Finalize the code for login support for IP, SESSION and CHALLENGE authorization,...
[CGIscriptor.git] / JavaScript / CGIscriptorSession.js
blobc6ad1f189aa7a9a7b49bcb9e08b6362076b8ef7f
1 // Global variables
2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
3 $SESSIONTYPE;
4 </SCRIPT>";
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
6 $CHALLENGETICKET;
7 </SCRIPT>";
10 // Function definitions
11 function loadSessionData (SessionType, ChallengeTicket) {
12         if(SessionType == 'CHALLENGE') 
13                 setChallengeParameters(ChallengeTicket);
14         else if(SessionType == 'SESSION')
15                 setSessionParameters();
16         return SessionType;
19 function createCookie(name,value,days,path) {
20         if (days) {
21                 var date = new Date();
22                 date.setTime(date.getTime()+(days*24*60*60*1000));
23                 var expires = "; expires="+date.toGMTString();
24         }
25         else var expires = "";
26         var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
27         if(match){
28                 while(match) {
29                         document.cookie = document.cookie.replace(match[1], name+"="+value);
30                         match = document.cookie.match('/('+name+'\=[^\;]*\);/');
31                 };
32         } else {
33                 document.cookie = name+"=-";
34                 document.cookie = name+"="+value+expires+"; path=/"+path;
35         };
39 function readCookie(name) {
40         var nameEQ = name + "=";
41         var ca = document.cookie.split(';');
42         for(var i=0;i < ca.length;i++) {
43                 var c = ca[i];
44                 while (c.charAt(0)==' ') c = c.substring(1,c.length);
45                 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
46         }
47         return null;
50 function eraseCookie(name) {
51         createCookie(name,"",-1);
54 // Combine the PASSWORD with the site SERVERSALT and hash it
55 // Combine this Hash iwth the extra SERVERSALT, and hash them
56 function HashPassword(extsalt) {
57         var hash = HashSessionSeed(extsalt);
58         var password = document.getElementById('PASSWORD');
59         if(password){
60                 password.value = hash;
61         } else {
62                 alert("NO PASSWORD IN FORM");
63                 return 0;
64         };
65         return hash;
68 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
69 function SetSessionCookie() {
70         var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
71         var hash = HashSessionSeed(seed);
72         // Dom.storage.enabled must be set!
73         if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
74                 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
75         } 
76         else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
77         return hash;
80 function HashSessionSeed(sessionseed) {
81         var hash1 = "";
82         var hash2 = "";
83         var passwordvalue = document.getElementById('PASSWORD');
84         var saltvalue = document.getElementById('SERVERSALT');
85         var username = document.getElementById('USERNAME');
86         hash1 = hex_sha1(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
87         if(sessionseed != "")
88                 hash2 = hex_sha1(sessionseed+hash1);
89         else
90                 hash2 = hash1;
91         return hash2;
94 // Remember to hash the repeat too! Or else it will be send in the clear
95 function HashNewPassword() {
96         var hash1 = "";
97         var newpassword = document.getElementById('NEWPASSWORD');
98         var newpasswordrep = document.getElementById('NEWPASSWORDREP');
99         var username = document.getElementById('USERNAME');
100         if(newpassword.value == "" ) {
101                 newpassword.value = "";
102                 return 0;
103         };
104         if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
105                 newpassword.value = "";
106                 newpasswordrep.value = "";
107                 return 0;
108         };
109         var saltvalue = document.getElementById('SERVERSALT');
110         hash1 = hex_sha1(saltvalue.value+newpassword.value+username.value.toLowerCase());
111         newpassword.value = hash1;
112         newpasswordrep.value = hash1;
113         return hash1;
116 function XOR_hex_strings(hex1, hex2) {
117         var resultHex = "";
118         for(var i=0; i < hex1.length; ++i) {
119                 var d1 = parseInt(hex1.charAt(i),16);
120                 var d2 = parseInt(hex2.charAt(i),16);
121                 var resultD = d1^d2;
122                 resultHex = resultHex+resultD.toString(16);
123         };
124         return resultHex;
127 function EncryptNewPassword() {
128         var password = document.getElementById('PASSWORD');
129         var saltvalue = document.getElementById('SERVERSALT');
130         var login = document.getElementById('LOGINTICKET');
131         var newpassword = document.getElementById('NEWPASSWORD');
132         var newpasswordrep = document.getElementById('NEWPASSWORDREP');
133         var username = document.getElementById('USERNAME');
134         
135         // This hashes the newpassword field!
136         HashNewPassword();
137         hash = hex_sha1(saltvalue.value+password.value+username.value.toLowerCase());
138         hash2 = hex_sha1(login.value+hash);
139         var encrypted = XOR_hex_strings(hash2, newpassword.value);
140         newpassword.value = encrypted;
141         newpasswordrep.value = encrypted;
142         return encrypted;
145 function add_cgiparam(elem, attr, param) {
146     var elems = document.getElementsByTagName(elem);
147     for (var i = 0; i < elems.length; i++)
148     {
149                 var n=elems[i][attr].indexOf("?");
150                 if(n<0)
151                         elems[i][attr] = elems[i][attr] + "?" + param;
152                 else
153                         elems[i][attr] = elems[i][attr] + "&" + param;
154     };
157 function setSessionParameters() {
158         var sessionset = readCookie("CGIscriptorSESSION");
159         if(!(sessionset &&sessionset.match(/[\S]/)))return false;
161         var sessionticket = "";
162         sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
163         if(!sessionticket) return false;
164         createCookie("CGIscriptorSESSION",sessionticket, 0, "");
165         
166         // Without cookies, use this
167         // var sessionparm = document.getElementById('SESSIONTICKET');
168         // if(sessionparm) sessionparm.value = sessionticket;
169     // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
170     // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
171         return true;
173 function setChallengeParameters(sessionset) {
174         if(!(sessionset && sessionset.match(/[\S]/)))return false;
175         
176         var sessionticket = "";
177         var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
178         if(!sessionkey) return false;
179         sessionticket = hex_sha1(sessionset+sessionkey);
180         createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
182         // Without cookies, use this
183         // var sessionparm = document.getElementById('CHALLENGETICKET');
184         // if(sessionparm) sessionparm.value = sessionticket;
185         
186         // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
187         // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
188         return true;
191 function clear_persistent_data () {
192         createCookie("CGIscriptorSESSION","", 0, "");
193         createCookie("CGIscriptorCHALLENGE","", 0, "");
194         sessionStorage.setItem("CGIscriptorPRIVATE", "");
195         return true;
198 function check_password_fields ( ) {
199         var newpassword = document.getElementById('NEWPASSWORD');
200         var newpasswordrep = document.getElementById('NEWPASSWORDREP');
201         if(newpassword.value == "" || newpasswordrep.value == "") {
202                 alert("No passwords");
203                 return false;
204         };
205         if(newpassword.value == newpasswordrep.value) {
206                 var submitbutton = document.getElementById('SUBMIT');
207                 submitbutton.style.color = "Black";
208                 return true;
209         };
210         alert("Passwords differ");
211         return false;
214 function check_username_password ( ) {
215         var username = document.getElementById('USERNAME');
216         var password = document.getElementById('PASSWORD');
217         if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
218                 return true;
219         alert("Please enter a user name and password");
220         return false;