3v4l.org

run code in 300+ PHP versions simultaneously
<?php session_start(); require "Authenticator.php"; require "config.php"; if(!isset($_SESSION['uid'])){ header("location: login.php"); } else if($_COOKIE["verified"] == md5(1)){ header("location: /xampp/doge/master.php"); } else{ $query = 'SELECT * FROM glogin WHERE uid = "'.$_SESSION["uid"].'"'; $data = mysqli_query($dbc, $query); $data = mysqli_fetch_array($data); if($data['set2'] == 1){ $_SESSION['secret2'] = 0; $_SESSION['auth_secret'] = $data['secret']; } else{ $_SESSION['secret2'] = 1; } $Authenticator = new Authenticator(); if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 10)) { $_SESSION["auth_secret"] = ""; // unset $_SESSION variable for the run-time } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp if (!isset($_SESSION['auth_secret']) || ($_SESSION["auth_secret"] == "")) { $secret = $Authenticator->generateRandomSecret(); $_SESSION['auth_secret'] = $secret; $_SESSION["LAST_CODE"] = time(); } if($_SESSION['secret2'] == 0){ $qrCodeUrl = ""; } else{ $qrCodeUrl = $Authenticator->getQR('myPHPnotes', $_SESSION['auth_secret']); } if (!isset($_SESSION['failed'])) { $_SESSION['failed'] = false; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Time-Based Authentication like Google Authenticator</title> <link rel="icon" href="favicon.ico" type="image/x-icon" /> <meta name="description" content="Implement Google like Time-Based Authentication into your existing PHP application. And learn How to Build it? How it Works? and Why is it Necessary these days."/> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css" integrity="sha384-rwoIResjU2yc3z8GV/NPeZWAv56rSmLldC3R/AZzGRnGxQQKnKkoFVhFQhNUwEyJ" crossorigin="anonymous"> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" integrity="sha384-vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk+02D9phzyeVkE+jo0ieGizqPLForn" crossorigin="anonymous"></script> <link rel='shortcut icon' href='/favicon.ico' /> <style> body,html { height: 100%; } .bg { /* The image used */ background-image: url("images/bg.jpg"); /* Full height */ height: 100%; /* Center and scale the image nicely */ background-position: center; background-repeat: no-repeat; background-size: cover; } </style> </head> <body class="bg"> <div class="container"> <div class="row"> <div class="col-md-6 offset-md-3" style="background: white; padding: 20px; box-shadow: 10px 10px 5px #888888; margin-top: 100px;"> <h1>Time-Based Authentication</h1> <p style="font-style: italic;">A Google Authenticator kinda Authentication</p> <hr> <form action="check.php" method="post"> <div style="text-align: center;"> <?php if ($_SESSION['failed']): ?> <div class="alert alert-danger" role="alert"> <strong>Oh snap!</strong> Invalid Code. </div> <?php $_SESSION['failed'] = false; ?> <?php endif ?> <img style="text-align: center;;" class="img-fluid" src="<?php echo $qrCodeUrl ?>" alt="Verify this Google Authenticator"><br><br> <input type="text" class="form-control" name="code" placeholder="******" style="font-size: xx-large;width: 200px;border-radius: 0px;text-align: center;display: inline;color: #0275d8;"><br> <br> <button type="submit" class="btn btn-md btn-primary" style="width: 200px;border-radius: 0px;">Verify</button> </div> </form> </div> </div> </div> </body> </html> <?php } ?>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 8, Position 2 = 12
Branch analysis from position: 8
1 jumps found. (Code = 42) Position 1 = 126
Branch analysis from position: 126
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 12
2 jumps found. (Code = 43) Position 1 = 19, Position 2 = 23
Branch analysis from position: 19
1 jumps found. (Code = 42) Position 1 = 126
Branch analysis from position: 126
Branch analysis from position: 23
2 jumps found. (Code = 43) Position 1 = 40, Position 2 = 48
Branch analysis from position: 40
1 jumps found. (Code = 42) Position 1 = 51
Branch analysis from position: 51
2 jumps found. (Code = 46) Position 1 = 57, Position 2 = 64
Branch analysis from position: 57
2 jumps found. (Code = 43) Position 1 = 65, Position 2 = 68
Branch analysis from position: 65
2 jumps found. (Code = 47) Position 1 = 77, Position 2 = 81
Branch analysis from position: 77
2 jumps found. (Code = 43) Position 1 = 82, Position 2 = 93
Branch analysis from position: 82
2 jumps found. (Code = 43) Position 1 = 97, Position 2 = 99
Branch analysis from position: 97
1 jumps found. (Code = 42) Position 1 = 107
Branch analysis from position: 107
2 jumps found. (Code = 43) Position 1 = 111, Position 2 = 114
Branch analysis from position: 111
2 jumps found. (Code = 43) Position 1 = 118, Position 2 = 123
Branch analysis from position: 118
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 123
Branch analysis from position: 114
Branch analysis from position: 99
2 jumps found. (Code = 43) Position 1 = 111, Position 2 = 114
Branch analysis from position: 111
Branch analysis from position: 114
Branch analysis from position: 93
Branch analysis from position: 81
