Scribd
Upload
299 views

3 Level Authentication - TutorialsDuniya

This document summarizes a student project on 3-level user authentication for a website. It includes 3 levels of passwords of increasing difficulty - text password, image-based password, and OTP password. The aim is to achieve high security by requiring users to pass through multiple authentication levels. It describes the features, design, implementation, testing and user manual for the authentication system project.

Uploaded by

Mustapha Saidu Tati
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
299 views

3 Level Authentication - TutorialsDuniya

This document summarizes a student project on 3-level user authentication for a website. It includes 3 levels of passwords of increasing difficulty - text password, image-based password, and OTP password. The aim is to achieve high security by requiring users to pass through multiple authentication levels. It describes the features, design, implementation, testing and user manual for the authentication system project.

Uploaded by

Mustapha Saidu Tati
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 50

Delhi University

B.Sc. (H) Computer Science


Software Engineering Project

3 Level Authentication

TutorialsDuniya.com
Note: This project is made by a student of B.Sc. (H)
Computer Science and may contain some errors. You can
report the errors at [email protected]

Website: https://www.tutorialsduniya.com
FaceBook: https://www.facebook.com/tutorialsduniya
YouTube: https://www.youtube.com/user/TutorialsDuniya
LinkedIn: https://www.linkedin.com/company/tutorialsduniya
3 LEVEL AUTHENTICATION

SOFTWARE ENGINEERING PROJECT

m
REPORT

o
B. Sc. (H) Computer Science

.c
i ya
un
a lsD
ri

SUBMITTED BY:
to

Rallapalli Nagarjun Sachin Kumar Shashikant Patel Yukti Kaushik

16035500000 15035500000 15035500000 16035500000


Tu

Keshav Mahavidyalaya

(University of Delhi)
i

ACKNOWLEDGEMENT

We have taken efforts in this project. However, it would not have been possible

m
without the kind support and help of many individuals. We would like to extend
our sincere thanks to all of them. We are highly indebted to TutorialsDuniya.Com

o
for their guidance and constant supervision as well as for providing necessary
information regarding the project & also for their support in completing the

.c
project.

ya
We would like to express our gratitude towards our teachers for their kind co-
operation and encouragement which helped us in completion of this project.
A huge thanks and appreciations also go to the team members in developing the

i
project and people who have willingly helped us out with their abilities.
un
a lsD
ri
to
Tu
ii

CERTIFICATE

m
This is to certify that Software Engineering project report entitled “3 Level

o
Authentication” is the work carried out by Rallapalli Nagarjun, Sachin Kumar,
Shashikant Patel and Yukti Kaushik, student of BSc(H) Computer Science 4th

.c
Semester, Keshav Mahavidyalaya, University of Delhi under the supervision of
TutorialsDuniya.com.

ya
This report has not been submitted to any other organization/institution for the
award of any other degree/diploma.

i
un
a lsD

Project Supervisor Teacher-In-Charge


ri

TutorialsDuniya.com TutorialsDuniya.com
to
Tu

Principal

TutorialsDuniya.com
iii

ABSTRACT
The project is an authentication system that validates user for accessing
the system only when they input correct password. The project involves

m
three levels of user authentication. There are varieties of password
systems available, many of which have failed due to bot attacks while

o
few have sustained it but to a limit. In short, almost all the passwords

.c
available today can be broken to a limit. Hence this project is aimed to
achieve the highest security in authenticating users.

ya
It contains three authentication phases having three different kinds of
password system. The password difficulty increases with each level.

i
Users have to input correct password for successful login. Users would
un
be given privilege to set passwords according to their wish. The project
comprises of text password i.e. pass phrase, image based password and
OTP password for the three levels respectively. This way there would be
lsD

negligible chances of bot or anyone to crack passwords even if they have


cracked the first level or second level, it would be impossible to crack
the third one. Hence while creating the technology the emphasis was put
a

on the use of innovative and nontraditional methods. Many users find


ri

the most widespread text-based password systems unfriendly, so in the


case of three level password we tried creating a simple user interface and
to

providing users with the best possible comfort in solving password.


Tu
iv

TABLE OF CONTENTS

1. Software Requirement Specification 1

m
1.1 Introduction 1

1.2 Overall Description 2

o
1.3 External Interface Requirements 4

.c
1.4 System Features 5

ya
1.5 Other Non-Functional Requirements 7

Appendix A: Data Flow Diagrams 8

i
1.6. Data Dictionary 10
un
2.Size Estimation & Scheduling 13
2.1 Functional Point Analysis 13
lsD

2.2 Project Scheduling 17

3.Architectural Design 18

4.Risk Analysis 19
a

4.1 RMMM plan 19


ri

5.Implementation 21
to

5.1 Coding 21

5.2 Snapshots 28
Tu

6.Testing 32

7.User Manual 36

8.Conclusion 38

9.References 39
TutorialsDuniya.com
Get FREE Compiled Books, Notes, Programs, Books, Question Papers with Solution*
etc of following subjects from https://www.tutorialsduniya.com.

