From: Florent Bruneau Date: Sat, 22 Jan 2011 15:55:12 +0000 (+0100) Subject: Merge more javascript files. X-Git-Tag: xorg/1.1.0~178 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=5ff39ae112406d05b4af08234d5b5dae5ac17863;p=platal.git Merge more javascript files. Signed-off-by: Florent Bruneau --- diff --git a/classes/xorg.php b/classes/xorg.php index e2a1cef..ff83c96 100644 --- a/classes/xorg.php +++ b/classes/xorg.php @@ -44,10 +44,8 @@ class Xorg extends Platal header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); if (S::logged()) { $page->changeTpl('core/password_prompt_logged.tpl'); - $page->addJsLink('do_challenge_response_logged.js'); } else { $page->changeTpl('core/password_prompt.tpl'); - $page->addJsLink('do_challenge_response.js'); } $page->assign_by_ref('platal', $this); $page->run(); diff --git a/classes/xorgpage.php b/classes/xorgpage.php index 3d12187..83824d8 100644 --- a/classes/xorgpage.php +++ b/classes/xorgpage.php @@ -29,7 +29,6 @@ class XorgPage extends PlPage $this->changeTpl('platal/index.tpl'); $this->addJsLink('jquery.xorg.js'); $this->addJsLink('overlib.js'); - $this->addJsLink('secure_hash.js'); $this->addJsLink('core.js'); $this->addJsLink('xorg.js'); $this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique'); diff --git a/htdocs/javascript/do_challenge_response.js b/htdocs/javascript/do_challenge_response.js deleted file mode 100644 index 43d551e..0000000 --- a/htdocs/javascript/do_challenge_response.js +++ /dev/null @@ -1,63 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2003-2011 Polytechnique.org * - * http://opensource.polytechnique.org/ * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the Free Software * - * Foundation, Inc., * - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - ***************************************************************************/ - -function correctUserName() { - var u = document.forms.login.username; - // login with no space - if (u.value.indexOf(' ') < 0) return true; - var mots = u.value.split(' '); - // jean paul.du pont -> jean-paul.du-pont - if (u.value.indexOf('.') > 0) { u.value = mots.join('-'); return true; } - // jean dupont -> jean.dupont - if (mots.length == 2) { u.value = mots[0]+"."+mots[1]; return true; } - // jean dupont 2001 -> jean.dupont.2001 - if (mots.length == 3 && mots[2] > 1920 && mots[2] < 3000) { u.value = mots.join('.'); return true; } - // jean de la vallee -> jean.de-la-vallee - if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; } - // jean paul dupont -> jean-paul.dupont - if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; } - - alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composé,\nsépare les mots par des -'); - - return false; -} - -function doChallengeResponse() { - - if (!correctUserName()) return false; - - var new_pass = hash_encrypt(document.forms.login.password.value); - var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10)); - - str = document.forms.login.username.value + ":" + - new_pass + ":" + - document.forms.loginsub.challenge.value; - - document.forms.loginsub.response.value = hash_encrypt(str); - if (new_pass != old_pass) { - document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass); - } - document.forms.loginsub.username.value = document.forms.login.username.value; - document.forms.loginsub.remember.value = document.forms.login.remember.checked; - document.forms.loginsub.domain.value = document.forms.login.domain.value; - document.forms.login.password.value = ""; - document.forms.loginsub.submit(); -} -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/htdocs/javascript/do_challenge_response_logged.js b/htdocs/javascript/do_challenge_response_logged.js deleted file mode 100644 index 29fc83c..0000000 --- a/htdocs/javascript/do_challenge_response_logged.js +++ /dev/null @@ -1,34 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2003-2011 Polytechnique.org * - * http://opensource.polytechnique.org/ * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the Free Software * - * Foundation, Inc., * - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - ***************************************************************************/ - -function doChallengeResponse() { - var new_pass = hash_encrypt(document.forms.login.password.value); - - str = document.forms.loginsub.username.value + ":" + - hash_encrypt(document.forms.login.password.value) + ":" + - document.forms.loginsub.challenge.value; - - document.forms.loginsub.response.value = hash_encrypt(str); - document.forms.loginsub.remember.value = document.forms.login.remember.checked; - document.forms.login.password.value = ""; - document.forms.loginsub.submit(); -} - -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/htdocs/javascript/password.js b/htdocs/javascript/password.js deleted file mode 100644 index af708a8..0000000 --- a/htdocs/javascript/password.js +++ /dev/null @@ -1,50 