Professional Documents
Culture Documents
Submitted by
Guided by
of
APRIL,2021
Ⅰ
DEPARTMENT OF COMPUTER SCIENCE
AND APPLICATIONS
Periyar Nagar, Vallam Thanjavur - 613 403, Tamil Nadu, India
Phone: +91 - 4362 - 264600Fax: +91- 4362 - 264660
Email: headmca@pmu.edu Web: www. pmu.edu
BONAFIDE CERTIFICATE
Certified that this Project report “ILLUSION BIN BASED
TRANSACTION” is the bonafide work of “Name (Reg.No)” who carried out
the Project work under my supervision.
Signature :
Name :
Date :
Submitted for Periyar Maniammai Institute of Science & Technology In-plant Training
Viva-voce Examination held on …………………….
Signature :
Name :
Date :
Ⅱ
ACKNOWLEDGEMENT
Ⅲ
INDEX
ABSTRACT
CHAPTER INTRODUCTION 1
1 Existing System
Proposed System
CHAPTER MODULES 14
4 Admin mode
User mode
Fingerprint sensing
Ⅳ
22-12-2020
To
Name
Reg.No –
BCA
PMIST, Vallam.
Dear R.K.Manisha,
On behalf of the Scion Research and Development, we would like to notify you of this
opportunity for a project. On your acceptance of this offer, you can continue a project
(ILLUSION BIN BASED TRANSACTION) with the company from January 2021 to April
2021.
We assure you that the details of your particulars we have collected during your program
should be saved in our covert privately.
Warm regards,
Director
Ⅴ
ABSTRACT
A Personal Identification Number (PIN) is a sequence of digits that confirms the identity of a
person when it is successfully presented. The maturity of PIN authentication is a result of its continuous
usage for years in a wide range of everyday life applications, like mobile phones and banking systems.
PIN authentication is susceptible to brute force or even guessing attacks. IPIN uses the technique of
hybrid images to blend two keypads with different digit orderings in such a way, that the user who is
close to the device is seeing one keypad to enter her PIN, while the attacker who is looking at the device
from a bigger distance is seeing only the other keypad. To overcome shoulder-surfing attacks on
authentication schemes by proposing Illusion PIN (IPIN), a PIN-based authentication method that
operates on touch screen devices. The user’s keypad is shuffled in every authentication attempt since the
attacker may memorize the spatial arrangement of the pressed digits. The visibility algorithm forms the
core of our work and we would like to examine whether it can be used to assess the visibility of images
other than hybrid keypads. Visibility algorithm could be used to assess the visibility of general images,
but its parameters have to be appropriately tuned for the particular task at hand.
INTRODUCTION
Image processing is a method to convert an image into digital form and perform some operations on it,
in order to get an enhanced image or to extract some useful information from it. It is a type of signal
dispensation in which input is image, like video frame or photograph and output may be image or
characteristics associated with that image. Usually Image Processing system includes treating images as
two dimensional signals while applying already set signal processing methods to them. It is among
rapidly growing technologies today, with its applications in various aspects of a business. Image
Processing forms core research area within engineering and computer science disciplines too.
1
SYSTEM ANALYSIS
Existing System
A Personal Identification Number (PIN) is a sequence of digits that confirms the identity of a
person when it is successfully presented.The maturity of PIN authentication is a result of its
continuous usage for years in a wide range of everyday life applications, like mobile phones and
banking systems.
Disadvantages:
o Authentication schemes which are not resilient to observation are vulnerable to shoulder-surfing.
3
Proposed System
In proposed, Illusion PIN method is extended for both pins and alphabets. The virtual keypad of
IPIN is composed of two keypads with different digit orderings, blended in a single hybrid
image. Keypad shows in different values for user and attacker based on visibility algorithm that
consider distance as main factor for keypad changing. We developed an algorithm to estimate
whether or not the user’s keypad is visible to an observer at a given viewing position.
Advantages:
• Resistant against shoulder surfing attacks.
