Login

This plugin is called when you open TinyShell and is not already logged in. It makes no sense to execute it when logged in. The plugin uses a ticket based zero-knowledge algorithm to authorize a user. See section Security for further details.

Command line interface

Syntax

  1. $ login

Arguments

This command takes no arguments.

Example

login.php

  1. <?
  3. require("../plugin.php");
  5. if (is_ajax(false)) {
  6. switch ($_POST["action"]) {
  7. case 'ticket':
  8. die(ticket_request());
  9. break;
  10. case 'login':
  11. if (ticket_validate($_POST['hash'], SHELL_USERNAME.SHELL_PASSWORD)) {
  12. // notice you can change the ticket validation
  13. // to validate something else, and the still keep
  14. // the following to prove authorization
  15. $_SESSION = array();
  16. $_SESSION['login']['username'] = SHELL_USERNAME;
  17. $_SESSION['login']['password'] = SHELL_PASSWORD;
  18. $_SESSION['login']['IP'] = $_SERVER['REMOTE_ADDR'];
  19. $_SESSION['login']['UA'] = $_SERVER['HTTP_USER_AGENT'];
  20. die("0");
  21. }
  22. die("1");
  23. break;
  24. }
  25. exit;
  26. }
  27. ?>
  29. /**
  30. * Login
  31. **/
  32. TinyShell.plugins.login = new Class({
  33. description: "Login to TinyShell",
  34. username: '',
  35. run : function(terminal, args) {
  36. this.t = terminal;
  37. this.t.set_protocol("Login as: ").read_line(this.set_username);
  38. },
  39. set_username: function(terminal, line) {
  40. this.username = line;
  41. this.get_password();
  42. },
  43. get_password: function() {
  44. this.t.print("Using keyboard-interactive authentication.");
  45. this.t.set_protocol("Password: ", "password").read_line(this.set_password);
  46. },
  47. set_password: function(terminal, line) {
  48. this.password = line;
  49. this.t.ajax_request(this.use_ticket, "<?php echo $_AJAX_URL?>", "action=ticket");
  50. },
  51. use_ticket : function(ticket) {
  52. this.t.ajax_request(this.validate_auth, "<?php echo $_AJAX_URL?>", "action=login&hash="+encodeURIComponent(this.t.ticket_hash(ticket, this.username+this.password)));
  53. },
  54. validate_auth: function(response) {
  55. if (response != "0") {
  56. this.t.print("Access denied");
  57. this.get_password();
  58. } else {
  59. this.t.user = this.username;
  60. this.t.print("Login: <?=date("r")?> from <?=gethostbyaddr($_SERVER["REMOTE_ADDR"])?>");
  61. this.t.print();
  62. this.t.print("The plugins included with the TinyShell system are free software;");
  63. this.t.print("TinyShell is brought to you by Theis Mackeprang.");
  64. this.t.print("You can download more plugins from <a href='http://www.5p.dk/tinyshell/' alt='TinyShell'>TinyShell's homepage</a>.", true);
  65. this.t.print();
  66. this.t.print("TinyShell comes with ABSOLUTELY NO WARRANTY, to the extent");
  67. this.t.print("permitted by applicable law.");
  68. this.t.print();
  69. this.t.print("Type 'help' to get started with TinyShell.");
  70. this.t.print();
  71. this.t.resume();
  72. }
  73. }
  74. });
Author: Theis Mackeprang

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>