/usr/share/php/Auth/Frontend/Html.php is in php-auth 1.6.4-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | <?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
/**
* Standard Html Login form
*
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.01 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license/3_01.txt. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to license@php.net so we can mail you a copy immediately.
*
* @category Authentication
* @package Auth
* @author Martin Jansen <mj@php.net>
* @author Adam Ashley <aashley@php.net>
* @copyright 2001-2006 The PHP Group
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* @version CVS: $Id: Html.php 237449 2007-06-12 03:11:27Z aashley $
* @link http://pear.php.net/package/Auth
* @since File available since Release 1.3.0
*/
/**
* Standard Html Login form
*
* @category Authentication
* @package Auth
* @author Yavor Shahpasov <yavo@netsmart.com.cy>
* @author Adam Ashley <aashley@php.net>
* @copyright 2001-2006 The PHP Group
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* @version Release: @package_version@ File: $Revision: 237449 $
* @link http://pear.php.net/package/Auth
* @since Class available since Release 1.3.0
*/
class Auth_Frontend_Html {
// {{{ render()
/**
* Displays the login form
*
* @param object The calling auth instance
* @param string The previously used username
* @return void
*/
function render(&$caller, $username = '') {
$loginOnClick = 'return true;';
// Try To Use Challene response
// TODO javascript might need some improvement for work on other browsers
if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
// Init the secret cookie
$caller->session['loginchallenege'] = md5(microtime());
print "\n";
print '<script language="JavaScript">'."\n";
include 'Auth/Frontend/md5.js';
print "\n";
print ' function securePassword() { '."\n";
print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
print ' var secret = document.getElementById(\'authsecret\')'."\n";
//print ' alert(pass);alert(secret); '."\n";
// If using md5 for password storage md5 the password before
// we hash it with the secret
// print ' alert(pass.value);';
if ($caller->storage->getCryptType() == 'md5' ) {
print ' pass.value = hex_md5(pass.value); '."\n";
#print ' alert(pass.value);';
}
print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
// print ' alert(pass.value);';
print ' secret.value = 1;'."\n";
print ' var doLogin = document.getElementById(\'doLogin\')'."\n";
print ' doLogin.disabled = true;'."\n";
print ' return true;';
print ' } '."\n";
print '</script>'."\n";;
print "\n";
$loginOnClick = ' return securePassword(); ';
}
print '<center>'."\n";
$status = '';
if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
$status = '<i>Your session has expired. Please login again!</i>'."\n";
} else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
$status = '<i>You have been idle for too long. Please login again!</i>'."\n";
} else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
$status = '<i>Wrong login data!</i>'."\n";
} else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
$status = '<i>Security problem detected. </i>'."\n";
}
print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
.'onSubmit="'.$loginOnClick.'">'."\n";
print '<table border="0" cellpadding="2" cellspacing="0" '
.'summary="login form" align="center" >'."\n";
print '<tr>'."\n";
print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
.$status.'</td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
print ' <td>Username:</td>'."\n";
print ' <td><input type="text" id="'.$caller->getPostUsernameField()
.'" name="'.$caller->getPostUsernameField().'" value="' . $username
.'" /></td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
print ' <td>Password:</td>'."\n";
print ' <td><input type="password" id="'.$caller->getPostPasswordField()
.'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
//onClick=" '.$loginOnClick.' "
print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
.'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
print '</tr>'."\n";
print '</table>'."\n";
// Might be a good idea to make the variable name variable
print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
print '</form>'."\n";
print '</center>'."\n";
}
// }}}
}
?>
|