in C could crack in in no time, one in php could do it in a few minutes. Its to limited with just 2 digits and a max set of 25. If they input the correct sequence the MD5 hash doesn't matter because the password would match the hash stored in the database for that user.

    The function below if ran through a cron could crack your password easy and fast. Each number takes about 0.0016 s to run so in a minute or so I could crack one password.

    PHP:
    <?php
    function antiZoints()
    {
        
    $maxChar 25;//set max limit
        
    $vals = array(0,1);// set values to be used
        
    $i 0;
        
    $pass 0;
            for (
    $i 0$i $maxChar$i++)
            {
                
    $pass .= $vals[rand(0,1)];
            }
            
            return 
    $pass;
    }

    echo 
    antiZoints();
    ?>
     
    Last edited: Aug 9, 2011
  8. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    there are several factors here
    one is that the password generated here is equivalent to a 6 lower-upper-alpha-numeric text password [confirmed by several of the field] and to be true i am not good with permutatiaons or combinations theorie but im sure this will have the same complexity as of a 6 char password
    this is for 5x5 grid
    and there's no limit for the extendibility of the grid, although it would not be very nice to have a very big one :)

    in the above code, i'm sure you will have more time with md5 implemented, but anyway if you got a super computer or stuff you can easily crack any hash, just like any other password, this too has weakness

    [how ever many suggested of having some algorithms to convert the binary data to another form though some mathematical translation, i would try making one in next releases :D]

    and on the other hand, who on the hell there days would not prevent from their DB's leeching or getting injected?
     
  9. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    *NEW SECURITY UPDATE* [thankx to everyone :D]

    hey everyone, i managed to put up something temporary for security
    but this could be used long term as well
    but this is server side
    it's simply adding up a number defined by the script
    anynumber the user like
    use the following function

    PHP:
        function addKey($str,$key){
            
    $c str_split($str);
            
    $s "";
            for(
    $i=0;$i<count($c)-1;$i++){
                
    $s .= intval((intval($c[$i])+$key));
            }
            return 
    $s;
        }
    using it;

    PHP:
    $pwd $_POST['pass'];
        
    $key 59;
        echo 
    "Recieved Password : $pwd <br />";
        echo 
    "Key : $key <br />";
        
        
    $chd addKey($pwd,$key);
        echo 
    "Chaned Password : $chd <br />";
    And also i updated the scripts, so please redownload the zip file
    and the demo is also updated

    http://expementa.freezoka.net/zics/index.php

    this is not a very g00d implementation, but hope it would be okay to prevent from bruteforcers :D
     
  10. alssadi

    alssadi Banned

    Joined:
    Dec 11, 2010
    Messages:
    41
    Likes Received:
    3
    Trophy Points:
    0
    Occupation:
    Creative director & web developer
    Location:
    Dubai
    Home Page:
    i think its a gr8 idea of a desktop application , this idea is very creative for the generation of web application , and it can be improved with type of algorithm , i highly recommend this new of creation of type of password generators ,proud of you , keep it up
     
  11. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    thankz a lot dude :)
    and i just remembered, is there any desktop application module of this type?
    becuase if not i would be happy to make one :D
     
  12. alssadi

    alssadi Banned

    Joined:
    Dec 11, 2010
    Messages:
    41
    Likes Received:
    3
    Trophy Points:
    0
    Occupation:
    Creative director & web developer
    Location:
    Dubai
    Home Page:
    i honestly haven't seen one as far as i know , i think yours will be the first ;)
     
  13. Brentatechnologies

    Brentatechnologies New Member

    Joined:
    Aug 22, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    Well done, I'm thinking of using this in my website, could run me through implementing it completely, you'll get complete credit.
     
  14. ManzZup

    ManzZup New Member

    Joined:
    May 9, 2009
    Messages:
    278
    Likes Received:
    43
    Trophy Points:
    0
    Occupation:
    Production Manager:Software @ ZONTEK
    Location:
    Sri Lanka
    Home Page:
    thank alot dude :)
    and yup im searching for a g00d security logic for the system these days
    can you suggest any?
     
  15. SarenaWilliam

    SarenaWilliam New Member

    Joined:
    Aug 20, 2011
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    0
    Using Mysql and I was assuming it was better to separate out a users personal information and their login and password into two different tables and then just reference them between the two.
     
  16. venkat20

    venkat20 Banned

    Joined:
    Apr 25, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    INDIA
    i DON'T KNOW THIS.............
     

Share This Page