The website consists of two PHP pages ... index.php which simply generates a random 3-digit code, and verify.php which it sends the users input to.
For this demo simply create a directory called "session" in the root of your webserver, and create these two PHP files there ...
INDEX.PHP
Code:
<?php
function GenRandCode() {
for($i=0; $i<3; $i++) { $out.= rand(0,9); }
return $out;
}
$submit = $_POST["submit"];
if(!$submit) {
session_start();
$rndcode = GenRandCode(); // generate 4-digit code
$_SESSION["rndcode"] = $rndcode; // write code to session
session_write_close();
}
?>
<html><body>
<form action='verify.php' method='post'>
Random Code: <? echo $rndcode . "<br><br>"; ?>
Enter code: <input type='text' name='rndcode' maxlength='4'>
<input type='submit' name='submit' value='Submit'>
</form>
</body></html>
Code:
<?php
// Request form data
$rndcode = $_POST["rndcode"];
$submit = $_POST["submit"];
if($submit) {
session_start();
if(!isset($_SESSION["rndcode"])) {
die("Error: Illegal form access");
}
}
?>
<html><body>
<?php
if(!$submit) {
echo "Nothing submitted";
} else {
if($rndcode != $_SESSION["rndcode"]) {
echo "The code is WRONG!\n";
} else {
echo "The code is CORRECT!\n";
}
}
?>
</body></html>
--------------------------------------------------------
Now here is a simple Powerbasic program which reads INDEX.PHP to extract its random code (as well as the Cookie from the header), and then submits the random code as well as the Cookie to VERIFY.PHP
Code:
#COMPILE EXE
FUNCTION PBMAIN() AS LONG
LOCAL hPort AS DWORD, sURLHost AS STRING, sPage1 AS STRING, sPage2 AS STRING
LOCAL i AS DWORD, i2 AS DWORD, sRndCode AS STRING, sCookie AS STRING
LOCAL sPacket AS STRING, sBuf AS STRING, sReply AS STRING
'// URL Settings --------------------------------------------------------------------------------
sURLHost = "127.0.0.1" '// Webserver host
sPage1 = "/session/index.php" '// URL path of first page
sPage2 = "/session/verify.php" '// URL path of verification page
'// Download sPage1 (index.php) to sBuf ---------------------------------------------------------
hPort = FREEFILE
TCP OPEN PORT 80 AT sURLHost AS #hPort TIMEOUT 10000
sPacket = "GET " & sPage1 & " HTTP/1.1" & $CRLF & _
"Accept: text/*, text/html, */*" & $CRLF & _
"Accept-Encoding:" & $CRLF & _
"Cache-Control: no-cache" & $CRLF & _
"Host: " & sURLHost & $CRLF & $CRLF
TCP PRINT #hPort, sPacket
DO
TCP RECV #hPort, 4096, sPacket
sBuf = sBuf & sPacket
'STDOUT sPacket
LOOP WHILE LEN(sPacket)
TCP CLOSE #hPort
'// Extract the embedded sessionid cookie to sCookie --------------------------------------------
i = INSTR(1, sBuf, "Cookie:")
IF i = 0 THEN
STDOUT "Error: Cookie not found": WAITKEY$: EXIT FUNCTION
END IF
i = i + 7
i2 = INSTR(i, sBuf, ";")
sCookie = TRIM$(MID$(sBuf, i, i2 - i ))
STDOUT "Cookie = " & sCookie
'// Extract the embedded random code to sRndCode ------------------------------------------------
i = INSTR(1, sBuf, "Random Code:")
IF i = 0 THEN
STDOUT "Error: Random code not found": WAITKEY$: EXIT FUNCTION
END IF
i = i + 12: i2 = INSTR(i, sBuf, "<")
sRndCode = TRIM$(MID$(sBuf, i, i2-i))
STDOUT "Random code = " & sRndCode
'// Submit the random code to sPage2 (verify.php) -----------------------------------------------
STDOUT "Result ..."
sReply = "rndcode=" & sRndCode & "&submit=submit"
hPort = FREEFILE
TCP OPEN PORT 80 AT sURLHost AS #hPort TIMEOUT 10000
sPacket = "POST " & sPage2 & " HTTP/1.1" & $CRLF & _
"Host: " & sURLHost & $CRLF & _
"User-Agent: Mozilla/5.0" & $CRLF & _
"Accept: text/*, text/html, */*" & $CRLF & _
"Accept-Encoding: " & $CRLF & _
"Referer: http://" & sURLHost & sPage1 & $CRLF & _
"Cookie: " & sCookie & $CRLF & _
"Content-Type: application/x-www-form-urlencoded" & $CRLF & _
"Content-Length: " & TRIM$(STR$(LEN(sReply))) & $CRLF & _
$CRLF & _ '// End of header
sReply
TCP SEND #hPort, sPacket
DO
TCP RECV #hPort, 4096, sPacket
STDOUT sPacket
LOOP WHILE LEN(sPacket)
CLOSE #hPort
STDOUT $CRLF & "Finished, press any key to continue . . .";
WAITKEY$
END FUNCTION