X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=htdocs%2Fjavascript%2Fdo_challenge_response.js;h=14d5e34731d3eab7bed23a4931e5529f48de51fc;hb=5112531d976339fcb6be3846dd7f8754e7547311;hp=77ad25347edaf703982efa8434e9027c02f12e47;hpb=730a173a333507926e0029d8a96c3a26b55756e4;p=platal.git

diff --git a/htdocs/javascript/do_challenge_response.js b/htdocs/javascript/do_challenge_response.js
index 77ad253..14d5e34 100644
--- a/htdocs/javascript/do_challenge_response.js
+++ b/htdocs/javascript/do_challenge_response.js
@@ -1,5 +1,5 @@
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -33,7 +33,7 @@ function correctUserName() {
     if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; }
     // jean paul dupont -> jean-paul.dupont
     if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; }
-    
+
     alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composÃ©,\nsÃ©pare les mots par des -');
 
     return false;
@@ -44,19 +44,20 @@ function doChallengeResponse() {
     if (!correctUserName()) return false;
 
     var new_pass = hash_encrypt(document.forms.login.password.value);
-    var old_pass = MD5(document.forms.login.password.value);
-    
+    var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10));
+
     str = document.forms.login.username.value + ":" +
         new_pass + ":" +
         document.forms.loginsub.challenge.value;
 
     document.forms.loginsub.response.value = hash_encrypt(str);
-    document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass);
+    if (new_pass != old_pass) {
+        document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass);
+    }
     document.forms.loginsub.username.value = document.forms.login.username.value;
     document.forms.loginsub.remember.value = document.forms.login.remember.checked;
     document.forms.loginsub.domain.value = document.forms.login.domain.value;
     document.forms.login.password.value = "";
     document.forms.loginsub.submit();
-
 }
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: