Comments on: A Challenge-Response Ajax PHP Login System

By: Getting Xdebug to work with Apache/XAMPP to debug PHP : BLOG

Getting Xdebug to work with Apache/XAMPP to debug PHP : BLOG — Wed, 07 Dec 2011 01:33:51 +0000

[...] a project you’d like to debug. In my case, I’ve selected src/demo/index.php from my Challenge-Response PHP Login System project. Open the file, and then go to the Run Menu and select Debug Configurations… or Open [...]

By: Stephan

Stephan — Sat, 06 Nov 2010 19:27:03 +0000

Hi, Peter

jQuery up to version 1.3 worked fine with your script, but version 1.4+ returned an error after the json challenges are received.

It seems from version 1.4 onwards they changed the .ajax request to return an error if the returned data wasn’t “proper” json.

v1.4+ doesn’t like the returned strings to be wrapped with apostrophes. I changed the index.php file to return the challenges wrapped in quotes and it works fine now.

Cheers from South Africa!

Stephan

By: Peter Chng

Peter Chng — Thu, 05 Feb 2009 03:34:24 +0000

@Jens
Thanks for the tip! I will incorporate your changes into the next version…

By: Jens

Jens — Mon, 02 Feb 2009 20:12:00 +0000

Peter,

thanks for your thoughts and this script. It’s worth to have a deeper look inside.

One improvement I have found by now: you can check if the password is equal to the username on the server-side too.

For this you could insert the following lines of code into ChapAuthenticationImpl.php below the block for checking if the pwd is empty (line 205):
// Check if the plaintext password is the same as the username. else if ($this->passwordPlainTextTransform($username, $challenge1) == $password) { throw new ChapAuthenticationException('Password cannot be equal to the username'); }

By: PJ

PJ — Sun, 30 Mar 2008 21:42:34 +0000

Thanks, I’ll try it out and try to comment on it later on this week!