From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/js/scrigo.js.php | 497 +++++++++++++------------------------------------------
1 files changed, 118 insertions(+), 379 deletions(-)
diff --git a/interface/web/js/scrigo.js.php b/interface/web/js/scrigo.js.php
index e3a391a..7ba19d1 100644
--- a/interface/web/js/scrigo.js.php
+++ b/interface/web/js/scrigo.js.php
@@ -1,345 +1,21 @@
<?php
- session_start();
- include('../../lib/config.inc.php');
- include_once(ISPC_ROOT_PATH.'/web/strengthmeter/lib/lang/'.$_SESSION['s']['language'].'_strengthmeter.lng');
+include '../../lib/config.inc.php';
+header('Content-Type: text/javascript; charset=utf-8'); // the config file sets the content type header so we have to override it here!
+require_once '../../lib/app.inc.php';
+$lang = (isset($_SESSION['s']['language']) && $_SESSION['s']['language'] != '')?$_SESSION['s']['language']:'en';
+include_once ISPC_ROOT_PATH.'/web/strengthmeter/lib/lang/'.$lang.'_strengthmeter.lng';
+
+$app->uses('ini_parser,getconf');
+$server_config_array = $app->getconf->get_global_config();
?>
-redirect = '';
-
-function loadContentRefresh(pagename) {
- var pageContentCallbackRefresh = {
- success: function(o) {
- document.getElementById('pageContent').innerHTML = o.responseText;
- },
- failure: function(o) {
- alert('Ajax Request was not successful.'+pagename);
- }
- }
-
- if(document.getElementById('refreshinterval').value > 0) {
- var pageContentObject2 = YAHOO.util.Connect.asyncRequest('GET', pagename+"&refresh="+document.getElementById('refreshinterval').value, pageContentCallbackRefresh);
- setTimeout( "loadContentRefresh('"+pagename+"&refresh="+document.getElementById('refreshinterval').value+"')", document.getElementById('refreshinterval').value*1000 );
- }
+<?php
+$min_password_length = 5;
+if(isset($server_config_array['misc']['min_password_length'])) {
+ $min_password_length = $app->functions->intval($server_config_array['misc']['min_password_length']);
}
-
-function capp(module) {
- var cappCallback = {
- success: function(o) {
- if(o.responseText != '') {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- loadContent(parts[1]);
- } else {
- alert(o.responseText);
- }
- }
- loadMenus();
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
- var submitFormObj = YAHOO.util.Connect.asyncRequest('GET', 'capp.php?mod='+module, cappCallback);
-}
-
-function submitLoginForm(formname) {
-
- var submitFormCallback = {
- success: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- //alert(parts[1]);
- loadContent(parts[1]);
- //redirect = parts[1];
- //window.setTimeout('loadContent(redirect)', 1000);
- } else if (o.responseText.indexOf('LOGIN_REDIRECT:') > -1) {
- // Go to the login page
- document.location.href = 'index.php';
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
- loadMenus();
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
- //* Validate form. TODO: username and password with strip();
- var frm = document.getElementById(formname);
- var userNameObj = frm.username;
- if(userNameObj.value == ''){
- userNameObj.focus();
- return;
- }
- var passwordObj = frm.passwort;
- if(passwordObj.value == ''){
- passwordObj.focus();
- return;
- }
- YAHOO.util.Connect.setForm(formname);
- var submitFormObj = YAHOO.util.Connect.asyncRequest('POST', 'content.php', submitFormCallback);
- /*
- if(redirect != '') {
- loadContent(redirect);
- redirect = '';
- }
- document.getElementById('footer').innerHTML = 'Powered by <a href="http://www.ispconfig.org" target="_blank">ISPConfig</a>';
- */
-
-}
-
-function submitForm(formname,target) {
-
- var submitFormCallback = {
- success: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- //alert(parts[1]);
- loadContent(parts[1]);
- //redirect = parts[1];
