This file is indexed.

/usr/share/php/Auth/Frontend/Html.php is in php-auth 1.6.2-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */

/**
 * Standard Html Login form
 *
 * PHP versions 4 and 5
 *
 * LICENSE: This source file is subject to version 3.01 of the PHP license
 * that is available through the world-wide-web at the following URI:
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
 * the PHP License and are unable to obtain it through the web, please
 * send a note to license@php.net so we can mail you a copy immediately.
 *
 * @category   Authentication
 * @package    Auth
 * @author     Martin Jansen <mj@php.net>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    CVS: $Id: Html.php 237449 2007-06-12 03:11:27Z aashley $
 * @link       http://pear.php.net/package/Auth
 * @since      File available since Release 1.3.0
 */

/**
 * Standard Html Login form
 *
 * @category   Authentication
 * @package    Auth
 * @author     Yavor Shahpasov <yavo@netsmart.com.cy>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    Release: 1.6.2  File: $Revision: 237449 $
 * @link       http://pear.php.net/package/Auth
 * @since      Class available since Release 1.3.0
 */
class Auth_Frontend_Html {

    // {{{ render()

    /**
     * Displays the login form
     *
     * @param object The calling auth instance
     * @param string The previously used username
     * @return void
     */
    function render(&$caller, $username = '') {
        $loginOnClick = 'return true;';

        // Try To Use Challene response
        // TODO javascript might need some improvement for work on other browsers
        if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {

            // Init the secret cookie
            $caller->session['loginchallenege'] = md5(microtime());

            print "\n";
            print '<script language="JavaScript">'."\n";

            include 'Auth/Frontend/md5.js';

            print "\n";
            print ' function securePassword() { '."\n";
            print '   var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
            print '   var secret = document.getElementById(\'authsecret\')'."\n";
            //print '   alert(pass);alert(secret); '."\n";

            // If using md5 for password storage md5 the password before
            // we hash it with the secret
            // print '   alert(pass.value);';
            if ($caller->storage->getCryptType() == 'md5' ) {
                print '   pass.value = hex_md5(pass.value); '."\n";
                #print '   alert(pass.value);';
            }

            print '   pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
            // print '   alert(pass.value);';
            print '   secret.value = 1;'."\n";
            print '   var doLogin = document.getElementById(\'doLogin\')'."\n";
            print '   doLogin.disabled = true;'."\n";
            print '   return true;';
            print ' } '."\n";
            print '</script>'."\n";;
            print "\n";

            $loginOnClick = ' return securePassword(); ';
        }

        print '<center>'."\n";

        $status = '';
        if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
            $status = '<i>Your session has expired. Please login again!</i>'."\n";
        } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
            $status = '<i>You have been idle for too long. Please login again!</i>'."\n";
        } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
            $status = '<i>Wrong login data!</i>'."\n";
        } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
            $status = '<i>Security problem detected. </i>'."\n";
        }

        print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
            .'onSubmit="'.$loginOnClick.'">'."\n";
        print '<table border="0" cellpadding="2" cellspacing="0" '
            .'summary="login form" align="center" >'."\n";
        print '<tr>'."\n";
        print '    <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
            .$status.'</td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";
        print '    <td>Username:</td>'."\n";
        print '    <td><input type="text" id="'.$caller->getPostUsernameField()
            .'" name="'.$caller->getPostUsernameField().'" value="' . $username
            .'" /></td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";
        print '    <td>Password:</td>'."\n";
        print '    <td><input type="password" id="'.$caller->getPostPasswordField()
            .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";

        //onClick=" '.$loginOnClick.' "
        print '    <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
            .'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
        print '</tr>'."\n";
        print '</table>'."\n";

        // Might be a good idea to make the variable name variable
        print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
        print '</form>'."\n";
        print '</center>'."\n";
    }

    // }}}

}

?>