Private/CreateUser.html

   1 <html>
   2 <head>
   3 <title>Create User Account</title>
   4 <SCRIPT TYPE="text/ssperl" CGI='$LOGINTICKET $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'>
   5         ::create_login_file("~/Private/.Passwords", "~/Private/.Sessions", $REMOTE_ADDR);
   6         "";
   7 </SCRIPT>
   8 <SCRIPT type="text/javascript" LANGUAGE="JavaScript">
   9 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CreateUserPage.js"></SCRIPT>
  10 </script>
  11
  12 </head>
  13 <body>
  14 <p>
  15 <table width='100%'><tr>
  16         <td style='text-align: left'><a href="/index.html">Home</a></td>
  17         <td style='text-align: right'><a href="?LOGOUT">Logout</a></td>
  18 </tr></table>
  19 </p>
  20 <p ALIGN=RIGHT><a href="index.html">Private Home page</a><br />
  21 <a href="ChangePassword.html">Change Password</a><br />
  22 <SCRIPT TYPE="text/ssperl" CGI='@CAPABILITIES $LOGINUSERNAME'>
  23         # Block access to
  24         if($ENV{'EnforceCreateUser'} && ! grep(/^CreateUser$/, @CAPABILITIES))
  25         {
  26                 my $banner = "";
  27                 $banner =<< "ENDOFNOAUTHORIZATION BANNER";
  28 <h1 style="text-align: center; color: Red">$LOGINUSERNAME: You are not authorized to create a new user account</h1>
  29 <h2 style="text-align: center; color: Red">Please contact your administrator</h2>
  30
  31 </body>
  32 </html>
  33 ENDOFNOAUTHORIZATION BANNER
  34
  35                 print STDOUT $banner;
  36                 exit;
  37         };
  38         "";
  39 </SCRIPT>
  40
  41 <h1 align=CENTER>Create new user account</h1>
  42 <SCRIPT TYPE="text/ssperl" CGI='$NEWACCOUNTTEXT'>
  43 if($NEWACCOUNTTEXT =~ /\S/)
  44 {
  45         my $filename = "";
  46         if($NEWACCOUNTTEXT =~ /Username\:\s+([^\n]+)(\n|$)/isg)
  47         {
  48                 $filename = lc($1);
  49                 $filename =~ s/[^\w]/_/isg;
  50         };
  51         print STDOUT << "ENDOFPRINTNEWACCOUNTTEXT";
  52 Paste this text into a file with name <em>$filename</em>
  53 <pre>
  54 $NEWACCOUNTTEXT
  55 </pre>
  56 ENDOFPRINTNEWACCOUNTTEXT
  57 };
  58 "";
  59 </SCRIPT>
  60
  61 </pre>
  62 <p>
  63 <form method="POST" action="CreateUser.html" id="LoginForm"
  64         onSubmit='CreateUserSubmit ()'>
  65 <div style="margin-left: 20%; margin-right: 20%; text-align: left">
  66 <table cellspacing="5" >
  67         <tr>
  68                 <td style="text-align: right">Password:</td>
  69                 <td style="text-align: left"><input type="PASSWORD" name="PASSWORD" id="PASSWORD" size="50" /></td>
  70         </tr>
  71         <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
  72         <tr><td>&nbsp;</td><td>New user account settings</td></tr>
  73
  74         <tr>
  75                 <td style="text-align: right">New Username:</td>
  76                 <td style="text-align: left">
  77                         <input type="text" name="NEWUSERNAME" id="NEWUSERNAME" size="30" />
  78                 </td>
  79         </tr>
  80         <tr>
  81                 <td style="text-align: right">New Password:</td>
  82                 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORD" id="NEWPASSWORD" size="50" />
  83         </td>
  84         <tr>
  85                 <td style="text-align: right">Repeat Password:</td>
  86                 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORDREP" id="NEWPASSWORDREP" size="50" onChange="check_password_fields();"/></td>
  87         </tr>
  88         <tr>
  89                 <td style="text-align: right"></td>
  90                 <td style="text-align: left">Account Settings</td>
  91         </tr>
  92         <tr>
  93                 <td style="text-align: right">Allowed Paths:</td>
  94                 <td style="text-align: left"><input type="TEXT" name="ALLOWEDPATHS" id="ALLOWEDPATHS" size="50" value="# ; separated perl regex" /></td>
  95         </tr>
  96         <tr>
  97                 <td style="text-align: right">Allowed IP addresses:</td>
  98                 <td style="text-align: left"><input type="TEXT" name="IPADDRESS" id="IPADDRESS" size="50" value="127.0.0.1;# Other (partial) IP addresses" /></td>
  99         </tr>
 100         <tr>
 101                 <td style="text-align: right">Session type:</td>
 102                 <td style="text-align: left">
 103                         <select name="NEWSESSION" id="NEWSESSION">
 104                                 <option value ="SESSION" selected>SESSION</option>
 105                                 <option value ="CHALLENGE">CHALLENGE</option>
 106                                 <option value ="IPADDRESS">IPADDRESS</option>
 107                         </select>
 108                 </dt>
 109         </tr>
 110         <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
