blackenedheart

Also, the solutions offered on the original thread were absolutely brilliant. I realize that now that I have more experience with PHP. I just can't figure out why the actual cipher is not working. I have yet to see ACCESS GRANTED.

Hi, I asked some questions about this cipher idea I had a long time ago. I have been working on it, and ultimately, it never worked. Can anyone tell me why? I feel like we were close. <? session_start(); echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">SESSION STARTED</p><br>'; // our sequence container if (!isset($_SESSION['sequence']) || (isset($_GET['sequence']) && $_GET['sequence'] === 'clear')) { $_SESSION['sequence'] = array(); echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">SEQUENCE CONTAINER INITIALIZED</p><br>'; } // user passed a code, store the code in the sequence container if (isset($_GET['code'])) { $_SESSION['sequence'][] = (int) $_GET['code']; echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">CODE WAS STORED IN SEQUENCE CONTAINER</p><br>'; } // user asked us to verify what is currently in the sequence container if (isset($_GET['verify']) && !empty($_SESSION['sequence'])) { $db = mysqli_connect('XXX', 'XXX', 'XXX', 'XXX') or die('Database has left the building!'); echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">CONNECTION TO DATABASE SUCCESSFUL/p><br>'; if($stmt = mysqli_prepare ($db, 'SELECT `username` FROM `users` WHERE `cipher` = ?')) { echo '<br>prepare statement is working<br>'; $sequence = implode(',', $_SESSION['sequence']); $stmt->bind_param('s', sha1($sequence)); $stmt->execute(); $stmt->bind_result($username); $stmt->fetch(); } } echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">ARRAY BOUND TO SEQUENCE</p><br>'; // our numbers $numbers = range(1, 25); // corresponding images echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">SEQUENCE WAS COMPARED TO THE ARRAY</p><br>'; $images = array_combine($numbers, array_map(function($i) { return sprintf('%02d.png', $i); }, $numbers) ); echo '<br> <body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier, monospace; font-size: 24px; color: #FFF;">ARRAY WAS COMBINED</p><br>'; echo '<body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier; font-size: 24px; color: #FFF;"><a href="?verify=1"></p>VERIFY THIS SEQUENCE IS CORRECT</a>'; if ($images == $sequence) { echo '<body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier; font-size: 24px; color: #FFF;">ACCESS IS GRANTED</p>'; } else { echo '<body bgcolor="#000000" text="#FFFFFF" link="#FF0000"> <p style="text-align: center; font-family: Courier; font-size: 24px; color: #FFF;">ACCESS IS DENIED</p>'; } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>THE IMPENETRABLE PUZZLE</title> <style type="text/css"> body { background-color: #000000; } </style> </head> <body link="#FF0000"> <div align="center"> <table width="48%" height="358" border="0" cellpadding="10" cellspacing="10"> <tr bgcolor="#333333" style="text-align: center"> <td><a href="?code=22"><img src="22.png" width="100" height="100" /></a></td> <td><a href="?code=8"><img src="08.png" width="100" height="100" /></a></td> <td><a href="?code=21"><img src="21.png" width="100" height="100" /></a></td> <td><a href="?code=13"><img src="13.png" width="100" height="100" /></a></td> <td><a href="?code=5"><img src="05.png" width="100" height="100" /></a></td> </tr> <tr bgcolor="#333333" style="text-align: center"> <td><a href="?code=3"><img src="03.png" width="100" height="100" /></a></td> <td><a href="?code=24"><img src="24.png" width="100" height="100" /></a></td> <td><a href="?code=2"><img src="02.png" width="100" height="100" /></a></td> <td><a href="?code=6"><img src="06.png" width="100" height="100" /></a></td> <td><a href="?code=10"><img src="10.png" width="100" height="100" /></a></td> </tr> <tr bgcolor="#333333" style="text-align: center"> <td><a href="?code=11"><img src="11.png" width="100" height="100" /></a></td> <td><a href="?code=12"><img src="12.png" width="100" height="100" /></a></td> <td><a href="?code=19"><img src="19.png" width="100" height="100" /></a></td> <td><a href="?code=14"><img src="14.png" width="100" height="100" /></a></td> <td><a href="?code=1"><img src="01.png" width="100" height="100" /></a></td> </tr> <tr bgcolor="#333333" style="text-align: center"> <td><a href="?code=20"><img src="20.png" width="100" height="100" /></a></td> <td><a href="?code=7"><img src="07.png" width="100" height="100" /></a></td> <td><a href="?code=18"><img src="18.png" width="100" height="100" /></a></td> <td><a href="?code=4"><img src="04.png" width="100" height="100" /></a></td> <td><a href="?code=16"><img src="16.png" width="100" height="100" /></a></td> </tr> <tr bgcolor="#333333" style="text-align: center"> <td><a href="?code=23"><img src="23.png" width="100" height="100" /></a></td> <td><a href="?code=15"><img src="15.png" width="100" height="100" /></a></td> <td><a href="?code=9"><img src="09.png" width="100" height="100" /></a></td> <td><a href="?code=17"><img src="17.png" width="100" height="100" /></a></td> <td><a href="?code=25"><img src="25.png" width="100" height="100" /></a></td> </tr> </table> </div> </body> </html> for anyone who wants to look at it, here is the link. http://www.zebradatasolutions.com/cipher.php

Do you own a copy of Dreamweaver? It makes building websites that interact with databases easier. I am assuming it will be a MYSQL database here. You can make this happen if you have a vision and the knowledge.