 C and C++  Computer System Architecture


 Programming in Java  Discrete Structures
 Data Structures  Operating Systems
 Computer Networks  Algorithms
 Android Programming  DataBase Management Systems
 PHP Programming  Software Engineering
 JavaScript  Theory of Computation
 Java Server Pages  Operational Research
 Python  System Programming
 Microprocessor  Data Mining
 Artificial Intelligence  Computer Graphics
 Machine Learning  Data Science

 Compiled Books: https://www.tutorialsduniya.com/compiled-books


 Programs: https://www.tutorialsduniya.com/programs
 Question Papers: https://www.tutorialsduniya.com/question-papers
 Python Notes: https://www.tutorialsduniya.com/python
 Java Notes: https://www.tutorialsduniya.com/java
 JavaScript Notes: https://www.tutorialsduniya.com/javascript
 JSP Notes: https://www.tutorialsduniya.com/jsp
 Microprocessor Notes: https://www.tutorialsduniya.com/microprocessor
 OR Notes: https://www.tutorialsduniya.com/operational-research
v

List of Figures
1.Figure 1-Project View

2.Figure 2-Project Implementation

m
3.Figure 3-Level 0 Data Flow Diagram

o
4.Figure 4-Level 1 Data Flow Diagram

.c
5. Figure 5:-Architectural Design Level 1

ya
6. Figure 6:-Architectural Design Level 2

7. Figure 7:-Snapshot 1

i
8. Figure 8:-Snapshot 2
un
9. Figure 9:-Snapshot 3
lsD

10. Figure 10:-Snapshot 4

11. Figure 11:-Snapshot 5

12. Figure 12:-Code Module


a

13. Figure 13:-Program Graph


ri
to
Tu
vi

List of Tables
1. EI table

2. EO table

m
3. ILF table

o
4. EQ table

.c
5. EIF table

ya
6. Combined Functional point table

7. Gantt chart

8. RMMM 1
i
un
9. RMMM 2

10. Test case analysis


a lsD
ri
to
Tu

1
1. Software Requirement Specification

1.1. Introduction

1.1.1. Purpose

The purpose of product is to provide high level protection from thefts involving privacy of data.

m
In this fast advancing world, almost all the security systems are becoming obsolete. So,
something is needed to increase the level of security for our data, that’s why this application is
made.

o
1.1.1 Document Conventions

.c
The font used for headings are Times with BOLD function and font used for content part in a
paragraph is Arial with italics function. In the paragraph body, special lines have been quoted

ya
and highlighted with bold function.
Every heading is followed by its sub headings described by 1.1, 1.2.

i
un
1.1.3. Intended Audience and Reading Suggestions

This document is made for all the kind of readers who intend to get a brief knowledge about
what this software is about.
lsD

The developers should directly jump to part 2, that is, Overall Description to part 5 of the
document, that is, Other Non - functional Requirements.
The project managers need to read all the parts from part 1 to part 6.
The marketing staff should read part 5 Other Non – functional Requirements.
The users should read part 2, that is, Overall Description.
The testers should read part 2, 3 and 4.
a

The documentation writers should read part 2 to part 6.


ri

1.1.4 Product Scope


to

The main objective is to provide high level of security so that users can rely on the storage that
their data is secure. The more authentication methods get introduced in the near future, the more
updates will be patched to the main software. “The users can rely on our database for saving
their sensitive data.” this is the prime objective of our software.
Tu

1.1.5 References

This SRS has been referred from SRS template provided by IEEE.

2
1.2 Overall Description
1.2.1 Product Perspective

Nowadays, many hackers hack into our system and can use our sensitive information for their
purpose as mostly we are relying upon text-based password system where our username
identifies us and password validates us. But this already existing technique has some weaknesses
as more than one person can possess its knowledge at one time as the textual password can be
easily known by using brute force method and hence our identity can land into trouble with

m
people having venomous intent. Thus, along with text-based password two more techniques
have been providednamely picture based password and OTP generated password.

o
.c
i ya
un
a lsD

FIGURE 1: PROJECT OVERVIEW


ri
to

1.2.2 Product Functions

 The user will be provided a sign-up page for the first time and sign in page after sign up
Tu

for that particular user.


