/web/pass/sql/drivers/mysql/functions.php |
---|
0,0 → 1,133 |
<?php |
function da_sql_limit($limit,$point,$config) |
{ |
switch($point){ |
case 0: |
return ''; |
case 1: |
return ''; |
//modif by MG for Alcasar |
case 2: |
return "LIMIT $limit"; |
case 3: |
return "LIMIT $limit"; |
} |
} |
function da_sql_host_connect($server,$config) |
{ |
if ($config[sql_use_http_credentials] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
$SQL_user = $config[sql_username]; |
$SQL_passwd = $config[sql_password]; |
} |
if ($config[sql_connect_timeout] != 0) |
@ini_set('mysql.connect_timeout',$config[sql_connect_timeout]); |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Connect: User=$SQL_user,Password=$SQL_passwd </b><br>\n"; |
return @mysql_connect("$server:$config[sql_port]",$SQL_user,$SQL_passwd); |
} |
function da_sql_connect($config) |
{ |
if ($config[sql_use_http_credentials] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
$SQL_user = $config[sql_username]; |
$SQL_passwd = $config[sql_password]; |
} |
if ($config[sql_connect_timeout] != 0) |
@ini_set('mysql.connect_timeout',$config[sql_connect_timeout]); |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Connect: User=$SQL_user,Password=$SQL_passwd </b><br>\n"; |
return @mysql_connect("$config[sql_server]:$config[sql_port]",$SQL_user,$SQL_passwd); |
} |
function da_sql_pconnect($config) |
{ |
if ($config[sql_use_http_credentials] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
$SQL_user = $config[sql_username]; |
$SQL_passwd = $config[sql_password]; |
} |
if ($config[sql_connect_timeout] != 0) |
@ini_set('mysql.connect_timeout',$config[sql_connect_timeout]); |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Connect: User=$SQL_user,Password=$SQL_passwd </b><br>\n"; |
return @mysql_pconnect("$config[sql_server]:$config[sql_port]",$SQL_user,$SQL_passwd); |
} |
function da_sql_close($link,$config) |
{ |
return @mysql_close($link); |
} |
function da_sql_escape_string($string) |
{ |
return @mysql_real_escape_string($string); |
} |
function da_sql_query($link,$config,$query) |
{ |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Query: <i>$query</i></b><br>\n"; |
return @mysql_db_query($config[sql_database],$query,$link); |
} |
function da_sql_num_rows($result,$config) |
{ |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: " . @mysql_num_rows($result) . "</b><br>\n"; |
return @mysql_num_rows($result); |
} |
function da_sql_fetch_array($result,$config) |
{ |
$row = array_change_key_case(@mysql_fetch_array($result, |
MYSQL_ASSOC),CASE_LOWER); |
if ($config[sql_debug] == 'true'){ |
print "<b>DEBUG(SQL,MYSQL DRIVER): Query Result: <pre>"; |
print_r($row); |
print "</b></pre>\n"; |
} |
return $row; |
} |
function da_sql_affected_rows($link,$result,$config) |
{ |
if ($config[sql_debug] == 'true') |
print "<b>DEBUG(SQL,MYSQL DRIVER): Query Result: Affected rows:: " . @mysql_affected_rows($result) . "</b><br>\n"; |
return @mysql_affected_rows($link); |
} |
function da_sql_list_fields($table,$link,$config) |
{ |
return @mysql_list_fields($config[sql_database],$table); |
} |
function da_sql_field_name($fields,$num,$config) |
{ |
return @mysql_field_name($fields,$num); |
} |
function da_sql_error($link,$config) |
{ |
return @mysql_error($link); |
} |
?> |
/web/pass/crypt/crypt.php |
---|
0,0 → 1,20 |
<?php |
function da_encrypt() |
{ |
$numargs=func_num_args(); |
$passwd=func_get_arg(0); |
if ($numargs == 2){ //only to test or change password (keep the old algorythm and salt) |
$salt=func_get_arg(1); |
return crypt($passwd,$salt); |
} |
# set the salt and the algorithm |
$shuf = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"),0,8); |
# hash md5 > empreinte du mot de passe sur 22 caracteres |
//$salt='$1'.'$'.$shuf.'$'; |
# hash sha-256 > empreinte du mot de passe sur 43 caracteres |
$salt='$5'.'$'.$shuf.'$'; |
# hash sha-512 > empreinte du mot de passe sur 86 caracteres |
#$salt='$6'.'$'.$shuf.'$'; |
return crypt($passwd,$salt); |
} |
?> |