- //window.setTimeout('loadContent(redirect)', 1000);
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
- },
- failure: function(o) {
- var parts = o.responseText.split(':');
- alert('Ajax Request was not successful. '+parts[1]);
- }
- }
-
- YAHOO.util.Connect.setForm(formname);
- var submitFormObj = YAHOO.util.Connect.asyncRequest('POST', target, submitFormCallback);
- /*
- if(redirect != '') {
- loadContent(redirect);
- redirect = '';
- }
- */
-}
-
-function submitUploadForm(formname,target) {
-
- var submitFormCallback = {
- success: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- //alert(parts[1]);
- loadContent(parts[1]);
- //redirect = parts[1];
- //window.setTimeout('loadContent(redirect)', 1000);
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
- },
- upload: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- //alert(parts[1]);
- loadContent(parts[1]);
- //redirect = parts[1];
- //window.setTimeout('loadContent(redirect)', 1000);
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
- },
- failure: function(o) {
- alert('Ajax Request was not successful. 1');
- }
- }
-
- YAHOO.util.Connect.setForm(formname,true);
- var submitFormObj = YAHOO.util.Connect.asyncRequest('POST', target, submitFormCallback);
- /*
- if(redirect != '') {
- loadContent(redirect);
- redirect = '';
- }
- */
-}
-
-function loadContent(pagename) {
- var pageContentCallback2 = {
- success: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(':');
- loadContent(parts[1]);
- } else if (o.responseText.indexOf('URL_REDIRECT:') > -1) {
- var newUrl= o.responseText.substr(o.responseText.indexOf('URL_REDIRECT:') + "URL_REDIRECT:".length);
- document.location.href = newUrl;
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
-
- var pageContentObject2 = YAHOO.util.Connect.asyncRequest('GET', pagename, pageContentCallback2);
-}
-
-
-function loadInitContent() {
-
- var pageContentCallback = {
- success: function(o) {
- if(o.responseText.indexOf('HEADER_REDIRECT:') > -1) {
- var parts = o.responseText.split(":");
- loadContent(parts[1]);
- } else {
- document.getElementById('pageContent').innerHTML = o.responseText;
- }
-
- /*
- var items = document.getElementsByTagName('input');
- for(i=0;i<items.length;i++) {
- //var oButton = new YAHOO.widget.Button(items[i].id);
- if(items[i].type == 'button') {
- //alert(items[i].id);
- var oButton = new YAHOO.widget.Button(items[i].id);
- oButton.addListener("click",submitLoginForm);
- }
- }
- //var oButton = new YAHOO.widget.Button("submit");
- */
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
- var pageContentObject = YAHOO.util.Connect.asyncRequest('GET', 'content.php?s_mod=login&s_pg=index', pageContentCallback);
-
- loadMenus();
- keepalive();
- setTimeout("setFocus()",1000);
-
-}
-
-function setFocus() {
-/*
- var flag=false;
- for(z=0;z<document.forms.length;z++) {
- var form = document.forms[z];
- var elements = form.elements;
- for (var i=0;i<elements.length;i++) {
- var element = elements[i];
- if(element.type == 'text' &&
- !element.readOnly &&
- !element.disabled) {
- element.focus();
- flag=true;
- break;
- }
- }
- if(flag)break;
- }
-*/
- document.pageForm.username.focus();
-}
-
-
-function loadMenus() {
-
- var sideNavCallback = {
- success: function(o) {
- document.getElementById('sideNav').innerHTML = o.responseText;
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
- var sideNavObject = YAHOO.util.Connect.asyncRequest('GET', 'nav.php?nav=side', sideNavCallback);
-
- var topNavCallback = {
- success: function(o) {
- document.getElementById('topNav').innerHTML = o.responseText;
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
- var topNavObject = YAHOO.util.Connect.asyncRequest('GET', 'nav.php?nav=top', topNavCallback);
-
-}
-
-function changeTab(tab,target) {
- //document.forms[0].next_tab.value = tab;
- document.pageForm.next_tab.value = tab;
- submitForm('pageForm',target);
-}
-
-
-
-function reportError(request)
- {
- alert('Sorry. There was an error.');
- }
-
-function del_record(link,confirmation) {
- if(window.confirm(confirmation)) {
- loadContent(link);
- }
-}
-
-function loadContentInto(elementid,pagename) {
- var itemContentCallback = {
- success: function(o) {
- document.getElementById(elementid).innerHTML = o.responseText;
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
-
-
- var pageContentObject2 = YAHOO.util.Connect.asyncRequest('GET', pagename, itemContentCallback);
-}
-
-function loadOptionInto(elementid,pagename) {
- var itemContentCallback = {
- success: function(o) {
- var teste = o.responseText;
- var elemente = teste.split('#');
- el=document.getElementById(elementid);
- el.innerHTML='';
- for (var i = 0; i < elemente.length; ++i){
-
- var foo2 = document.createElement("option");
- foo2.appendChild(document.createTextNode(elemente[i]));
- foo2.value=elemente[i];
- el.appendChild(foo2);
- }
- },
- failure: function(o) {
- alert('Ajax Request was not successful.');
- }
- }
- var pageContentObject2 = YAHOO.util.Connect.asyncRequest('GET', pagename, itemContentCallback);
-}
-
-function keepalive() {
- var pageContentCallbackKeepalive = {
- success: function(o) {
- setTimeout( keepalive, 1000000 );
- },
- failure: function(o) {
- alert('Sorry. There was an error.');
- }
- }
-
- var pageContentObject3 = YAHOO.util.Connect.asyncRequest('GET', 'keepalive.php', pageContentCallbackKeepalive);
- //setTimeout( keepalive, 1000000 );
-}
-
-
-
-var pass_minimum_length = 5;
+?>
+var pass_minimum_length = <?php echo $min_password_length; ?>;
var pass_messages = new Array();
var pass_message = new Array();
@@ -372,6 +48,8 @@
pass_message['color'] = "green";
pass_messages[5] = pass_message;
+var special_chars = "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ";
+
function pass_check(password) {
var length = password.length;
var points = 0;
@@ -379,25 +57,34 @@
pass_result(0);
return;
}
-
+
if (length < 5) {
pass_result(1);
return;
}
+ var different = 0;
+
+ if (pass_contains(password, "abcdefghijklnmopqrstuvwxyz")) {
+ different += 1;
+ }
+
if (pass_contains(password, "ABCDEFGHIJKLNMOPQRSTUVWXYZ")) {
points += 1;
+ different += 1;
}
-
+
if (pass_contains(password, "0123456789")) {
points += 1;
+ different += 1;
}
-
- if (pass_contains(password, "`~!@#$%^&*()_+|\=-[]}{';:/?.>,<\" ")) {
+
+ if (pass_contains(password, special_chars)) {
points += 1;
+ different += 1;
}
-
- if (points == 0) {
+
+ if (points == 0 || different < 3) {
if (length >= 5 && length <=6) {
pass_result(1);
} else if (length >= 7 && length <=8) {
@@ -458,43 +145,95 @@
return false;
}
-function addAdditionalTemplate(){
- var tpl_add = document.getElementById('template_additional').value;
+
+
+function password(minLength, special, num_special){
+ minLength = minLength || 10;
+ if(minLength < 8) minLength = 8;
+ var maxLength = minLength + 5;
+ var length = getRandomInt(minLength, maxLength);
- var tpl_list = document.getElementById('template_additional_list').innerHTML;
- var addTemplate = document.getElementById('tpl_add_select').value.split('|',2);
- var addTplId = addTemplate[0];
- var addTplText = addTemplate[1];
- if(addTplId > 0) {
- var newVal = tpl_add + '/' + addTplId + '/';
- newVal = newVal.replace('//', '/');
- var newList = tpl_list + '<br>' + addTplText;
- newList = newList.replace('<br><br>', '<br>');
- document.getElementById('template_additional').value = newVal;
- document.getElementById('template_additional_list').innerHTML = newList;
- alert('additional template ' + addTplText + ' added to customer');
- } else {