Branch analysis from position: 68
Branch analysis from position: 64
Branch analysis from position: 48
2 jumps found. (Code = 46) Position 1 = 57, Position 2 = 64
Branch analysis from position: 57
Branch analysis from position: 64
filename:       /in/Ajg9p
function name:  (null)
number of ops:  127
compiled vars:  !0 = $query, !1 = $data, !2 = $dbc, !3 = $Authenticator, !4 = $secret, !5 = $qrCodeUrl
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   INIT_FCALL                                               'session_start'
          1        DO_ICALL                                                 
    3     2        INCLUDE_OR_EVAL                                          'Authenticator.php', REQUIRE
    4     3        INCLUDE_OR_EVAL                                          'config.php', REQUIRE
    5     4        FETCH_IS                                         ~9      '_SESSION'
          5        ISSET_ISEMPTY_DIM_OBJ                         0  ~10     ~9, 'uid'
          6        BOOL_NOT                                         ~11     ~10
          7      > JMPZ                                                     ~11, ->12
    6     8    >   INIT_FCALL                                               'header'
          9        SEND_VAL                                                 'location%3A+login.php'
         10        DO_ICALL                                                 
         11      > JMP                                                      ->126
    8    12    >   FETCH_R                      global              ~13     '_COOKIE'
         13        FETCH_DIM_R                                      ~14     ~13, 'verified'
         14        INIT_FCALL                                               'md5'
         15        SEND_VAL                                                 1
         16        DO_ICALL                                         $15     
         17        IS_EQUAL                                                 $15, ~14
         18      > JMPZ                                                     ~16, ->23
    9    19    >   INIT_FCALL                                               'header'
         20        SEND_VAL                                                 'location%3A+%2Fxampp%2Fdoge%2Fmaster.php'
         21        DO_ICALL                                                 
         22      > JMP                                                      ->126
   12    23    >   FETCH_R                      global              ~18     '_SESSION'
         24        FETCH_DIM_R                                      ~19     ~18, 'uid'
         25        CONCAT                                           ~20     'SELECT+%2A+FROM+glogin+WHERE+uid+%3D+%22', ~19
         26        CONCAT                                           ~21     ~20, '%22'
         27        ASSIGN                                                   !0, ~21
   13    28        INIT_FCALL_BY_NAME                                       'mysqli_query'
         29        SEND_VAR_EX                                              !2
         30        SEND_VAR_EX                                              !0
         31        DO_FCALL                                      0  $23     
         32        ASSIGN                                                   !1, $23
   14    33        INIT_FCALL_BY_NAME                                       'mysqli_fetch_array'
         34        SEND_VAR_EX                                              !1
         35        DO_FCALL                                      0  $25     
         36        ASSIGN                                                   !1, $25
   15    37        FETCH_DIM_R                                      ~27     !1, 'set2'
         38        IS_EQUAL                                                 ~27, 1
         39      > JMPZ                                                     ~28, ->48
   16    40    >   FETCH_W                      global              $29     '_SESSION'
         41        ASSIGN_DIM                                               $29, 'secret2'
         42        OP_DATA                                                  0
   17    43        FETCH_DIM_R                                      ~33     !1, 'secret'
         44        FETCH_W                      global              $31     '_SESSION'
         45        ASSIGN_DIM                                               $31, 'auth_secret'
         46        OP_DATA                                                  ~33
         47      > JMP                                                      ->51
   20    48    >   FETCH_W                      global              $34     '_SESSION'
         49        ASSIGN_DIM                                               $34, 'secret2'
         50        OP_DATA                                                  1
   22    51    >   NEW                                              $36     'Authenticator'