/web/pass/crypt/md5.php |
---|
0,0 → 1,6 |
<?php |
function da_encrypt($passwd) |
{ |
return md5($passwd); |
} |
?> |
/web/pass/crypt/clear.php |
---|
0,0 → 1,6 |
<?php |
function da_encrypt($passwd) |
{ |
return $passwd; |
} |
?> |
/web/pass/index.php |
---|
0,0 → 1,380 |
<?php |
# change user password on Alcasar captive Portal |
# Copyright (C) 2003, 2004 Mondru AB. |
# Copyright (C) 2008-2009 ANGEL95 & REXY |
require('/etc/freeradius-web/config.php'); |
$current_page = $_SERVER['PHP_SELF']; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'es'){ |
$R_title = "User password change"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
$R_form_result2 = "Error when trying to change password"; |
$R_retour = "ALCASAR home page";} |
else if ($Language == 'pt'){ |
$R_title = "Alteração de senha do usuário"; |
$R_form_l1 = "Usuário"; |
$R_form_l2 = "Senha antiga"; |
$R_form_l3 = "Nova senha"; |
$R_form_l4 = "Nova senha (confirmação)"; |
$R_eval_pass = "Resultado:"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modificar"; |
$R_form_button_retour = "Cancelar"; |
$R_form_result1 = "Sua senha foi alterada com sucesso"; |
$R_form_result2 = "Erro ao tentar alterar a senha"; |
$R_retour = "Home page Alcasar";} |
else if($Language == 'de'){ |
$R_title = "User password change"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
$R_form_result2 = "Error when trying to change password"; |
$R_retour = "ALCASAR home page";} |
else if($Language == 'nl'){ |
$R_title = "User password change"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
$R_form_result2 = "Error when trying to change password"; |
$R_retour = "ALCASAR home page";} |
else if($Language == 'fr'){ |
$R_title = "Changement de mot de passe utilisateur"; |
$R_form_l1 = "Utilisateur :"; |
$R_form_l2 = "Ancien mot de passe :"; |
$R_form_l3 = "Nouveau mot de passe :"; |
$R_form_l4 = "Nouveau mot de passe (confirmation) :"; |
$R_eval_pass = ""; |
$R_passwordmeter = "Propulsé par 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modifier"; |
$R_form_button_retour = "Annuler"; |
$R_form_result1 = "Votre mot de passe a été modifié avec succès"; |
$R_form_result2 = "Erreur de changement de mot de passe"; |
$R_retour = "Retour à la page d'accueil ALCASAR";} |
else { |
$R_title = "User password change"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
$R_form_result2 = "Error when trying to change password"; |
$R_retour = "ALCASAR home page"; |
} |
echo " |
<html> |
<head> |
<title>$R_title</title> |
<meta http-equiv=\"Cache-control\" content=\"no-cache\"> |
<meta http-equiv=\"Pragma\" content=\"no-cache\"> |
<link rel=\"stylesheet\" href=\"../css/pass.css\" type=\"text/css\"> |
<link type=\"text/css\" href=\"../css/pwdmeter.css\" media=\"screen\" rel=\"stylesheet\" /> |
<!--[if lt IE 7]> |
<link type=\"text/css\" href=\"../css/ie.css\" media=\"screen\" rel=\"stylesheet\" /> |
<![endif]--> |
<script type=\"text/javascript\" src=\"js/pwdmeter.js\" language=\"javascript\"></script> |
</head> |
<body> |
<div id=\"page\"> |
<div id=\"block_pass\"> |
<div id=\"pass_chg\"> |
<img src=\"../images/organisme.png\" /> |
<h1 id=\"titre_pass\">$R_title</h1> |
</div> |
<div id=\"pass_chg_content\"> |
<form name=\"master\" action=\"$current_page\" method=\"post\"> |
<input type=hidden name=action value=checkpass> |
<table id=\"champs_pass\"> |
<tr> |
<td class=\"first_item\">$R_form_l1</td> |
<td><input type=\"text\" name=\"login\" value=\"\" label=\"test\"></td> |
</tr> |
<tr> |
<td class=\"first_item\">$R_form_l2</td> |
<td><input type=\"password\" name=\"passwd\" value=\"\"></td> |
</tr> |
<tr> |
<td class=\"first_item\">$R_form_l3</td> |
<td> |
<input type=\"password\" name=\"newpasswd\" id=\"passwordPwd\" value=\"\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" /> |
<input type=\"text\" id=\"passwordTxt\" name=\"passwordTxt\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" class=\"hide\" /> |
</td> |
</tr> |
<tr> |
<td class=\"first_item\">$R_eval_pass</td> |
