Subversion Repositories ALCASAR

Rev

Rev 509 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
345 richard 1
<?php
2
# change user password on Alcasar captive Portal
3
# Copyright (C) 2003, 2004 Mondru AB.
4
# Copyright (C) 2008-2009 ANGEL95 & REXY
5
 
647 richard 6
 
7
 
345 richard 8
require('/etc/freeradius-web/config.php');
9
 
10
$current_page = $_SERVER['PHP_SELF'];
11
 
12
# Choice of language
13
$Language = 'fr';
14
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
15
  $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
16
  $Language = strtolower(substr(chop($Langue[0]),0,2)); }
17
if($Language == 'es'){
18
$R_title = "User password change";
647 richard 19
$R_text_chg = "Change your password here -- Eplain how to change password --";
345 richard 20
$R_form_l1 = "User";
21
$R_form_l2 = "Old password";
22
$R_form_l3 = "New password";
23
$R_form_l4 = "New password (confirmation)";
647 richard 24
$R_eval_pass = "Score :";
25
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
26
$R_form_button_valid = "Modify";
27
$R_form_button_retour = "Cancel";
345 richard 28
$R_form_result1 = "Your password has been successfuly changed";
29
$R_form_result2 = "Error when trying to change password";
509 richard 30
$R_retour = "ALCASAR home page";}
345 richard 31
if($Language == 'de'){
32
$R_title = "User password change";
647 richard 33
$R_text_chg = "Change your password here -- Eplain how to change password --";
345 richard 34
$R_form_l1 = "User";
35
$R_form_l2 = "Old password";
36
$R_form_l3 = "New password";
37
$R_form_l4 = "New password (confirmation)";
647 richard 38
$R_eval_pass = "Score :";
39
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
40
$R_form_button_valid = "Modify";
41
$R_form_button_retour = "Cancel";
345 richard 42
$R_form_result1 = "Your password has been successfuly changed";
43
$R_form_result2 = "Error when trying to change password";
509 richard 44
$R_retour = "ALCASAR home page";}
345 richard 45
if($Language == 'nl'){
46
$R_title = "User password change";
647 richard 47
$R_text_chg = "Change your password here -- Eplain how to change password --";
345 richard 48
$R_form_l1 = "User";
49
$R_form_l2 = "Old password";
50
$R_form_l3 = "New password";
51
$R_form_l4 = "New password (confirmation)";
647 richard 52
$R_eval_pass = "Score :";
53
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
54
$R_form_button_valid = "Modify";
55
$R_form_button_retour = "Cancel";
345 richard 56
$R_form_result1 = "Your password has been successfuly changed";
57
$R_form_result2 = "Error when trying to change password";
509 richard 58
$R_retour = "ALCASAR home page";}
345 richard 59
if($Language == 'en'){
60
$R_title = "User password change";
647 richard 61
$R_text_chg = "Change your password here -- Eplain how to change password --";
345 richard 62
$R_form_l1 = "User";
63
$R_form_l2 = "Old password";
64
$R_form_l3 = "New password";
65
$R_form_l4 = "New password (confirmation)";
647 richard 66
$R_eval_pass = "Score :";
67
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
68
$R_form_button_valid = "Modify";
69
$R_form_button_retour = "Cancel";
345 richard 70
$R_form_result1 = "Your password has been successfuly changed";
71
$R_form_result2 = "Error when trying to change password";
509 richard 72
$R_retour = "ALCASAR home page";}
345 richard 73
if($Language == 'fr'){
74
$R_title = "Changement de mot de passe utilisateur";
647 richard 75
$R_text_chg = "Changez votre mot de passe d'acc&egrave;s &agrave; internet en utilisant le formulaire ci-dessous.";
76
$R_form_l1 = "Utilisateur :";
77
$R_form_l2 = "Ancien mot de passe :";
78
$R_form_l3 = "Nouveau mot de passe :";
79
$R_form_l4 = "Nouveau mot de passe (confirmation) :";
80
$R_eval_pass = "";
81
$R_passwordmeter = "Propuls� par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
82
$R_form_button_valid = "Modifier";
83
$R_form_button_retour = "Annuler";
345 richard 84
$R_form_result1 = "Votre mot de passe a &eacute;t&eacute; modifi&eacute; avec succ&egrave;s";
85
$R_form_result2 = "Erreur de changement de mot de passe";
509 richard 86
$R_retour = "Retour &agrave; la page d'accueil ALCASAR";
345 richard 87
}
88
echo "
89
<html>
509 richard 90
	<head>
91
		<title>$R_title</title>
92
		<meta http-equiv=\"Cache-control\" content=\"no-cache\">
93
		<meta http-equiv=\"Pragma\" content=\"no-cache\">
94
		<link rel=\"stylesheet\" href=\"../css/pass.css\" type=\"text/css\">
647 richard 95
		<link type=\"text/css\" href=\"../css/pwdmeter.css\" media=\"screen\" rel=\"stylesheet\" />
96
		<!--[if lt IE 7]>
97
			<link type=\"text/css\" href=\"../css/ie.css\" media=\"screen\" rel=\"stylesheet\" />
98
		<![endif]-->
99
		<script type=\"text/javascript\" src=\"js/pwdmeter.js\" language=\"javascript\"></script>	
509 richard 100
	</head>
101
	<body>
102
		<div id=\"page\">
103
			<div id=\"block_pass\">
647 richard 104
				<div id=\"pass_chg\">	
105
					<img src=\"../images/organisme.png\" />
106
					<h1 id=\"titre_pass\">$R_title</h1>
107
					<p id=\"help_pass\">$R_text_chg</p>
108
				</div>
109
				<div id=\"pass_chg_content\">
110
					<form name=\"master\" action=\"$current_page\" method=\"post\">
111
					<input type=hidden name=action value=checkpass>
112
						<table id=\"champs_pass\">
113
							<tr>
114
								<td class=\"first_item\">$R_form_l1</td>
115
								<td><input type=\"text\" name=\"login\" value=\"\" label=\"test\"></td>
116
							</tr>	
117
							<tr>
118
								<td class=\"first_item\">$R_form_l2</td>
119
								<td><input type=\"password\" name=\"passwd\" value=\"\"></td>
120
							</tr>
121
							<tr>
122
								<td class=\"first_item\">$R_form_l3</td>
123
								<td>
124
									<input type=\"password\" name=\"newpasswd\" id=\"passwordPwd\" value=\"\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" />
125
									<input type=\"text\" id=\"passwordTxt\" name=\"passwordTxt\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" class=\"hide\" />
126
								</td>
127
							</tr>
128
							<tr>
129
								<td class=\"first_item\">$R_eval_pass</td>
130
								<td>
131
									<div id=\"scorebarBorder\">
132
										<div id=\"score\">0%</div>
133
										<div id=\"scorebar\">&nbsp;</div>
134
									</div>
135
									<div id=\"complexity\"></div>
136
								</td>
137
							</tr>
138
							<tr>
139
								<td colspan=\"2\" id=\"lien_pass\">$R_passwordmeter</td>
140
							</tr>
141
							<tr>
142
								<td class=\"first_item\">$R_form_l4</td>
143
								<td><input type=\"password\" name=\"newpasswd2\" value=\"\"></td>
144
							</tr>
145
						</table>
146
					<input type=\"submit\" class=\"btn_form\" id=\"btn_pass\" value=\"$R_form_button_valid\">
147
					<input type=\"button\" class=\"btn_form\" id=\"btn_retour\" value=\"$R_form_button_retour\" onclick=\"location.replace('http://alcasar');\">
148
				</div>
509 richard 149
			</div>
647 richard 150
			<div id=\"info_pass\">
151
						<table id=\"tablePwdStatus\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\">
152
					<tr>
153
						<th colspan=\"2\">Additions</th>
154
						<th class=\"txtCenter\">Type</th>
155
						<th class=\"txtCenter\">Rate</th>
156
						<th class=\"txtCenter\">Count</th>
157
						<th class=\"txtCenter\">Bonus</th>
158
					</tr>
159
					<tr>
160
