Remove MD5 -> SHA1 password transition and replace it by (10 characters -> 256 charac...

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 025af61..3f7b5dd 100644 (file)
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -87,6 +87,7 @@ class XorgSession extends PlSession
                                        SET  password = {?}
                                      WHERE  user_id = {?}',
                                    $new_password, $uid);
+                      /* TODO: update GApps password here!!! */
                 }
             }
             if ($response != $expected_response) {

diff --git a/htdocs/javascript/do_challenge_response.js b/htdocs/javascript/do_challenge_response.js
index 77ad253..0a9c94d 100644 (file)
--- a/htdocs/javascript/do_challenge_response.js
+++ b/htdocs/javascript/do_challenge_response.js
@@ -33,7 +33,7 @@ function correctUserName() {
     if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; }
     // jean paul dupont -> jean-paul.dupont
     if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; }
-    
+
     alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composé,\nsépare les mots par des -');
 
     return false;
@@ -44,8 +44,8 @@ function doChallengeResponse() {
     if (!correctUserName()) return false;
 
     var new_pass = hash_encrypt(document.forms.login.password.value);
-    var old_pass = MD5(document.forms.login.password.value);
-    
+    var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10));
+
     str = document.forms.login.username.value + ":" +
         new_pass + ":" +
         document.forms.loginsub.challenge.value;
@@ -57,6 +57,5 @@ function doChallengeResponse() {
     document.forms.loginsub.domain.value = document.forms.login.domain.value;
     document.forms.login.password.value = "";
     document.forms.loginsub.submit();
-
 }
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:

diff --git a/templates/core/password_prompt.tpl b/templates/core/password_prompt.tpl
index f3be2ff..f43446d 100644 (file)
--- a/templates/core/password_prompt.tpl
+++ b/templates/core/password_prompt.tpl
@@ -78,7 +78,7 @@ Si tu n'es pas {insert name="getName"}, change le login ci-dessous, ou rends-toi
         Mot de passe :
       </td>
       <td>
-        <input type="password" name="password" size="10" maxlength="10" />
+        <input type="password" name="password" size="10" maxlength="256" />
       </td>
     </tr>
     <tr>

diff --git a/templates/core/password_prompt_logged.tpl b/templates/core/password_prompt_logged.tpl
index f3efb71..b37aab8 100644 (file)
--- a/templates/core/password_prompt_logged.tpl
+++ b/templates/core/password_prompt_logged.tpl
@@ -50,7 +50,7 @@
         Mot de passe :
       </td>
       <td>
-        <input type="password" name="password" size="10" maxlength="10" />
+        <input type="password" name="password" size="10" maxlength="256" />
         &nbsp;<a href="recovery">Perdu&nbsp;?</a>
       </td>
       <td class="right" rowspan="2" style="vertical-align: middle">

diff --git a/templates/platal/motdepasse.tpl b/templates/platal/motdepasse.tpl
index 983dbdb..0ddba49 100644 (file)
--- a/templates/platal/motdepasse.tpl
+++ b/templates/platal/motdepasse.tpl
@@ -47,7 +47,7 @@
         Mot de passe :
       </td>
       <td>
-        <input type="password" size="10" maxlength="10" name="nouveau" />
+        <input type="password" size="10" maxlength="256" name="nouveau" />
       </td>
     </tr>
     <tr>
@@ -55,7 +55,7 @@
         Retape-le une fois&nbsp;:
       </td>
       <td>
-        <input type="password" size="10" maxlength="10" name="nouveau2" />
+        <input type="password" size="10" maxlength="256" name="nouveau2" />
       </td>
     </tr>
     <tr>