header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
if (S::logged()) {
$page->changeTpl('core/password_prompt_logged.tpl');
- $page->addJsLink('do_challenge_response_logged.js');
} else {
$page->changeTpl('core/password_prompt.tpl');
- $page->addJsLink('do_challenge_response.js');
}
$page->assign_by_ref('platal', $this);
$page->run();
$this->changeTpl('platal/index.tpl');
$this->addJsLink('jquery.xorg.js');
$this->addJsLink('overlib.js');
- $this->addJsLink('secure_hash.js');
$this->addJsLink('core.js');
$this->addJsLink('xorg.js');
$this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique');
+++ /dev/null
-/***************************************************************************
- * Copyright (C) 2003-2011 Polytechnique.org *
- * http://opensource.polytechnique.org/ *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software *
- * Foundation, Inc., *
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
- ***************************************************************************/
-
-function correctUserName() {
- var u = document.forms.login.username;
- // login with no space
- if (u.value.indexOf(' ') < 0) return true;
- var mots = u.value.split(' ');
- // jean paul.du pont -> jean-paul.du-pont
- if (u.value.indexOf('.') > 0) { u.value = mots.join('-'); return true; }
- // jean dupont -> jean.dupont
- if (mots.length == 2) { u.value = mots[0]+"."+mots[1]; return true; }
- // jean dupont 2001 -> jean.dupont.2001
- if (mots.length == 3 && mots[2] > 1920 && mots[2] < 3000) { u.value = mots.join('.'); return true; }
- // jean de la vallee -> jean.de-la-vallee
- if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; }
- // jean paul dupont -> jean-paul.dupont
- if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; }
-
- alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composé,\nsépare les mots par des -');
-
- return false;
-}
-
-function doChallengeResponse() {
-
- if (!correctUserName()) return false;
-
- var new_pass = hash_encrypt(document.forms.login.password.value);
- var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10));
-
- str = document.forms.login.username.value + ":" +
- new_pass + ":" +
- document.forms.loginsub.challenge.value;
-
- document.forms.loginsub.response.value = hash_encrypt(str);
- if (new_pass != old_pass) {
- document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass);
- }
- document.forms.loginsub.username.value = document.forms.login.username.value;
- document.forms.loginsub.remember.value = document.forms.login.remember.checked;
- document.forms.loginsub.domain.value = document.forms.login.domain.value;
- document.forms.login.password.value = "";
- document.forms.loginsub.submit();
-}
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+++ /dev/null
-/***************************************************************************
- * Copyright (C) 2003-2011 Polytechnique.org *
- * http://opensource.polytechnique.org/ *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software *
- * Foundation, Inc., *
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
- ***************************************************************************/
-
-function doChallengeResponse() {
- var new_pass = hash_encrypt(document.forms.login.password.value);
-
- str = document.forms.loginsub.username.value + ":" +
- hash_encrypt(document.forms.login.password.value) + ":" +
- document.forms.loginsub.challenge.value;
-
- document.forms.loginsub.response.value = hash_encrypt(str);
- document.forms.loginsub.remember.value = document.forms.login.remember.checked;
- document.forms.login.password.value = "";
- document.forms.loginsub.submit();
-}
-
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+++ /dev/null
-/***************************************************************************
- * Copyright (C) 2003-2011 Polytechnique.org *
- * http://opensource.polytechnique.org/ *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software *
- * Foundation, Inc., *
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
- ***************************************************************************/
-
-function hashResponse(password1, password2, hasConfirmation) {
- pw1 = $('[name=' + password1 + ']').val();
-
- if (hasConfirmation) {
- pw2 = $('[name=' + password2 + ']').val();
- if (pw1 != pw2) {
- alert("\nErreur : les deux champs ne sont pas identiques !");
- return false;
- }
- $('[name=' + password2 + ']').val('');
- } else if (pw1 == '********') {
- return true;
- }
-
- if (pw1.length < 6) {
- alert("\nErreur : le nouveau mot de passe doit faire au moins 6 caractères !");
- return false;
- }
- if (!differentTypes(pw1)) {
- alert ("\nErreur : le nouveau mot de passe doit comporter au moins deux types de caractères parmi les suivants : lettres minuscules, lettres majuscules, chiffres, caractères spéciaux.");
- return false;
- }
-
- alert("Le mot de passe que tu as rentré va être chiffré avant de nous parvenir par Internet ! Ainsi il ne circulera pas en clair.");
- $('[name=' + password1 + ']').val('');
- $('[name=pwhash]').val(hash_encrypt(pw1));
- return true;
-}
-
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+++ /dev/null
-/***************************************************************************
- * Copyright (C) 2003-2011 Polytechnique.org *
- * http://opensource.polytechnique.org/ *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software *
- * Foundation, Inc., *
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
- ***************************************************************************/
-
-/* {{{ SHA1 Implementation */
-
-/*
- * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
- * in FIPS PUB 180-1
- * Version 2.1a Copyright Paul Johnston 2000 - 2002.
- * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
- * Distributed under the BSD License
- * See http://pajhome.org.uk/crypt/md5 for details.
- */
-
-/*
- * Configurable variables. You may need to tweak these to be compatible with
- * the server-side, but the defaults work in most cases.
- */
-var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
-var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
-var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
-
-/*
- * These are the functions you'll usually want to call
- * They take string arguments and return either hex or base-64 encoded strings
- */
-function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
-function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));}
-function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
-function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
-function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
-function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
-
-/*
- * Perform a simple self-test to see if the VM is working
- */
-function sha1_vm_test()
-{
- return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
-}
-
-/*
- * Calculate the SHA-1 of an array of big-endian words, and a bit length
- */
-function core_sha1(x, len)
-{
- /* append padding */
- x[len >> 5] |= 0x80 << (24 - len % 32);
- x[((len + 64 >> 9) << 4) + 15] = len;
-
- var w = Array(80);
- var a = 1732584193;
- var b = -271733879;
- var c = -1732584194;
- var d = 271733878;
- var e = -1009589776;
-
- for(var i = 0; i < x.length; i += 16)
- {
- var olda = a;
- var oldb = b;
- var oldc = c;
- var oldd = d;
- var olde = e;
-
- for(var j = 0; j < 80; j++)
- {
- if(j < 16) w[j] = x[i + j];
- else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
- var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
- safe_add(safe_add(e, w[j]), sha1_kt(j)));
- e = d;
- d = c;
- c = rol(b, 30);
- b = a;
- a = t;
- }
-
- a = safe_add(a, olda);
- b = safe_add(b, oldb);
- c = safe_add(c, oldc);
- d = safe_add(d, oldd);
- e = safe_add(e, olde);
- }
- return Array(a, b, c, d, e);
-
-}
-
-/*
- * Perform the appropriate triplet combination function for the current
- * iteration
- */
-function sha1_ft(t, b, c, d)
-{
- if(t < 20) return (b & c) | ((~b) & d);
- if(t < 40) return b ^ c ^ d;
- if(t < 60) return (b & c) | (b & d) | (c & d);
- return b ^ c ^ d;
-}
-
-/*
- * Determine the appropriate additive constant for the current iteration
- */
-function sha1_kt(t)
-{
- return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
- (t < 60) ? -1894007588 : -899497514;
-}
-
-/*
- * Calculate the HMAC-SHA1 of a key and some data
- */
-function core_hmac_sha1(key, data)
-{
- var bkey = str2binb(key);
- if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
-
- var ipad = Array(16), opad = Array(16);
- for(var i = 0; i < 16; i++)
- {
- ipad[i] = bkey[i] ^ 0x36363636;
- opad[i] = bkey[i] ^ 0x5C5C5C5C;
- }
-
- var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
- return core_sha1(opad.concat(hash), 512 + 160);
-}
-
-/*
- * Add integers, wrapping at 2^32. This uses 16-bit operations internally
- * to work around bugs in some JS interpreters.
- */
-function safe_add(x, y)
-{
- var lsw = (x & 0xFFFF) + (y & 0xFFFF);
- var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
- return (msw << 16) | (lsw & 0xFFFF);
-}
-
-/*
- * Bitwise rotate a 32-bit number to the left.
- */
-function rol(num, cnt)
-{
- return (num << cnt) | (num >>> (32 - cnt));
-}
-
-/*
- * Convert an 8-bit or 16-bit string to an array of big-endian words
- * In 8-bit function, characters >255 have their hi-byte silently ignored.
- */
-function str2binb(str)
-{
- var bin = Array();
- var mask = (1 << chrsz) - 1;
- for(var i = 0; i < str.length * chrsz; i += chrsz)
- bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
- return bin;
-}
-
-/*
- * Convert an array of big-endian words to a string
- */
-function binb2str(bin)
-{
- var str = "";
- var mask = (1 << chrsz) - 1;
- for(var i = 0; i < bin.length * 32; i += chrsz)
- str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
- return str;
-}
-
-/*
- * Convert an array of big-endian words to a hex string.
- */
-function binb2hex(binarray)
-{
- var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
- var str = "";
- for(var i = 0; i < binarray.length * 4; i++)
- {
- str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
- hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
- }
- return str;
-}
-
-/*
- * Convert an array of big-endian words to a base-64 string
- */
-function binb2b64(binarray)
-{
- var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- var str = "";
- for(var i = 0; i < binarray.length * 4; i += 3)
- {
- var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
- | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
- | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
- for(var j = 0; j < 4; j++)
- {
- if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
- else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
- }
- }
- return str;
-}
-
-/* }}} */
-
-function hash_encrypt(a) {
- return hex_sha1(a);
-}
-
-var hexa_h = "0123456789abcdef";
-
-function dechex(a) {
- return hexa_h.charAt(a);
-}
-
-function hexdec(a) {
- return hexa_h.indexOf(a);
-}
-
-function hash_xor(a, b) {
- var c,i,j,k;
- c = "";
- i = a.length;
- j = b.length;
- if (i < j) {
- var d;
- d = a; a = b; b = d;
- k = i; i = j; j = k;
- }
- for (k = 0; k < j; k++)
- c += dechex(hexdec(a.charAt(k)) ^ hexdec(b.charAt(k)));
- for (; k < i; k++)
- c += a.charAt(k);
- return c;
-}
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
// {{{ function checkPassword
+/* {{{ SHA1 Implementation */
+
+/*
+ * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
+ * in FIPS PUB 180-1
+ * Version 2.1a Copyright Paul Johnston 2000 - 2002.
+ * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
+ * Distributed under the BSD License
+ * See http://pajhome.org.uk/crypt/md5 for details.
+ */
+
+/*
+ * Configurable variables. You may need to tweak these to be compatible with
+ * the server-side, but the defaults work in most cases.
+ */
+var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
+var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
+var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
+
+/*
+ * These are the functions you'll usually want to call
+ * They take string arguments and return either hex or base-64 encoded strings
+ */
+function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
+function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));}
+function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
+function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
+function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
+function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
+
+/*
+ * Perform a simple self-test to see if the VM is working
+ */
+function sha1_vm_test()
+{
+ return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
+}
+
+/*
+ * Calculate the SHA-1 of an array of big-endian words, and a bit length
+ */
+function core_sha1(x, len)
+{
+ /* append padding */
+ x[len >> 5] |= 0x80 << (24 - len % 32);
+ x[((len + 64 >> 9) << 4) + 15] = len;
+
+ var w = Array(80);
+ var a = 1732584193;
+ var b = -271733879;
+ var c = -1732584194;
+ var d = 271733878;
+ var e = -1009589776;
+
+ for(var i = 0; i < x.length; i += 16)
+ {
+ var olda = a;
+ var oldb = b;
+ var oldc = c;
+ var oldd = d;
+ var olde = e;
+
+ for(var j = 0; j < 80; j++)
+ {
+ if(j < 16) w[j] = x[i + j];
+ else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
+ var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
+ safe_add(safe_add(e, w[j]), sha1_kt(j)));
+ e = d;
+ d = c;
+ c = rol(b, 30);
+ b = a;
+ a = t;
+ }
+
+ a = safe_add(a, olda);
+ b = safe_add(b, oldb);
+ c = safe_add(c, oldc);
+ d = safe_add(d, oldd);
+ e = safe_add(e, olde);
+ }
+ return Array(a, b, c, d, e);
+
+}
+
+/*
+ * Perform the appropriate triplet combination function for the current
+ * iteration
+ */
+function sha1_ft(t, b, c, d)
+{
+ if(t < 20) return (b & c) | ((~b) & d);
+ if(t < 40) return b ^ c ^ d;
+ if(t < 60) return (b & c) | (b & d) | (c & d);
+ return b ^ c ^ d;
+}
+
+/*
+ * Determine the appropriate additive constant for the current iteration
+ */
+function sha1_kt(t)
+{
+ return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
+ (t < 60) ? -1894007588 : -899497514;
+}
+
+/*
+ * Calculate the HMAC-SHA1 of a key and some data
+ */
+function core_hmac_sha1(key, data)
+{
+ var bkey = str2binb(key);
+ if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
+
+ var ipad = Array(16), opad = Array(16);
+ for(var i = 0; i < 16; i++)
+ {
+ ipad[i] = bkey[i] ^ 0x36363636;
+ opad[i] = bkey[i] ^ 0x5C5C5C5C;
+ }
+
+ var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
+ return core_sha1(opad.concat(hash), 512 + 160);
+}
+
+/*
+ * Add integers, wrapping at 2^32. This uses 16-bit operations internally
+ * to work around bugs in some JS interpreters.
+ */
+function safe_add(x, y)
+{
+ var lsw = (x & 0xFFFF) + (y & 0xFFFF);
+ var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
+ return (msw << 16) | (lsw & 0xFFFF);
+}
+
+/*
+ * Bitwise rotate a 32-bit number to the left.
+ */
+function rol(num, cnt)
+{
+ return (num << cnt) | (num >>> (32 - cnt));
+}
+
+/*
+ * Convert an 8-bit or 16-bit string to an array of big-endian words
+ * In 8-bit function, characters >255 have their hi-byte silently ignored.
+ */
+function str2binb(str)
+{
+ var bin = Array();
+ var mask = (1 << chrsz) - 1;
+ for(var i = 0; i < str.length * chrsz; i += chrsz)
+ bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
+ return bin;
+}
+
+/*
+ * Convert an array of big-endian words to a string
+ */
+function binb2str(bin)
+{
+ var str = "";
+ var mask = (1 << chrsz) - 1;
+ for(var i = 0; i < bin.length * 32; i += chrsz)
+ str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
+ return str;
+}
+
+/*
+ * Convert an array of big-endian words to a hex string.
+ */
+function binb2hex(binarray)
+{
+ var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
+ var str = "";
+ for(var i = 0; i < binarray.length * 4; i++)
+ {
+ str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
+ hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
+ }
+ return str;
+}
+
+/*
+ * Convert an array of big-endian words to a base-64 string
+ */
+function binb2b64(binarray)
+{
+ var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ var str = "";
+ for(var i = 0; i < binarray.length * 4; i += 3)
+ {
+ var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
+ | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
+ | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
+ for(var j = 0; j < 4; j++)
+ {
+ if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
+ else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
+ }
+ }
+ return str;
+}
+
+/* }}} */
+
+function hash_encrypt(a) {
+ return hex_sha1(a);
+}
+
+var hexa_h = "0123456789abcdef";
+
+function dechex(a) {
+ return hexa_h.charAt(a);
+}
+
+function hexdec(a) {
+ return hexa_h.indexOf(a);
+}
+
+function hash_xor(a, b) {
+ var c,i,j,k;
+ c = "";
+ i = a.length;
+ j = b.length;
+ if (i < j) {
+ var d;
+ d = a; a = b; b = d;
+ k = i; i = j; j = k;
+ }
+ for (k = 0; k < j; k++)
+ c += dechex(hexdec(a.charAt(k)) ^ hexdec(b.charAt(k)));
+ for (; k < i; k++)
+ c += a.charAt(k);
+ return c;
+}
+
+
function getType(c) {
if (c >= 'a' && c <= 'z') {
return 1;
}
}
+function hashResponse(password1, password2, hasConfirmation) {
+ pw1 = $('[name=' + password1 + ']').val();
+
+ if (hasConfirmation) {
+ pw2 = $('[name=' + password2 + ']').val();
+ if (pw1 != pw2) {
+ alert("\nErreur : les deux champs ne sont pas identiques !");
+ return false;
+ }
+ $('[name=' + password2 + ']').val('');
+ } else if (pw1 == '********') {
+ return true;
+ }
+
+ if (pw1.length < 6) {
+ alert("\nErreur : le nouveau mot de passe doit faire au moins 6 caractères !");
+ return false;
+ }
+ if (!differentTypes(pw1)) {
+ alert ("\nErreur : le nouveau mot de passe doit comporter au moins deux types de caractères parmi les suivants : lettres minuscules, lettres majuscules, chiffres, caractères spéciaux.");
+ return false;
+ }
+
+ alert("Le mot de passe que tu as rentré va être chiffré avant de nous parvenir par Internet ! Ainsi il ne circulera pas en clair.");
+ $('[name=' + password1 + ']').val('');
+ $('[name=pwhash]').val(hash_encrypt(pw1));
+ return true;
+}
+
+function correctUserName() {
+ var u = document.forms.login.username;
+ // login with no space
+ if (u.value.indexOf(' ') < 0) return true;
+ var mots = u.value.split(' ');
+ // jean paul.du pont -> jean-paul.du-pont
+ if (u.value.indexOf('.') > 0) { u.value = mots.join('-'); return true; }
+ // jean dupont -> jean.dupont
+ if (mots.length == 2) { u.value = mots[0]+"."+mots[1]; return true; }
+ // jean dupont 2001 -> jean.dupont.2001
+ if (mots.length == 3 && mots[2] > 1920 && mots[2] < 3000) { u.value = mots.join('.'); return true; }
+ // jean de la vallee -> jean.de-la-vallee
+ if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; }
+ // jean paul dupont -> jean-paul.dupont
+ if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; }
+
+ alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composé,\nsépare les mots par des -');
+
+ return false;
+}
+
+function doChallengeResponse() {
+
+ if (!correctUserName()) return false;
+
+ var new_pass = hash_encrypt(document.forms.login.password.value);
+ var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10));
+
+ str = document.forms.login.username.value + ":" +
+ new_pass + ":" +
+ document.forms.loginsub.challenge.value;
+
+ document.forms.loginsub.response.value = hash_encrypt(str);
+ if (new_pass != old_pass) {
+ document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass);
+ }
+ document.forms.loginsub.username.value = document.forms.login.username.value;
+ document.forms.loginsub.remember.value = document.forms.login.remember.checked;
+ document.forms.loginsub.domain.value = document.forms.login.domain.value;
+ document.forms.login.password.value = "";
+ document.forms.loginsub.submit();
+}
+
+function doChallengeResponseLogged() {
+ var new_pass = hash_encrypt(document.forms.login.password.value);
+
+ str = document.forms.loginsub.username.value + ":" +
+ hash_encrypt(document.forms.login.password.value) + ":" +
+ document.forms.loginsub.challenge.value;
+
+ document.forms.loginsub.response.value = hash_encrypt(str);
+ document.forms.loginsub.remember.value = document.forms.login.remember.checked;
+ document.forms.login.password.value = "";
+ document.forms.loginsub.submit();
+}
+
// }}}
// {{{ send test email
$page->addJsLink('jquery.ui.xorg.js');
- $page->addJsLink('password.js');
// Displays last login and last host information.
$res = XDB::query("SELECT start, host
{
$page->changeTpl('admin/accounts.tpl');
$page->setTitle('Administration - Comptes');
- $page->addJsLink('password.js');
if (Post::has('create_account')) {
S::assert_xsrf_token();
require_once("emails.inc.php");
require_once("googleapps.inc.php");
$page->changeTpl('googleapps/index.tpl');
- $page->addJsLink('password.js');
$page->setTitle('Compte Google Apps');
$user = S::user();
}
$page->changeTpl('platal/password.tpl');
- $page->addJsLink('password.js');
$page->setTitle('Mon mot de passe');
}
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
$page->changeTpl('platal/password.tpl');
- $page->addJsLink('password.js');
}
}
}
$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
- $page->addJsLink('password.js');
if (isset($error)) {
$page->trigError($error);
}
// Prepare the template for display.
$page->changeTpl('register/end.tpl');
- $page->addJsLink('do_challenge_response_logged.js');
$page->assign('forlife', $forlife);
$page->assign('firstname', $firstname);
</div>
<br />
-<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit='doChallengeResponse(); return false;'>
+<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit='doChallengeResponseLogged(); return false;'>
<table class="bicol" cellpadding="4" summary="Formulaire de login">
<tr>
<td class="titre">
il te suffit de taper ton mot de passe ci-dessous. Tu pourras ensuite librement
accéder au site, et à notre annuaire en ligne !</p>
-<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit='doChallengeResponse(); return false;'>
+<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit='doChallengeResponseLogged(); return false;'>
<table class="bicol">
<tr>
<td class="titre">Nom d'utilisateur :</td>
projects / platal.git / commitdiff