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2003-2011 Polytechnique.org * - * http://opensource.polytechnique.org/ * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the Free Software * - * Foundation, Inc., * - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - ***************************************************************************/ - -function hashResponse(password1, password2, hasConfirmation) { - pw1 = $('[name=' + password1 + ']').val(); - - if (hasConfirmation) { - pw2 = $('[name=' + password2 + ']').val(); - if (pw1 != pw2) { - alert("\nErreur : les deux champs ne sont pas identiques !"); - return false; - } - $('[name=' + password2 + ']').val(''); - } else if (pw1 == '********') { - return true; - } - - if (pw1.length < 6) { - alert("\nErreur : le nouveau mot de passe doit faire au moins 6 caractères !"); - return false; - } - if (!differentTypes(pw1)) { - alert ("\nErreur : le nouveau mot de passe doit comporter au moins deux types de caractères parmi les suivants : lettres minuscules, lettres majuscules, chiffres, caractères spéciaux."); - return false; - } - - alert("Le mot de passe que tu as rentré va être chiffré avant de nous parvenir par Internet ! Ainsi il ne circulera pas en clair."); - $('[name=' + password1 + ']').val(''); - $('[name=pwhash]').val(hash_encrypt(pw1)); - return true; -} - -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/htdocs/javascript/secure_hash.js b/htdocs/javascript/secure_hash.js deleted file mode 100644 index 56ece48..0000000 --- a/htdocs/javascript/secure_hash.js +++ /dev/null @@ -1,258 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2003-2011 Polytechnique.org * - * http://opensource.polytechnique.org/ * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the Free Software * - * Foundation, Inc., * - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - ***************************************************************************/ - -/* {{{ SHA1 Implementation */ - -/* - * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined - * in FIPS PUB 180-1 - * Version 2.1a Copyright Paul Johnston 2000 - 2002. - * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet - * Distributed under the BSD License - * See http://pajhome.org.uk/crypt/md5 for details. - */ - -/* - * Configurable variables. You may need to tweak these to be compatible with - * the server-side, but the defaults work in most cases. - */ -var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ -var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ -var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ - -/* - * These are the functions you'll usually want to call - * They take string arguments and return either hex or base-64 encoded strings - */ -function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));} -function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));} -function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));} -function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));} -function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));} -function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));} - -/* - * Perform a simple self-test to see if the VM is working - */ -function sha1_vm_test() -{ - return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d"; -} - -/* - * Calculate the SHA-1 of an array of big-endian words, and a bit length - */ -function core_sha1(x, len) -{ - /* append padding */ - x[len >> 5] |= 0x80 << (24 - len % 32); - x[((len + 64 >> 9) << 4) + 15] = len; - - var w = Array(80); - var a = 1732584193; - var b = -271733879; - var c = -1732584194; - var d = 271733878; - var e = -1009589776; - - for(var i = 0; i < x.length; i += 16) - { - var olda = a; - var oldb = b; - var oldc = c; - var oldd = d; - var olde = e; - - for(var j = 0; j < 80; j++) - { - if(j < 16) w[j] = x[i + j]; - else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); - var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)), - safe_add(safe_add(e, w[j]), sha1_kt(j))); - e = d; - d = c; - c = rol(b, 30); - b = a; - a = t; - } - - a = safe_add(a, olda); - b = safe_add(b, oldb); - c = safe_add(c, oldc); - d = safe_add(d, oldd); - e = safe_add(e, olde); - } - return Array(a, b, c, d, e); - -} - -/* - * Perform the appropriate triplet combination function for the current - * iteration - */ -function sha1_ft(t, b, c, d) -{ - if(t < 20) return (b & c) | ((~b) & d); - if(t < 40) return b ^ c ^ d; - if(t < 60) return (b & c) | (b & d) | (c & d); - return b ^ c ^ d; -} - -/* - * Determine the appropriate additive constant for the current iteration - */ -function sha1_kt(t) -{ - return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 : - (t < 60) ? -1894007588 : -899497514; -} - -/* - * Calculate the HMAC-SHA1 of a key and some data - */ -function core_hmac_sha1(key, data) -{ - var bkey = str2binb(key); - if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz); - - var ipad = Array(16), opad = Array(16); - for(var i = 0; i < 16; i++) - { - ipad[i] = bkey[i] ^ 0x36363636; - opad[i] = bkey[i] ^ 0x5C5C5C5C; - } - - var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz); - return core_sha1(opad.concat(hash), 512 + 160); -} - -/* - * Add integers, wrapping at 2^32. This uses 16-bit operations internally - * to work around bugs in some JS interpreters. - */ -function safe_add(x, y) -{ - var lsw = (x & 0xFFFF) + (y & 0xFFFF); - var msw = (x >> 16) + (y >> 16) + (lsw >> 16); - return (msw << 16) | (lsw & 0xFFFF); -} - -/* - * Bitwise rotate a 32-bit number to the left. - */ -function rol(num, cnt) -{ - return (num << cnt) | (num >>> (32 - cnt)); -} - -/* - * Convert an 8-bit or 16-bit string to an array of big-endian words - * In 8-bit function, characters >255 have their hi-byte silently ignored. - */ -function str2binb(str) -{ - var bin = Array(); - var mask = (1 << chrsz) - 1; - for(var i = 0; i < str.length * chrsz; i += chrsz) - bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32); - return bin; -} - -/* - * Convert an array of big-endian words to a string - */ -function binb2str(bin) -{ - var str = ""; - var mask = (1 << chrsz) - 1; - for(var i = 0; i < bin.length * 32; i += chrsz) - str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask); - return str; -} - -/* - * Convert an array of big-endian words to a hex string. - */ -function binb2hex(binarray) -{ - var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; - var str = ""; - for(var i = 0; i < binarray.length * 4; i++) - { - str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + - hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF); - } - return str; -} - -/* - * Convert an array of big-endian words to a base-64 string - */ -function binb2b64(binarray) -{ - var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - var str = ""; - for(var i = 0; i < binarray.length * 4; i += 3) - { - var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16) - | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 ) - | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF); - for(var j = 0; j < 4; j++) - { - if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; - else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); - } - } - return str; -} - -/* }}} */ - -function hash_encrypt(a) { - return hex_sha1(a); -} - -var hexa_h = "0123456789abcdef"; - -function dechex(a) { - return hexa_h.charAt(a); -} - -function hexdec(a) { - return hexa_h.indexOf(a); -} - -function hash_xor(a, b) { - var c,i,j,k; - c = ""; - i = a.length; - j = b.length; - if (i < j) { - var d; - d = a; a = b; b = d; - k = i; i = j; j = k; - } - for (k = 0; k < j; k++) - c += dechex(hexdec(a.charAt(k)) ^ hexdec(b.charAt(k))); - for (; k < i; k++) - c += a.charAt(k); - return c; -} -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/htdocs/javascript/xorg.js b/htdocs/javascript/xorg.js index ca59cfd..94d8a1e 100644 --- a/htdocs/javascript/xorg.js +++ b/htdocs/javascript/xorg.js @@ -209,6 +209,245 @@ function auto_links() { // {{{ function checkPassword +/* {{{ SHA1 Implementation */ + +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined + * in FIPS PUB 180-1 + * Version 2.1a Copyright Paul Johnston 2000 - 2002. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +/* + * Configurable variables. You may need to tweak these to be compatible with + * the server-side, but the defaults work in most cases. + */ +var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ +var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ +var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ + +/* + * These are the functions you'll usually want to call + * They take string arguments and return either hex or base-64 encoded strings + */ +function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));} +function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));} +function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));} +function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));} +function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));} +function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));} + +/* + * Perform a simple self-test to see if the VM is working + */ +function sha1_vm_test() +{ + return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d"; +} + +/* + * Calculate the SHA-1 of an array of big-endian words, and a bit length + */ +function core_sha1(x, len) +{ + /* append padding */ + x[len >> 5] |= 0x80 << (24 - len % 32); + x[((len + 64 >> 9) << 4) + 15] = len; + + var w = Array(80); + var a = 1732584193; + var b = -271733879; + var c = -1732584194; + var d = 271733878; + var e = -1009589776; + + for(var i = 0; i < x.length; i += 16) + { + var olda = a; + var oldb = b; + var oldc = c; + var oldd = d; + var olde = e; + + for(var j = 0; j < 80; j++) + { + if(j < 16) w[j] = x[i + j]; + else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); + var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)), + safe_add(safe_add(e, w[j]), sha1_kt(j))); + e = d; + d = c; + c = rol(b, 30); + b = a; + a = t; + } + + a = safe_add(a, olda); + b = safe_add(b, oldb); + c = safe_add(c, oldc); + d = safe_add(d, oldd); + e = safe_add(e, olde); + } + return Array(a, b, c, d, e); + +} + +/* + * Perform the appropriate triplet combination function for the current + * iteration + */ +function sha1_ft(t, b, c, d) +{ + if(t < 20) return (b & c) | ((~b) & d); + if(t < 40) return b ^ c ^ d; + if(t < 60) return (b & c) | (b & d) | (c & d); + return b ^ c ^ d; +} + +/* + * Determine the appropriate additive constant for the current iteration + */ +function sha1_kt(t) +{ + return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 : + (t < 60) ? -1894007588 : -899497514; +} + +/* + * Calculate the HMAC-SHA1 of a key and some data + */ +function core_hmac_sha1(key, data) +{ + var bkey = str2binb(key); + if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz); + + var ipad = Array(16), opad = Array(16); + for(var i = 0; i < 16; i++) + { + ipad[i] = bkey[i] ^ 0x36363636; + opad[i] = bkey[i] ^ 0x5C5C5C5C; + } + + var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz); + return core_sha1(opad.concat(hash), 512 + 160); +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function safe_add(x, y) +{ + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); +} + +/* + * Bitwise rotate a 32-bit number to the left. + */ +function rol(num, cnt) +{ + return (num << cnt) | (num >>> (32 - cnt)); +} + +/* + * Convert an 8-bit or 16-bit string to an array of big-endian words + * In 8-bit function, characters >255 have their hi-byte silently ignored. + */ +function str2binb(str) +{ + var bin = Array(); + var mask = (1 << chrsz) - 1; + for(var i = 0; i < str.length * chrsz; i += chrsz) + bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32); + return bin; +} + +/* + * Convert an array of big-endian words to a string + */ +function binb2str(bin) +{ + var str = ""; + var mask = (1 << chrsz) - 1; + for(var i = 0; i < bin.length * 32; i += chrsz) + str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask); + return str; +} + +/* + * Convert an array of big-endian words to a hex string. + */ +function binb2hex(binarray) +{ + var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; + var str = ""; + for(var i = 0; i < binarray.length * 4; i++) + { + str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF); + } + return str; +} + +/* + * Convert an array of big-endian words to a base-64 string + */ +function binb2b64(binarray) +{ + var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + var str = ""; + for(var i = 0; i < binarray.length * 4; i += 3) + { + var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16) + | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 ) + | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF); + for(var j = 0; j < 4; j++) + { + if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; + else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); + } + } + return str; +} + +/* }}} */ + +function hash_encrypt(a) { + return hex_sha1(a); +} + +var hexa_h = "0123456789abcdef"; + +function dechex(a) { + return hexa_h.charAt(a); +} + +function hexdec(a) { + return hexa_h.indexOf(a); +} + +function hash_xor(a, b) { + var c,i,j,k; + c = ""; + i = a.length; + j = b.length; + if (i < j) { + var d; + d = a; a = b; b = d; + k = i; i = j; j = k; + } + for (k = 0; k < j; k++) + c += dechex(hexdec(a.charAt(k)) ^ hexdec(b.charAt(k))); + for (; k < i; k++) + c += a.charAt(k); + return c; +} + + function getType(c) { if (c >= 'a' && c <= 'z') { return 1; @@ -302,6 +541,91 @@ function checkPassword(box, okLabel) { } } +function hashResponse(password1, password2, hasConfirmation) { + pw1 = $('[name=' + password1 + ']').val(); + + if (hasConfirmation) { + pw2 = $('[name=' + password2 + ']').val(); + if (pw1 != pw2) { + alert("\nErreur : les deux champs ne sont pas identiques !"); + return false; + } + $('[name=' + password2 + ']').val(''); + } else if (pw1 == '********') { + return true; + } + + if (pw1.length < 6) { + alert("\nErreur : le nouveau mot de passe doit faire au moins 6 caractères !"); + return false; + } + if (!differentTypes(pw1)) { + alert ("\nErreur : le nouveau mot de passe doit comporter au moins deux types de caractères parmi les suivants : lettres minuscules, lettres majuscules, chiffres, caractères spéciaux."); + return false; + } + + alert("Le mot de passe que tu as rentré va être chiffré avant de nous parvenir par Internet ! Ainsi il ne circulera pas en clair."); + $('[name=' + password1 + ']').val(''); + $('[name=pwhash]').val(hash_encrypt(pw1)); + return true; +} + +function correctUserName() { + var u = document.forms.login.username; + // login with no space + if (u.value.indexOf(' ') < 0) return true; + var mots = u.value.split(' '); + // jean paul.du pont -> jean-paul.du-pont + if (u.value.indexOf('.') > 0) { u.value = mots.join('-'); return true; } + // jean dupont -> jean.dupont + if (mots.length == 2) { u.value = mots[0]+"."+mots[1]; return true; } + // jean dupont 2001 -> jean.dupont.2001 + if (mots.length == 3 && mots[2] > 1920 && mots[2] < 3000) { u.value = mots.join('.'); return true; } + // jean de la vallee -> jean.de-la-vallee + if (mots[1].toUpperCase() == 'DE') { u.value = mots[0]+"."+mots.join('-').substr(mots[0].length+1); return true; } + // jean paul dupont -> jean-paul.dupont + if (mots.length == 3 && mots[0].toUpperCase() == 'JEAN') { u.value = mots[0]+"-"+mots[1]+"."+mots[2]; return true; } + + alert('Ton email ne doit pas contenir de blanc.\nLe format standard est\n\nprenom.nom.promotion\n\nSi ton nom ou ton prenom est composé,\nsépare les mots par des -'); + + return false; +} + +function doChallengeResponse() { + + if (!correctUserName()) return false; + + var new_pass = hash_encrypt(document.forms.login.password.value); + var old_pass = hash_encrypt(document.forms.login.password.value.substr(0, 10)); + + str = document.forms.login.username.value + ":" + + new_pass + ":" + + document.forms.loginsub.challenge.value; + + document.forms.loginsub.response.value = hash_encrypt(str); + if (new_pass != old_pass) { + document.forms.loginsub.xorpass.value = hash_xor(new_pass, old_pass); + } + document.forms.loginsub.username.value = document.forms.login.username.value; + document.forms.loginsub.remember.value = document.forms.login.remember.checked; + document.forms.loginsub.domain.value = document.forms.login.domain.value; + document.forms.login.password.value = ""; + document.forms.loginsub.submit(); +} + +function doChallengeResponseLogged() { + var new_pass = hash_encrypt(document.forms.login.password.value); + + str = document.forms.loginsub.username.value + ":" + + hash_encrypt(document.forms.login.password.value) + ":" + + document.forms.loginsub.challenge.value; + + document.forms.loginsub.response.value = hash_encrypt(str); + document.forms.loginsub.remember.value = document.forms.login.remember.checked; + document.forms.login.password.value = ""; + document.forms.loginsub.submit(); +} + // }}} // {{{ send test email diff --git a/modules/admin.php b/modules/admin.php index 5ee9ccb..9f47d54 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -676,7 +676,6 @@ class AdminModule extends PLModule $page->addJsLink('jquery.ui.xorg.js'); - $page->addJsLink('password.js'); // Displays last login and last host information. $res = XDB::query("SELECT start, host @@ -1415,7 +1414,6 @@ class AdminModule extends PLModule { $page->changeTpl('admin/accounts.tpl'); $page->setTitle('Administration - Comptes'); - $page->addJsLink('password.js'); if (Post::has('create_account')) { S::assert_xsrf_token(); diff --git a/modules/googleapps.php b/modules/googleapps.php index 6964887..c1b8e16 100644 --- a/modules/googleapps.php +++ b/modules/googleapps.php @@ -41,7 +41,6 @@ class GoogleAppsModule extends PLModule require_once("emails.inc.php"); require_once("googleapps.inc.php"); $page->changeTpl('googleapps/index.tpl'); - $page->addJsLink('password.js'); $page->setTitle('Compte Google Apps'); $user = S::user(); diff --git a/modules/platal.php b/modules/platal.php index 03883d4..820f6c3 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -228,7 +228,6 @@ class PlatalModule extends PLModule } $page->changeTpl('platal/password.tpl'); - $page->addJsLink('password.js'); $page->setTitle('Mon mot de passe'); } @@ -387,7 +386,6 @@ Adresse de secours : " . Post::v('email') : "")); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { $page->changeTpl('platal/password.tpl'); - $page->addJsLink('password.js'); } } diff --git a/modules/register.php b/modules/register.php index 39e1034..b515348 100644 --- a/modules/register.php +++ b/modules/register.php @@ -249,7 +249,6 @@ class RegisterModule extends PLModule } $page->changeTpl('register/step' . $subState->i('step') . '.tpl'); - $page->addJsLink('password.js'); if (isset($error)) { $page->trigError($error); } @@ -309,7 +308,6 @@ class RegisterModule extends PLModule // Prepare the template for display. $page->changeTpl('register/end.tpl'); - $page->addJsLink('do_challenge_response_logged.js'); $page->assign('forlife', $forlife); $page->assign('firstname', $firstname); diff --git a/templates/core/password_prompt_logged.tpl b/templates/core/password_prompt_logged.tpl index 2bbcee4..45b9201 100644 --- a/templates/core/password_prompt_logged.tpl +++ b/templates/core/password_prompt_logged.tpl @@ -28,7 +28,7 @@
-
+
diff --git a/templates/register/end.tpl b/templates/register/end.tpl index e8d938f..fbd5e05 100644 --- a/templates/register/end.tpl +++ b/templates/register/end.tpl @@ -28,7 +28,7 @@ il te suffit de taper ton mot de passe ci-dessous. Tu pourras ensuite librement accéder au site, et à notre annuaire en ligne !

- +
Nom d'utilisateur :