         52        DO_FCALL                                      0          
         53        ASSIGN                                                   !3, $36
   23    54        FETCH_IS                                         ~39     '_SESSION'
         55        ISSET_ISEMPTY_DIM_OBJ                         0  ~40     ~39, 'LAST_ACTIVITY'
         56      > JMPZ_EX                                          ~40     ~40, ->64
         57    >   INIT_FCALL                                               'time'
         58        DO_ICALL                                         $41     
         59        FETCH_R                      global              ~42     '_SESSION'
         60        FETCH_DIM_R                                      ~43     ~42, 'LAST_ACTIVITY'
         61        SUB                                              ~44     $41, ~43
         62        IS_SMALLER                                       ~45     10, ~44
         63        BOOL                                             ~40     ~45
         64    > > JMPZ                                                     ~40, ->68
   24    65    >   FETCH_W                      global              $46     '_SESSION'
         66        ASSIGN_DIM                                               $46, 'auth_secret'
         67        OP_DATA                                                  ''
   26    68    >   INIT_FCALL                                               'time'
         69        DO_ICALL                                         $50     
         70        FETCH_W                      global              $48     '_SESSION'
         71        ASSIGN_DIM                                               $48, 'LAST_ACTIVITY'
         72        OP_DATA                                                  $50
   27    73        FETCH_IS                                         ~51     '_SESSION'
         74        ISSET_ISEMPTY_DIM_OBJ                         0  ~52     ~51, 'auth_secret'
         75        BOOL_NOT                                         ~53     ~52
         76      > JMPNZ_EX                                         ~53     ~53, ->81
         77    >   FETCH_R                      global              ~54     '_SESSION'
         78        FETCH_DIM_R                                      ~55     ~54, 'auth_secret'
         79        IS_EQUAL                                         ~56     ~55, ''
         80        BOOL                                             ~53     ~56
         81    > > JMPZ                                                     ~53, ->93
   28    82    >   INIT_METHOD_CALL                                         !3, 'generateRandomSecret'
         83        DO_FCALL                                      0  $57     
         84        ASSIGN                                                   !4, $57
   29    85        FETCH_W                      global              $59     '_SESSION'
         86        ASSIGN_DIM                                               $59, 'auth_secret'
         87        OP_DATA                                                  !4
   30    88        INIT_FCALL                                               'time'
         89        DO_ICALL                                         $63     
         90        FETCH_W                      global              $61     '_SESSION'
         91        ASSIGN_DIM                                               $61, 'LAST_CODE'
         92        OP_DATA                                                  $63
   32    93    >   FETCH_R                      global              ~64     '_SESSION'
         94        FETCH_DIM_R                                      ~65     ~64, 'secret2'
         95        IS_EQUAL                                                 ~65, 0
         96      > JMPZ                                                     ~66, ->99
   33    97    >   ASSIGN                                                   !5, ''
         98      > JMP                                                      ->107
   36    99    >   INIT_METHOD_CALL                                         !3, 'getQR'
        100        SEND_VAL_EX                                              'myPHPnotes'
        101        CHECK_FUNC_ARG                                           
        102        FETCH_FUNC_ARG               global              $68     '_SESSION'
        103        FETCH_DIM_FUNC_ARG                               $69     $68, 'auth_secret'
        104        SEND_FUNC_ARG                                            $69
        105        DO_FCALL                                      0  $70     
        106        ASSIGN                                                   !5, $70
   39   107    >   FETCH_IS                                         ~72     '_SESSION'
        108        ISSET_ISEMPTY_DIM_OBJ                         0  ~73     ~72, 'failed'
        109        BOOL_NOT                                         ~74     ~73