 111         <tr>
 112                 <td></td>
 113                 <td style="text-align: left"><input type="submit" id="SUBMIT" value="Create" style="color: Gray" />
 114                 <input type="button" id="revealpassword" value="Show Passwords" onClick="this.value=togglePasswords('Hide', 'Show', this.value);true" /></td>
 115         </tr>
 116 </table>
 117   <input type="hidden" name="CGIUSERNAME" id="CGIUSERNAME" size="20" value=<SCRIPT type="text/ssperl">$LOGINUSERNAME</SCRIPT> />
 118   <input type="hidden" name="LOGINTICKET" id="LOGINTICKET" value="<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>" />
 119 </div>
 120 </form>
 121 </p>
 122 <h2 align=CENTER>Strong Passwords: It is so easy</h2>
 123 <h3 align=CENTER>If you only could see what you are typing</h3>
 124 <p style="margin-left: 20%; margin-right: 20%; text-align: center">
 125 <a href="http://xkcd.com/936/" target="_blank"><img src="http://imgs.xkcd.com/comics/password_strength.png" width="60%" /></a>
 126 </p>
 127 <p style="margin-left: 30%; margin-right: 30%; text-align: center">
 128 <font style="font-size: small">
 129 <em>
 130         Note: For the procedures used at this site, a basic computer setup can check a billion passwords per second. You need
 131         a password (or phrase) strength in the order of 56 bits to be a little secure (one year on a single computer). One of
 132         the largest network in the world, Bitcoin mining, can check some 12 terahashes per second (June 2012). This
 133         corresponds to checking 6 times 10<sup>12</sup> passwords per second.
 134         It would take a passwords strength of ~68 bits to keep the equivalent of
 135         the Bitcoin computer network occupied for around a year before it found
 136         a match.<br />
 137         An example whould be the phrase '</em>Sherlock investigates oleander curry in Bath<em>'.
 138 </em>
 139 </font>
 140 </p>
 141 <p style="margin-left: 30%; margin-right: 30%; text-align: justify">
 142 Your password might be vulnerable to <a href=
 143 "https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force
 144 </em></a> guessing. Protections against such attacks are costly in
 145 terms of code complexity, bugs, and execution time.<br /> However,
 146 there is a very simple and secure counter measure. See the <a href=
 147 "http://xkcd.com/936/" target="_blank">XKCD comic</a> above. The
 148 phrase, <em>There is no password like more password</em> would be
 149 both much easier to remember, and still stronger than <em>h4]D%@m:49
 150 </em>, at least before this phrase was pasted as an example on the
 151 Internet.<br /> Please be so kind and add the name of your favorite
 152 flower, dish, fictional character, or small town to your password.
 153 Say, <em>Oleander</em>, <em>Curry</em>, <em>Sherlock</em>, or
 154 <em>Bath</em>, UK (each adds ~12 bits) or even the phrase
 155 <em>Sherlock investigates oleander curry in Bath</em> (adds &gt; 56 bits,
 156 note that oleander is <em>poisonous</em>, so do not try this curry at home).
 157 That would be more effective than adding a thousand rounds of encryption.
 158 Typing long passwords without seeing what you are typing is problematic.
 159 So a button should be included to make password visible.
 160 </p>
 161 <p>
 162         <hr>
 163 </p>
 164 <p>
 165 The Salt and Ticket values are all created using SHA256 on 64 Byte of output from <em>/dev/urandom</em> in HEX.
 166 </p>
 167 <FONT STYLE="font-size:small">
 168 <p> Example Login page for CGIscriptor.pl<br />
 169     Copyright &copy; 2012  R.J.J.H. van Son<br />
 170     This program is free software: you can redistribute it and/or modify
 171     it under the terms of the GNU General Public License as published by
 172     the Free Software Foundation, either version 3 of the License, or
 173     (at your option) any later version.
 174     This program is distributed in the hope that it will be useful,
 175     but WITHOUT ANY WARRANTY; without even the implied warranty of
 176     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 177     GNU General Public License for more details.<br />
 178     You should have received a copy of the GNU General Public License
 179     along with this program.  If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.
 180 </p>
 181 <p> A JavaScript implementation of the SHA family of hashes, as defined in FIPS
 182         PUB 180-2 as well as the corresponding HMAC implementation as defined in
 183         FIPS PUB 198a<br />
 184         Version 1.3 Copyright Brian Turek 2008-2010
 185         Distributed under the BSD License<br />
 186         See <a href="http://jssha.sourceforge.net/">http://jssha.sourceforge.net/</a> for more information<br />
 187         Several functions taken from Paul Johnson
 188 </p>
 189 </FONT>
 190
 191 </body>
 192 </html>