						<td width=\"1%\"><div id=\"div_nLength\" class=\"fail\">&nbsp;</div></td>
161
						<td width=\"94%\">Number of Characters</td>
162
						<td width=\"1%\" class=\"txtCenter\">Flat</td>
163
						<td width=\"1%\" class=\"txtCenter italic\">+(n*4)</td>
164
						<td width=\"1%\"><div id=\"nLength\" class=\"box\">&nbsp;</div></td>
165
						<td width=\"1%\"><div id=\"nLengthBonus\" class=\"boxPlus\">&nbsp;</div></td>
166
					</tr>	
167
					<tr>
168
						<td><div id=\"div_nAlphaUC\" class=\"fail\">&nbsp;</div></td>
169
						<td>Uppercase Letters</td>
170
						<td class=\"txtCenter\">Cond/Incr</td>
171
						<td nowrap=\"nowrap\" class=\"txtCenter italic\">+((len-n)*2)</td>
172
					   <td><div id=\"nAlphaUC\" class=\"box\">&nbsp;</div></td>
173
						<td><div id=\"nAlphaUCBonus\" class=\"boxPlus\">&nbsp;</div></td>
174
					</tr>	
175
					<tr>
176
						<td><div id=\"div_nAlphaLC\" class=\"fail\">&nbsp;</div></td>
177
						<td>Lowercase Letters</td>
178
						<td class=\"txtCenter\">Cond/Incr</td>
179
						<td class=\"txtCenter italic\">+((len-n)*2)</td>
180
						<td><div id=\"nAlphaLC\" class=\"box\">&nbsp;</div></td>
181
						<td><div id=\"nAlphaLCBonus\" class=\"boxPlus\">&nbsp;</div></td>
182
					</tr>
183
					<tr>
184
						<td><div id=\"div_nNumber\" class=\"fail\">&nbsp;</div></td>
185
						<td>Numbers</td>
186
						<td class=\"txtCenter\">Cond</td>
187
						<td class=\"txtCenter italic\">+(n*4)</td>
188
						<td><div id=\"nNumber\" class=\"box\">&nbsp;</div></td>
189
						<td><div id=\"nNumberBonus\" class=\"boxPlus\">&nbsp;</div></td>
190
				   </tr>
191
					<tr>
192
						<td><div id=\"div_nSymbol\" class=\"fail\">&nbsp;</div></td>
193
						<td>Symbols</td>
194
						<td class=\"txtCenter\">Flat</td>
195
						<td class=\"txtCenter italic\">+(n*6)</td>
196
						<td><div id=\"nSymbol\" class=\"box\">&nbsp;</div></td>
197
						<td><div id=\"nSymbolBonus\" class=\"boxPlus\">&nbsp;</div></td>
198
				   </tr>
199
					<tr>
200
						<td><div id=\"div_nMidChar\" class=\"fail\">&nbsp;</div></td>
201
						<td>Middle Numbers or Symbols</td>
202
						<td class=\"txtCenter\">Flat</td>
203
						<td class=\"txtCenter italic\">+(n*2)</td>
204
						<td><div id=\"nMidChar\" class=\"box\">&nbsp;</div></td>
205
						<td><div id=\"nMidCharBonus\" class=\"boxPlus\">&nbsp;</div></td>
206
				   </tr>
207
					<tr>
208
						<td><div id=\"div_nRequirements\" class=\"fail\">&nbsp;</div></td>
209
						<td>Requirements</td>
210
						<td class=\"txtCenter\">Flat</td>
211
						<td class=\"txtCenter italic\">+(n*2)</td>
212
						<td><div id=\"nRequirements\" class=\"box\">&nbsp;</div></td>
213
						<td><div id=\"nRequirementsBonus\" class=\"boxPlus\">&nbsp;</div></td>
214
				   </tr>
215
					<tr>
216
						<th colspan=\"6\">Deductions</th>
217
					</tr>
218
					<tr>
219
						<td width=\"1%\"><div id=\"div_nAlphasOnly\" class=\"pass\">&nbsp;</div></td>
220
						<td width=\"94%\">Letters Only</td>
221
						<td width=\"1%\" class=\"txtCenter\">Flat</td>
222
						<td width=\"1%\" class=\"txtCenter italic\">-n</td>
223
						<td width=\"1%\"><div id=\"nAlphasOnly\" class=\"box\">&nbsp;</div></td>
224
						<td width=\"1%\"><div id=\"nAlphasOnlyBonus\" class=\"boxMinus\">&nbsp;</div></td>
225
					</tr>	
226
					<tr>
227
						<td><div id=\"div_nNumbersOnly\" class=\"pass\">&nbsp;</div></td>
228
						<td>Numbers Only</td>
229
						<td class=\"txtCenter\">Flat</td>
230
						<td class=\"txtCenter italic\">-n</td>
231
						<td><div id=\"nNumbersOnly\" class=\"box\">&nbsp;</div></td>
232
						<td><div id=\"nNumbersOnlyBonus\" class=\"boxMinus\">&nbsp;</div></td>
233
					</tr>	
234
					<tr>
235