<td> |
<div id=\"scorebarBorder\"> |
<div id=\"score\">0%</div> |
<div id=\"scorebar\"> </div> |
</div> |
<div id=\"complexity\"></div> |
</td> |
</tr> |
<tr> |
<td colspan=\"2\" id=\"lien_pass\">$R_passwordmeter</td> |
</tr> |
<tr> |
<td class=\"first_item\">$R_form_l4</td> |
<td><input type=\"password\" name=\"newpasswd2\" value=\"\"></td> |
</tr> |
</table> |
<input type=\"submit\" class=\"btn_form\" id=\"btn_pass\" value=\"$R_form_button_valid\"> |
<input type=\"button\" class=\"btn_form\" id=\"btn_retour\" value=\"$R_form_button_retour\" onclick=\"location.replace('http://alcasar');\"> |
</div> |
</div> |
<div id=\"info_pass\"> |
<table id=\"tablePwdStatus\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\"> |
<tr> |
<th colspan=\"2\">Additions</th> |
<th class=\"txtCenter\">Type</th> |
<th class=\"txtCenter\">Rate</th> |
<th class=\"txtCenter\">Count</th> |
<th class=\"txtCenter\">Bonus</th> |
</tr> |
<tr> |
<td width=\"1%\"><div id=\"div_nLength\" class=\"fail\"> </div></td> |
<td width=\"94%\">Number of Characters</td> |
<td width=\"1%\" class=\"txtCenter\">Flat</td> |
<td width=\"1%\" class=\"txtCenter italic\">+(n*4)</td> |
<td width=\"1%\"><div id=\"nLength\" class=\"box\"> </div></td> |
<td width=\"1%\"><div id=\"nLengthBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nAlphaUC\" class=\"fail\"> </div></td> |
<td>Uppercase Letters</td> |
<td class=\"txtCenter\">Cond/Incr</td> |
<td nowrap=\"nowrap\" class=\"txtCenter italic\">+((len-n)*2)</td> |
<td><div id=\"nAlphaUC\" class=\"box\"> </div></td> |
<td><div id=\"nAlphaUCBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nAlphaLC\" class=\"fail\"> </div></td> |
<td>Lowercase Letters</td> |
<td class=\"txtCenter\">Cond/Incr</td> |
<td class=\"txtCenter italic\">+((len-n)*2)</td> |
<td><div id=\"nAlphaLC\" class=\"box\"> </div></td> |
<td><div id=\"nAlphaLCBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nNumber\" class=\"fail\"> </div></td> |
<td>Numbers</td> |
<td class=\"txtCenter\">Cond</td> |
<td class=\"txtCenter italic\">+(n*4)</td> |
<td><div id=\"nNumber\" class=\"box\"> </div></td> |
<td><div id=\"nNumberBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nSymbol\" class=\"fail\"> </div></td> |
<td>Symbols</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">+(n*6)</td> |
<td><div id=\"nSymbol\" class=\"box\"> </div></td> |
<td><div id=\"nSymbolBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nMidChar\" class=\"fail\"> </div></td> |
<td>Middle Numbers or Symbols</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">+(n*2)</td> |
<td><div id=\"nMidChar\" class=\"box\"> </div></td> |
<td><div id=\"nMidCharBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nRequirements\" class=\"fail\"> </div></td> |
<td>Requirements</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">+(n*2)</td> |
<td><div id=\"nRequirements\" class=\"box\"> </div></td> |
<td><div id=\"nRequirementsBonus\" class=\"boxPlus\"> </div></td> |
</tr> |
<tr> |
<th colspan=\"6\">Deductions</th> |
</tr> |
<tr> |
<td width=\"1%\"><div id=\"div_nAlphasOnly\" class=\"pass\"> </div></td> |
<td width=\"94%\">Letters Only</td> |
<td width=\"1%\" class=\"txtCenter\">Flat</td> |
<td width=\"1%\" class=\"txtCenter italic\">-n</td> |
<td width=\"1%\"><div id=\"nAlphasOnly\" class=\"box\"> </div></td> |
<td width=\"1%\"><div id=\"nAlphasOnlyBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nNumbersOnly\" class=\"pass\"> </div></td> |
<td>Numbers Only</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-n</td> |
<td><div id=\"nNumbersOnly\" class=\"box\"> </div></td> |
<td><div id=\"nNumbersOnlyBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nRepChar\" class=\"pass\"> </div></td> |
<td>Repeat Characters (Case Insensitive)</td> |
<td class=\"txtCenter\">Comp</td> |
<td nowrap=\"nowrap\" class=\"txtCenter italic\"> - </td> |
<td><div id=\"nRepChar\" class=\"box\"> </div></td> |