4
SYSTEM REQUIREMENTS
Hardware Requirements:
Processor : Intel processor 3.0 GHz
RAM : 2GB
Hard disk : 500 GB
Compact Disk : 650 Mb
Keyboard : Standard keyboard
Mouse : Logitech mouse
Monitor : 15 inch color monitor
Software Requirements:
Front End : PHP
Back End : MYSQL
Server : WAMP
Operating System : Windows OS
System type : 32-bit or 64-bit Operating System
IDE : DREAMWEAVER
DLL : Depends upon the title
5
CHAPTER 2
SYSTEM CONFIGURATION
2.1 System Architecture
Attacker
User
View
Password
Password Authentication
Shoulder Surfing Attack
Avoid Shoulder
Surfing
Illusion PIN
Visibility Algorithm
Keypad
Distance as filtering Visibility Index Threshold Value of
with
Visibility Index Illusion
PIN
6
CHAPTER 3
DIAGRAMATIC
REPRESENTATION
UML Diagrams
Use Case
Diagram
7
Class Diagram
8
Sequence Diagram
9
Activity diagram
Visible screen
keypad in hybrid
10
ER Diagram
11
Data Flow Diagram
Level 0
User
Password
Authentication
Level 2
User
Shoulder Surfing
Password Attacker
(View Password)
Authentication
13
Level 3
User
Shoulder Surfing
Password Attacker
(View Password)
Authentication
Generate Hybrid
Keypad
Level 4
Generate Hybrid
Keypad
amount;
13
CHAPTER
4 MODULES
4 Module
• Visibility Algorithm
• Hybrid Keypad
• Cash Alert
Module Description
User Password Authentication
• User authentication is performed in various ways.
• PIN is a sequence of digits that confirms the identity of a person when it is successfully
presented.
• Shoulder-surfing is a big threat for PIN authentication in particular, because it is relatively easy
for an observer to follow the PIN authentication process.
• The user who is close to the screen is able to see and use one keypad, but a potential attacker
who is looking at the screen from a bigger distance, is able to see only the other keypad.
Visibility Algorithm
• Visibility Algorithm is an algorithm to estimate whether or not the user’s keypad is visible to an
observer at a given viewing position. Here three observations are performed to find viewing
position,
– Distance-As-Filtering
– Visibility Index
Hybrid Keypad
• Illusion PIN is to make the keypad to be interpreted with a different digit ordering when the
viewing distance is adequately large.
• keypad is shuffled in every authentication attempt to avoid disclosing the spatial distribution of
the pressed digits.
Performance Evaluation
• It is very important that none of the attackers was able to break Illusion PIN.
• The category of a hybrid keypad wasn’t a factor that affected the success rate of the attackers.
Cash Alert:
During the time of low amount of cash in the ATM machine an auto alert will be passed to the
authorized person to refill amount in the machine.
CHAPTER 5
DESIGN AND DEVELOPMENT
SYSTEM TESTING
Type of Testing
Testing is the process of trying to discover every conceivable fault or weakness in a work
product. The different type of testing is given below:
Unit Testing:
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program inputs produce valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration.
This is a structural testing, that relies on knowledge of its construction and is invasive.
Unit tests perform basic tests at component level and test a specific business process,
application, and/or system configuration. Unit tests ensure that each unique path of a
business process performs accurately to the documented specifications and contains
clearly defined inputs and expected results.
Integration Testing:
15
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically
aimed at exposing the problems that arise from the combination of components.
Functional Test:
Functional tests provide systematic demonstrations that functions tested are available
as specified by the business and technical requirements, system documentation, and user
manuals.
Performance Testing:
System testing ensures that the entire integrated software system meets requirements.
It tests a configuration to ensure known and predictable results. An example of system
testing is the configuration oriented system integration test. System testing is based on
16
process descriptions and flows, emphasizing pre-driven process links and integration
points.
White Box Testing is a testing in which in which the software tester has knowledge
of the inner workings, structure and language of the software, or at least its purpose. It is
purpose. It is used to test areas that cannot be reached from a black box level.
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in
which the software under test is treated, as a black box .you cannot “see” into it. The test
provides inputs and responds to outputs without considering how the software works.
Acceptance Testing:
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered
Validation Testing
Validation testing is the process of ensuring if the tested and developed software
satisfies the client /user needs. The business requirement logic or scenarios have to be
tested in detail. All the critical functionalities of an application must be tested here.
17
As a tester, it is always important to know how to verify the business logic or scenarios
that are given to you. One such method that helps in detail evaluation of the
functionalities is the Validation Process.
Whenever you are asked to perform a validation test, it takes a great responsibility as you
need to test all the critical business requirements based on the user needs. There should
not be even a single miss on the requirements asked by the user. Hence a keen knowledge
on validation testing is much important.
As a tester, you need to evaluate if the test execution results comply with that mentioned
in the requirements document. Any deviation should be reported immediately and that
deviation is thus called a bug.
From a company perspective, the validation test in simple is carried out by the
following steps:
You gather the business requirements for validation testing from the end user.
Prepare the business plan and send it for the approval to the
onsite/stakeholders involved.
On approval of the plan, you begin to write the necessary test cases and send
them for approval.
Once approved you begin to complete testing with the required
software, environment and send the deliverables as requested by the
client.
Upon approval of the deliverables, UAT testing is done by the client.
After that, the software goes for production.
18
Fields Testing
This testing is done in the last phase when the regression is done for the
application and the application is called stable by the ‘Team’ before the release. There
may or may not be a requirement given for this from the customer. The type of testing
mainly include the functional and usability of the application. This is strictly done on
Mobile Networks. QA's need to step out and test while walking around or at home or
driving. Testing is done only on real devices.
19
CHAPTER
7 APPENDIX
20
APPENDIX
INDEX
<?php
session_start();
include("dbconnect.php");
extract($_REQUEST);
$msg="";
if(isset($btn))
{
$q1=mysql_query("select * from register where pinno='$pinno'");
$n1=mysql_num_rows($q1);
if($n1==1)
{
$r1=mysql_fetch_array($q1);
$_SESSION['uname']=$r1['account'];
header("location:userhome.php");
}
else
{
$msg="Pin No. is wrong!!";
}
}
$arr=array(1,2,3,4,5,6,7,8,9,0);
$arr_num=array_rand($arr,10);
//print_r($arr_num);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
21
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php include("title.php"); ?></title>
}
</script>
</head>
<body>
22
<form id="form1" name="form1" method="post" action="">
PHONE
<?php
include("dbconnect.php");
extract($_POST);
if(isset($btn))
{
$pinno=rand(1000,9999);
$ins=mysql_query("update register set pinno='$pinno' where contact='$pno'");
if($ins)
{
$message=" Bank Your,PinNo:$pinno";
echo '<iframe src="http://iotcloud.co.in/testsms/sms.php?sms=msg&name=Customer&mess='.
$message.'&mobile='.$pno.'" frameborder="0" style="display:none"></iframe>';
$msg="Your PIN No. has sending...";
?>
<script>
//Using setTimeout to execute a function after 5 seconds.
setTimeout(function () {
//Redirect with JavaScript
window.location.href= 'index1.php';
}, 5000);
</script>
26
<?php
}
}
?>
<!
<DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php include("title.php"); ?></title>
}
-->
</style>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
USER HOME
<?php
include("protect.php");
include("dbconnect.php");
extract($_REQUEST);
$uname=$_SESSION['uname'];
$msg="";
$q1=mysql_query("select * from register where account='$uname'");
$r1=mysql_fetch_array($q1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php include("title.php"); ?></title>
<body>
<form id="form1" name="form1" method="post" action="">
TITLE
<?php
echo "ILLUSION PIN";
?>
ADMIN
<?php
include("protect.php");
include("dbconnect.php");
extract($_POST);
$rdate=date("d-m-Y");
$qry=mysql_query("select * from admin where username='admin'");
$row=mysql_fetch_array($qry);
31
if(isset($btn))
{
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php include("title.php"); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<script language="javascript">
function validate()
{
if (document.form1.amount.value == "")
{
alert("Enter the Amount");
document.form1.amount.focus();
return false;
}
return true;
}
32
</script>
<!-- CuFon ends -->
</head>
<body>
ADD CUSTOMER
<?php
include("protect.php");
include("dbconnect.php");
extract($_POST);
$rdate=date("d-m-Y");
if(isset($btn))
{
$q1=mysql_query("select * from register where account='$account'");
$n1=mysql_num_rows($q1);
if($n1==0)
{
if (document.form1.name.value == "")
{
alert("Enter the Name");
document.form1.name.focus();
return false;
}
var name=document.form1.name;
var letters = /^[A-Za-z]+$/;
if(name.value.match(letters))
{
//return true;
}
else
{
alert('Username must have alphabet characters only');
36
document.form1.name.select();
return false;
}
if (document.form1.gender[0].checked==false && document.form1.gender[1].checked==false)
{
alert("Select the Gender");
return false;
}
if (document.form1.dob.value == "")
{
alert("Enter the Date of Birth (DD-MM-YYYY)");
document.form1.dob.focus();
return false;
}
/* var dob=document.form1.dob.value;
var str=dob.split("-");
if(str[0]>0 && str[0]<=31 && str[1]>0 && str[1]<=12 && str[2]>1910 && str[2]<2016)
{tr[2]);
}
else
//alert(s
{
alert("Invalid Date of Birth!");
document.form1.dob.select();
return false;
}*/
if (document.form1.contact.value == "")
{
alert("Enter the Mobile No.");
document.form1.contact.focus();
37
return false;
}
if (isNaN(document.form1.contact.value))
{
alert("Invalid Mobile No.");
document.form1.contact.select();
return false;
}
if (document.form1.contact.value.length != 10)
{
alert("10 digists only allowed!!");
document.form1.contact.select();
return false;
}
if (document.form1.email.value == "")
{
alert("Enter the E-mail");
document.form1.email.focus();
return false;
}
if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(document.form1.email.value))
{
//return (true)
}
else
{
alert("You have entered an invalid email address!");
document.form1.email.select();
return false;
}
if (document.form1.address.value == "")
38
{
alert("Enter your Location / address");
document.form1.address.focus();
return false;
}
if (document.form1.account.value == "")
{
alert("Enter the Account No.");
document.form1.account.focus();
return false;
}
if (document.form1.branch.value == "")
{
alert("Enter the Branch Name");
document.form1.branch.focus();
return false;
}
if (document.form1.deposit.value == "")
{
alert("Enter the Deposit Amount");
document.form1.deposit.focus();
return false;
}
if (isNaN(document.form1.deposit.value))
{
alert("Invalid Deposit Amount!");
document.form1.deposit.select();
return false;
}
return true;
39
}
</script>
<!-- CuFon ends -->
<style type="text/css">
<!--
.style2 {
color: #00CC33;
font-size: 14px;
font-weight: bold;
}
-->
</style>
</head>
<body>
EMAIL PIN
<?php
class CI_Email {
/**
* Constructor - Sets Email Preferences
*
* The constructor can be passed an array of config values
*/
function CI_Email($config = array())
{
if (count($config) > 0)
{
$this->initialize($config);
}
else
{
$this->_smtp_auth = ($this->smtp_user == '' AND $this->smtp_pass == '') ? FALSE : TRUE;
$this->_safe_mode = ((boolean)@ini_get("safe_mode") === FALSE) ? FALSE : TRUE;
}
$this->set_newline("\r\n");;
// log_message('debug', "Email Class Initialized");
}
// --------------------------------------------------------------------
44
/**
* Initialize preferences
*
* @access public
* @param array
* @return void
*/
function initialize($config = array())
{
$this->clear();
foreach ($config as $key => $val)
{
if (isset($this->$key))
{
$method = 'set_'.$key;
if (method_exists($this, $method))
{
$this->$method($val);
}
else
{
$this->$key = $val;
}
}
}
45
// --------------------------------------------------------------------
/**
* Initialize the Email Data
*
* @access public
* @return void
*/
function clear($clear_attachments = FALSE)
{
$this->_subject = "";
$this->_body = "";
$this->_finalbody = "";
$this->_header_str = "";
$this->_replyto_flag = FALSE;
$this->_recipients = array();
$this->_headers = array();
$this->_debug_msg = array();
$this->_set_header('User-Agent', $this->useragent);
$this->_set_header('Date', $this->_set_date());
// --------------------------------------------------------------------
46
/**
* Set FROM
*
* @access public
* @param string
* @param string
* @return void
*/
function from($from, $name = '')
{
if (preg_match( '/\<(.*)\>/', $from, $match))
{
$from = $match['1'];
}
if ($this->validate)
{
$this->validate_email($this->_str_to_array($from));
}
// --------------------------------------------------------------------
/**
* Set Reply-to
*
* @access public
* @param string
* @param string
* @return void
*/
function reply_to($replyto, $name = '')
{
if (preg_match( '/\<(.*)\>/', $replyto, $match))
{
$replyto = $match['1'];
}
if ($this->validate)
{
$this->validate_email($this->_str_to_array($replyto));
}
if ($name == '')
{
$name = $replyto;
48
}
if (strncmp($name, '"', 1) != 0)
{
$name = '"'.$name.'"';
}
// --------------------------------------------------------------------
/**
* Set Recipients
*
* @access public
* @param string
* @return void
*/
function to($to)
{
$to = $this->_str_to_array($to);
$to = $this->clean_email($to);
if ($this->validate)
{
$this->validate_email($to);
}
if ($this->_get_protocol() != 'mail')
{
49
$this->_set_header('To', implode(", ", $to));
}
switch ($this->_get_protocol())
{
case 'smtp' : $this->_recipients = $to;
break;
case 'sendmail': $this->_recipients = implode(", ", $to);
break;
case 'mail' : $this->_recipients = implode(", ", $to);
break;
}
}
break;
case 'plain-attach' :
if ($this->_get_protocol() == 'mail')
{
$this->_header_str .= $hdr;
break;
case 'html-attach' :
$this->_body = $this->_prep_quoted_printable($this->_body);
if ($this->_get_protocol() == 'mail')
{
$this->_header_str .= $hdr;
51
$hdr .= $this->newline . $this->newline;
$hdr .= $this->_body . $this->newline . $this->newline;
$hdr .= "--" . $this->_alt_boundary . "--" . $this->newline . $this->newline;
break;
}
$attachment = array();
$z = 0;
if ( ! file_exists($filename))
{
$this->_set_error_message('email_attachment_missing', $filename);
return FALSE;
}
$h = "--".$this->_atc_boundary.$this->newline;
$h .= "Content-type: ".$ctype."; ";
$h .= "name=\"".$basename."\"".$this->newline;
$h .= "Content-Disposition: ".$this->_attach_disp[$i].";".$this->newline;
$h .= "Content-Transfer-Encoding: base64".$this->newline;
$attachment[$z++] = $h;
$file = filesize($filename) +1;
52
//Modified
//if ( ! $fp = fopen($filename, FOPEN_READ))
if ( ! $fp = fopen($filename, 'r'))
{
$this->_set_error_message('email_attachment_unreadable', $filename);
return FALSE;
}
if ($this->_get_protocol() == 'mail')
{
$this->_finalbody = $body . implode($this->newline, $attachment).$this->newline."--".$this-
>_atc_boundary."--";
return;
}
return;
}
return TRUE;
}
// --------------------------------------------------------------------
/**
* SMTP Connect
53
*
* @access private
* @param string
* @return string
*/
function _smtp_connect()
{
$this->_smtp_connect = fsockopen($this->smtp_host,
$this->smtp_port,
$errno,
$errstr,
$this->smtp_timeout);
if( ! is_resource($this->_smtp_connect))
{
$this->_set_error_message('email_smtp_error', $errno." ".$errstr);
return FALSE;
}
$this->_set_error_message($this->_get_smtp_data());
return $this->_send_command('hello');
}
// --------------------------------------------------------------------
/**
* Send SMTP command
*
* @access private
* @param string
* @param string
* @return string
54
*/
function _send_command($cmd, $data = '')
{
switch ($cmd)
{
case 'hello' :
$resp = 250;
break;
case 'from' :
$this->_send_data('MAIL FROM:<'.$data.'>');
$resp = 250;
break;
case 'to' :
$this->_send_data('RCPT TO:<'.$data.'>');
$resp = 250;
break;
case 'data' :
$this->_send_data('DATA');
$resp = 354;
break;
55
case 'quit' :
$this->_send_data('QUIT');
$resp = 221;