 When the user signs up, he will provide a mobile number/email on which an OTP system
will be used.
 Also, the user will select a group of photos for which we will assign a picture password.\
 Once the user successfully logs in, he will have access to his own previously saved data
or he can add more data to his online storage which is provided to each specific user (to a
certain limit).
3

SIGN UP

m
co
SIGN IN

a.
PICTURE
iy
un
TEXT PASSWORD OTP SERVICE
PASSWORD
sD
al

DATABASE
ri
to

FIGURE 2: PROJECT IMPLEMENTATION


Tu
4

1.2.3 User Classes and Characteristics

This software can be used by any type of user. Everyone who wants to save their data from any
attacks and maintain their privacy, can use this software.

m
1.2.4 Operating Environment

This software can operate on any hardware platform, as it is a web storage type of software.Any

o
browser can be used to access this software. The browser should support JavaScript.

.c
1.2.5 Design and Implementation Constraints

This system limits to one user at a time.

ya
1.2.6 User Documentation

i
A video will be provided on how to sign up and initialize the user page for inputting the text
un
password, picture password and enabling OTP service.
A tutorial will be provided on how to upload your files on the cloud storage assigned to you.
Also, the directives that would be followed in case of “FORGOT PASSWORD” situation will
also be provided along with the user manual.
lsD

1.2.7 Assumptions and Dependencies

We are assuming that the OTP service provided is reliable and we can have no more than 1
person at a time accessing the storage.
a
ri
to

1.3 External Interface Requirements


1.3.1 User Interfaces
Tu

The interface used in each webpage is similar to the Gmail login page.
The browser on which the user runs the webpage should be preferably 1024 x 768 px.
The errors are generally shown in the text fields and the errors that are due to database non
connection or smtp server failure.

1.3.2 Hardware Interfaces

The interface uses PHP in backend for which a XAMPP server is being used.
And for sending OTP, the gmail SMTP server is being used.
5

The port for SMTP Gmail server is PORT 587 and for Apache server port 80 and MySQL port
3306. And PHPMyAdmin is the database used for MySQL queries.

1.3.3 Software Interfaces

reCAPTCHA API used for CAPTCHA.

m
PHPMyAdmin used for MySQL server.
Gmail SMTP server for sending mails.
PHPMailer and SMTP classes used for OTP functionality.

o
Refer to User Manual

.c
1.3.4 Communications Interfaces

ya
The port for SMTP Gmail server is PORT 587 and for Apache server port 80 and MySQL port
3306. And PHPMyAdmin is the database used for MySQL queries.

i
un
1.4 System Features
Refer to Brief Overview.

1.4.1 System Feature 1


lsD

LOGIN
1.4.1.1 Description and Priority
Priority: HIGH.
a

The user types in his username and password that he had used for signup.
ri

1.4.1.2 Stimulus/Response Sequences


As the user hits the validate button in the login page, firstly the text field replies
to

whether the inputted data is correct or not.


Then, user clicks the proceed button and proceeds to reCAPTCHA page.
Tu

1.4.1.3 Functional Requirements

REQ-1: The database should be connected.


REQ-2: The proceed button only works when correct data is validated
6

1.4.2 System Feature 2

SIGN UP
1.4.2.1 Description and Priority
Priority: HIGH.

m
The user types in his username and password.

1.4.2.2 Stimulus/Response Sequences

o
As the user hits the validate button in the signup page, firstly the text field replies

.c
whether the inputted data is correct or not.
Then, user clicks the proceed button and proceeds to reCAPTCHA page.

ya
1.4.2.3 Functional Requirements

i
REQ-1: The database should be connected.
REQ-2: The proceed button only works when correct data is validated
un
1.4.3 System Feature 3
lsD

reCAPTCHA
1.4.3.1 Description and Priority
Priority: LOW.
The user selects the pattern and clicks proceed.
a

1.4.3.2 Stimulus/Response Sequences


ri

As the user hits the proceed button in the reCAPTCHA page, the pattern is cross
checked and if correct,
to

Then, user clicks the proceedbutton and proceeds to OTP page.


Tu

1.4.3.3 Functional Requirements

REQ-1: The internet should be connected


REQ-2: The proceed button only works when correct data is validated

1.4.4 System Feature 4

OTP
1.4.4.1 Description and Priority
7
Priority: HIGH.
The user types in his username and then the OTP received.

1.4.4.2 Stimulus/Response Sequences


As the user hits the validate UID button in the OTP page, firstly the text field
replies whether the inputted data is correct or not.

m
Then the user receives the OTP on his email id and then hits validate button.
Then, user clicks the proceed button and proceeds to web page.

o
1.4.4.3 Functional Requirements

.c
REQ-1: The internet should be connected.

ya
REQ-2: The proceed button only works when correct data is validated
REQ-3: The database should be connected.

i
un
1.5 Other Nonfunctional Requirements
1.5.1 Performance Requirements
lsD

This software can be used by 5 users at a time with each user occupying 100 MB of space.

1.5.2 Safety Requirements

Safety of data is given prime importance in this software where users’ data is stored and can only
a

be accessed by his/her permission by authenticating through various phases provided. There will
be no one accessing your storage other than yourself.
ri

By providing OTP from the system only the intended user can achieve access onto his data
allowing full safety to the data. Even if he/she by mistakenly shares the password of account then
also full rights of retrieving the data remains with him/her as other users will not be able to gain
to

access and will be blocked after several attempts.

1.5.3 Security Requirements


Tu

The user can jump to another webpage on the site by changing the URL to the location file.
The user can use SQL injection to break into the database for UIDs.
The proceed button in some pages work without validating causing chaos.

1.5.4 Software Quality Attributes

The software is correct, flexible, maintainable, portable and reusable.


But it is not robust because it is vulnerable to attacks and flaws.
8

This software is limited to localhost that means the system of the project invoking the files,
therefore, it has very limited usage capability.

o m
Appendix A: Analysis Models

.c
i ya
un
a lsD
ri
to

FIGURE 3: LEVEL 0 Data Flow Diagram


Tu
9

o m
.c
i ya
un
a lsD
ri
to
Tu

FIGURE 4: LEVEL 1 Data Flow Diagram


TutorialsDuniya.com
Get FREE Compiled Books, Notes, Programs, Books, Question Papers with Solution*
etc of following subjects from https://www.tutorialsduniya.com.

 C and C++  Computer System Architecture


 Programming in Java  Discrete Structures
 Data Structures  Operating Systems
 Computer Networks  Algorithms
 Android Programming  DataBase Management Systems
 PHP Programming  Software Engineering
 JavaScript  Theory of Computation
 Java Server Pages  Operational Research
 Python  System Programming
 Microprocessor  Data Mining
 Artificial Intelligence  Computer Graphics
 Machine Learning  Data Science

 Compiled Books: https://www.tutorialsduniya.com/compiled-books


 Programs: https://www.tutorialsduniya.com/programs
 Question Papers: https://www.tutorialsduniya.com/question-papers
 Python Notes: https://www.tutorialsduniya.com/python
 Java Notes: https://www.tutorialsduniya.com/java
 JavaScript Notes: https://www.tutorialsduniya.com/javascript
 JSP Notes: https://www.tutorialsduniya.com/jsp
 Microprocessor Notes: https://www.tutorialsduniya.com/microprocessor
 OR Notes: https://www.tutorialsduniya.com/operational-research
10

1.6 Data Dictionary


1.6.1 Log in <=> User:

I USER TO LOGIN DATA FLOW

(i)description:password

m
(ii)source:user

o
(iii)destination:login process (database = "uid" )

.c
(iv)type:user id ( combination of alphanumeric and special characters )

II SUCCESSFUL LOGIN

ya
(i)description:access to user storage

(ii)source: storage

i
un
(iii)destination: user

(iv)type:session started ( on cross checking uid and password )


lsD

III TEXT PASSWORD

(i)description : user inputs text password


a

(ii)source: user
ri

(iii)destination : PICTURE PASSWORD


to

(iv) type : alphanumeric password

IV PICTURE PASSWORD
Tu

(i) description : user selects some specific pictures

(ii) source : user

(iii) destination : OTP

(iv) type : picture password ( picture size less than 1 MB each )


11

V OTP

(i) description: user inputs the OTP received by him/her

(ii) source : user

m
(iii) destination : OTP

(iv) type : One Time Password (generally numeric )

o
VI FORGOT PASSWORD

.c
(i) description : user inputs the answer to the security question

ya
(ii) source : user

(iii) destination : SIGN UP

(iv) type : alphanumeric

i
un
VII ON SUCCESS

(i)description : user gets access to his storage


lsD

(ii) source : database

(iii) destination : user


a

(iv) type : general media files


ri

VIII CROSS CHECKING

(i)description:textpassword,otppassword,picture password are


to

cross checked by storing it in datastore for granting further access

(ii)source:processes = text password + picture password + otp


Tu

(iii)destination:datastore:otp+text+picture

(iv)type:alphanumeric(text password) + numeric(otp) + image(picture password)


12

1.6.2 SIGN UP

I FIRST SESSION

(i) description : user inputs username

(ii)source : user

m
(iii) destination :datastore

o
(iv) type : alphanumeric

.c
II TEXT PASSWORD

(i)description : user inputs password

ya
(ii) source : user

(iii) destination :datastore

i
un
(iv) type : alphanumeric

III PICTURE PASSWORD


lsD

(i)description : user selects pictures

(ii)source : user

(iii) destination :datastore


a

(iv) type : media files (size < 1 MB each)


ri

IV OTP

(i) description : user inputs his mobile number


to

(ii) source : user


Tu

(iii) destination :datastore

(iv) type : numeric (=10 digit number )

V INTERACTING WITH USER STORAGE

(i) description: user interacts with his storage

(ii) source : user


13

(iii) destination : storage

(iv) type : media files

2. Size Estimation and Scheduling

o m
2.1 Size Estimation

.c
ya
EQ TABLE
Enquiry weighing factor weight description
eq1 D

i6 User database interaction


un
eq2 M 4 3rd party OTP service
sum= 10

TABLE 1: EXTERNAL ENQUIRIES


a lsD
ri

ILF TABLE
to

Process Weighing factor weight description


p1 D 15 user database
p2 D 15 login
Tu

p3 M 10 text password
p4 D 15 picture password
p5 S 7 OTP
p6 S 7 sign up
p7 M 10 forgot password
sum= 79

TABLE 2: INTERNAL LOGICAL FILES


14

EI TABLE

m
Input Weighing factor Weight Description
i1 M 4 text password
i2 D 6 picture password

o
i3 S 3 OTP

.c
i4 S 3 Username
i5 D 6 Storing in database

ya
sum= 22

i
un
TABLE 3: EXTERNAL INPUT
a lsD

EO TABLE
ri

Output Weighing factor Weight Description


o1 D 7 user storage access
to

text password to picture


o2 M 5 password
o3 M 5 picture password to OTP
Tu

o4 D 7 Login
o5 S 4 signup
sum= 28

TABLE 4: EXTERNAL OUTPUT


15

EIF TABLE
Process weighing factor weight Description

m
p1 M 7 3rd Party OTP
p2 S 5 User Storage

o
sum= 12

.c
TABLE 5: EXTERNAL INTERFACE FILES

ya
CAF (Cumulative Adjustment Factor)= 0.65 + (0.01 * 14
*3) =1.07

i
un
a lsD
ri
to

Functional Unit Number Difficulty Level


EIF 2 12
ILF 7 79
Tu

EO 5 28
EI 5 22
EQ 2 10
UFP= 151

TABLE 6: FUNCTION POINT ANALYSIS


16

FP (Function Point)= 1.07 * 151 = 161.57


LOC(Lines of code) = FP xLOC PER FP OF LANGUAGE =
161.57 x 67 = 10,825.19

o m
EFFORT=1.4XL^0.93 = 1.4 X (10,825.19)^0.93 = 7909.57

.c
DOCUMENTATION= 30.4 x (10,825.19)^0.9 = 129,974.66
DURATION = 4.6 x (10,825.19)^0.26 = 51.488

i ya
un
Assumptions taken during functional point analysis:

EI has taken input that is given to process/database


lsD

EO has given output that is the outcome of anyprocess/database

Processes are considered as ILF i.e. internal logical files


a
ri
to
Tu
17

2.2 Project Scheduling

o m
.c
i ya
un
a lsD
ri
to
Tu

TABLE 7: Gantt chart


18

3. Architectural Design
Level 1

o m
.c
i ya
un
FIGURE 5: ARCHITECTURAL DESIGN LEVEL 1
lsD

Level 2
a
ri
to
Tu

FIGURE 6: ARCHITECTURAL DESIGN LEVEL 2


19

4. Risk Analysis
4.1Risk Mitigation, Monitoring and Management Plan

Risk Mitigation, Monitoring and Management 1:

m
RISK INFORMATION SHEET

o
Risk ID: DATE: Probability: Impact:

.c
R01 10-02-2018 80% high

ya
DESCRIPTION

Lack of training on tools required to build the project

i
REFINEMENT/CONTEXT:
un
1. Certain reusable components were developed by a third party with no
knowledge of internal design standards.
2. Certain reusable components have been implemented in a language that
lsD

is not supported on the target environment.

MITIGATION/MONITORING:

1. Contact third party to determine conformance with design standards.


2. Check to determine if language support can be acquired.
a

MANAGEMENT/CONTINGENCY PLAN/TRIGGER
ri

1. Risk estimation computed to be ₹5000. Allocate this amount within project


contingency cost. Develop revised schedule assuming that 18 additional
to

components will have to be custom built; allocate staff accordingly.


Trigger: Mitigation steps unproductive as of 20/02/2018
Tu

CURRENT STATUS:

05/03/2018: Mitigation steps initiated.

Originator : Yukti Kaushik Assigned : Rallapalli Nagarjun

TABLE 8: RMMM 1
20

Risk Mitigation, Monitoring and Management 2:

RISK INFORMATION SHEET


Risk ID: DATE: Probability: Impact:

m
R02 15-02-2018 80% Very high

DESCRIPTION:

o
Staff lacks experience in skills required to complete the project.

