| blob | fd1c041b7caa72a74e9edf2d4a8341c937c3fdaa |
1 // Global variables
2 var CGIscriptorSessionType = "<SCRIPT TYPE="text/ssperl" CGI='$SESSIONTYPE=""'>
3 $SESSIONTYPE;
4 </SCRIPT>";
5 var CGIscriptorChallengeTicket = "<SCRIPT TYPE="text/ssperl" CGI='$CHALLENGETICKET=""'>
6 $CHALLENGETICKET;
7 </SCRIPT>";
10 // Function definitions
11 function hex_sha256 (plaintext) {
12 var shaObj = new jsSHA(plaintext, "ASCII");
13 return shaObj.getHash("SHA-1", "HEX");
14 };
15 function hex_sha256 (plaintext) {
16 var shaObj = new jsSHA(plaintext, "ASCII");
17 return shaObj.getHash("SHA-256", "HEX");
18 };
19 function hex_sha512 (plaintext) {
20 var shaObj = new jsSHA(plaintext, "ASCII");
21 return shaObj.getHash("SHA-256", "HEX");
22 };
23 function chained_sha (plaintext) {
24 return hex_sha256( hex_sha256( hex_sha512(plaintext) ) );
25 };
27 function loadSessionData (SessionType, ChallengeTicket) {
28 if(SessionType == 'CHALLENGE')
29 setChallengeParameters(ChallengeTicket);
30 else if(SessionType == 'SESSION')
31 setSessionParameters();
32 return SessionType;
33 };
35 function createCookie(name,value,days,path) {
36 if (days) {
37 var date = new Date();
38 date.setTime(date.getTime()+(days*24*60*60*1000));
39 var expires = "; expires="+date.toGMTString();
40 }
41 else var expires = "";
42 var match = document.cookie.match('/('+name+'\=[^\;]*\);/');
43 if(match){
44 while(match) {
45 document.cookie = document.cookie.replace(match[1], name+"="+value);
46 match = document.cookie.match('/('+name+'\=[^\;]*\);/');
47 };
48 } else {
49 document.cookie = name+"=-";
50 document.cookie = name+"="+value+expires+"; path=/"+path;
51 };
52 };
55 function readCookie(name) {
56 var nameEQ = name + "=";
57 var ca = document.cookie.split(';');
58 for(var i=0;i < ca.length;i++) {
59 var c = ca[i];
60 while (c.charAt(0)==' ') c = c.substring(1,c.length);
61 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
62 }
63 return null;
64 };
66 function eraseCookie(name) {
67 createCookie(name,"",-1);
68 };
70 // Combine the PASSWORD with the site SERVERSALT and hash it
71 // Combine this Hash iwth the extra SERVERSALT, and hash them
72 function HashPassword(extsalt) {
73 var hash = HashSessionSeed(extsalt);
74 var password = document.getElementById('PASSWORD');
75 if(password){
76 password.value = hash;
77 } else {
78 alert("NO PASSWORD IN FORM");
79 return 0;
80 };
81 return hash;
82 }
84 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
85 function SetSessionCookie() {
86 var seed = '<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>';
87 var secret = '<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>';
88 var hash = HashSessionSeed(seed);
89 // Dom.storage.enabled must be set!
90 if (!sessionStorage || typeof(sessionStorage) == 'undefined' ) {
91 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
92 return 0;
93 }
94 else sessionStorage.setItem("CGIscriptorPRIVATE", hash);
96 // Store a secret key, if one is given
97 if(secret) {
98 var secrethash = HashSessionSeed(secret);
99 sessionStorage.setItem("CGIscriptorSECRET", secrethash);
100 };
102 return hash;
103 };
105 function HashSessionSeed(sessionseed) {
106 var hash1 = "";
107 var hash2 = "";
108 var passwordvalue = document.getElementById('PASSWORD');
109 var saltvalue = document.getElementById('SERVERSALT');
110 var username = document.getElementById('CGIUSERNAME');
111 hash1 = hex_sha256(saltvalue.value+passwordvalue.value+username.value.toLowerCase());
113 if(sessionseed != "")
114 hash2 = hex_sha256(sessionseed+hash1);
115 else
116 hash2 = hash1;
117 return hash2;
118 }
120 // Remember to hash the repeat too! Or else it will be send in the clear
121 function HashNewPassword(userid) {
122 var hash1 = "";
123 var newpassword = document.getElementById('NEWPASSWORD');
124 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
125 var username = document.getElementById(userid);
126 if(newpassword.value == "" ) {
127 newpassword.value = "";
128 return 0;
129 };
130 if(newpasswordrep && (newpasswordrep.value == ""|| newpassword.value != newpasswordrep.value)) {
131 newpassword.value = "";
132 newpasswordrep.value = "";
133 return 0;
134 };
135 var saltvalue = document.getElementById('SERVERSALT');
136 hash1 = hex_sha256(saltvalue.value+newpassword.value+username.value.toLowerCase());
137 newpassword.value = hash1;
138 newpasswordrep.value = hash1;
139 return hash1;
140 };
142 function XOR_hex_strings(hex1, hex2) {
143 var resultHex = "";
144 for(var i=0; i < hex1.length; ++i) {
145 var d1 = parseInt(hex1.charAt(i),16);
146 var d2 = parseInt(hex2.charAt(i),16);
147 var resultD = d1^d2;
148 resultHex = resultHex+resultD.toString(16);
149 };
150 return resultHex;
151 };
153 function EncryptNewPassword(userid) {
154 var password = document.getElementById('PASSWORD');
155 var saltvalue = document.getElementById('SERVERSALT');
156 var login = document.getElementById('LOGINTICKET');
157 var newpassword = document.getElementById('NEWPASSWORD');
158 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
159 var username = document.getElementById('CGIUSERNAME');
161 // This hashes the newpassword field!
162 HashNewPassword(userid);
163 hash = hex_sha256(saltvalue.value+password.value+username.value.toLowerCase());
164 hash2 = hex_sha256(login.value+hash);
165 var encrypted = XOR_hex_strings(hash2, newpassword.value);
166 newpassword.value = encrypted;
167 newpasswordrep.value = encrypted;
168 return encrypted;
169 };
171 function DecryptNewPassword(key, encrypted) {
172 decrypted = XOR_hex_strings(key, encrypted);
174 return decrypted;
175 };
177 function add_cgiparam(elem, attr, param) {
178 var elems = document.getElementsByTagName(elem);
179 for (var i = 0; i < elems.length; i++)
180 {
181 var n=elems[i][attr].indexOf("?");
182 if(n<0)
183 elems[i][attr] = elems[i][attr] + "?" + param;
184 else
185 elems[i][attr] = elems[i][attr] + "&" + param;
186 };
187 };
189 function setSessionParameters() {
190 var sessionset = readCookie("CGIscriptorSESSION");
191 if(!(sessionset &&sessionset.match(/[\S]/)))return false;
193 var sessionticket = "";
194 sessionticket = sessionStorage.getItem("CGIscriptorPRIVATE");
195 if(!sessionticket) return false;
196 createCookie("CGIscriptorSESSION",sessionticket, 0, "");
198 // Without cookies, use this
199 // var sessionparm = document.getElementById('SESSIONTICKET');
200 // if(sessionparm) sessionparm.value = sessionticket;
201 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
202 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
203 return true;
204 };
205 function setChallengeParameters(sessionset) {
206 if(!(sessionset && sessionset.match(/[\S]/)))return false;
208 var sessionticket = "";
209 var sessionkey = sessionStorage.getItem("CGIscriptorPRIVATE");
210 if(!sessionkey) return false;
211 sessionticket = hex_sha256(sessionset+sessionkey);
212 createCookie("CGIscriptorCHALLENGE",sessionticket, 0, "");
214 // Without cookies, use this
215 // var sessionparm = document.getElementById('CHALLENGETICKET');
216 // if(sessionparm) sessionparm.value = sessionticket;
218 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
219 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
220 return true;
221 };
223 function clear_persistent_data () {
224 createCookie("CGIscriptorSESSION","", 0, "");
225 createCookie("CGIscriptorCHALLENGE","", 0, "");
226 sessionStorage.setItem("CGIscriptorPRIVATE", "");
227 return true;
228 };
230 function check_password_fields ( ) {
231 var newpassword = document.getElementById('NEWPASSWORD');
232 var newpasswordrep = document.getElementById('NEWPASSWORDREP');
233 if(newpassword.value == "" || newpasswordrep.value == "") {
234 alert("No passwords");
235 return false;
236 };
237 if(newpassword.value == newpasswordrep.value) {
238 var submitbutton = document.getElementById('SUBMIT');
239 submitbutton.style.color = "Black";
240 return true;
241 };
242 alert("Passwords differ");
243 return false;
244 };
246 function check_username_password ( ) {
247 var username = document.getElementById('CGIUSERNAME');
248 var password = document.getElementById('PASSWORD');
249 if(username.value.match(/[a-zA-Z0-9]/) && password.value.match(/[a-zA-Z0-9]/))
250 return true;
251 alert("Please enter a user name and password");
252 return false;
253 };
255 function revealPasswords () {
256 var inputs = document.getElementsByTagName("input");
257 for (i=(inputs.length-1); i>=0; i--) {
258 var curr = inputs[i];
259 if (curr.type.toLowerCase()=="password") {
260 curr.type = "TEXT";
261 };
262 };
264 };
266 function hidePasswords () {
267 var inputs = document.getElementsByTagName("input");
268 for (i=(inputs.length-1); i>=0; i--) {
269 var curr = inputs[i];
270 if (curr.type.toLowerCase()=="text") {
271 curr.type = "PASSWORD";
272 };
273 };
275 };
277 function togglePasswords (hide, show, value) {
278 if(value.match(hide)) {
279 hidePasswords ();
280 return value.replace(hide, show);
281 } else {
282 revealPasswords ();
283 return value.replace(show, hide);
284 };
285 };