						<td><div id=\"div_nRepChar\" class=\"pass\">&nbsp;</div></td>
236
						<td>Repeat Characters (Case Insensitive)</td>
237
						<td class=\"txtCenter\">Comp</td>
238
						<td nowrap=\"nowrap\" class=\"txtCenter italic\"> - </td>
239
						<td><div id=\"nRepChar\" class=\"box\">&nbsp;</div></td>
240
						<td><div id=\"nRepCharBonus\" class=\"boxMinus\">&nbsp;</div></td>
241
					</tr>	
242
					<tr>
243
						<td><div id=\"div_nConsecAlphaUC\" class=\"pass\">&nbsp;</div></td>
244
						<td>Consecutive Uppercase Letters</td>
245
						<td class=\"txtCenter\">Flat</td>
246
						<td class=\"txtCenter italic\">-(n*2)</td>
247
						<td><div id=\"nConsecAlphaUC\" class=\"box\">&nbsp;</div></td>
248
						<td><div id=\"nConsecAlphaUCBonus\" class=\"boxMinus\">&nbsp;</div></td>
249
					</tr>	
250
					<tr>
251
						<td><div id=\"div_nConsecAlphaLC\" class=\"pass\">&nbsp;</div></td>
252
						<td>Consecutive Lowercase Letters</td>
253
						<td class=\"txtCenter\">Flat</td>
254
						<td class=\"txtCenter italic\">-(n*2)</td>
255
						<td><div id=\"nConsecAlphaLC\" class=\"box\">&nbsp;</div></td>
256
						<td><div id=\"nConsecAlphaLCBonus\" class=\"boxMinus\">&nbsp;</div></td>
257
					</tr>	
258
					<tr>
259
						<td><div id=\"div_nConsecNumber\" class=\"pass\">&nbsp;</div></td>
260
						<td>Consecutive Numbers</td>
261
						<td class=\"txtCenter\">Flat</td>
262
						<td class=\"txtCenter italic\">-(n*2)</td>
263
						<td><div id=\"nConsecNumber\" class=\"box\">&nbsp;</div></td>
264
						<td><div id=\"nConsecNumberBonus\" class=\"boxMinus\">&nbsp;</div></td>
265
					</tr>	
266
					<tr>
267
						<td><div id=\"div_nSeqAlpha\" class=\"pass\">&nbsp;</div></td>
268
						<td>Sequential Letters (3+)</td>
269
						<td class=\"txtCenter\">Flat</td>
270
						<td class=\"txtCenter italic\">-(n*3)</td>
271
						<td><div id=\"nSeqAlpha\" class=\"box\">&nbsp;</div></td>
272
						<td><div id=\"nSeqAlphaBonus\" class=\"boxMinus\">&nbsp;</div></td>
273
					</tr>	
274
					<tr>
275
						<td><div id=\"div_nSeqNumber\" class=\"pass\">&nbsp;</div></td>
276
						<td>Sequential Numbers (3+)</td>
277
						<td class=\"txtCenter\">Flat</td>
278
						<td class=\"txtCenter italic\">-(n*3)</td>
279
						<td><div id=\"nSeqNumber\" class=\"box\">&nbsp;</div></td>
280
						<td><div id=\"nSeqNumberBonus\" class=\"boxMinus\">&nbsp;</div></td>
281
					</tr>	
282
					<tr>
283
						<td><div id=\"div_nSeqSymbol\" class=\"pass\">&nbsp;</div></td>
284
						<td>Sequential Symbols (3+)</td>
285
						<td class=\"txtCenter\">Flat</td>
286
						<td class=\"txtCenter italic\">-(n*3)</td>
287
						<td><div id=\"nSeqSymbol\" class=\"box\">&nbsp;</div></td>
288
						<td><div id=\"nSeqSymbolBonus\" class=\"boxMinus\">&nbsp;</div></td>
289
					</tr>	
290
					<tr>
291
						<th colspan=\"6\">Legend</th>
292
					</tr>
293
					<tr>
294
						<td colspan=\"6\">
295
							<ul id=\"listLegend\">
296
								<li><div class=\"exceed imgLegend\">&nbsp;</div> <span class=\"bold\">Exceptional:</span> Exceeds minimum standards. Additional bonuses are applied.</li>
297
								<li><div class=\"pass imgLegend\">&nbsp;</div> <span class=\"bold\">Sufficient:</span> Meets minimum standards. Additional bonuses are applied.</li>
298
								<li><div class=\"warn imgLegend\">&nbsp;</div> <span class=\"bold\">Warning:</span> Advisory against employing bad practices. Overall score is reduced.</li>
299
								<li><div class=\"fail imgLegend\">&nbsp;</div> <span class=\"bold\">Failure:</span> Does not meet the minimum standards. Overall score is reduced.</li>
300
							</ul>
301
						</td>
302
					</tr>
303
				</table>
304
