| blob | 335dbaf34f7a6d89c8472faf70f5a64ded76df96 |
1 // Global variables
2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
3 $SESSIONTYPE;
4 </SCRIPT>";
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
6 $CHALLENGETICKET;
7 </SCRIPT>";
10 // Function definitions
11 function hex_sha256 (plaintext) {
12 var shaObj = new jsSHA(plaintext, "ASCII");
13 return shaObj.getHash("SHA-1", "HEX");
14 };
15 function hex_sha256 (plaintext) {
16 var shaObj = new jsSHA(plaintext, "ASCII");
17 return shaObj.getHash("SHA-256", "HEX");
18 };
19 function hex_sha512 (plaintext) {
20 var shaObj = new jsSHA(plaintext, "ASCII");
21 return shaObj.getHash("SHA-256", "HEX");
22 };
23 function chained_sha (plaintext) {
24 return hex_sha256( hex_sha256( hex_sha512(plaintext) ) );
25 };
27 function loadSessionData (SessionType, ChallengeTicket) {
28 if(SessionType == 'CHALLENGE')
29 setChallengeParameters(ChallengeTicket);
30 else if(SessionType == 'SESSION')
31 setSessionParameters();
32 return SessionType;
33 };
35 function createCookie(name,value,days,path) {
36 if (days) {
37 var date = new Date();
38 date.setTime(date.getTime()+(days*24*60*60*1000));
39 var expires = "; expires="+date.toGMTString();
40 }
41 else var expires = "";
42 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
43 if(match){
44 while(match) {
45 document.cookie = document.cookie.replace(match[1], name+"="+value);
46 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
47 };
48 } else {
49 document.cookie = name+"=-";
50 document.cookie = name+"="+value+expires+"; path=/"+path;
51 };
52 };
55 function readCookie(name) {
56 var nameEQ = name + "=";
57 var ca = document.cookie.split(';');
58 for(var i=0;i < ca.length;i++) {
59 var c = ca[i];
60 while (c.charAt(0)==' ') c = c.substring(1,c.length);
61 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
62 }
63 return null;
64 };
66 function eraseCookie(name) {
67 createCookie(name,"",-1);
68 };
70 // Combine the PASSWORD with the site SERVERSALT and hash it
71 // Combine this Hash iwth the extra SERVERSALT, and hash them
72 function HashPassword(extsalt) {
73 var hash = HashSessionSeed(extsalt);
74 var password = document.getElementById('PASSWORD');
75 if(password){
76 password.value = hash;
77 } else {
78 alert("NO PASSWORD IN FORM");
79 return 0;
80 };
81 return hash;
82 }
84 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
85 function SetSessionCookie() {
86 var loginticket = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
87 var randomsalt = '<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>';
88 var hash = HashSessionSeed(loginticket);
89 // Dom.storage.enabled must be set!
90 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
91 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
92 return 0;
93 }
94 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
96 // Store a secret key, if one is given
97 SetSecretKey();
99 return hash;
100 };
102 function SetSecretKey() {
103 var loginticket = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
104 var randomsalt = '<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>';
105 var secretkey = "";
106 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
107 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
108 return "";
109 }
110 else if (loginticket && randomsalt) {
111 secretkey = HashSessionSeed(randomsalt+loginticket);
112 sessionStorage.setItem("CGIscriptorSECRET", secretkey);
113 };
115 return secretkey;
116 };
118 function HashSessionSeed(sessionseed) {
119 var hash1 = "";
120 var hash2 = "";
121 var passwordvalue = document.getElementById('PASSWORD');
122 var saltvalue = document.getElementById('SERVERSALT');
123 var username = document.getElementById('CGIUSERNAME');
124 hash1 = hex_sha256(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
125 if(sessionseed != "")
126 hash2 = hex_sha256(sessionseed+hash1);
127 else
128 hash2 = hash1;
129 return hash2;
130 }
132 // Remember to hash the repeat too! Or else it will be send in the clear
133 function HashNewPassword(userid) {
134 var hash1 = "";
135 var newpassword = document.getElementById('NEWPASSWORD');
136 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
137 var username = document.getElementById(userid);
138 if(newpassword.value == "" ) {
139 newpassword.value = "";
140 return 0;
141 };
142 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
143 newpassword.value = "";
144 newpasswordrep.value = "";
145 return 0;
146 };
147 var saltvalue = document.getElementById('SERVERSALT');
148 hash1 = hex_sha256(saltvalue.value+newpassword.value+username.value.toLowerCase());
149 newpassword.value = hash1;
150 newpasswordrep.value = hash1;
151 return hash1;
152 };
154 function XOR_hex_strings(hex1, hex2) {
155 var resultHex = "";
156 var maxlength = Math.max(hex1.length, hex2.length);
158 for(var i=0; i < maxlength; ++i) {
159 var h1 = hex1.charAt(i);
160 if(! h1) h1='0';
161 var h2 = hex2.charAt(i);
162 if(! h2) h2 ='0';
163 var d1 = parseInt(h1,16);
164 var d2 = parseInt(h2,16);
165 var resultD = d1^d2;
166 resultHex = resultHex+resultD.toString(16);
167 };
168 return resultHex;
169 };
171 function EncryptNewPassword(userid) {
172 var newpassword = document.getElementById('NEWPASSWORD');
173 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
174 var secretkey = SetSecretKey();
176 // This hashes the newpassword field!