<td><div id=\"nRepCharBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nConsecAlphaUC\" class=\"pass\"> </div></td> |
<td>Consecutive Uppercase Letters</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*2)</td> |
<td><div id=\"nConsecAlphaUC\" class=\"box\"> </div></td> |
<td><div id=\"nConsecAlphaUCBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nConsecAlphaLC\" class=\"pass\"> </div></td> |
<td>Consecutive Lowercase Letters</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*2)</td> |
<td><div id=\"nConsecAlphaLC\" class=\"box\"> </div></td> |
<td><div id=\"nConsecAlphaLCBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nConsecNumber\" class=\"pass\"> </div></td> |
<td>Consecutive Numbers</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*2)</td> |
<td><div id=\"nConsecNumber\" class=\"box\"> </div></td> |
<td><div id=\"nConsecNumberBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nSeqAlpha\" class=\"pass\"> </div></td> |
<td>Sequential Letters (3+)</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*3)</td> |
<td><div id=\"nSeqAlpha\" class=\"box\"> </div></td> |
<td><div id=\"nSeqAlphaBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nSeqNumber\" class=\"pass\"> </div></td> |
<td>Sequential Numbers (3+)</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*3)</td> |
<td><div id=\"nSeqNumber\" class=\"box\"> </div></td> |
<td><div id=\"nSeqNumberBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<td><div id=\"div_nSeqSymbol\" class=\"pass\"> </div></td> |
<td>Sequential Symbols (3+)</td> |
<td class=\"txtCenter\">Flat</td> |
<td class=\"txtCenter italic\">-(n*3)</td> |
<td><div id=\"nSeqSymbol\" class=\"box\"> </div></td> |
<td><div id=\"nSeqSymbolBonus\" class=\"boxMinus\"> </div></td> |
</tr> |
<tr> |
<th colspan=\"6\">Legend</th> |
</tr> |
<tr> |
<td colspan=\"6\"> |
<ul id=\"listLegend\"> |
<li><div class=\"exceed imgLegend\"> </div> <span class=\"bold\">Exceptional:</span> Exceeds minimum standards. Additional bonuses are applied.</li> |
<li><div class=\"pass imgLegend\"> </div> <span class=\"bold\">Sufficient:</span> Meets minimum standards. Additional bonuses are applied.</li> |
<li><div class=\"warn imgLegend\"> </div> <span class=\"bold\">Warning:</span> Advisory against employing bad practices. Overall score is reduced.</li> |
<li><div class=\"fail imgLegend\"> </div> <span class=\"bold\">Failure:</span> Does not meet the minimum standards. Overall score is reduced.</li> |
</ul> |
</td> |
</tr> |
</table> |
<table id=\"tablePwdNotes\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\"> |
<tr> |
<th>Quick Footnotes</th> |
</tr> |
<tr> |
<td> |
• <strong>Flat:</strong> Rates that add/remove in non-changing increments.<br /> |
• <strong>Incr:</strong> Rates that add/remove in adjusting increments.<br /> |
• <strong>Cond:</strong> Rates that add/remove depending on additional factors.<br /> |
• <strong>Comp:</strong> Rates that are too complex to summarize. See source code for details.<br /> |
• <strong>n:</strong> Refers to the total number of occurrences.<br /> |
• <strong>len:</strong> Refers to the total password length.<br /> |
• Additional bonus scores are given for increased character variety.<br /> |
• Final score is a cumulative result of all bonuses minus deductions.<br /> |
• Final score is capped with a minimum of 0 and a maximum of 100.<br /> |
• Score and Complexity ratings are not conditional on meeting minimum requirements.<br /> |
</td> |
</tr> |
<tr> |
<th>DISCLAIMER</th> |
</tr> |
<tr> |
<td> |
<p>This application is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation. Since no official weighting system exists, we created our own formulas to assess the overall strength of a given password. Please note, that this application does not utilize the typical \"days-to-crack\" approach for strength determination. We have found that particular system to be severely lacking and unreliable for real-world scenarios. This application is neither perfect nor foolproof, and should only be utilized as a loose guide in determining methods for improving the password creation process. </p> |
