3 <title>Change Password
</title>
4 <SCRIPT TYPE=
"text/ssperl" CGI='$SERVERSALT $LOGINTICKET $RANDOMSALT $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'
>
5 ::create_login_file(
"~/Private/.Passwords",
"~/Private/.Sessions", $REMOTE_ADDR);
8 <SCRIPT type=
"text/javascript" LANGUAGE=
"JavaScript">
9 <SCRIPT TYPE=
"text/ssperl" SRC=
"./JavaScript/CGIscriptorSession.js"></SCRIPT>
11 window.onload = function() {
12 loadSessionData (CGIscriptorSessionType, CGIscriptorChallengeTicket);
19 <script type=
"text/javascript">
20 <SCRIPT TYPE
="text/ssperl" SRC
="./JavaScript/sha.js"></SCRIPT
>
25 <p ALIGN=RIGHT
><a href=
"index.html?LOGOUT">Logout
</a></p>
26 <p ALIGN=RIGHT
><a href=
"index.html">Home page
</a></p>
27 <h1 align=CENTER
>Change the password for user
<em><script type=
"text/ssperl" CGI='$
LOGINUSERNAME=
""'
>$LOGINUSERNAME
</script></em></h1>
28 <p style=
"margin-left: 30%; margin-right: 30%; text-align: center">
29 <a href=
"http://xkcd.com/936/" target=
"_blank"><img src=
"http://imgs.xkcd.com/comics/password_strength.png" width=
"60%" /></a>
32 <form method=
"POST" action=
"index.html" id=
"LoginForm"
33 onSubmit='if(! check_password_fields())return false;EncryptNewPassword();HashPassword(
"<SCRIPT TYPE="text/ssperl
">
34 $RANDOMSALT</SCRIPT>");true'
>
35 <div style=
"margin-left: 30%; margin-right: 30%; text-align: left">
38 <td style=
"text-align: right">Old Password:
</td>
39 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"PASSWORD" id=
"PASSWORD" size=
"60" /></td>
42 <td style=
"text-align: right">New Password:
</td>
43 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"NEWPASSWORD" id=
"NEWPASSWORD" size=
"60" />
47 <td style=
"text-align: right">Repeat:
</td>
48 <td style=
"text-align: left"><input type=
"PASSWORD" name=
"NEWPASSWORDREP" id=
"NEWPASSWORDREP" size=
"60" onChange=
"check_password_fields();"/></td>
52 <td style=
"text-align: left"><input type=
"submit" id=
"SUBMIT" value=
"Change" style=
"color: Gray" /></td>
55 <input type=
"hidden" name=
"CGIUSERNAME" id=
"CGIUSERNAME" size=
"20" value=
<SCRIPT type=
"text/ssperl">$LOGINUSERNAME
</SCRIPT> />
56 <input type=
"hidden" name=
"SERVERSALT" id=
"SERVERSALT" value=
"<SCRIPT TYPE="text/ssperl
">$SERVERSALT</SCRIPT>" />
57 <input type=
"hidden" name=
"RANDOMSALT" id=
"RANDOMSALT" value=
"<SCRIPT TYPE="text/ssperl
">$RANDOMSALT</SCRIPT>" />
58 <input type=
"hidden" name=
"LOGINTICKET" id=
"LOGINTICKET" value=
"<SCRIPT TYPE="text/ssperl
">$LOGINTICKET</SCRIPT>" />
59 <input type=
"hidden" name=
"SESSIONTICKET" id=
"SESSIONTICKET"value=
"" />
60 <input type=
"hidden" name=
"CHALLENGETICKET" id=
"CHALLENGETICKET" value=
"" />
64 <p style=
"margin-left: 30%; margin-right: 30%; text-align: justify">
65 Your password might be vulnerable to
<a href=
"https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force
</em></a> guessing.
66 Protections against such attacks are costly in terms of code complexity, bugs, and execution time.
<br />
67 However, there is a very simple and secure counter measure. See the
<a href=
"http://xkcd.com/936/" target=
"_blank">XKCD comic
</a>
68 above. The phrase,
<em>There is no password like more password
</em> would be both much easier to remember, and still stronger than
69 <em>h4]D%@m:
49</em>, at least before this phrase was pasted as an example on the Internet.
<br />
70 Please be so kind and add the name of your favorit flower, dish, or fictional character to your password.
71 Say,
<em>Sherlock
</em>,
<em>Curry
</em>, or
<em>Oleander
</em> (or
<em>Sherlock hates curry with oleander
</em>)
72 That would be more effective than adding a thousand rounds of encryption.
78 The Salt and Ticket values are all created using SHA256 on
64 Byte of output from
<em>/dev/urandom
</em> in HEX.
80 <FONT STYLE=
"font-size:small">
81 <p> Example Login page for CGIscriptor.pl
<br />
82 Copyright
© 2012 R.J.J.H. van Son
<br />
83 This program is free software: you can redistribute it and/or modify
84 it under the terms of the GNU General Public License as published by
85 the Free Software Foundation, either version
3 of the License, or
86 (at your option) any later version.
87 This program is distributed in the hope that it will be useful,
88 but WITHOUT ANY WARRANTY; without even the implied warranty of
89 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
90 GNU General Public License for more details.
<br />
91 You should have received a copy of the GNU General Public License
92 along with this program. If not, see
<a href=
"http://www.gnu.org/licenses/">http://www.gnu.org/licenses/
</a>.
</p>
93 <p> JavaScript implementation of the Secure Hash Algorithm, SHA-
1, as defined in FIPS
180-
1<br />
94 Copyright
© 2000 -
2009 Paul Johnston, Version
2.2<br />
95 Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
<br />
96 Distributed under the BSD License
<br />
97 See
<a href=
"http://pajhome.org.uk/crypt/md5">http://pajhome.org.uk/crypt/md5
</a> for details.