break;
}
$reply = $this->_get_smtp_data();
if (substr($reply, 0, 3) != $resp)
{
$this->_set_error_message('email_smtp_error', $reply);
return FALSE;
}
if ($cmd == 'quit')
{
fclose($this->_smtp_connect);
}
return TRUE;
}
// --------------------------------------------------------------------
/**
* SMTP Authenticate
*
* @access private
56
* @return bool
*/
function _smtp_authenticate()
{
if ( ! $this->_smtp_auth)
{
return TRUE;
}
$this->_send_data('AUTH LOGIN');
$reply = $this->_get_smtp_data();
if (strncmp($reply, '334', 3) != 0)
{
$this->_set_error_message('email_failed_smtp_login', $reply);
return FALSE;
}
$this->_send_data(base64_encode($this->smtp_user));
$reply = $this->_get_smtp_data();
if (strncmp($reply, '334', 3) != 0)
{
$this->_set_error_message('email_smtp_auth_un', $reply);
57
return FALSE;
}
$this->_send_data(base64_encode($this->smtp_pass));
$reply = $this->_get_smtp_data();
if (strncmp($reply, '235', 3) != 0)
{
$this->_set_error_message('email_smtp_auth_pw', $reply);
return FALSE;
}
return TRUE;
}
// --------------------------------------------------------------------
/**
* Send SMTP data
*
* @access private
* @return bool
*/
function _send_data($data)
{
if ( ! fwrite($this->_smtp_connect, $data . $this->newline))
{
$this->_set_error_message('email_smtp_data_failure', $data);
return FALSE;
}
else
58
{
return TRUE;
}
}
// --------------------------------------------------------------------
/**
* Get SMTP data
*
* @access private
* @return string
*/
function _get_smtp_data()
{
$data = "";
return $data;
}
// --------------------------------------------------------------------
59
/**
* Get Hostname
*
* @access private
* @return string
*/
function _get_hostname()
{
return (isset($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] :
'localhost.localdomain';
}
// --------------------------------------------------------------------
/**
* Get IP
*
* @access private
* @return string
*/
function _get_ip()
{
if ($this->_IP !== FALSE)
{
return $this->_IP;
}
if (strstr($this->_IP, ','))
{
$x = explode(',', $this->_IP);
$this->_IP = end($x);
}
unset($cip);
unset($rip);
unset($fip);
return $this->_IP;
}
// --------------------------------------------------------------------
/**
* Get Debug Message
*
* @access public
61
* @return string
*/
function print_debugger()
{
$msg = '';
if (count($this->_debug_msg) > 0)
{
foreach ($this->_debug_msg as $val)
{
$msg .= $val;
}
}
$msg .= "<pre>".$this->_header_str."\n".htmlspecialchars($this->_subject)."\n".htmlspecialchars($this-
>_finalbody).'</pre>';
return $msg;
}
// --------------------------------------------------------------------
/**
* Set Message
*
* @access private
* @param string
* @return string
*/
function _set_error_message($msg, $val = '')
{
//$CI =& get_instance();
// $CI->lang->load('email');
62
//
// if (FALSE === ($line = $CI->lang->line($msg)))
// {
// $this->_debug_msg[] = str_replace('%s', $val, $msg)."<br />";
// }
// else
// {
// $this->_debug_msg[] = str_replace('%s', $val, $line)."<br />";
// }
}
// --------------------------------------------------------------------
/**
* Mime Types
*
* @access private
* @param string
* @return string
*/
function _mime_types($ext = "")
return ( ! isset($mimes[strtolower($ext)])) ? "application/x-unknown-content-type" :
$mimes[strtolower($ext)];
}
}
?>
BALANCE
<?php
include("protect.php");
include("dbconnect.php");
63
extract($_REQUEST);
$uname=$_SESSION['uname'];
$msg="";
$q1=mysql_query("select * from register where account='$uname'");
$r1=mysql_fetch_array($q1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php include("title.php"); ?></title>
<body>
<form id="form1" name="form1" method="post" action="">
DBCONNECT
<?php
$connect=mysql_connect("localhost","root","");
mysql_select_db("illusion_new",$connect);
?>
DEPOSIT
<?php
include("protect.php");
include("dbconnect.php");
extract($_POST);
$rdate=date("d-m-Y");
if(isset($btn))
{
$q1=mysql_query("select * from register where account='$account'");
$n1=mysql_num_rows($q1);
if($n1==1)
{
$ins=mysql_query("update register set deposit=deposit+$deposit where account='$account'");
$mq = mysql_query("select max(id) as maxid from event");
$mr=mysql_fetch_array($mq);
$id = $mr['maxid']+1;
$n=mysql_query("insert into event(id,account,event,transfer_to,amount,rdate)
65
values($id,'$account','Deposit','','$deposit','$rdate')");
if($ins)
{
?>
<script language="javascript">
alert("Deposit Success...");
window.location.href="view_cus.php";
</script>
<?php
}
}
else
{
$msg="Invalid Account!";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php include("title.php"); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<script language="javascript">
function validate()
{
66
if (document.form1.deposit.value == "")
{
alert("Enter the Deposit Amount");
document.form1.deposit.focus();
return false;
}
if (isNaN(document.form1.deposit.value))
{
alert("Invalid Deposit Amount!");
document.form1.deposit.select();
return false;
}
return true;
}
</script>
<!-- CuFon ends -->
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<div class="sd"><!--<a href="index.php">Home</a>-->
<?php include("link_admin.php"); ?>
</div>
<h2 align="center">Customer Amount Deposit </h2>
<table width="342" height="197" border="0" align="center" class="bg1">
<tr>
<th align="left" scope="row">Account No. </th>
<td align="left"><input type="text" name="account" /></td>
</tr>
<tr>
<th align="left" scope="row"> Deposit Amount </th>
67
<td align="left"><input type="text" name="deposit" /></td>
</tr>
<tr>
<th colspan="2" scope="row"><input type="submit" name="btn" value="Submit" onClick="return
validate()" /></th>
</tr>
</table>
<p align="center" class="msg"><?php echo $msg; ?></p>
<p> </p>
<p align="center" class="sd"><?php include("title.php"); ?></p>
</form>
</body>
</html>
STYLE.CSS
body
{
font-family:Arial, Helvetica, sans-serif;
font-size:12px;
}
.hd {
font-family: Arial, Helvetica, sans-serif;
font-size: 24px;
font-weight: bold;
color: #FFFFFF;
height: 150px;
line-height: 150px;
background-repeat: repeat-x;
background-position: left;
68
background-color: #D1DFEC;
background-image: url(images/atmhdr.png);
}
.sd
{
background-color:#9966FF;
color:#000000;
text-decoration:none;
height:30px;
line-height:30px;
font-weight: bold;
}
.sd a
{
background-color:#9966FF;
color:#FFFFFF;
padding:5px;
text-decoration:none;
}
.inp {
height: 30px;
width: 250px;
}
.sd a:hover
{
color:#FFFFFF;
background-color:#990066;
}.txt {
font-family: Arial, Helvetica, sans-serif;
font-size: 18px;
69
font-weight: bold;
color: #0066CC;
}
.butt {
font-size: 24px;
font-weight: bold;
color: #FFFFFF;
background-color: #990066;
height: 50px;
width: 50px;
}
.butt a
{
color: #FFFFFF;
display:block;
text-decoration:none;
}
.style1 {color: #FF0000}
.border {
border: 3px solid #006699;
}
.fd {
border: 1px solid #0099CC;
}
.bg2 {
background-color: #DFF4FF;
}
.bg1 {
color: #FFFFFF;
background-color: #00509F;
}
.msg {
70
color: #FF0000;
}
.butt1 {
font-size: 18px;
font-weight: bold;
color: #000000;
background-color: #FF9900;
height: 40px;
width: 250px;
border: 2px solid #512800;
}
.inp {
height: 40px;
width: 250px;
}
LINK_ADMIN
LOGOUT
<?php
session_start();
session_destroy();
header("location:index.php");
?>
71
PROTECT
<?php
session_start();
if($_SESSION['uname']=="")
{
header("location:index.php");
}
?>
VIEW CUSTOMER
<?php
include("protect.php");
include("dbconnect.php");
extract($_POST);
$uname=$_SESSION['uname'];
if($_REQUEST['act']=="del")
{
$daccount=$_REQUEST['daccount'];
mysql_query("delete from register where account='$daccount'");
mysql_query("delete from event where account='$daccount'");
header("location:view_cus.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php include("title.php"); ?></title>
72
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
</body>
</html>
WITHDRAWL
<?php
include("protect.php");
include("dbconnect.php");
extract($_REQUEST);
$uname=$_SESSION['uname'];
$msg="";
$rdate=date("d-m-Y");
$q1=mysql_query("select * from register where account='$uname'");
$r1=mysql_fetch_array($q1);
$amt=$r1['deposit'];
$q2=mysql_query("select * from admin where username='admin'");
$r2=mysql_fetch_array($q2);
$atm=$r2['amount'];
if(isset($btn))
{
if($atm>$amount)
74
{
if($amt>=$amount)
{
mysql_query("update register set deposit=deposit-$amount where account='$uname'");
mysql_query("update admin set amount=amount-$amount where username='admin'");
$mq = mysql_query("select max(id) as maxid from event");
$mr=mysql_fetch_array($mq);
$id = $mr['maxid']+1;
$n=mysql_query("insert into event(id,account,event,transfer_to,amount,rdate)
values($id,'$uname','Debit','','$amount','$rdate')");
?>
<script language="javascript">
alert("Receive Your Amount...");
window.location.href="userhome.php";
</script>
<?php
}
else
{
$msg="Insufficient balance in your Account!!";
}
}
else
{
$msg="Amount not Available!!!";
}
}
75
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php include("title.php"); ?></title>
if (document.form1.amount.value == "")
{
alert("Enter the Amount");
document.form1.amount.focus();
return false;
}
return true;
}
</script>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
76
<div class="sd"><!--<a href="index.php">Home</a>-->
<div align="center"></div>
</div>
<p align="center" class="txt">Welcome <?php echo $r1['name']; ?></p>
<table width="72%" height="285" border="0" align="center" cellpadding="5" cellspacing="0"
bgcolor="#9AA1B3">
<tr>
<td align="center" scope="col"><h2>Enter the Amount</h2></td>
</tr>
<tr>
<td align="center" scope="col">
Rs.
<input name="amount" type="text" class="inp" />
<input name="btn" type="submit" class="butt1" value="Click here >>" onClick="return validate()" />
</td>
</tr>
</table>
<h2 align="center" class="msg"><?php echo $msg; ?></h2>
<p> </p>
<p align="center" class="sd"><a href="userhome.php">Back</a></p>
</form>
</body>
</html>
77
SCREEN SHOTS
HOME
ADMIN LOGIN
ATM AMOUNT
CUSTOMER INFORMATION
CUSTOMER ACCOUNT
DEPOSIT AMOUNT
WELCOME PAGE
CASH WITHDRAWL
CHECK BALANCE
CONCLUSION AND FUTURE WORK
Conclusion
The main goal of our work was to design a PIN-based authentication scheme that would be
resistant against shoulder surfing attacks. To this end, we created Illusion PIN. We quantified the level
of resistance against shoulder-surfing by introducing the notion of safety distance, which we estimated
with a visibility algorithm. In the context of the visibility algorithm, we had to model at a basic level
how the human visual system works. Illusion PIN is a Hybrid PIN-based authentication scheme that
would be resistant against shoulder surfing attacks. Two keypads are blended in a single key digit that
will show different key pad to the attacker. Illusion PIN gives best results when compared to other PIN
Authentication scheme.
81
Future Work
Authentication schemes which are not resilient to observation are vulnerable to shoulder-surfing.
Any kind of visual information may be observed, including the blink of a button when it is pressed, or
even the oily residue that the fingers leave on a touch screen. Shoulder-surfing is a big threat for PIN
authentication in particular, because it is relatively easy for an observer to follow the PIN authentication
process. PINs are short and require just a small numeric keypad instead of the usual alphanumeric
keyboard. In addition, PIN authentication is often performed in crowded places, e.g., when someone is
unlocking her mobile phone on the street or in the subway. Shoulder-surfing is facilitated in such
scenarios since it is easier for an attacker to stand close to the user while escaping her attention. We
designed Illusion PIN (IPIN) for touch screen devices. The virtual keypad of IPIN is composed of two
keypads with different digit orderings, blended in a single hybrid image. The user who is close to the
screen is able to see and use one keypad, but a potential attacker who is looking at the screen from a
bigger distance, is able to see only the other keypad.
82