</td> |
</tr> |
</table> |
</div> |
</div> |
"; |
if (is_file("sql/drivers/$config[sql_type]/functions.php")) |
include_once("sql/drivers/$config[sql_type]/functions.php"); |
else{ |
echo "<b>Could not include SQL library</b><br>\n"; |
exit(); |
} |
if (isset($action)){ |
if ($action == 'checkpass'){ |
$link = @da_sql_pconnect($config); |
if ($link){ |
$res = @da_sql_query($link,$config, |
"SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login' |
AND attribute = '$config[sql_password_attribute]';"); |
if ($res){ |
$row = @da_sql_fetch_array($res,$config); |
if (is_file("crypt/$config[general_encryption_method].php")){ |
include("crypt/$config[general_encryption_method].php"); |
$enc_passwd = $row['value']; |
$passwd = da_encrypt($passwd,$enc_passwd); |
$newpasswd = da_encrypt($newpasswd,$enc_passwd); |
$newpasswd2 = da_encrypt($newpasswd2,$enc_passwd); |
if (($passwd == $enc_passwd) and ($newpasswd == $newpasswd2)){ |
$msg = '<font color=blue><b>'.$R_form_result1.'</b></font>'; |
$res2 = @da_sql_query($link,$config, |
"UPDATE $config[sql_check_table] set value='$newpasswd' WHERE username = '$login' |
AND attribute = '$config[sql_password_attribute]';");} |
else |
$msg = '<font color=red><b>'.$R_form_result2.'</b></font>'; |
} |
else |
echo "<b>Could not open encryption library file</b><br>\n"; |
} |
} |
echo "<span align=center>$msg</span>\n"; |
} |
} |
?> |
</body> |
</html> |
Property changes: |
Added: svn:keywords |
+Id Date Author |
\ No newline at end of property |
/web/pass/js/pwdmeter.js |
---|
0,0 → 1,324 |
/* |
** Created by: Jeff Todnem (http://www.todnem.com/) |
** Created on: 2007-08-14 |
** Last modified: 2010-05-03 |
** |
** License Information: |
** ------------------------------------------------------------------------- |
** Copyright (C) 2007 Jeff Todnem |
** |
** This program is free software; you can redistribute it and/or modify it |
** under the terms of the GNU General Public License as published by the |
** Free Software Foundation; either version 2 of the License, or (at your |
** option) any later version. |
** |
** This program is distributed in the hope that it will be useful, but |
** WITHOUT ANY WARRANTY; without even the implied warranty of |
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
** General Public License for more details. |
** |
** You should have received a copy of the GNU General Public License along |
** with this program; if not, write to the Free Software Foundation, Inc., |
** 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
** |
*/ |
function addLoadEvent(func) { |
var oldonload = window.onload; |
if (typeof window.onload != "function") { |
window.onload = func; |
} |
else { |
window.onload = function() { |
if (oldonload) { |
oldonload(); |
} |
func(); |
}; |
} |
} |
function $() { |
var arrElms = []; |
for (var i=0; i < arguments.length; i++) { |
var elm = arguments[i]; |
if (typeof(elm == "string")) { elm = document.getElementById(elm); } |
if (arguments.length == 1) { return elm; } |
arrElms.push(elm); |
} |
return arrElms; |
} |
String.prototype.strReverse = function() { |
var newstring = ""; |
for (var s=0; s < this.length; s++) { |
newstring = this.charAt(s) + newstring; |
} |
return newstring; |
//strOrig = ' texttotrim '; |
//strReversed = strOrig.revstring(); |
}; |
function chkPass(pwd) { |
var oScorebar = $("scorebar"); |
var oScore = $("score"); |
var oComplexity = $("complexity"); |
// Simultaneous variable declaration and value assignment aren't supported in IE apparently |
// so I'm forced to assign the same value individually per var to support a crappy browser *sigh* |
var nScore=0, nLength=0, nAlphaUC=0, nAlphaLC=0, nNumber=0, nSymbol=0, nMidChar=0, nRequirements=0, nAlphasOnly=0, nNumbersOnly=0, nUnqChar=0, nRepChar=0, nRepInc=0, nConsecAlphaUC=0, nConsecAlphaLC=0, nConsecNumber=0, nConsecSymbol=0, nConsecCharType=0, nSeqAlpha=0, nSeqNumber=0, nSeqSymbol=0, nSeqChar=0, nReqChar=0, nMultConsecCharType=0; |
