From 51c470f805c3db4861aaa8a4a801ebda98c71811 Mon Sep 17 00:00:00 2001
From: Rob van Son <r.j.j.h.vanson@gmail.com>
Date: Tue, 12 Jun 2012 14:07:36 +0200
Subject: [PATCH] Added CreateUser file

---
 Private/CreateUser.html | 135 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 Private/CreateUser.html

diff --git a/Private/CreateUser.html b/Private/CreateUser.html
new file mode 100644
index 0000000..bf3a118
--- /dev/null
+++ b/Private/CreateUser.html
@@ -0,0 +1,135 @@
+<html>
+<head>
+<title>Create User Account</title>
+<SCRIPT TYPE="text/ssperl" CGI='$SERVERSALT $LOGINTICKET $RANDOMSALT $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'>
+	::create_login_file("~/Private/.Passwords", "~/Private/.Sessions", $REMOTE_ADDR);	
+	"";
+</SCRIPT>
+<SCRIPT type="text/javascript" LANGUAGE="JavaScript">
+<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CGIscriptorSession.js"></SCRIPT>
+
+window.onload = function() {
+	loadSessionData (CGIscriptorSessionType, CGIscriptorChallengeTicket);
+	return true;
+};
+ 
+
+</SCRIPT>
+
+<script type="text/javascript">
+<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/sha.js"></SCRIPT>
+</script>
+
+</head>
+<body>
+<p ALIGN=RIGHT><a href="index.html?LOGOUT">Logout</a></p>
+<p ALIGN=RIGHT><a href="index.html">Home page</a></p>
+<h1 align=CENTER>Create new user account</h1>
+<p>
+<form method="POST" action="index.html" id="LoginForm"
+	onSubmit='if(! check_password_fields())return false;EncryptNewPassword();HashPassword("<SCRIPT TYPE="text/ssperl">
+	$RANDOMSALT</SCRIPT>");true'>
+<div style="margin-left: 20%; margin-right: 20%; text-align: left">
+<table cellspacing="5" >
+	<tr>
+		<td style="text-align: right">Password:</td>
+		<td style="text-align: left"><input type="PASSWORD" name="PASSWORD" id="PASSWORD" size="50" /></td>
+	</tr>
+	<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
+	<tr><td>&nbsp;</td><td>New user account settings</td></tr>
+	
+	<tr>
+		<td style="text-align: right">New Username:</td>
+		<td style="text-align: left">
+			<input type="text" name="NEWUSERNAME" id="NEWUSERNAME" size="30" />
+		</td>
+	</tr>
+	<tr>
+		<td style="text-align: right">New Password:</td>
+		<td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORD" id="NEWPASSWORD" size="50" />
+	</td>
+	<tr>
+		<td style="text-align: right">Repeat Password:</td>
+		<td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORDREP" id="NEWPASSWORDREP" size="50" onChange="check_password_fields();"/></td>
+ 	</tr>
+	<tr>
+		<td style="text-align: right">Session type:</td>
+		<td style="text-align: left">
+			<select name="NEWSESSION" id="NEWSESSION">
+				<option value ="SESSION" selected>SESSION</option>
+				<option value ="CHALLENGE">CHALLENGE</option>
+				<option value ="IPADDRESS">IPADDRESS</option>
+			</select>
+		</dt>
+	</tr>
+	<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
+	<tr>
+		<td></td>
+		<td style="text-align: left"><input type="submit" id="SUBMIT" value="Create" style="color: Gray" /></td>
+	</tr>
+</table>
+  <input type="hidden" name="CGIUSERNAME" id="CGIUSERNAME" size="20" value=<SCRIPT type="text/ssperl">$LOGINUSERNAME</SCRIPT> />
+  <input type="hidden" name="SERVERSALT" id="SERVERSALT" value="<SCRIPT TYPE="text/ssperl">$SERVERSALT</SCRIPT>" />
+  <input type="hidden" name="RANDOMSALT" id="RANDOMSALT" value="<SCRIPT TYPE="text/ssperl">$RANDOMSALT</SCRIPT>" />
+  <input type="hidden" name="LOGINTICKET" id="LOGINTICKET" value="<SCRIPT TYPE="text/ssperl">$LOGINTICKET</SCRIPT>" />
+  <input type="hidden" name="SESSIONTICKET" id="SESSIONTICKET"value="" />
+  <input type="hidden" name="CHALLENGETICKET" id="CHALLENGETICKET" value="" />
+</div>
+</form>
+</p>
+<h2 align=CENTER>Strong Passwords: It is so easy</h2>
+<p style="margin-left: 20%; margin-right: 20%; text-align: center">
+<a href="http://xkcd.com/936/" target="_blank"><img src="http://imgs.xkcd.com/comics/password_strength.png" width="60%" /></a>
+</p>
+<p style="margin-left: 30%; margin-right: 30%; text-align: center">
+<font style="font-size: small">
+<em>
+	Note: For the procedures used at this site, a basic computer setup can check 1 billion passwords per second. You need
+	a password (or phrase) strength in the order of 56 bits to be a little secure (one year on a single computer).<br />
+	An example whould be the phrase '</em>sherlock curry oleander<em>'.
+</em>
+</font>
+</p>
+<p style="margin-left: 30%; margin-right: 30%; text-align: justify">
+Your password might be vulnerable to <a href="https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force</em></a> guessing. 
+Protections against such attacks are costly in terms of code complexity, bugs, and execution time.<br />
+However, there is a very simple and secure counter measure. See the <a href="http://xkcd.com/936/" target="_blank">XKCD comic</a> 
+above. The phrase, <em>There is no password like more password</em> would be both much easier to remember, and still stronger than 
+<em>h4]D%@m:49</em>, at least before this phrase was pasted as an example on the Internet.<br />
+Please be so kind and add the name of your favorit flower, dish, or fictional character to your password. 
+Say, <em>Oleander</em>, <em>Curry</em>, or <em>Sherlock</em> (each adds 20 bits or more according to Google Ngram viewer) 
+or even the phrase <em>Sherlock hates curry with oleander</em> (adds ~ 69 bits).
+That would be more effective than adding a million rounds of encryption. 
+</p>
+<p>
+	<hr>
+</p>
+<p>
+The Salt and Ticket values are all created using SHA256 on 64 Byte of output from <em>/dev/urandom</em> in HEX.
+</p>
+<FONT STYLE="font-size:small">
+<p> Example Login page for CGIscriptor.pl<br />
+    Copyright &copy; 2012  R.J.J.H. van Son<br />
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.<br />
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.
+</p>
+<p> A JavaScript implementation of the SHA family of hashes, as defined in FIPS
+	PUB 180-2 as well as the corresponding HMAC implementation as defined in
+	FIPS PUB 198a<br />
+	Version 1.3 Copyright Brian Turek 2008-2010
+	Distributed under the BSD License<br />
+	See <a href="http://jssha.sourceforge.net/">http://jssha.sourceforge.net/</a> for more information<br />
+	Several functions taken from Paul Johnson
+</p>
+</FONT>
+
+</body>
+</html>
-- 
2.11.4.GIT