<?php
//A secure database would be used.
$db="database.txt";
if ($_GET['ns'] and $_COOKIE['LogIn']) {
$fh=fopen($db,'a');
fwrite($fh,"{$_GET['ns']}>{$_COOKIE['LogIn']}\n");
fclose($fh);
die("Success - check your other computer.");
}
if ($_GET['check']) {
if (file_exists($db)) $sessions=file($db); else die();
foreach ($sessions as $k => $value) {
$d=explode(">",$value);
if ($d[0]==$_GET['check']) {
setcookie('LogIn',$d[1],time()+24*60*60);
//Delete the disposable key
unset($sessions[$k]);
$fh=fopen($db,"w");
foreach($sessions as $value)
fwrite($fh,$value);
fclose($fh);
die("Success");
}
}
die();
}
switch ($_GET['action']) {
case "login":
if ($_POST['username']) {
setcookie('LogIn',htmlentities($_POST['username']),time()+24*60*60);
die("<script>window.location='?action='</script>");
} else echo "<form method='post'>Enter username:<input type='text' name='username'><input type='submit' value='Log in'></form>";
break;
case "qrlogin":
$key=md5(time()); //Don't care about security for the sake of this proof-of-concept
echo "<body onload=\"ajax(page,'scriptoutput');\">";
google_qr("http://mitxela.com/temp/QRlogin.php?ns=".$key,200);
?><script type="text/javascript">
var page = "QRlogin.php?check=<?php echo $key; ?>";
function ajax(url,target) {
// native XMLHttpRequest object
//document.getElementById(target).innerHTML = 'Loading...';
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = function() {ajaxDone(target);};
req.open("GET", url, true);
req.send(null);
// IE/Windows ActiveX version
} else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLDOM");
if (req) {
req.onreadystatechange = function() {ajaxDone(target);};
req.open("GET", url, true);
req.send(null);
}
}
setTimeout("ajax(page,'scriptoutput')", 1000);
}
function ajaxDone(target) {
// only if req is "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200 || req.status == 304) {
results = req.responseText;
if (results=="Success") {window.location='?action=';}
document.getElementById(target).innerHTML = results;
} else {
document.getElementById(target).innerHTML="ajax error:\n" +
req.statusText;
}
}
}
</script>
<div id='scriptoutput'></div>
</body><?
break;
case "logout":
setcookie('LogIn',"",-1);
die("<script>window.location='?action='</script>");
default:
if ($_COOKIE['LogIn'])
echo"You are logged in as {$_COOKIE['LogIn']}. <br/><br/>Note the log-in cookie expires after a day - on your average social networking site, people usually tick 'keep me logged in'.<br/><br/><a href='?action=logout'>Log out</a>";
else
echo "You are not logged in.<br/><br/><a href='?action=login'>Log in via user name</a><br/><br/><a href='?action=qrlogin'>Log in via QR code</a>";
}
function google_qr($url,$size ='150',$EC_level='L',$margin='0'){
$url = urlencode($url);
echo '<img src="http://chart.apis.google.com/chart?chs='.$size.'x'.$size.'&cht=qr&chld='.$EC_level.'|'.$margin.'&chl='.$url.'" alt="QR code" width="'.$size.'" height="'.$size.'"/>';
}
?>