var nMultRepChar=1, nMultConsecSymbol=1; |
var nMultMidChar=2, nMultRequirements=2, nMultConsecAlphaUC=2, nMultConsecAlphaLC=2, nMultConsecNumber=2; |
var nReqCharType=3, nMultAlphaUC=3, nMultAlphaLC=3, nMultSeqAlpha=3, nMultSeqNumber=3, nMultSeqSymbol=3; |
var nMultLength=4, nMultNumber=4; |
var nMultSymbol=6; |
var nTmpAlphaUC="", nTmpAlphaLC="", nTmpNumber="", nTmpSymbol=""; |
var sAlphaUC="0", sAlphaLC="0", sNumber="0", sSymbol="0", sMidChar="0", sRequirements="0", sAlphasOnly="0", sNumbersOnly="0", sRepChar="0", sConsecAlphaUC="0", sConsecAlphaLC="0", sConsecNumber="0", sSeqAlpha="0", sSeqNumber="0", sSeqSymbol="0"; |
var sAlphas = "abcdefghijklmnopqrstuvwxyz"; |
var sNumerics = "01234567890"; |
var sSymbols = ")!@#$%^&*()"; |
var sComplexity = "Trop court"; |
var sStandards = "Below"; |
var nMinPwdLen = 8; |
if (document.all) { var nd = 0; } else { var nd = 1; } |
if (pwd) { |
nScore = parseInt(pwd.length * nMultLength); |
nLength = pwd.length; |
var arrPwd = pwd.replace(/\s+/g,"").split(/\s*/); |
var arrPwdLen = arrPwd.length; |
/* Loop through password to check for Symbol, Numeric, Lowercase and Uppercase pattern matches */ |
for (var a=0; a < arrPwdLen; a++) { |
if (arrPwd[a].match(/[A-Z]/g)) { |
if (nTmpAlphaUC !== "") { if ((nTmpAlphaUC + 1) == a) { nConsecAlphaUC++; nConsecCharType++; } } |
nTmpAlphaUC = a; |
nAlphaUC++; |
} |
else if (arrPwd[a].match(/[a-z]/g)) { |
if (nTmpAlphaLC !== "") { if ((nTmpAlphaLC + 1) == a) { nConsecAlphaLC++; nConsecCharType++; } } |
nTmpAlphaLC = a; |
nAlphaLC++; |
} |
else if (arrPwd[a].match(/[0-9]/g)) { |
if (a > 0 && a < (arrPwdLen - 1)) { nMidChar++; } |
if (nTmpNumber !== "") { if ((nTmpNumber + 1) == a) { nConsecNumber++; nConsecCharType++; } } |
nTmpNumber = a; |
nNumber++; |
} |
else if (arrPwd[a].match(/[^a-zA-Z0-9_]/g)) { |
if (a > 0 && a < (arrPwdLen - 1)) { nMidChar++; } |
if (nTmpSymbol !== "") { if ((nTmpSymbol + 1) == a) { nConsecSymbol++; nConsecCharType++; } } |
nTmpSymbol = a; |
nSymbol++; |
} |
/* Internal loop through password to check for repeat characters */ |
var bCharExists = false; |
for (var b=0; b < arrPwdLen; b++) { |
if (arrPwd[a] == arrPwd[b] && a != b) { /* repeat character exists */ |
bCharExists = true; |
/* |
Calculate icrement deduction based on proximity to identical characters |
Deduction is incremented each time a new match is discovered |
Deduction amount is based on total password length divided by the |
difference of distance between currently selected match |
*/ |
nRepInc += Math.abs(arrPwdLen/(b-a)); |
} |
} |
if (bCharExists) { |
nRepChar++; |
nUnqChar = arrPwdLen-nRepChar; |
nRepInc = (nUnqChar) ? Math.ceil(nRepInc/nUnqChar) : Math.ceil(nRepInc); |
} |
} |
/* Check for sequential alpha string patterns (forward and reverse) */ |
for (var s=0; s < 23; s++) { |
var sFwd = sAlphas.substring(s,parseInt(s+3)); |
var sRev = sFwd.strReverse(); |
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqAlpha++; nSeqChar++;} |
} |
/* Check for sequential numeric string patterns (forward and reverse) */ |
for (var s=0; s < 8; s++) { |
var sFwd = sNumerics.substring(s,parseInt(s+3)); |
var sRev = sFwd.strReverse(); |
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqNumber++; nSeqChar++;} |
} |
/* Check for sequential symbol string patterns (forward and reverse) */ |
for (var s=0; s < 8; s++) { |
var sFwd = sSymbols.substring(s,parseInt(s+3)); |
var sRev = sFwd.strReverse(); |
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqSymbol++; nSeqChar++;} |
} |
/* Modify overall score value based on usage vs requirements */ |
/* General point assignment */ |
$("nLengthBonus").innerHTML = "+ " + nScore; |
if (nAlphaUC > 0 && nAlphaUC < nLength) { |
nScore = parseInt(nScore + ((nLength - nAlphaUC) * 2)); |
sAlphaUC = "+ " + parseInt((nLength - nAlphaUC) * 2); |
} |
if (nAlphaLC > 0 && nAlphaLC < nLength) { |
nScore = parseInt(nScore + ((nLength - nAlphaLC) * 2)); |
