File: crloginform.ihtml

package info (click to toggle)
phplib 2%3A7.2d-3.1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,612 kB
  • ctags: 198
  • sloc: php: 6,095; pascal: 186; perl: 95; makefile: 78; sh: 6
file content (100 lines) | stat: -rw-r--r-- 2,960 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
<!--
  This loginform uses a challenge/response mechanism to
  authenticate the user. The password does not travel over the
  network if the client browser has JavaScript enabled.
  
  $auth->auth_loginform() creates a challenge value which is incorporated
  into this form. When the user tries to submit the form,
  md5("username:password:challenge") is calculated and filled
  into the reply field. The password field is erased. The server
  can calculate the exspected reply and compare it to the actual
  reply value. If they match, the user is authenticated.
  
  If the reply field is empty and password is set, the server
  knows that the client cannot do JS. The user can still be
  authenticated, but the password is visible on the network.

  $Id: crloginform.ihtml,v 1.1.1.1 2000/04/17 16:40:08 kk Exp $
-->
<html>
<head>
  <title>Test for Login</title>
  <style type="text/css">
  <!--
    body { font-family: Arial, Helvetica, sans-serif }
    td   { font-family: Arial, Helvetica, sans-serif }
  -->
  </style>
<script language="javascript" src="/session/md5.js"></script>
<script language="javascript">
<!--
  function doChallengeResponse() {
    str = document.login.username.value + ":" +
          document.login.password.value + ":" +
          document.login.challenge.value;

    document.login.response.value = MD5(str);
    document.login.password.value = "";
    document.login.submit();
  }
// -->
</script>
</head>

<body bgcolor="#ffffff">
<h1>Test for Login</h1>

Welcome!

Please identify yourself with a username and a password:<br>

<form name="login" action="<?php print $this->url() ?>" method=post>
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=0 cellpadding=4>
 <tr valign=top align=left>
  <td>Username:</td>
  <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
 </tr>
 
 <tr valign=top align=left>
  <td>Password:</td>
  <td><input type="password" name="password" size=32 maxlength=32></td>
 </tr>
 
 <tr>
  <td>&nbsp;</td>
  <td align=right><input onClick="doChallengeResponse(); return false;" type="submit" name="submitbtn" value="Login now"></td>
 </tr>
</table>

 <?php global $username; if ( isset($username) ): ?>
 <!-- failed login code -->

 <p>
 <table>
  <tr>
   <td colspan=2><font color=red><b>Either your username or your password
       are invalid.<br>
       Please try again!</b></font></td>
  </tr>
 </table>

 <?php endif ?>

</table>

<!-- Set up the form with the challenge value and an empty reply value -->
<input type="hidden" name="challenge" value="<?php print $challenge ?>">
<input type="hidden" name="response"  value="">
</form>
</body>
<script language="JavaScript">
<!--
  // Activate the appropriate input form field.
  if (document.login.username.value == '') {
    document.login.username.focus();
  } else {
    document.login.password.focus();
  }
// -->
</script>
</html>