.c
REFINEMENT/CONTEXT:

ya
3. More work load on the experienced people.
4. Time exceeded due to inexperienced staff.

MITIGATION/MONITORING:

i
3. Providing required knowledge regarding the project.
un
4. Bring in skilled staff.

MANAGEMENT/CONTINGENCY PLAN/TRIGGER
lsD

2. Risk estimation computed to be ₹50000. Allocate this amount within


project contingency cost. Develop revised schedule assuming that 18
additional components will have to be custom built; allocate staff
accordingly.
Trigger: Mitigation steps unproductive as of 23/02/2018
a

CURRENT STATUS:
ri

10/03/2018: Mitigation steps initiated.


to

Originator : Yukti Kaushik Assigned : Rallapalli Nagarjun


Tu

TABLE 9:RMMM 2
21

5. Implementation of Module
5.1 Coding
Otp.Php One Time Password in Project 3rd Module

m
<?php

// Import PHPMailer classes into the global namespace

o
// These must be at the top of your script, not inside a function

.c
require 'Exception.php';

ya
//Load composer's autoloader

require 'PHPMailerAutoload.php';

i
un
functionsendOTP($email,$otp){

$mail = new PHPMailer(true); // Passing `true` enables exceptions


lsD

try {

//Server settings

$mail->SMTPDebug = 2; // Enable verbose debug output


a

$mail->isSMTP(); // Set mailer to use SMTP


ri

$mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers


to

$mail->SMTPAuth = true; // Enable SMTP authentication

$mail->Username = '[email protected]'; // SMTP username


Tu

$mail->Password = '16121998'; // SMTP password

// $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted

$mail->Port = 25; // TCP port to connect to

// $message_body = "One Time Password for PHP login authentication is:<br/><br/>" . $otp;

//Recipients
22
$mail->setFrom('[email protected]', '3-LEVEL Authentication');

$mail->addAddress($email); // Add a recipient

//Content

// $mail->MsgHTML($message_body);

m
$mail->isHTML(true);

o
// Set email format to HTML

.c
$mail->Subject = 'OTP for login/signup';

$mail->Body = "One Time Password for PHP login authentication is:<br/><br/>" . $otp;

ya
$result1 = $mail->send();

echo '<h1><center><b>Message has been sent</b></center></h1>';

return $result1;

i
un
}

catch (Exception $e) {


lsD

echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo;

return 0;

}
a

}
ri

?>
to

<?php

$success=null;
Tu

$error_message = null;

$emailref = null;

$conn = mysqli_connect("localhost","root","","mydb");

if(isset($_POST["name1"]) && !empty($_POST["name1"])){

$result = mysqli_query($conn,"SELECT * FROM Baits WHERE email = '" .


$_POST['name1'] . "'");
23
$count1 = mysqli_num_rows($result);

if($count1>0){

//generate OTP

$otp = rand(100000,999999);

m
//Send OTP

o
$mail_status = sendOTP($_POST['name1'],$otp);

.c
if($mail_status == 1){

$result = mysqli_query($conn,"INSERT INTO

ya
otp_expiry(otp,is_expired,create_at) VALUES ('".$otp."',0,'" . date("Y-m-d H:i:s")."')");

//$current_id = mysqli_insert_id($conn);

i
// if(!empty($current_id)){
un
// $success =1;

// }
lsD

else{

$error_message = "error";
a

}
ri

else{
to

$error_message = "Email is not present in the database Either Sign Up or get the
hell out of here!";
Tu

else if(isset($_POST["OTPrec"]) && !empty($_POST["OTPrec"])){

$result2 = mysqli_query($conn,"SELECT * FROM otp_expiry WHERE otp =


'".$_POST["OTPrec"]."' AND is_expired<> 1");
24

$count = mysqli_num_rows($result2);

if($count>0){

$result2 = mysqli_query($conn,"UPDATEotp_expiry SET is_expired = 1


WHERE otp = '".$_POST["OTPrec"]."'");

m
$error_message = "success";

o
header("Location:C:\xampp\htdocs\home2.php");

.c
}

else{

ya
$error_message = "Invalid OTP!";

i
}
un
?>
lsD

<!DOCTYPE html>

<html>

<head>
a

<title>OTP page</title>
ri

<link rel = "stylesheet" href = "OTP.css"/>


to

<link href = "https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300" rel =


"stylesheet" type = "text/css"/>
Tu

<link href = "https://fonts.googleapis.com/css?family=Open+Sans:300" rel = "stylesheet" type =


"text/css"/>

</head>

<body>

<center>

<div class = "base">


25
<div id = "logo">

<imgsrc = "logo.png" width = "118" height = "138"/>

</div>

<div id = "info1">

m
Input your email for receiving OTP

o
</div>

.c
<div id = "info2">

Enter OTP after submitting your email

ya
</div>

<div id = "form1">

<form action = "OTP.php" method = "POST">

i
un
<div id = "mailbox">

<input placeholder = " Enter your email"


lsD

type = "email" name = "name1" style="width:270px; height:42px; border:solid 1px #c2c4c6; font-
size:16px;

padding-left:8px" autofocus />


a

</div>
ri

<div id = "OTPfield">

<input placeholder="Enter the OTP" name ="OTPrec" style="width:270px; height:42px; border:solid 1px
to

#c2c4c6; font-size:16px;

padding-left:8px"/>
Tu

</div>

<div id = "passusercheck" style = "width:270px; height:42px; border:solid 1px #c2c4c6; font-size:16px;

padding-left:8px">

<?php

26
echo $error_message;

?>

</div>

<div>

<input type ="submit" id="button1" value ="Validate Email" />

m
</div>

<div>

o
<input type ="submit" id="button2" value ="Validate OTP" />

.c
</div>

ya
<div id = "jump1">

i
<button class = "button3" onclick="myFunction()" >
un
<span>

<a href ="#">Proceed</a>


lsD

</span>

</button>
a

</div>
ri

</div>
to

<div id = "bottom">

<p>&copy; Designed by Yk<br></p>


Tu

</div>

</div>

</center>

<script>

27
functionmyFunction(){

var x = document.getElementById("jump1");

var y = "<?php echo $error_message; ?>";

if(y!="success"){

if(x.style.display === "none"){

m
x.style.display ="block";

o
else{

.c
x.style.display = "none";

ya
}

i
un
</script>

</body>
lsD

</html>
a
ri
to
Tu
TutorialsDuniya.com
Get FREE Compiled Books, Notes, Programs, Books, Question Papers with Solution*
etc of following subjects from https://www.tutorialsduniya.com.

 C and C++  Computer System Architecture


 Programming in Java  Discrete Structures
 Data Structures  Operating Systems
 Computer Networks  Algorithms
 Android Programming  DataBase Management Systems
 PHP Programming  Software Engineering
 JavaScript  Theory of Computation
 Java Server Pages  Operational Research
 Python  System Programming
 Microprocessor  Data Mining
 Artificial Intelligence  Computer Graphics
 Machine Learning  Data Science

 Compiled Books: https://www.tutorialsduniya.com/compiled-books


 Programs: https://www.tutorialsduniya.com/programs
 Question Papers: https://www.tutorialsduniya.com/question-papers
 Python Notes: https://www.tutorialsduniya.com/python
 Java Notes: https://www.tutorialsduniya.com/java
 JavaScript Notes: https://www.tutorialsduniya.com/javascript
 JSP Notes: https://www.tutorialsduniya.com/jsp
 Microprocessor Notes: https://www.tutorialsduniya.com/microprocessor
 OR Notes: https://www.tutorialsduniya.com/operational-research
5.2 Snapshots of Module29

o m
.c
i ya
un
Figure 7: Snapshot 1
a lsD
ri
to
Tu

Figure 8: Snapshot 2
30

o m
.c
i ya
Figure 9: Snapshot 3
un
a lsD
ri
to
Tu

Figure 10: Snapshot 4


31

o m
.c
i ya
un
lsD

FIGURE 11: Snapshot 5


a
ri
to
Tu
32

6. Testing
Basis Path Testing Of theRecaptcha Module

om
.c
i ya
un
lsD

Figure 12: Code module


a
ri
to
Tu
33

Program Graph of the above code:

o m
.c
i ya
un
a lsD
ri
to

Figure 13: Program graph


Tu

Cyclomatic complexity of the given graph

VG = E – N + 2

VG = 23 – 21 +2
34
=4

No. of regions = 3 + 1

=4

m
No. of predicate nodes = 3

o
Cyclomatic complexity = Predicate nodes + 1 = 3+1 = 4

.c
No. of independent nodes =

ya
1-3 , ( 3,6) , (6,10) , 10-14 , 14-21
 1-3, (3,6), 6-10, 10 -14, 14-15-16-21
 1-6, 6-10, 10-14, 14-20, 20-21
 1-14, 14-20 , 21

i
un
Which is equal to 4

No. of independent nodes = Cyclomatic complexity = 4


lsD

Test cases:
Path no. Input Expected Output Received output
a

. 1-3 , ( 3,6) $_POST[‘g-recaptcha- $captcha != null $captcha != null


ri

response’]
, (6,10) , 10- $captcha != null $captcha != null
14 , 14-21 $captcha
to

Another file is opened Another file is opened


$responsekeys[‘success’]
Tu

.1-3, (3,6), $captcha != null $captcha != null


6-10, 10 - $_POST[‘g-recaptcha-
14, 14-15- response’] $captcha != null $captcha != null
16-21
$captcha You are a spammer You are a spammer
$responsekeys[‘success’]
35