sAlphaLC = "+ " + parseInt((nLength - nAlphaLC) * 2); |
} |
if (nNumber > 0 && nNumber < nLength) { |
nScore = parseInt(nScore + (nNumber * nMultNumber)); |
sNumber = "+ " + parseInt(nNumber * nMultNumber); |
} |
if (nSymbol > 0) { |
nScore = parseInt(nScore + (nSymbol * nMultSymbol)); |
sSymbol = "+ " + parseInt(nSymbol * nMultSymbol); |
} |
if (nMidChar > 0) { |
nScore = parseInt(nScore + (nMidChar * nMultMidChar)); |
sMidChar = "+ " + parseInt(nMidChar * nMultMidChar); |
} |
$("nAlphaUCBonus").innerHTML = sAlphaUC; |
$("nAlphaLCBonus").innerHTML = sAlphaLC; |
$("nNumberBonus").innerHTML = sNumber; |
$("nSymbolBonus").innerHTML = sSymbol; |
$("nMidCharBonus").innerHTML = sMidChar; |
/* Point deductions for poor practices */ |
if ((nAlphaLC > 0 || nAlphaUC > 0) && nSymbol === 0 && nNumber === 0) { // Only Letters |
nScore = parseInt(nScore - nLength); |
nAlphasOnly = nLength; |
sAlphasOnly = "- " + nLength; |
} |
if (nAlphaLC === 0 && nAlphaUC === 0 && nSymbol === 0 && nNumber > 0) { // Only Numbers |
nScore = parseInt(nScore - nLength); |
nNumbersOnly = nLength; |
sNumbersOnly = "- " + nLength; |
} |
if (nRepChar > 0) { // Same character exists more than once |
nScore = parseInt(nScore - nRepInc); |
sRepChar = "- " + nRepInc; |
} |
if (nConsecAlphaUC > 0) { // Consecutive Uppercase Letters exist |
nScore = parseInt(nScore - (nConsecAlphaUC * nMultConsecAlphaUC)); |
sConsecAlphaUC = "- " + parseInt(nConsecAlphaUC * nMultConsecAlphaUC); |
} |
if (nConsecAlphaLC > 0) { // Consecutive Lowercase Letters exist |
nScore = parseInt(nScore - (nConsecAlphaLC * nMultConsecAlphaLC)); |
sConsecAlphaLC = "- " + parseInt(nConsecAlphaLC * nMultConsecAlphaLC); |
} |
if (nConsecNumber > 0) { // Consecutive Numbers exist |
nScore = parseInt(nScore - (nConsecNumber * nMultConsecNumber)); |
sConsecNumber = "- " + parseInt(nConsecNumber * nMultConsecNumber); |
} |
if (nSeqAlpha > 0) { // Sequential alpha strings exist (3 characters or more) |
nScore = parseInt(nScore - (nSeqAlpha * nMultSeqAlpha)); |
sSeqAlpha = "- " + parseInt(nSeqAlpha * nMultSeqAlpha); |
} |
if (nSeqNumber > 0) { // Sequential numeric strings exist (3 characters or more) |
nScore = parseInt(nScore - (nSeqNumber * nMultSeqNumber)); |
sSeqNumber = "- " + parseInt(nSeqNumber * nMultSeqNumber); |
} |
if (nSeqSymbol > 0) { // Sequential symbol strings exist (3 characters or more) |
nScore = parseInt(nScore - (nSeqSymbol * nMultSeqSymbol)); |
sSeqSymbol = "- " + parseInt(nSeqSymbol * nMultSeqSymbol); |
} |
$("nAlphasOnlyBonus").innerHTML = sAlphasOnly; |
$("nNumbersOnlyBonus").innerHTML = sNumbersOnly; |
$("nRepCharBonus").innerHTML = sRepChar; |
$("nConsecAlphaUCBonus").innerHTML = sConsecAlphaUC; |
$("nConsecAlphaLCBonus").innerHTML = sConsecAlphaLC; |
$("nConsecNumberBonus").innerHTML = sConsecNumber; |
$("nSeqAlphaBonus").innerHTML = sSeqAlpha; |
$("nSeqNumberBonus").innerHTML = sSeqNumber; |
$("nSeqSymbolBonus").innerHTML = sSeqSymbol; |
/* Determine if mandatory requirements have been met and set image indicators accordingly */ |
var arrChars = [nLength,nAlphaUC,nAlphaLC,nNumber,nSymbol]; |
var arrCharsIds = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol"]; |
var arrCharsLen = arrChars.length; |
for (var c=0; c < arrCharsLen; c++) { |
var oImg = $('div_' + arrCharsIds[c]); |
var oBonus = $(arrCharsIds[c] + 'Bonus'); |
$(arrCharsIds[c]).innerHTML = arrChars[c]; |
if (arrCharsIds[c] == "nLength") { var minVal = parseInt(nMinPwdLen - 1); } else { var minVal = 0; } |
if (arrChars[c] == parseInt(minVal + 1)) { nReqChar++; oImg.className = "pass"; oBonus.parentNode.className = "pass"; } |
else if (arrChars[c] > parseInt(minVal + 1)) { nReqChar++; oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; } |
else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; } |
} |
nRequirements = nReqChar; |
if (pwd.length >= nMinPwdLen) { var nMinReqChars = 3; } else { var nMinReqChars = 4; } |
if (nRequirements > nMinReqChars) { // One or more required characters exist |