177 HashNewPassword(userid);
178 var encrypted = XOR_hex_strings(secretkey, newpassword.value);
179 newpassword.value = encrypted;
180 newpasswordrep.value = encrypted;
181 return encrypted;
182 };
184 function DecryptNewPassword(key, encrypted) {
185 decrypted = XOR_hex_strings(key, encrypted);
187 return decrypted;
188 };
190 function add_cgiparam(elem, attr, param) {
191 var elems = document.getElementsByTagName(elem);
192 for (var i = 0; i < elems.length; i++)
193 {
194 var n=elems[i][attr].indexOf("?");
195 if(n<0)
196 elems[i][attr] = elems[i][attr] + "?" + param;
197 else
198 elems[i][attr] = elems[i][attr] + "&" + param;
199 };
200 };
202 function setSessionParameters() {
203 var sessionset = readCookie("CGIscriptorSESSION");
204 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
206 var sessionticket = "";
207 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
208 if(!sessionticket) return false;
209 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
211 // Without cookies, use this
212 // var sessionparm = document.getElementById('SESSIONTICKET');
213 // if(sessionparm) sessionparm.value = sessionticket;
214 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
215 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
216 return true;
217 };
218 function setChallengeParameters(sessionset) {
219 if(!(sessionset && sessionset.match(/[\S]/)))return false;
221 var sessionticket = "";
222 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
223 if(!sessionkey) return false;
224 sessionticket = hex_sha256(sessionset+sessionkey);
225 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
227 // Without cookies, use this
228 // var sessionparm = document.getElementById('CHALLENGETICKET');
229 // if(sessionparm) sessionparm.value = sessionticket;
231 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
232 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
233 return true;
234 };
236 function clear_persistent_data () {
237 createCookie("CGIscriptorSESSION","", 0, "");
238 createCookie("CGIscriptorCHALLENGE","", 0, "");
239 sessionStorage.setItem("CGIscriptorPRIVATE", "");
240 return true;
241 };
243 function check_password_fields ( ) {
244 var newpassword = document.getElementById('NEWPASSWORD');
245 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
246 if(newpassword.value == "" || newpasswordrep.value == "") {
247 alert("No passwords");
248 return false;
249 };
250 if(newpassword.value == newpasswordrep.value) {
251 var submitbutton = document.getElementById('SUBMIT');
252 submitbutton.style.color = "Black";
253 return true;
254 };
255 alert("Passwords differ");
256 return false;
257 };
259 function check_username_password ( ) {
260 var username = document.getElementById('CGIUSERNAME');
261 var password = document.getElementById('PASSWORD');
262 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
263 return true;
264 alert("Please enter a user name and password");
265 return false;
266 };
268 function revealPasswords () {
269 var inputs = document.getElementsByTagName("input");
270 for (i=(inputs.length-1); i>=0; i--) {
271 var curr = inputs[i];
272 if (curr.type.toLowerCase()=="password") {
273 curr.type = "TEXT";
274 };
275 };
277 };
279 function hidePasswords () {
280 var inputs = document.getElementsByTagName("input");
281 for (i=(inputs.length-1); i>=0; i--) {
282 var curr = inputs[i];
283 if (curr.type.toLowerCase()=="text") {
284 curr.type = "PASSWORD";
285 };
286 };
288 };
290 function togglePasswords (hide, show, value) {
291 if(value.match(hide)) {
292 hidePasswords ();
293 return value.replace(hide, show);
294 } else {
295 revealPasswords ();
296 return value.replace(show, hide);
297 };
298 };