			   <table id=\"tablePwdNotes\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\">
305
					<tr>
306
						<th>Quick Footnotes</th>
307
					</tr>
308
					<tr>
309
						<td>
310
							&bull; <strong>Flat:</strong> Rates that add/remove in non-changing increments.<br />
311
							&bull; <strong>Incr:</strong> Rates that add/remove in adjusting increments.<br />
312
							&bull; <strong>Cond:</strong> Rates that add/remove depending on additional factors.<br />
313
							&bull; <strong>Comp:</strong> Rates that are too complex to summarize. See source code for details.<br />
314
							&bull; <strong>n:</strong> Refers to the total number of occurrences.<br />
315
							&bull; <strong>len:</strong> Refers to the total password length.<br />
316
							&bull; Additional bonus scores are given for increased character variety.<br />
317
							&bull; Final score is a cumulative result of all bonuses minus deductions.<br />
318
							&bull; Final score is capped with a minimum of 0 and a maximum of 100.<br />
319
							&bull; Score and Complexity ratings are not conditional on meeting minimum requirements.<br />
320
						</td>
321
					</tr>
322
					<tr>
323
						<th>DISCLAIMER</th>
324
					</tr>
325
					<tr>
326
						<td>
327
							<p>This application is designed to assess the strength of password strings.  The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation.  Since no official weighting system exists, we created our own formulas to assess the overall strength of a given password.  Please note, that this application does not utilize the typical \"days-to-crack\" approach for strength determination.  We have found that particular system to be severely lacking and unreliable for real-world scenarios.  This application is neither perfect nor foolproof, and should only be utilized as a loose guide in determining methods for improving the password creation process. </p>
328
						</td>
329
					</tr>
330
				</table>
331
			</div>
509 richard 332
		</div>
333
";
345 richard 334
 
335
if (is_file("sql/drivers/$config[sql_type]/functions.php"))
336
	include_once("sql/drivers/$config[sql_type]/functions.php");
337
else{
338
	echo "<b>Could not include SQL library</b><br>\n";
339
	exit();
340
}
341
if (isset($action)){
342
	if ($action == 'checkpass'){
343
	$link = @da_sql_pconnect($config);
647 richard 344
		if ($link){
345
			$res = @da_sql_query($link,$config,
346
				"SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login'
347
				AND attribute = '$config[sql_password_attribute]';");
348
			if ($res){
349
				$row = @da_sql_fetch_array($res,$config);
350
				if (is_file("crypt/$config[general_encryption_method].php")){
351
					include("crypt/$config[general_encryption_method].php");
352
					$enc_passwd = $row['value'];
353
					$passwd = da_encrypt($passwd,$enc_passwd);
354
					$newpasswd = da_encrypt($newpasswd,$enc_passwd);
355
					$newpasswd2 = da_encrypt($newpasswd2,$enc_passwd);
356
					if (($passwd == $enc_passwd) and ($newpasswd == $newpasswd2)){
357
						$msg = '<font color=blue><b>'.$R_form_result1.'</b></font>';
358
						$res2 = @da_sql_query($link,$config,
359
							"UPDATE $config[sql_check_table] set value='$newpasswd' WHERE username = '$login'
360
							AND attribute = '$config[sql_password_attribute]';");}
361
					else
362
						$msg = '<font color=red><b>'.$R_form_result2.'</b></font>';
363
				}
345 richard 364
				else
647 richard 365
					echo "<b>Could not open encryption library file</b><br>\n";
345 richard 366
			}
367
		}
647 richard 368
		echo "<span align=center>$msg</span>\n";
345 richard 369
	}
370
}
371
?>
372
</body>
373
</html>