3 <title>Create User Account
</title>
4 <SCRIPT TYPE=
"text/ssperl" CGI='$LOGINTICKET $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'
>
5 ::create_login_file(
"~/Private/.Passwords",
"~/Private/.Sessions", $REMOTE_ADDR);
8 <SCRIPT type=
"text/javascript" LANGUAGE=
"JavaScript">
9 <SCRIPT TYPE=
"text/ssperl" SRC=
"./JavaScript/CreateUserPage.js"></SCRIPT>
15 <table width='
100%'
><tr>
16 <td style='text-align: left'
><a href=
"/index.html">Home
</a></td>
17 <td style='text-align: right'
><a href=
"?LOGOUT">Logout
</a></td>
20 <p ALIGN=RIGHT
><a href=
"index.html">Private Home page
</a><br />
21 <a href=
"ChangePassword.html">Change Password
</a><br />
22 <SCRIPT TYPE=
"text/ssperl" CGI='@CAPABILITIES $LOGINUSERNAME'
>
24 if($ENV{'EnforceCreateUser'} && ! grep(/^CreateUser$/, @CAPABILITIES))
27 $banner =<<
"ENDOFNOAUTHORIZATION BANNER";
28 <h1 style=
"text-align: center; color: Red">$LOGINUSERNAME: You are not authorized to create a new user account
</h1>
29 <h2 style=
"text-align: center; color: Red">Please contact your administrator
</h2>
33 ENDOFNOAUTHORIZATION BANNER
41 <h1 align=CENTER
>Create new user account
</h1>
42 <SCRIPT TYPE=
"text/ssperl" CGI='$NEWACCOUNTTEXT'
>
43 if($NEWACCOUNTTEXT =~ /\S/)
46 if($NEWACCOUNTTEXT =~ /Username\:\s+([^\n]+)(\n|$)/isg)
49 $filename =~ s/[^\w]/_/isg;
51 print STDOUT <<
"ENDOFPRINTNEWACCOUNTTEXT";
52 Paste this text into a file with name
<em>$filename
</em>
56 ENDOFPRINTNEWACCOUNTTEXT
63 <form method=
"POST" action=
"CreateUser.html" id=
"LoginForm"
64 onSubmit='CreateUserSubmit ()'
>
65 <div style=
"margin-left: 20%; margin-right: 20%; text-align: left">
66 <table cellspacing=
"5" >
68 <td style=
"text-align: right">Password:
</td>
69 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"PASSWORD" id=
"PASSWORD" size=
"50" /></td>
71 <tr><td> </td><td> </td></tr>
72 <tr><td> </td><td>New user account settings
</td></tr>
75 <td style=
"text-align: right">New Username:
</td>
76 <td style=
"text-align: left">
77 <input type=
"text" name=
"NEWUSERNAME" id=
"NEWUSERNAME" size=
"30" />
81 <td style=
"text-align: right">New Password:
</td>
82 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"NEWPASSWORD" id=
"NEWPASSWORD" size=
"50" />
85 <td style=
"text-align: right">Repeat Password:
</td>
86 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"NEWPASSWORDREP" id=
"NEWPASSWORDREP" size=
"50" onChange=
"check_password_fields();"/></td>
89 <td style=
"text-align: right"></td>
90 <td style=
"text-align: left">Account Settings
</td>
93 <td style=
"text-align: right">Allowed Paths:
</td>
94 <td style=
"text-align: left"><input type=
"TEXT" name=
"ALLOWEDPATHS" id=
"ALLOWEDPATHS" size=
"50" value=
"# ; separated perl regex" /></td>
97 <td style=
"text-align: right">Allowed IP addresses:
</td>
98 <td style=
"text-align: left"><input type=
"TEXT" name=
"IPADDRESS" id=
"IPADDRESS" size=
"50" value=
"127.0.0.1;# Other (partial) IP addresses" /></td>
101 <td style=
"text-align: right">Session type:
</td>
102 <td style=
"text-align: left">
103 <select name=
"NEWSESSION" id=
"NEWSESSION">
104 <option value =
"SESSION" selected
>SESSION
</option>
105 <option value =
"CHALLENGE">CHALLENGE
</option>
106 <option value =
"IPADDRESS">IPADDRESS
</option>
110 <tr><td> </td><td> </td></tr>
113 <td style=
"text-align: left"><input type=
"submit" id=
"SUBMIT" value=
"Create" style=
"color: Gray" />
114 <input type=
"button" id=
"revealpassword" value=
"Show Passwords" onClick=
"this.value=togglePasswords('Hide', 'Show', this.value);true" /></td>
117 <input type=
"hidden" name=
"CGIUSERNAME" id=
"CGIUSERNAME" size=
"20" value=
<SCRIPT type=
"text/ssperl">$LOGINUSERNAME
</SCRIPT> />
118 <input type=
"hidden" name=
"LOGINTICKET" id=
"LOGINTICKET" value=
"<SCRIPT TYPE="text/ssperl
">$LOGINTICKET</SCRIPT>" />
122 <h2 align=CENTER
