| blob | 9a07312896c03805f01a6adb3ccbc7cd0ec6d28d |
1 // Global variables
2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
3 $SESSIONTYPE;
4 </SCRIPT>";
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
6 $CHALLENGETICKET;
7 </SCRIPT>";
10 // Function definitions
11 function hex_sha256 (plaintext) {
12 var shaObj = new jsSHA(plaintext, "ASCII");
13 return shaObj.getHash("SHA-1", "HEX");
14 };
15 function hex_sha256 (plaintext) {
16 var shaObj = new jsSHA(plaintext, "ASCII");
17 return shaObj.getHash("SHA-256", "HEX");
18 };
19 function hex_sha512 (plaintext) {
20 var shaObj = new jsSHA(plaintext, "ASCII");
21 return shaObj.getHash("SHA-256", "HEX");
22 };
23 function chained_sha (plaintext) {
24 return hex_sha256( hex_sha256( hex_sha512(plaintext) ) );
25 };
27 function loadSessionData (SessionType, ChallengeTicket) {
28 if(SessionType == 'CHALLENGE')
29 setChallengeParameters(ChallengeTicket);
30 else if(SessionType == 'SESSION')
31 setSessionParameters();
32 return SessionType;
33 };
35 function createCookie(name,value,days,path) {
36 if (days) {
37 var date = new Date();
38 date.setTime(date.getTime()+(days*24*60*60*1000));
39 var expires = "; expires="+date.toGMTString();
40 }
41 else var expires = "";
42 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
43 if(match){
44 while(match) {
45 document.cookie = document.cookie.replace(match[1], name+"="+value);
46 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
47 };
48 } else {
49 document.cookie = name+"=-";
50 document.cookie = name+"="+value+expires+"; path=/"+path;
51 };
52 };
55 function readCookie(name) {
56 var nameEQ = name + "=";
57 var ca = document.cookie.split(';');
58 for(var i=0;i < ca.length;i++) {
59 var c = ca[i];
60 while (c.charAt(0)==' ') c = c.substring(1,c.length);
61 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
62 }
63 return null;
64 };
66 function eraseCookie(name) {
67 createCookie(name,"",-1);
68 };
70 // Combine the PASSWORD with the site SERVERSALT and hash it
71 // Combine this Hash iwth the extra SERVERSALT, and hash them
72 function HashPassword(extsalt) {
73 var hash = HashSessionSeed(extsalt);
74 var password = document.getElementById('PASSWORD');
75 if(password){
76 password.value = hash;
77 } else {
78 alert("NO PASSWORD IN FORM");
79 return 0;
80 };
81 return hash;
82 }
84 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
85 function SetSessionCookie() {
86 var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
87 var hash = HashSessionSeed(seed);
88 // Dom.storage.enabled must be set!
89 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
90 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
91 }
92 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
93 return hash;
94 };
96 function HashSessionSeed(sessionseed) {
97 var hash1 = "";
98 var hash2 = "";
99 var passwordvalue = document.getElementById('PASSWORD');
100 var saltvalue = document.getElementById('SERVERSALT');
101 var username = document.getElementById('CGIUSERNAME');
102 hash1 = hex_sha256(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
103 if(sessionseed != "")
104 hash2 = hex_sha256(sessionseed+hash1);
105 else
106 hash2 = hash1;
107 return hash2;
108 }
110 // Remember to hash the repeat too! Or else it will be send in the clear
111 function HashNewPassword() {
112 var hash1 = "";
113 var newpassword = document.getElementById('NEWPASSWORD');
114 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
115 var username = document.getElementById('CGIUSERNAME');
116 if(newpassword.value == "" ) {
117 newpassword.value = "";
118 return 0;
119 };
120 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
121 newpassword.value = "";
122 newpasswordrep.value = "";
123 return 0;
124 };
125 var saltvalue = document.getElementById('SERVERSALT');
126 hash1 = hex_sha256(saltvalue.value+newpassword.value+username.value.toLowerCase());
127 newpassword.value = hash1;
128 newpasswordrep.value = hash1;
129 return hash1;
130 };
132 function XOR_hex_strings(hex1, hex2) {
133 var resultHex = "";
134 for(var i=0; i < hex1.length; ++i) {
135 var d1 = parseInt(hex1.charAt(i),16);
136 var d2 = parseInt(hex2.charAt(i),16);
137 var resultD = d1^d2;
138 resultHex = resultHex+resultD.toString(16);
139 };
140 return resultHex;
141 };
143 function EncryptNewPassword() {
144 var password = document.getElementById('PASSWORD');
145 var saltvalue = document.getElementById('SERVERSALT');
146 var login = document.getElementById('LOGINTICKET');
147 var newpassword = document.getElementById('NEWPASSWORD');
148 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
149 var username = document.getElementById('CGIUSERNAME');
151 // This hashes the newpassword field!
152 HashNewPassword();
153 hash = hex_sha256(saltvalue.value+password.value+username.value.toLowerCase());
154 hash2 = hex_sha256(login.value+hash);
155 var encrypted = XOR_hex_strings(hash2, newpassword.value);
156 newpassword.value = encrypted;
157 newpasswordrep.value = encrypted;
158 return encrypted;
159 };
161 function add_cgiparam(elem, attr, param) {
162 var elems = document.getElementsByTagName(elem);
163 for (var i = 0; i < elems.length; i++)
164 {
165 var n=elems[i][attr].indexOf("?");
166 if(n<0)
167 elems[i][attr] = elems[i][attr] + "?" + param;
168 else
169 elems[i][attr] = elems[i][attr] + "&" + param;
170 };
171 };
173 function setSessionParameters() {
174 var sessionset = readCookie("CGIscriptorSESSION");
175 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
177 var sessionticket = "";
178 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
179 if(!sessionticket) return false;
180 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
182 // Without cookies, use this
183 // var sessionparm = document.getElementById('SESSIONTICKET');
184 // if(sessionparm) sessionparm.value = sessionticket;
185 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
186 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
187 return true;
188 };
189 function setChallengeParameters(sessionset) {
190 if(!(sessionset && sessionset.match(/[\S]/)))return false;
192 var sessionticket = "";
193 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
194 if(!sessionkey) return false;
195 sessionticket = hex_sha256(sessionset+sessionkey);
196 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
198 // Without cookies, use this
199 // var sessionparm = document.getElementById('CHALLENGETICKET');
200 // if(sessionparm) sessionparm.value = sessionticket;
202 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
203 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
204 return true;
205 };
207 function clear_persistent_data () {
208 createCookie("CGIscriptorSESSION","", 0, "");
209 createCookie("CGIscriptorCHALLENGE","", 0, "");
210 sessionStorage.setItem("CGIscriptorPRIVATE", "");
211 return true;
212 };
214 function check_password_fields ( ) {
215 var newpassword = document.getElementById('NEWPASSWORD');
216 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
217 if(newpassword.value == "" || newpasswordrep.value == "") {
218 alert("No passwords");
219 return false;
220 };
221 if(newpassword.value == newpasswordrep.value) {
222 var submitbutton = document.getElementById('SUBMIT');
223 submitbutton.style.color = "Black";
224 return true;
225 };
226 alert("Passwords differ");
227 return false;
228 };
230 function check_username_password ( ) {
231 var username = document.getElementById('CGIUSERNAME');
232 var password = document.getElementById('PASSWORD');
233 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
234 return true;
235 alert("Please enter a user name and password");
236 return false;
237 };