- alert('no additional template selcted');
+ var alphachars = "abcdefghijklmnopqrstuvwxyz";
+ var upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ var numchars = "1234567890";
+ var specialchars = "!@#_";
+
+ if(num_special == undefined) num_special = 0;
+ if(special != undefined && special == true) {
+ num_special = Math.floor(Math.random() * (length / 4)) + 1;
}
+ var numericlen = getRandomInt(1, 2);
+ var alphalen = length - num_special - numericlen;
+ var upperlen = Math.floor(alphalen / 2);
+ alphalen = alphalen - upperlen;
+ var password = "";
+
+ for(i = 0; i < alphalen; i++) {
+ password += alphachars.charAt(Math.floor(Math.random() * alphachars.length));
+ }
+
+ for(i = 0; i < upperlen; i++) {
+ password += upperchars.charAt(Math.floor(Math.random() * upperchars.length));
+ }
+
+ for(i = 0; i < num_special; i++) {
+ password += specialchars.charAt(Math.floor(Math.random() * specialchars.length));
+ }
+
+ for(i = 0; i < numericlen; i++) {
+ password += numchars.charAt(Math.floor(Math.random() * numchars.length));
+ }
+
+ password = password.split('').sort(function() { return 0.5 - Math.random(); }).join('');
+
+ return password;
}
-function delAdditionalTemplate(){
- var tpl_add = document.getElementById('template_additional').value;
- if(tpl_add != '') {
- var tpl_list = document.getElementById('template_additional_list').innerHTML;
- var addTemplate = document.getElementById('tpl_add_select').value.split('|',2);
- var addTplId = addTemplate[0];
- var addTplText = addTemplate[1];
- var newVal = tpl_add;
- newVal = newVal.replace(addTplId, '');
- newVal = newVal.replace('//', '/');
- var newList = tpl_list.replace(addTplText, '');
- newList = newList.replace('<br><br>', '<br>');
- document.getElementById('template_additional').value = newVal;
- document.getElementById('template_additional_list').innerHTML = newList;
- alert('additional template ' + addTplText + ' deleted from customer');
- } else {
- alert('no additional template selcted');
- }
-
+<?php
+$min_password_length = 10;
+if(isset($server_config_array['misc']['min_password_length'])) {
+ $min_password_length = $app->functions->intval($server_config_array['misc']['min_password_length']);
+}
+?>
+
+function generatePassword(passwordFieldID, repeatPasswordFieldID){
+ var oldPWField = jQuery('#'+passwordFieldID);
+ var newPWField = oldPWField.clone();
+ newPWField.attr('type', 'text').attr('id', 'tmp'+passwordFieldID).insertBefore(oldPWField);
+ oldPWField.remove();
+ var pword = password(<?php echo $min_password_length; ?>, false, 1);
+ jQuery('#'+repeatPasswordFieldID).val(pword);
+ newPWField.attr('id', passwordFieldID).val(pword).trigger('keyup').select();
+}
+
+var funcDisableClick = function(e) { e.preventDefault(); return false; };
+
+function checkPassMatch(pwField1,pwField2){
+ var rpass = jQuery('#'+pwField2).val();
+ var npass = jQuery('#'+pwField1).val();
+ if(npass!= rpass) {
+ jQuery('#confirmpasswordOK').hide();
+ jQuery('#confirmpasswordError').show();
+ jQuery('button.positive').attr('disabled','disabled');
+ jQuery('.tabbox_tabs ul li a').each(function() {
+ var $this = $(this);
+ $this.data('saved_onclick', $this.attr('onclick'));
+ $this.removeAttr('onclick');
+ $this.click(funcDisableClick);
+ });
+ return false;
+ } else {
+ jQuery('#confirmpasswordError').hide();
+ jQuery('#confirmpasswordOK').show();
+ jQuery('button.positive').removeAttr('disabled');
+ jQuery('.tabbox_tabs ul li a').each(function() {
+ var $this = $(this);
+ $this.unbind('click', funcDisableClick);
+ if($this.data('saved_onclick') && !$this.attr('onclick')) $this.attr('onclick', $this.data('saved_onclick'));
+ });
+ }
+}
+
+function getRandomInt(min, max){
+ return Math.floor(Math.random() * (max - min + 1)) + min;
}
--
Gitblit v1.9.1