Private/ChangePassword.html

   1 <html>
   2 <head>
   3 <title>Change Password</title>
   4 <SCRIPT TYPE="text/ssperl" CGI='$SERVERSALT $LOGINTICKET $RANDOMSALT $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'>
   5         ::create_login_file("~/Private/.Passwords", "~/Private/.Sessions", $REMOTE_ADDR);
   6         "";
   7 </SCRIPT>
   8 <SCRIPT type="text/javascript" LANGUAGE="JavaScript">
   9 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CGIscriptorSession.js"></SCRIPT>
  10
  11 window.onload = function() {
  12         loadSessionData (CGIscriptorSessionType, CGIscriptorChallengeTicket);
  13         return true;
  14 };
  15
  16
  17 </SCRIPT>
  18
  19 <script type="text/javascript">
  20 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/sha.js"></SCRIPT>
  21 </script>
  22
  23 </head>
  24 <body>
  25 <p ALIGN=RIGHT><a href="index.html?LOGOUT">Logout</a></p>
  26 <p ALIGN=RIGHT><a href="index.html">Home page</a></p>
  27 <h1 align=CENTER>Change the password for user <em><script type="text/ssperl" CGI='$LOGINUSERNAME=""'>$LOGINUSERNAME</script></em></h1>
  28 <p style="margin-left: 30%; margin-right: 30%; text-align: center">
  29 <a href="http://xkcd.com/936/" target="_blank"><img src="http://imgs.xkcd.com/comics/password_strength.png" width="60%" /></a>
  30 </p>
  31 <p>
  32 <form method="POST" action="index.html" id="LoginForm"
  33         onSubmit='if(! check_password_fields())return false;EncryptNewPassword();HashPassword("<SCRIPT TYPE="text/ssperl">
  34         $RANDOMSALT</SCRIPT>");true'>
  35 <div style="margin-left: 30%; margin-right: 30%; text-align: left">
  36 <table>
  37         <tr>
  38                 <td style="text-align: right">Old Password:</td>
  39                 <td style="text-align: left"><input type="PASSWORD" name="PASSWORD" id="PASSWORD" size="60" /></td>
  40         </tr>
  41         <tr>
  42                 <td style="text-align: right">New Password:</td>
  43                 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORD" id="NEWPASSWORD" size="60" />
  44         </td>
  45         </tr>
  46         <tr>
  47                 <td style="text-align: right">Repeat:</td>
  48                 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORDREP" id="NEWPASSWORDREP" size="60" onChange="check_password_fields();"/></td>
  49         </tr>
  50         <tr>
  51                 <td></td>
  52                 <td style="text-align: left"><input type="submit" id="SUBMIT" value="Change" style="color: Gray" /></td>
  53         </tr>
  54 </table>
  55   <input type="hidden" name="CGIUSERNAME" id="CGIUSERNAME" size="20" value=<SCRIPT type="text/ssperl">$LOGINUSERNAME</SCRIPT> />
  56   <input type="hidden" name="SERVERSALT" id="SERVERSALT" value="<SCRIPT TYPE="text/ssperl">$SERVERSALT</SCRIPT>" />
  57   <input type="hidden" name="RANDOMSALT" id="RANDOMSALT" value="<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>" />
  58   <input type="hidden" name="LOGINTICKET" id="LOGINTICKET" value="<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>" />
  59   <input type="hidden" name="SESSIONTICKET" id="SESSIONTICKET"value="" />
  60   <input type="hidden" name="CHALLENGETICKET" id="CHALLENGETICKET" value="" />
  61 </div>
  62 </form>
  63 </p>
  64 <p style="margin-left: 30%; margin-right: 30%; text-align: justify">
  65 Your password might be vulnerable to <a href="https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force</em></a> guessing.
  66 Protections against such attacks are costly in terms of code complexity, bugs, and execution time. <br />
  67 However, there is a very simple and secure counter measure. See the <a href="http://xkcd.com/936/" target="_blank">XKCD comic</a>
  68 above. The phrase, <em>There is no password like more password</em> would be both much easier to remember, and still stronger than
  69 <em>h4]D%@m:49</em>, at least before this phrase was pasted as an example on the Internet.<br />
  70 Please be so kind and add the name of your favorit flower, dish, or fictional character to your password.
  71 Say, <em>Sherlock</em>, <em>Curry</em>, or <em>Oleander</em> (or <em>Sherlock hates curry with oleander</em>)
  72 That would be more effective than adding a thousand rounds of encryption.
  73 </p>
  74 <p>
  75         <hr>
  76 </p>
  77 <p>
  78 The Salt and Ticket values are all created using SHA256 on 64 Byte of output from <em>/dev/urandom</em> in HEX.
  79 </p>
  80 <FONT STYLE="font-size:small">
  81 <p> Example Login page for CGIscriptor.pl<br />
  82     Copyright &copy; 2012  R.J.J.H. van Son<br />
  83     This program is free software: you can redistribute it and/or modify
  84     it under the terms of the GNU General Public License as published by
  85     the Free Software Foundation, either version 3 of the License, or
  86     (at your option) any later version.
  87     This program is distributed in the hope that it will be useful,
  88     but WITHOUT ANY WARRANTY; without even the implied warranty of
  89     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  90     GNU General Public License for more details.<br />
  91     You should have received a copy of the GNU General Public License
  92     along with this program.  If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.</p>
  93 <p> JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined in FIPS 180-1<br />
  94     Copyright &copy; 2000 - 2009 Paul Johnston, Version 2.2<br />
  95     Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet<br />
  96     Distributed under the BSD License<br />
  97     See <a href="http://pajhome.org.uk/crypt/md5">http://pajhome.org.uk/crypt/md5</a> for details.
  98 </FONT>
  99
 100 </body>
 101 </html>