2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
10 // Function definitions
11 function loadSessionData (SessionType, ChallengeTicket) {
12 if(SessionType == 'CHALLENGE')
13 setChallengeParameters(ChallengeTicket);
14 else if(SessionType == 'SESSION')
15 setSessionParameters();
19 function createCookie(name,value,days,path) {
21 var date = new Date();
22 date.setTime(date.getTime()+(days*24*60*60*1000));
23 var expires = "; expires="+date.toGMTString();
25 else var expires = "";
26 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
29 document.cookie = document.cookie.replace(match[1], name+"="+value);
30 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
33 document.cookie = name+"=-";
34 document.cookie = name+"="+value+expires+"; path=/"+path;
39 function readCookie(name) {
40 var nameEQ = name + "=";
41 var ca = document.cookie.split(';');
42 for(var i=0;i < ca.length;i++) {
44 while (c.charAt(0)==' ') c = c.substring(1,c.length);
45 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
50 function eraseCookie(name) {
51 createCookie(name,"",-1);
54 // Combine the PASSWORD with the site SERVERSALT and hash it
55 // Combine this Hash iwth the extra SERVERSALT, and hash them
56 function HashPassword(extsalt) {
57 var hash = HashSessionSeed(extsalt);
58 var password = document.getElementById('PASSWORD');
60 password.value = hash;
62 alert("NO PASSWORD IN FORM");
68 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
69 function SetSessionCookie() {
70 var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
71 var hash = HashSessionSeed(seed);
72 // Dom.storage.enabled must be set!
73 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
74 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
76 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
80 function HashSessionSeed(sessionseed) {
83 var passwordvalue = document.getElementById('PASSWORD');
84 var saltvalue = document.getElementById('SERVERSALT');
85 var username = document.getElementById('USERNAME');
86 hash1 = hex_sha1(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
88 hash2 = hex_sha1(sessionseed+hash1);
94 // Remember to hash the repeat too! Or else it will be send in the clear
95 function HashNewPassword() {
97 var newpassword = document.getElementById('NEWPASSWORD');
98 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
99 var username = document.getElementById('USERNAME');
100 if(newpassword.value == "" ) {
101 newpassword.value = "";
104 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
105 newpassword.value = "";
106 newpasswordrep.value = "";
109 var saltvalue = document.getElementById('SERVERSALT');
110 hash1 = hex_sha1(saltvalue.value+newpassword.value+username.value.toLowerCase());
111 newpassword.value = hash1;
112 newpasswordrep.value = hash1;
116 function XOR_hex_strings(hex1, hex2) {
118 for(var i=0; i < hex1.length; ++i) {
119 var d1 = parseInt(hex1.charAt(i),16);
120 var d2 = parseInt(hex2.charAt(i),16);
122 resultHex = resultHex+resultD.toString(16);
127 function EncryptNewPassword() {
128 var password = document.getElementById('PASSWORD');
129 var saltvalue = document.getElementById('SERVERSALT');
130 var login = document.getElementById('LOGINTICKET');
131 var newpassword = document.getElementById('NEWPASSWORD');
132 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
133 var username = document.getElementById('USERNAME');
135 // This hashes the newpassword field!
137 hash = hex_sha1(saltvalue.value+password.value+username.value.toLowerCase());
138 hash2 = hex_sha1(login.value+hash);
139 var encrypted = XOR_hex_strings(hash2, newpassword.value);
140 newpassword.value = encrypted;
141 newpasswordrep.value = encrypted;
145 function add_cgiparam(elem, attr, param) {
146 var elems = document.getElementsByTagName(elem);
147 for (var i = 0; i < elems.length; i++)
149 var n=elems[i][attr].indexOf("?");
151 elems[i][attr] = elems[i][attr] + "?" + param;
153 elems[i][attr] = elems[i][attr] + "&" + param;
157 function setSessionParameters() {
158 var sessionset = readCookie("CGIscriptorSESSION");
159 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
161 var sessionticket = "";
162 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
163 if(!sessionticket) return false;
164 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
166 // Without cookies, use this
167 // var sessionparm = document.getElementById('SESSIONTICKET');
168 // if(sessionparm) sessionparm.value = sessionticket;
169 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
170 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
173 function setChallengeParameters(sessionset) {
174 if(!(sessionset && sessionset.match(/[\S]/)))return false;
176 var sessionticket = "";
177 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
178 if(!sessionkey) return false;
179 sessionticket = hex_sha1(sessionset+sessionkey);
180 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
182 // Without cookies, use this
183 // var sessionparm = document.getElementById('CHALLENGETICKET');
184 // if(sessionparm) sessionparm.value = sessionticket;
186 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
187 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
191 function clear_persistent_data () {
192 createCookie("CGIscriptorSESSION","", 0, "");
193 createCookie("CGIscriptorCHALLENGE","", 0, "");
194 sessionStorage.setItem("CGIscriptorPRIVATE", "");
198 function check_password_fields ( ) {
199 var newpassword = document.getElementById('NEWPASSWORD');
200 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
201 if(newpassword.value == "" || newpasswordrep.value == "") {
202 alert("No passwords");
205 if(newpassword.value == newpasswordrep.value) {
206 var submitbutton = document.getElementById('SUBMIT');
207 submitbutton.style.color = "Black";
210 alert("Passwords differ");
214 function check_username_password ( ) {
215 var username = document.getElementById('USERNAME');
216 var password = document.getElementById('PASSWORD');
217 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
219 alert("Please enter a user name and password");