Finalize the code for login support for IP, SESSION and CHALLENGE authorization,...
[CGIscriptor.git] / Private / Login.html
blob9f439b94d15d32ec5c244da3032bba443be1252f
1 <html>
2 <head>
3 <title>Login</title>
4 <META CONTENT="text/ssperl; CGI='$SERVERSALT $LOGINTICKET $RANDOMSALT $REMOTE_ADDR'">
5 <SCRIPT type="text/javascript" LANGUAGE="JavaScript">
6 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CGIscriptorSession.js"></SCRIPT>
8 // Remove EVERYTHING from Login window
9 window.onload = function() {
10 if(window.location.search)window.location.search = "";
11 var warning = document.getElementById('WARNING');
12 if(sessionStorage == null) warning.innerHTML = "Storage not supported by the browser: Upgrade your browser or set dom.storage.enabled";
13 else {
14 warning.style.color = "Black";
15 warning.innerHTML = "";
17 clear_persistent_data ();
19 </SCRIPT>
21 <script type="text/javascript">
22 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/SecureHash.js"></SCRIPT>
23 </script>
25 </head>
26 <body>
27 <h1 align=CENTER>Example of Login procedure</h1>
28 <h2 align=CENTER><div id="WARNING" style="color: Red">You need to have JavaScript and cookies enabled to use the login system</div></h2>
29 <p>
30 Simple and very unsafe example login page for CGIscriptor.pl. The password is first hashed with the
31 site specific salt (as it is used to store the password on-site). Then it is hashed with a random,
32 one-time salt. Effectively, creating a one-time password. Only the last value is send to the server.
33 The server has both salt values stored. It will ignore anything except the username, hashed password, and
34 loginticket.
35 </p>
36 <p>
37 The Session Ticket information is stored in in <a href="http://www.xul.fr/en/html5/sessionstorage.php">
38 <em>sessionStorage</em></a> with key <em>CGIscriptorPRIVATE</em>. Older browsers might not implement
39 <a href="http://www.xul.fr/en/html5/sessionstorage.php"><em>sessionStorage</em></a>, or it might be
40 turned off in the <a href="http://kb.mozillazine.org/Dom.storage.enabled"><em>dom.storage.enabled</em></a>
41 parameter.
42 </p>
43 <form method="POST" action="" id="LoginForm"
44 onSubmit='var success=check_username_password();SetSessionCookie();HashPassword("<SCRIPT TYPE="text/ssperl">
45 $RANDOMSALT</SCRIPT>");success'>
46 <div style="margin-left: 30%; margin-right: 30%; text-align: right">
47 <table>
48 <tr><td>Username:</td><td><input type="text" name="USERNAME" id="USERNAME" size="20" /></td></tr>
49 <tr><td>Password:</td><td><input type="PASSWORD" name="PASSWORD" id="PASSWORD" size="20" /></td></tr>
50 <tr><td></td><td style="text-align: left"><input type="submit" value="Login" /></td></tr>
51 </table>
52 <input type="hidden" name="SERVERSALT" id="SERVERSALT" value="<SCRIPT TYPE="text/ssperl">$SERVERSALT</SCRIPT>" />
53 <input type="hidden" name="LOGINTICKET" value="<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>" />
54 </div>
55 </form>
56 <p>
57 There are three default test accounts, all three have password <em>test</em>:
58 <ul>
59 <li>test: A SESSION ticket account</li>
60 <li>testip: An IPADDRESS ticket account</li>
61 <li>testchallenge: A CHALLENGE ticket account</li>
62 </ul>
63 </p>
65 <p>
66 The Salt and Ticket values are all created using SHA1 on 32 Byte of output from <em>/dev/urandom</em> in HEX.
67 </p>
68 <FONT STYLE="font-size:small">
69 <p> Example Login page for CGIscriptor.pl<br />
70 Copyright &copy; 2012 R.J.J.H. van Son<br />
71 This program is free software: you can redistribute it and/or modify
72 it under the terms of the GNU General Public License as published by
73 the Free Software Foundation, either version 3 of the License, or
74 (at your option) any later version.
75 This program is distributed in the hope that it will be useful,
76 but WITHOUT ANY WARRANTY; without even the implied warranty of
77 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
78 GNU General Public License for more details.<br />
79 You should have received a copy of the GNU General Public License
80 along with this program. If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.</p>
81 <p> JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined in FIPS 180-1<br />
82 Copyright &copy; 2000 - 2009 Paul Johnston, Version 2.2<br />
83 Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet<br />
84 Distributed under the BSD License<br />
85 See <a href="http://pajhome.org.uk/crypt/md5">http://pajhome.org.uk/crypt/md5</a> for details.
86 </FONT>
88 </body>
89 </html>