Submitted by abitowhit on Thu, 09/09/2021 - 18:43
My first project will be creating a
DoubleTap php version.
Tap
The first part of the doubletap in php is to set a doubletap cookie or session value.
This can be done in many ways but my initial thought was to pass a GET value when hitting the page.
For example, to see the doubletap content you would have to pass:
page?doubletapIP=192.168.33.1 (i.e. pass the client IP address.. which would suck in ipv6 heh)
The more I think about it, passing a GET value may not be complex enough where passing a doubletap token via GET or POST from another may be more secure because you don't require any input from the client. So the client doubletap IP is gathered when you hit the first page and then presented via token on the doubletap content page.
In the single page visit scenario, you pass the doubletap token and it sets a doubletap cookie.
Only you know that doubletap is on that page so only you know to pass your IP address to the page.
In the double page visit scenario, you visit the first page, pick up the doubletap token and then visit the second page.
On the pages you want protected by doubletap you simply insert javascript to look for doubletap. If it is set, display the information you want protected, such as a login form.
pow pow. heh.
To make it even more difficult you could have the doubletap on an entirely separate website, check the referrer url and pass the doubletap criteria via a GET action.
Tap
Once the doubletap cookie is set your form will become available.. the javascript hiding the form or content is removed.
Still a Work In Progress...