nScore = parseInt(nScore + (nRequirements * 2)); |
sRequirements = "+ " + parseInt(nRequirements * 2); |
} |
$("nRequirementsBonus").innerHTML = sRequirements; |
/* Determine if additional bonuses need to be applied and set image indicators accordingly */ |
var arrChars = [nMidChar,nRequirements]; |
var arrCharsIds = ["nMidChar","nRequirements"]; |
var arrCharsLen = arrChars.length; |
for (var c=0; c < arrCharsLen; c++) { |
var oImg = $('div_' + arrCharsIds[c]); |
var oBonus = $(arrCharsIds[c] + 'Bonus'); |
$(arrCharsIds[c]).innerHTML = arrChars[c]; |
if (arrCharsIds[c] == "nRequirements") { var minVal = nMinReqChars; } else { var minVal = 0; } |
if (arrChars[c] == parseInt(minVal + 1)) { oImg.className = "pass"; oBonus.parentNode.className = "pass"; } |
else if (arrChars[c] > parseInt(minVal + 1)) { oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; } |
else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; } |
} |
/* Determine if suggested requirements have been met and set image indicators accordingly */ |
var arrChars = [nAlphasOnly,nNumbersOnly,nRepChar,nConsecAlphaUC,nConsecAlphaLC,nConsecNumber,nSeqAlpha,nSeqNumber,nSeqSymbol]; |
var arrCharsIds = ["nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol"]; |
var arrCharsLen = arrChars.length; |
for (var c=0; c < arrCharsLen; c++) { |
var oImg = $('div_' + arrCharsIds[c]); |
var oBonus = $(arrCharsIds[c] + 'Bonus'); |
$(arrCharsIds[c]).innerHTML = arrChars[c]; |
if (arrChars[c] > 0) { oImg.className = "warn"; oBonus.parentNode.className = "warn"; } |
else { oImg.className = "pass"; oBonus.parentNode.className = "pass"; } |
} |
/* Determine complexity based on overall score */ |
if (nScore > 100) { nScore = 100; } else if (nScore < 0) { nScore = 0; } |
if (nScore >= 0 && nScore < 20) { sComplexity = "Très Faible"; } |
else if (nScore >= 20 && nScore < 40) { sComplexity = "Faible"; } |
else if (nScore >= 40 && nScore < 60) { sComplexity = "Moyen"; } |
else if (nScore >= 60 && nScore < 80) { sComplexity = "Bon"; } |
else if (nScore >= 80 && nScore <= 100) { sComplexity = "Très bon"; } |
/* Display updated score criteria to client */ |
oScorebar.style.backgroundPosition = "-" + parseInt(nScore * 4) + "px"; |
oScore.innerHTML = nScore + "%"; |
oComplexity.innerHTML = sComplexity; |
} |
else { |
/* Display default score criteria to client */ |
initPwdChk(); |
oScore.innerHTML = nScore + "%"; |
oComplexity.innerHTML = sComplexity; |
} |
} |
function initPwdChk(restart) { |
/* Reset all form values to their default */ |
var arrZeros = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol","nMidChar","nRequirements","nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol","nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus","nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"]; |
var arrPassPars = ["nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"]; |
var arrPassDivs = ["div_nAlphasOnly","div_nNumbersOnly","div_nRepChar","div_nConsecAlphaUC","div_nConsecAlphaLC","div_nConsecNumber","div_nSeqAlpha","div_nSeqNumber","div_nSeqSymbol"]; |
var arrFailPars = ["nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus"]; |
var arrFailDivs = ["div_nLength","div_nAlphaUC","div_nAlphaLC","div_nNumber","div_nSymbol","div_nMidChar","div_nRequirements"]; |
for (var i in arrZeros) { $(arrZeros[i]).innerHTML = "0"; } |
for (var i in arrPassPars) { $(arrPassPars[i]).parentNode.className = "pass"; } |
for (var i in arrPassDivs) { $(arrPassDivs[i]).className = "pass"; } |
for (var i in arrFailPars) { $(arrFailPars[i]).parentNode.className = "fail"; } |
for (var i in arrFailDivs) { $(arrFailDivs[i]).className = "fail"; } |
$("passwordPwd").value = ""; |
$("passwordTxt").value = ""; |
$("scorebar").style.backgroundPosition = "0"; |
if (restart) { |
$("passwordPwd").className = ""; |
$("passwordTxt").className = "hide"; |
} |
} |
addLoadEvent(function() { initPwdChk(1); }); |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |