| blob | c6ad1f189aa7a9a7b49bcb9e08b6362076b8ef7f |
1 // Global variables
2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
3 $SESSIONTYPE;
4 </SCRIPT>";
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
6 $CHALLENGETICKET;
7 </SCRIPT>";
10 // Function definitions
11 function loadSessionData (SessionType, ChallengeTicket) {
12 if(SessionType == 'CHALLENGE')
13 setChallengeParameters(ChallengeTicket);
14 else if(SessionType == 'SESSION')
15 setSessionParameters();
16 return SessionType;
17 };
19 function createCookie(name,value,days,path) {
20 if (days) {
21 var date = new Date();
22 date.setTime(date.getTime()+(days*24*60*60*1000));
23 var expires = "; expires="+date.toGMTString();
24 }
25 else var expires = "";
26 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
27 if(match){
28 while(match) {
29 document.cookie = document.cookie.replace(match[1], name+"="+value);
30 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
31 };
32 } else {
33 document.cookie = name+"=-";
34 document.cookie = name+"="+value+expires+"; path=/"+path;
35 };
36 };
39 function readCookie(name) {
40 var nameEQ = name + "=";
41 var ca = document.cookie.split(';');
42 for(var i=0;i < ca.length;i++) {
43 var c = ca[i];
44 while (c.charAt(0)==' ') c = c.substring(1,c.length);
45 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
46 }
47 return null;
48 };
50 function eraseCookie(name) {
51 createCookie(name,"",-1);
52 };
54 // Combine the PASSWORD with the site SERVERSALT and hash it
55 // Combine this Hash iwth the extra SERVERSALT, and hash them
56 function HashPassword(extsalt) {
57 var hash = HashSessionSeed(extsalt);
58 var password = document.getElementById('PASSWORD');
59 if(password){
60 password.value = hash;
61 } else {
62 alert("NO PASSWORD IN FORM");
63 return 0;
64 };
65 return hash;
66 }
68 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
69 function SetSessionCookie() {
70 var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
71 var hash = HashSessionSeed(seed);
72 // Dom.storage.enabled must be set!
73 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
74 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
75 }
76 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
77 return hash;
78 };
80 function HashSessionSeed(sessionseed) {
81 var hash1 = "";
82 var hash2 = "";
83 var passwordvalue = document.getElementById('PASSWORD');
84 var saltvalue = document.getElementById('SERVERSALT');
85 var username = document.getElementById('USERNAME');
86 hash1 = hex_sha1(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
87 if(sessionseed != "")
88 hash2 = hex_sha1(sessionseed+hash1);
89 else
90 hash2 = hash1;
91 return hash2;
92 }
94 // Remember to hash the repeat too! Or else it will be send in the clear
95 function HashNewPassword() {
96 var hash1 = "";
97 var newpassword = document.getElementById('NEWPASSWORD');
98 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
99 var username = document.getElementById('USERNAME');
100 if(newpassword.value == "" ) {
101 newpassword.value = "";
102 return 0;
103 };
104 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
105 newpassword.value = "";
106 newpasswordrep.value = "";
107 return 0;
108 };
109 var saltvalue = document.getElementById('SERVERSALT');
110 hash1 = hex_sha1(saltvalue.value+newpassword.value+username.value.toLowerCase());
111 newpassword.value = hash1;
112 newpasswordrep.value = hash1;
113 return hash1;
114 };
116 function XOR_hex_strings(hex1, hex2) {
117 var resultHex = "";
118 for(var i=0; i < hex1.length; ++i) {
119 var d1 = parseInt(hex1.charAt(i),16);
120 var d2 = parseInt(hex2.charAt(i),16);
121 var resultD = d1^d2;
122 resultHex = resultHex+resultD.toString(16);
123 };
124 return resultHex;
125 };
127 function EncryptNewPassword() {
128 var password = document.getElementById('PASSWORD');
129 var saltvalue = document.getElementById('SERVERSALT');
130 var login = document.getElementById('LOGINTICKET');
131 var newpassword = document.getElementById('NEWPASSWORD');
132 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
133 var username = document.getElementById('USERNAME');
135 // This hashes the newpassword field!
136 HashNewPassword();
137 hash = hex_sha1(saltvalue.value+password.value+username.value.toLowerCase());
138 hash2 = hex_sha1(login.value+hash);
139 var encrypted = XOR_hex_strings(hash2, newpassword.value);
140 newpassword.value = encrypted;
141 newpasswordrep.value = encrypted;
142 return encrypted;
143 };
145 function add_cgiparam(elem, attr, param) {
146 var elems = document.getElementsByTagName(elem);
147 for (var i = 0; i < elems.length; i++)
148 {
149 var n=elems[i][attr].indexOf("?");
150 if(n<0)
151 elems[i][attr] = elems[i][attr] + "?" + param;
152 else
153 elems[i][attr] = elems[i][attr] + "&" + param;
154 };
155 };
157 function setSessionParameters() {
158 var sessionset = readCookie("CGIscriptorSESSION");
159 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
161 var sessionticket = "";
162 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
163 if(!sessionticket) return false;
164 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
166 // Without cookies, use this
167 // var sessionparm = document.getElementById('SESSIONTICKET');
168 // if(sessionparm) sessionparm.value = sessionticket;
169 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
170 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
171 return true;
172 };
173 function setChallengeParameters(sessionset) {
174 if(!(sessionset && sessionset.match(/[\S]/)))return false;
176 var sessionticket = "";
177 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
178 if(!sessionkey) return false;
179 sessionticket = hex_sha1(sessionset+sessionkey);
180 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
182 // Without cookies, use this
183 // var sessionparm = document.getElementById('CHALLENGETICKET');
184 // if(sessionparm) sessionparm.value = sessionticket;
186 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
187 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
188 return true;
189 };
191 function clear_persistent_data () {
192 createCookie("CGIscriptorSESSION","", 0, "");
193 createCookie("CGIscriptorCHALLENGE","", 0, "");
194 sessionStorage.setItem("CGIscriptorPRIVATE", "");
195 return true;
196 };
198 function check_password_fields ( ) {
199 var newpassword = document.getElementById('NEWPASSWORD');
200 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
201 if(newpassword.value == "" || newpasswordrep.value == "") {
202 alert("No passwords");
203 return false;
204 };
205 if(newpassword.value == newpasswordrep.value) {
206 var submitbutton = document.getElementById('SUBMIT');
207 submitbutton.style.color = "Black";
208 return true;
209 };
210 alert("Passwords differ");
211 return false;
212 };
214 function check_username_password ( ) {
215 var username = document.getElementById('USERNAME');
216 var password = document.getElementById('PASSWORD');
217 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
218 return true;
219 alert("Please enter a user name and password");
220 return false;
221 };