>Strong Passwords: It is so easy
</h2>
123 <h3 align=CENTER
>If you only could see what you are typing
</h3>
124 <p style=
"margin-left: 20%; margin-right: 20%; text-align: center">
125 <a href=
"http://xkcd.com/936/" target=
"_blank"><img src=
"http://imgs.xkcd.com/comics/password_strength.png" width=
"60%" /></a>
127 <p style=
"margin-left: 30%; margin-right: 30%; text-align: center">
128 <font style=
"font-size: small">
130 Note: For the procedures used at this site, a basic computer setup can check a billion passwords per second. You need
131 a password (or phrase) strength in the order of
56 bits to be a little secure (one year on a single computer). One of
132 the largest network in the world, Bitcoin mining, can check some
12 terahashes per second (June
2012). This
133 corresponds to checking
6 times
10<sup>12</sup> passwords per second.
134 It would take a passwords strength of ~
68 bits to keep the equivalent of
135 the Bitcoin computer network occupied for around a year before it found
137 An example whould be the phrase '
</em>Sherlock investigates oleander curry in Bath
<em>'.
141 <p style=
"margin-left: 30%; margin-right: 30%; text-align: justify">
142 Your password might be vulnerable to
<a href=
143 "https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force
144 </em></a> guessing. Protections against such attacks are costly in
145 terms of code complexity, bugs, and execution time.
<br /> However,
146 there is a very simple and secure counter measure. See the
<a href=
147 "http://xkcd.com/936/" target=
"_blank">XKCD comic
</a> above. The
148 phrase,
<em>There is no password like more password
</em> would be
149 both much easier to remember, and still stronger than
<em>h4]D%@m:
49
150 </em>, at least before this phrase was pasted as an example on the
151 Internet.
<br /> Please be so kind and add the name of your favorite
152 flower, dish, fictional character, or small town to your password.
153 Say,
<em>Oleander
</em>,
<em>Curry
</em>,
<em>Sherlock
</em>, or
154 <em>Bath
</em>, UK (each adds ~
12 bits) or even the phrase
155 <em>Sherlock investigates oleander curry in Bath
</em> (adds
> 56 bits,
156 note that oleander is
<em>poisonous
</em>, so do not try this curry at home).
157 That would be more effective than adding a thousand rounds of encryption.
158 Typing long passwords without seeing what you are typing is problematic.
159 So a button should be included to make password visible.
165 The Salt and Ticket values are all created using SHA256 on
64 Byte of output from
<em>/dev/urandom
</em> in HEX.
167 <FONT STYLE=
"font-size:small">
168 <p> Example Login page for CGIscriptor.pl
<br />
169 Copyright
© 2012 R.J.J.H. van Son
<br />
170 This program is free software: you can redistribute it and/or modify
171 it under the terms of the GNU General Public License as published by
172 the Free Software Foundation, either version
3 of the License, or
173 (at your option) any later version.
174 This program is distributed in the hope that it will be useful,
175 but WITHOUT ANY WARRANTY; without even the implied warranty of
176 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
177 GNU General Public License for more details.
<br />
178 You should have received a copy of the GNU General Public License
179 along with this program. If not, see
<a href=
"http://www.gnu.org/licenses/">http://www.gnu.org/licenses/
</a>.
181 <p> A JavaScript implementation of the SHA family of hashes, as defined in FIPS
182 PUB
180-
2 as well as the corresponding HMAC implementation as defined in
184 Version
1.3 Copyright Brian Turek
2008-
2010
185 Distributed under the BSD License
<br />
186 See
<a href=
"http://jssha.sourceforge.net/">http://jssha.sourceforge.net/
</a> for more information
<br />
187 Several functions taken from Paul Johnson