Fair enough. I was thinking this could be an "extra" measure of security... meaning that once someone is logged in, this puzzle would show up. I think it is a cool idea because... USERNAMES and PASSWORDS get compromised all the time. I am not sure as to the validity of your claim that my numbers are exaggerated. Powerball players know there are 7 numbers, and 50 to chose from, but very few ever win. I believe the odds are as good as I am saying they are. I could always be mistaken though. I don't want you to think I am back tracking. I am going to try to work with your suggestions for sure.

And again, it is my understanding that PHP is a good choice for something like this, because PHP is always on the server, and technically invisible from the browser. I am wondering if that is even 100% correct at this point.

DEAR IGNACE, I agree that it would be okay to have one page... let's get into this a bit more since I have your attention. It is divided into "gates" for a specific reason (in my mind anyway.) My hope is to develop a cryptographic login system based on images. The odds of breaking such a system, if coded correctly, are 1 in 95 trillion or more. For example, if there are 10 "gates" and 25 symbols, choosing all ten correctly in order would equal 25 to the power of 10: 1 in 95,367,431,640,625 ...thats 95 trillion 367 billion... And I believe that hashing algorithms and AES 256 are possibly becoming outdated. This is just an idea, but it's more like a puzzle. I am assuming that someone will jump in here and tell me why this won't work, but I have coded some fairly complex algorithms in C and C++. The problem is I am not too experienced with PHP. Soooo... hoping that I don't get laughed off this forum, this is mostly an idea. I was hoping to not involve MYSQL and maybe even not use sessions but that may be unavoidable. Also, maybe someone can answer the $$$ million dollar question here. If the images are dynamic, let's just say they move with every reload, and they are coming from a database, does that decrease my security? How long would a brute force attack take to crack something like this? How would a brute force attack even recognize images? This is why I wanted to stay away from using a database. I was hoping that the "keys" could be stored in the code itself, which may seem strange, but I may want to use this on a microcchip in the future.

So if I am understanding this correctly, we are using the array_map function to keep a record of the array in a session. The arrays correspond to an image in a MYSQL database, and from there, if the users pattern of images lines up with the array sequence in the database, for example: array (image 1, image 7, image 9, image 17, image 20, image 21, image 25) Then we have access. This makes sense. I don't have the skill to implement it (not yet anyway), but it makes sense.

Hello Again Guys, First off I want to say thanks to everyone who has been kind enough to chime in. I wanted to post a link to my website to show how I am implementing this. The idea of a "sequence container" is something new and foreign to me. ignace... could you describe this piece of code a bit more in detail? // our numbers $numbers = range(1, 10); // corresponding images $images = array_combine( $numbers, array_map(function($i) { return sprintf('%02d.jpg', $i); }, $numbers) ); // display images foreach ($images as $number => $image) { printf( '<a href="?code=%d"><img src="%s" alt="" width="100" height="100"></a>', $number, $image ); } // display verify link echo '<a href="?verify=1">verify</a>'; www.zebradatasolutions.com/gate1.php Right now it's just a loop because it doesn't work, but with time maybe...

The suggestions offered here are great, but this problem is nowhere near solved.

I appreciate the insight here. I am trying to pear this code down to be as short as it can possibly be. I have implemented session variables and it still does not work. With PHP, it seems there is no way to log every step so that I can know what is going wrong. If you can't identify where things are going wrong, how can you ever fix the problem? Does anyone know a way I can see the logic flow?

Also, you definitely made me aware of something here. This idea cannot work without a session in play because those variable values cannot be passed to each successive page without a session. This is most likely why it is not working. Again, bones, can you elaborate a bit more if I can do something with the code I wrote? I just have a hard time using someone else's code if you don't mind sir. Again, Kind Regards

Dear Bones, Could you elaborate as to why you believe this would work better? I was hoping my implementation was at least workable in some form. Do you believe it is not workable at all? If so, what problems do you see? Kind Regards...

Is there a way to test the PHP's output? Almost like NSLog in xCode?

Could someone also be so kind to tell me if I am calling the links correctly. I know it's not working because I have it set up live on my website. The links are working, but the PHP is basically doing nothing.

Also, my idea was that the "correct" key has a value of 1, and the "incorrect" keys have a value of 0. So, if the sequence is correct, that will equal 7. Nonetheless, I am having trouble passing these values from page to page. Maybe it's something very basic here, or this could be much more complicated. Anyone have any ideas?