Tuesday, December 27, 2011

New security feature in facebook

My account was locked and after spending many suspicious hours finally it got unlocked.
To reopen my account it asked me to give a name of my device. It’s for security so that if anyone hacked your account and open it from some where you will be alerted.  No doubt it is a good security enhancement. However it’s a bad side. Whenever your system IP get changed by DHCP or else you will get an alert mail though still you are opening your account from the same device.
I assume the PHP page get client IP and mapped it with the device name that you provide. Next time, if IP get changed face book identifies the difference and send that alert mail.
Today I have made a suggestion to map Device name with Mac Address instead of Ip.
Through PHP its difficult finding client side Mac address. Using JavaScript it is possible to get client Mac and therefore PHP embedded JavaScript can solve it.
Posted by at No comments:

Tuesday, May 10, 2011

ADAM alert – password is about to expire…..

Depending on our ADAM password policy, the support staff must be informed in advance about the date of password expiration. To accomplish it we need to determine if a user’s
-         Account password is set to expire,
-         When the user last changed their password,
-         The maximum password age in the domain and
-         Current date and time.
As a normal user we can retrieve date and time “when the user last changed their password”.

 But normal user may not able to see all the attributes in a particular user object. I feel if ADAM uses the password policy and expiry times same as the domain then the values of above attributes would not be configured in ADAM itself. On the other hand a normal user may not get all information using LDAP browser.

 However, if maxPwdAge is fixed for all users, we can complete the script and configured a cron job to send “Password_Expirre_Alart” before a week.

Here we assume maxPwdAge is three month. This script will run five minutes after midnight, every day.
#Crontab -e
5 0 * * * usr/bin/php –f /path/to/script
The script :
#!/usr/bin/php
< ?php
// basic sequence with ADAM is connect, bind, search, interpret search result and close connection

function convert_AD_date($ad_date) {
        if ($ad_date == 0) {
                return '0000-00-00';
        }
        $secsAfterADEpoch = $ad_date / (10000000);
        $AD2Unix=((1970-1601) * 365 - 3 + round((1970-1601)/4) ) * 86400;
        // Why -3 ?
        // "If the year is the last year of a century, eg. 1700, 1800, 1900, 2000,
        // then it is only a leap year if it is exactly divisible by 400.
        // Therefore, 1900 wasn't a leap year but 2000 was."
        $unixTimeStamp=intval($secsAfterADEpoch-$AD2Unix);
        $myDate = date("Y-m-d H:i:s", $unixTimeStamp); // formatted date
        return $myDate;
}
//ADAM query test
//Connecting ...
$ds=ldap_connect("Your ADAM server"); // must be a valid ADAM server!
#echo "connect result is ".$ds." ";
if ($ds) {
//Binding ...
$r=ldap_bind($ds, "CN=(Your's CN), OU=(your's OU), OU=Users, DC=(Your's DC), DC=(your's dc)", "(password)"); 
// this is an "anonymous" bind, typically read-only access
//Searching for (sn=S*) ...
// Search surname entry
$sr=ldap_search($ds,"OU=(OU),OU=Users,DC=(DC),DC=(DC)", "uid=*");
//Getting entries ...
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++) {
$dn=$info[$i]["dn"];
$first_cn_entry_is=$info[$i]["cn"][0];
$first_email_entry_is=$info[$i]["mail"][0];
$ad_date=utf8_decode($info[$i]["pwdlastset"][0]);
convert_AD_date("$ad_date");
        $myDate=convert_AD_date("$ad_date");
        $pos=strpos($myDate, " ");
        $firstField=substr($myDate, 0, $pos+1);
        $ExpireDate = strtotime(date("Y-m-d", strtotime($firstField)). "+3 month");
// Calculate the occurance to shoot a mail
        $mail_month = strtotime(date("Y-m-d", strtotime($firstField)). "+2 month");
        $mail_week = strtotime('-3 week', strtotime(date("Y-m-d", $ExpireDate)));
        $mail_day = strtotime('-4 days', strtotime(date("Y-m-d", $ExpireDate)));
        $Month=date("Y-m-d", $mail_month);
        $Week=date("Y-m-d", $mail_week);
        $Days=date("Y-m-d", $mail_day);
// Calculate Expiry date as per password policy
        $Passwd_expire_on=date('l dS \o\f F Y', $ExpireDate);
// Here we'll check validity
        $todayDate = date("Y-m-d");
        $expDate = date("Y-m-d", $ExpireDate);
        $today = strtotime($todayDate);
        $exp_date = strtotime($expDate);
        if ($exp_date < $today) {
        $valid="yes";
        //$valid = "Allready Expired..........";
        } else {
        $valid="no";
        //$valid = "Will Expire on $expDate ";
}
// Send a mail to the user before one month/three weeks and before 4days (three times) expiry date. 
$subject="ADAM password will expired on $Passwd_expire_on";
$message = "Hello  $first_cn_entry_is \n Please use the following link and change your ADAM password before it got expired. \n  (Mention URL to change password)";
$headers = 'From: ADAM_Admin@yourDomain.com' . "\r\n" .
    'Reply-To: ADAM_Admin@yourDomain.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
if ($valid==no && $todayDate == $Month)
         mail($first_email_entry_is, $subject, $message, $headers);
   elseif ($valid==no && $todayDate == $Week)
         mail($first_email_entry_is, $subject, $message, $headers);
   elseif ($valid==no && $todayDate == $Days)
          mail($first_email_entry_is, $subject, $message, $headers);
else
          $ans="\nWill mail latter";
}
//Closing connection
ldap_close($ds);
} else {
//Unable to connect to ADAM server
}
?>

Curtsy:  Many information / logic have taken directly from internet/forum. But the idea is came out from the requirement of my project and accordingly the logic has implemented.
Posted by at No comments:
Subscribe to: Posts (Atom)