n'envoie plus le hash du mot de passe directement quand on change de mot de passe

[platal.git] / htdocs / javascript / do_challenge_response_logged.js

diff --git a/htdocs/javascript/do_challenge_response_logged.js b/htdocs/javascript/do_challenge_response_logged.js
index d25c9a7..2ec3595 100644 (file)
--- a/htdocs/javascript/do_challenge_response_logged.js
+++ b/htdocs/javascript/do_challenge_response_logged.js
@@ -18,6 +18,8 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
+document.write('<script language="javascript" src="javascript/secure_hash.js"></script>');
+
 function readCookie(name)
 {
     var nameEQ = name + "=";
@@ -33,11 +35,15 @@ function readCookie(name)
 
 
 function doChallengeResponse() {
+    var new_pass = hash_encrypt(document.forms.login.password.value);
+    var old_pass = MD5(document.forms.login.password.value);
+    
     str = readCookie('ORGuid') + ":" +
-        MD5(document.forms.login.password.value) + ":" +
+        hash_encrypt(document.forms.login.password.value) + ":" +
         document.forms.loginsub.challenge.value;
 
-    document.forms.loginsub.response.value = MD5(str);
+    document.forms.loginsub.response.value = hash_encrypt(str);
+    document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass);
     document.forms.loginsub.remember.value = document.forms.login.remember.checked;
     document.forms.login.password.value = "";
     document.forms.loginsub.submit();