2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
10 // Function definitions
11 function hex_sha256 (plaintext) {
12 var shaObj = new jsSHA(plaintext, "ASCII");
13 return shaObj.getHash("SHA-1", "HEX");
15 function hex_sha256 (plaintext) {
16 var shaObj = new jsSHA(plaintext, "ASCII");
17 return shaObj.getHash("SHA-256", "HEX");
19 function hex_sha512 (plaintext) {
20 var shaObj = new jsSHA(plaintext, "ASCII");
21 return shaObj.getHash("SHA-256", "HEX");
23 function chained_sha (plaintext) {
24 return hex_sha256( hex_sha256( hex_sha512(plaintext) ) );
27 function loadSessionData (SessionType, ChallengeTicket) {
28 if(SessionType == 'CHALLENGE')
29 setChallengeParameters(ChallengeTicket);
30 else if(SessionType == 'SESSION')
31 setSessionParameters();
35 function createCookie(name,value,days,path) {
37 var date = new Date();
38 date.setTime(date.getTime()+(days*24*60*60*1000));
39 var expires = "; expires="+date.toGMTString();
41 else var expires = "";
42 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
45 document.cookie = document.cookie.replace(match[1], name+"="+value);
46 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
49 document.cookie = name+"=-";
50 document.cookie = name+"="+value+expires+"; path=/"+path;
55 function readCookie(name) {
56 var nameEQ = name + "=";
57 var ca = document.cookie.split(';');
58 for(var i=0;i < ca.length;i++) {
60 while (c.charAt(0)==' ') c = c.substring(1,c.length);
61 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
66 function eraseCookie(name) {
67 createCookie(name,"",-1);
70 // Combine the PASSWORD with the site SERVERSALT and hash it
71 // Combine this Hash iwth the extra SERVERSALT, and hash them
72 function HashPassword(extsalt) {
73 var hash = HashSessionSeed(extsalt);
74 var password = document.getElementById('PASSWORD');
76 password.value = hash;
78 alert("NO PASSWORD IN FORM");
84 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
85 function SetSessionCookie() {
86 var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
87 var secret = '<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>';
88 var hash = HashSessionSeed(seed);
89 // Dom.storage.enabled must be set!
90 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
91 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
94 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
96 // Store a secret key, if one is given
98 var secrethash = HashSessionSeed(secret);
99 sessionStorage.setItem("CGIscriptorSECRET", secrethash);
105 function HashSessionSeed(sessionseed) {
108 var passwordvalue = document.getElementById('PASSWORD');
109 var saltvalue = document.getElementById('SERVERSALT');
110 var username = document.getElementById('CGIUSERNAME');
111 hash1 = hex_sha256(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
113 if(sessionseed != "")
114 hash2 = hex_sha256(sessionseed+hash1);
120 // Remember to hash the repeat too! Or else it will be send in the clear
121 function HashNewPassword(userid) {
123 var newpassword = document.getElementById('NEWPASSWORD');
124 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
125 var username = document.getElementById(userid);
126 if(newpassword.value == "" ) {
127 newpassword.value = "";
130 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
131 newpassword.value = "";
132 newpasswordrep.value = "";
135 var saltvalue = document.getElementById('SERVERSALT');
136 hash1 = hex_sha256(saltvalue.value+newpassword.value+username.value.toLowerCase());
137 newpassword.value = hash1;
138 newpasswordrep.value = hash1;
142 function XOR_hex_strings(hex1, hex2) {
144 for(var i=0; i < hex1.length; ++i) {
145 var d1 = parseInt(hex1.charAt(i),16);
146 var d2 = parseInt(hex2.charAt(i),16);
148 resultHex = resultHex+resultD.toString(16);
153 function EncryptNewPassword(userid) {
154 var password = document.getElementById('PASSWORD');
155 var saltvalue = document.getElementById('SERVERSALT');
156 var login = document.getElementById('LOGINTICKET');
157 var newpassword = document.getElementById('NEWPASSWORD');
158 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
159 var username = document.getElementById('CGIUSERNAME');
161 // This hashes the newpassword field!
162 HashNewPassword(userid);
163 hash = hex_sha256(saltvalue.value+password.value+username.value.toLowerCase());
164 hash2 = hex_sha256(login.value+hash);
165 var encrypted = XOR_hex_strings(hash2, newpassword.value);
166 newpassword.value = encrypted;
167 newpasswordrep.value = encrypted;
171 function DecryptNewPassword(key, encrypted) {
172 decrypted = XOR_hex_strings(key, encrypted);
177 function add_cgiparam(elem, attr, param) {
178 var elems = document.getElementsByTagName(elem);
179 for (var i = 0; i < elems.length; i++)
181 var n=elems[i][attr].indexOf("?");
183 elems[i][attr] = elems[i][attr] + "?" + param;
185 elems[i][attr] = elems[i][attr] + "&" + param;
189 function setSessionParameters() {
190 var sessionset = readCookie("CGIscriptorSESSION");
191 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
193 var sessionticket = "";
194 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
195 if(!sessionticket) return false;
196 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
198 // Without cookies, use this
199 // var sessionparm = document.getElementById('SESSIONTICKET');
200 // if(sessionparm) sessionparm.value = sessionticket;
201 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
202 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
205 function setChallengeParameters(sessionset) {
206 if(!(sessionset && sessionset.match(/[\S]/)))return false;
208 var sessionticket = "";
209 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
210 if(!sessionkey) return false;
211 sessionticket = hex_sha256(sessionset+sessionkey);
212 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
214 // Without cookies, use this
215 // var sessionparm = document.getElementById('CHALLENGETICKET');
216 // if(sessionparm) sessionparm.value = sessionticket;
218 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
219 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
223 function clear_persistent_data () {
224 createCookie("CGIscriptorSESSION","", 0, "");
225 createCookie("CGIscriptorCHALLENGE","", 0, "");
226 sessionStorage.setItem("CGIscriptorPRIVATE", "");
230 function check_password_fields ( ) {
231 var newpassword = document.getElementById('NEWPASSWORD');
232 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
233 if(newpassword.value == "" || newpasswordrep.value == "") {
234 alert("No passwords");
237 if(newpassword.value == newpasswordrep.value) {
238 var submitbutton = document.getElementById('SUBMIT');
239 submitbutton.style.color = "Black";
242 alert("Passwords differ");
246 function check_username_password ( ) {
247 var username = document.getElementById('CGIUSERNAME');
248 var password = document.getElementById('PASSWORD');
249 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
251 alert("Please enter a user name and password");
255 function revealPasswords () {
256 var inputs = document.getElementsByTagName("input");
257 for (i=(inputs.length-1); i>=0; i--) {
258 var curr = inputs[i];
259 if (curr.type.toLowerCase()=="password") {
266 function hidePasswords () {
267 var inputs = document.getElementsByTagName("input");
268 for (i=(inputs.length-1); i>=0; i--) {
269 var curr = inputs[i];
270 if (curr.type.toLowerCase()=="text") {
271 curr.type = "PASSWORD";
277 function togglePasswords (hide, show, value) {
278 if(value.match(hide)) {
280 return value.replace(hide, show);
283 return value.replace(show, hide);