Changeset 1441

Show
Ignore:
Timestamp:
04/16/06 19:02:08 (2 years ago)
Author:
sdcosta
Message:

Changes to the login system so that the password is not sent in cleartext and firefox remembers it. Mobile login will be fixed in the next changeset.
Please reset your password using the password reset plugin http://plugins.gregarius.net/index.php?req=info&id=29

Location:
trunk/rss
Files:
4 modified

Legend:

Unmodified
Added
Removed

  • trunk/rss/admin/index.php

    r1424 r1441  
    8181        $admin_uname = null; 
    8282        $admin_pass = null; 
    83         if (isset($_POST['admin_uname']) && isset($_POST['admin_pass'])) { 
    84             $admin_uname = $_POST['admin_uname']; 
    85             $admin_pass = $_POST['admin_pass']; 
     83        if (isset($_POST['username']) && isset($_POST['password'])) { 
     84            $admin_uname = $_POST['username']; 
     85            $admin_pass = $_POST['password']; 
    8686        } 
    8787        set_admin_pass($admin_uname,$admin_pass); 

  • trunk/rss/admin/users.php

    r1421 r1441  
    4848    <!-- 
    4949        function on_submit_password_match() { 
    50             pass=document.getElementById('admin_pass').value; 
    51             pass2=document.getElementById('admin_pass2').value; 
     50            pass=document.getElementById('password').value; 
     51            pass2=document.getElementById('password2').value; 
    5252            if(pass !== pass2){ 
    5353                msg = '<?php echo LBL_ADMIN_PASS_NO_MATCH ?>'; 
    5454                document.getElementById('admin_match_result').innerHTML = msg; 
    55                 document.getElementById('admin_pass').value = ''; 
    56                 document.getElementById('admin_pass2').value = ''; 
     55                document.getElementById('password').value = ''; 
     56                document.getElementById('password2').value = ''; 
    5757                return false; 
    5858            }else{ 
    59                 return true; 
     59                document.getElementById('password2').value = ''; 
     60                return loginHandler(); 
    6061            } 
    6162        }    
     
    7071    echo "<form action=\"".$_SERVER['PHP_SELF'] . "\" onsubmit=\"return on_submit_password_match();\" method=\"post\">\n" 
    7172    ."<fieldset style=\"width:400px;\">" 
    72     ."<p><label style=\"display:block\" for=\"admin_uname\">".LBL_USERNAME.":</label>\n" 
    73     ."<input type=\"text\" id=\"admin_uname\" name=\"admin_uname\" /></p>\n" 
    74     ."<p><label style=\"display:block\" for=\"admin_pass\">".LBL_PASSWORD.":</label>\n" 
    75     ."<input type=\"password\" id=\"admin_pass\" name=\"admin_pass\" /></p>\n" 
    76     ."<p><label style=\"display:block\" for=\"admin_pass2\">".LBL_PASSWORD2.":</label>\n" 
    77     ."<input type=\"password\" id=\"admin_pass2\" name=\"admin_pass2\" /></p>\n" 
     73    ."<p><label style=\"display:block\" for=\"username\">".LBL_USERNAME.":</label>\n" 
     74    ."<input type=\"text\" id=\"username\" name=\"username\" /></p>\n" 
     75    ."<p><label style=\"display:block\" for=\"password\">".LBL_PASSWORD.":</label>\n" 
     76    ."<input type=\"password\" id=\"password\" name=\"password\" /></p>\n" 
     77    ."<p><label style=\"display:block\" for=\"password2\">".LBL_PASSWORD2.":</label>\n" 
     78    ."<input type=\"password\" id=\"password2\" name=\"password2\" /></p>\n" 
    7879    ."<p><input type=\"submit\" value=\"".LBL_ADMIN_OK."\" /></p>\n" 
    7980    ."<div style=\"display:inline;\" id=\"admin_match_result\"></div>\n" 
     
    9192  echo "\n<div id=\"channel_admin\" class=\"frame\">"; 
    9293         
    93     echo "<form id=\"admin_login\" style=\"text-align:center\" action=\"".$_SERVER['PHP_SELF'] ."\" method=\"post\">\n" 
     94    echo "<form id=\"admin_login\" onsubmit=\"return loginHandler();\"  
     95        style=\"text-align:center\" action=\"".$_SERVER['PHP_SELF'] ."\" method=\"post\">\n" 
    9496    ."<fieldset>" 
    9597    ."<legend>" . LBL_ADMIN_LOGIN . "</legend>\n" 

  • trunk/rss/ajax.php

    r1440 r1441  
    171171function loginHandler() { 
    172172    pw = document.getElementById('password'); 
    173     var re = new RegExp('/[0-9a-f]{32}/'); 
     173    username = document.getElementById('username'); 
     174    var re = /[0-9a-f]{32}/ ; 
    174175    if (! re.test(pw.value)) { 
    175         alert('hashing'); 
    176         pw.value = hex_md5(pw.value); 
    177     } else { 
    178         alert('not hashing'); 
    179     } 
     176        pw.value = hex_md5(pw.value + username.value); 
     177    }  
    180178    return true; 
    181179} 

  • trunk/rss/cls/wrappers/header.php

    r1440 r1441  
    146146                ."&nbsp;|&nbsp;<a href=\"#\" onclick=\"miniloginform(); return false;\">".LBL_LOG_IN."</a>"; 
    147147        $ret .= "<span style=\"display:none\" id=\"loginformcontainer\">" 
    148                          . '<form ' /*onsubmit="return loginHandler();" */ .'method="post" action="'.getPath().'">' 
     148                         . '<form ' . 'onsubmit="return loginHandler();" ' . 'method="post" action="'.getPath().'">' 
    149149                         . '<input style=" width:50px;" name="username" id="username" type="text" />' 
    150150                         . '<input style=" width:50px;" name="password" id="password"  type="password" />'