$_POST[‘g-recaptcha-
response’]
$captcha != null

m
$captcha $captcha != null
.1-6, 6-10, Please check the captcha
10-14, 14- $responsekeys[‘success’] form Please check the captcha

o
20, 20-21 exit form

.c
exit

i ya
un
lsD

$_POST[‘g-recaptcha- $captcha != null $captcha != null


a

response’]
ri

$captcha
$captcha != null $captcha != null
$responsekeys[‘success’]
to

Another file is opened Another file is opened


Tu

Table 10: Test case analysis


36

7.User Manual for the Project: 3 Level Authentication

The project’s main objective is to provide three level authentication for the user to access a
webpage.

m
The homepage is used for first level which is login page to login and proceed to the next
authentication which is reCAPTCHA. The homepage has the link to the Sign Up page naming

o
Create Account. For every page the user is directed to, he has to firstly validate his inputted

.c
data. Then, after successful validation, the user has to click the proceed button. If the user clicks
the proceed button before the validation procedure, the proceed button will vanish and the user
has to reload the page to again validate and proceed.

ya
The validation procedure in the Sign Up procedure has the following possibilities:

1. Invalid User ID
2. The user has been taken

i
un
3. The passwords inputted by the user don’t match
4. Fields are empty
The validation in the Login procedure has the following possibilities:
lsD

1. Invalid user credentials


2. Invalid Password
The page to which the login/signup page direct is the reCAPTCHA page. The user selects a
a

pattern from the given images and then proceeds to the OTP page.
ri

In the OTP page, the user has to firstly validate his/her email and then the user receives an email
having 6 digit one time password and then the user inputs the OTP in the text field and then
to

proceeds to the webpage.


Tu

When the email is validated, the CLIENT AND THE SERVER interaction is displayed behind
the text fields.

If the username is used previously in the database, it can’t be used again. Once OTP is generated
and used, it can’t be used again.

The project is working on localhost.

The SMTP protocol works on Port 25/Port 587.


37

Port 25 supports SSL/TLS encryption.

Some of the systems with enhanced security won’t be able to send the mail as the system will
block the unauthorized and unprotected access to that port.

Port 587 doesn’t have TLS encryption so the mail server can work easily.

m
Mailing procedure is done by using SMTP.php and PHPMailer.php where a Gmail account is
used to send the emails in the backend. That Gmail id should give access to the less secure apps

o
feature in Gmail or else the mailer won’t work.
Steps to be followed while signing up for a new account:-

.c
1. Click on the link Create Account which will lead you to sign up page.
2. Enter your valid email id in the id box provided

ya
3. Enter your password in the box provided
4. Validate your email
5. Then proceed further.

i
un
a lsD
ri
to
Tu
38

8. Conclusion

m
The delivered prototype of our software demonstrates how authentication can be
achieved by using three level protection/authentication. With this we can conclude
that our prototype can be used for security purposes by individuals and

o
organizations in order to prevent their data from theft. Extending this model to

.c
other resources will definitely increase the security level at its best.

i ya
un
a lsD
ri
to
Tu
39

9. References

1. https://www.tutorialsduniya.com

m
2. Google reCAPTCHA API available at Google.com

o
3. github.com for PHPMailer and SMTP

.c
4. php.net/manual

ya
5. https://www.tutorialsduniya.com

i
un
a lsD
ri
to
Tu
TutorialsDuniya.com
Get FREE Compiled Books, Notes, Programs, Books, Question Papers with Solution*
etc of following subjects from https://www.tutorialsduniya.com.

 C and C++  Computer System Architecture


 Programming in Java  Discrete Structures
 Data Structures  Operating Systems
 Computer Networks  Algorithms
 Android Programming  DataBase Management Systems
 PHP Programming  Software Engineering
 JavaScript  Theory of Computation
 Java Server Pages  Operational Research
 Python  System Programming
 Microprocessor  Data Mining
 Artificial Intelligence  Computer Graphics
 Machine Learning  Data Science

 Compiled Books: https://www.tutorialsduniya.com/compiled-books


 Programs: https://www.tutorialsduniya.com/programs
 Question Papers: https://www.tutorialsduniya.com/question-papers
 Python Notes: https://www.tutorialsduniya.com/python
 Java Notes: https://www.tutorialsduniya.com/java
 JavaScript Notes: https://www.tutorialsduniya.com/javascript
 JSP Notes: https://www.tutorialsduniya.com/jsp
 Microprocessor Notes: https://www.tutorialsduniya.com/microprocessor
 OR Notes: https://www.tutorialsduniya.com/operational-research

You might also like