        110      > JMPZ                                                     ~74, ->114
   40   111    >   FETCH_W                      global              $75     '_SESSION'
        112        ASSIGN_DIM                                               $75, 'failed'
        113        OP_DATA                                                  <false>
   43   114    >   ECHO                                                     '%3C%21DOCTYPE+html%3E%0A%3Chtml+lang%3D%22en%22%3E%0A%3Chead%3E%0A++++%3Cmeta+charset%3D%22UTF-8%22%3E%0A++++%3Ctitle%3ETime-Based+Authentication+like+Google+Authenticator%3C%2Ftitle%3E%0A++++%3Clink+rel%3D%22icon%22+href%3D%22favicon.ico%22+type%3D%22image%2Fx-icon%22+%2F%3E%0A++++%3Cmeta+name%3D%22description%22+content%3D%22Implement+Google+like+Time-Based+Authentication+into+your+existing+PHP+application.+And+learn+How+to+Build+it%3F+How+it+Works%3F+and+Why+is+it+Necessary+these+days.%22%2F%3E%0A++++%3Clink+rel%3D%22stylesheet%22+href%3D%22https%3A%2F%2Fmaxcdn.bootstrapcdn.com%2Fbootstrap%2F4.0.0-alpha.6%2Fcss%2Fbootstrap.min.css%22+integrity%3D%22sha384-rwoIResjU2yc3z8GV%2FNPeZWAv56rSmLldC3R%2FAZzGRnGxQQKnKkoFVhFQhNUwEyJ%22+crossorigin%3D%22anonymous%22%3E%0A++++%3Cscript+src%3D%22https%3A%2F%2Fmaxcdn.bootstrapcdn.com%2Fbootstrap%2F4.0.0-alpha.6%2Fjs%2Fbootstrap.min.js%22+integrity%3D%22sha384-vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk%2B02D9phzyeVkE%2Bjo0ieGizqPLForn%22+crossorigin%3D%22anonymous%22%3E%3C%2Fscript%3E%0A++++%3Clink+rel%3D%27shortcut+icon%27+href%3D%27%2Ffavicon.ico%27++%2F%3E%0A++++%3Cstyle%3E%0A++++++++body%2Chtml+%7B%0A++++++++++++height%3A+100%25%3B%0A++++++++%7D+++++++%0A%0A%0A++++++++.bg+%7B+%0A++++++++++++%2F%2A+The+image+used+%2A%2F%0A++++++++++++background-image%3A+url%28%22images%2Fbg.jpg%22%29%3B%0A++++++++++++%2F%2A+Full+height+%2A%2F%0A++++++++++++height%3A+100%25%3B+%0A++++++++++++%2F%2A+Center+and+scale+the+image+nicely+%2A%2F%0A++++++++++++background-position%3A+center%3B%0A++++++++++++background-repeat%3A+no-repeat%3B%0A+++++++++++%0A++++++++++++background-size%3A+cover%3B%0A++++++++%7D%0A++++%3C%2Fstyle%3E%0A%3C%2Fhead%3E%0A%3Cbody++class%3D%22bg%22%3E%0A++++%3Cdiv+class%3D%22container%22%3E%0A++++++++%3Cdiv+class%3D%22row%22%3E%0A++++++++++++%3Cdiv+class%3D%22col-md-6+offset-md-3%22++style%3D%22background%3A+white%3B+padding%3A+20px%3B+box-shadow%3A+10px+10px+5px+%23888888%3B+margin-top%3A+100px%3B%22%3E%0A++++++++++++++++%3Ch1%3ETime-Based+Authentication%3C%2Fh1%3E%0A++++++++++++++++%3Cp+style%3D%22font-style%3A+italic%3B%22%3EA+Google+Authenticator+kinda+Authentication%3C%2Fp%3E%0A++++++++++++++++%3Chr%3E%0A++++++++++++++++%3Cform+action%3D%22check.php%22+method%3D%22post%22%3E%0A++++++++++++++++++++%3Cdiv+style%3D%22text-align%3A+center%3B%22%3E%0A++++++++++++++++++++++++'
   81   115        FETCH_R                      global              ~77     '_SESSION'
        116        FETCH_DIM_R                                      ~78     ~77, 'failed'
        117      > JMPZ                                                     ~78, ->123
   82   118    >   ECHO                                                     '++++++++++++++++++++++++++++%3Cdiv+class%3D%22alert+alert-danger%22+role%3D%22alert%22%3E%0A++++++++++++++++++++++++++++++++++++++++%3Cstrong%3EOh+snap%21%3C%2Fstrong%3E+Invalid+Code.%0A++++++++++++++++++++++++++++%3C%2Fdiv%3E%0A++++++++++++++++++++++++++++'
   86   119        FETCH_W                      global              $79     '_SESSION'
        120        ASSIGN_DIM                                               $79, 'failed'
        121        OP_DATA                                                  <false>
   88   122        ECHO                                                     '++++++++++++++++++++++++'
   89   123    >   ECHO                                                     '++++++++++++++++++++++++++++%0A++++++++++++++++++++++++++++%3Cimg+style%3D%22text-align%3A+center%3B%3B%22+class%3D%22img-fluid%22+src%3D%22'
   90   124        ECHO                                                     !5
        125        ECHO                                                     '%22+alt%3D%22Verify+this+Google+Authenticator%22%3E%3Cbr%3E%3Cbr%3E++++++++%0A++++++++++++++++++++++++++++%3Cinput+type%3D%22text%22+class%3D%22form-control%22+name%3D%22code%22+placeholder%3D%22%2A%2A%2A%2A%2A%2A%22+style%3D%22font-size%3A+xx-large%3Bwidth%3A+200px%3Bborder-radius%3A+0px%3Btext-align%3A+center%3Bdisplay%3A+inline%3Bcolor%3A+%230275d8%3B%22%3E%3Cbr%3E+%3Cbr%3E++++%0A++++++++++++++++++++++++++++%3Cbutton+type%3D%22submit%22+class%3D%22btn+btn-md+btn-primary%22+style%3D%22width%3A+200px%3Bborder-radius%3A+0px%3B%22%3EVerify%3C%2Fbutton%3E%0A%0A++++++++++++++++++++%3C%2Fdiv%3E%0A%0A++++++++++++++++%3C%2Fform%3E%0A++++++++++++%3C%2Fdiv%3E%0A++++++++%3C%2Fdiv%3E%0A++++%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A'
  104   126    > > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
135.82 ms | 1417 KiB | 21 Q