Subversion Repositories ALCASAR

Rev

Rev 2003 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
345 richard 1
<?php
2
# change user password on Alcasar captive Portal
3
# Copyright (C) 2003, 2004 Mondru AB.
4
# Copyright (C) 2008-2009 ANGEL95 & REXY
5
 
647 richard 6
 
7
 
345 richard 8
require('/etc/freeradius-web/config.php');
9
 
10
$current_page = $_SERVER['PHP_SELF'];
11
 
12
# Choice of language
912 richard 13
$Language = 'en';
345 richard 14
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
15
  $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
16
  $Language = strtolower(substr(chop($Langue[0]),0,2)); }
17
if($Language == 'es'){
18
$R_title = "User password change";
19
$R_form_l1 = "User";
20
$R_form_l2 = "Old password";
21
$R_form_l3 = "New password";
22
$R_form_l4 = "New password (confirmation)";
647 richard 23
$R_eval_pass = "Score :";
688 richard 24
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
647 richard 25
$R_form_button_valid = "Modify";
26
$R_form_button_retour = "Cancel";
345 richard 27
$R_form_result1 = "Your password has been successfuly changed";
28
$R_form_result2 = "Error when trying to change password";
509 richard 29
$R_retour = "ALCASAR home page";}
912 richard 30
else if ($Language == 'pt'){
31
$R_title = "Alteração de senha do usuário";
32
$R_form_l1 = "Usuário";
33
$R_form_l2 = "Senha antiga";
34
$R_form_l3 = "Nova senha";
35
$R_form_l4 = "Nova senha (confirmação)";
36
$R_eval_pass = "Resultado:";
688 richard 37
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
912 richard 38
$R_form_button_valid = "Modificar";
39
$R_form_button_retour = "Cancelar";
40
$R_form_result1 = "Sua senha foi alterada com sucesso";
41
$R_form_result2 = "Erro ao tentar alterar a senha";
42
$R_retour = "Home page Alcasar";}
43
else if($Language == 'de'){
345 richard 44
$R_title = "User password change";
45
$R_form_l1 = "User";
46
$R_form_l2 = "Old password";
47
$R_form_l3 = "New password";
48
$R_form_l4 = "New password (confirmation)";
647 richard 49
$R_eval_pass = "Score :";
688 richard 50
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
647 richard 51
$R_form_button_valid = "Modify";
52
$R_form_button_retour = "Cancel";
345 richard 53
$R_form_result1 = "Your password has been successfuly changed";
54
$R_form_result2 = "Error when trying to change password";
509 richard 55
$R_retour = "ALCASAR home page";}
912 richard 56
else if($Language == 'nl'){
345 richard 57
$R_title = "User password change";
58
$R_form_l1 = "User";
59
$R_form_l2 = "Old password";
60
$R_form_l3 = "New password";
61
$R_form_l4 = "New password (confirmation)";
647 richard 62
$R_eval_pass = "Score :";
688 richard 63
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
647 richard 64
$R_form_button_valid = "Modify";
65
$R_form_button_retour = "Cancel";
345 richard 66
$R_form_result1 = "Your password has been successfuly changed";
67
$R_form_result2 = "Error when trying to change password";
509 richard 68
$R_retour = "ALCASAR home page";}
2083 richard 69
else if($Language == 'zh'){
70
$R_title = "修改用户密码";
71
$R_form_l1 = "用户";
72
$R_form_l2 = "旧密码";
73
$R_form_l3 = "新密码";
74
$R_form_l4 = "新密码(确认)";
75
$R_eval_pass = "";
76
$R_passwordmeter = "技术支持 'Shibbo Password Analyser'</a>";
77
$R_form_button_valid = "修改";
78
$R_form_button_retour = "取消";
79
$R_form_result1 = "您的密码已成功修改";
80
$R_form_result2 = "修改密码出错";
81
$R_retour = "返回首页";}
912 richard 82
else if($Language == 'fr'){
345 richard 83
$R_title = "Changement de mot de passe utilisateur";
647 richard 84
$R_form_l1 = "Utilisateur :";
85
$R_form_l2 = "Ancien mot de passe :";
86
$R_form_l3 = "Nouveau mot de passe :";
87
$R_form_l4 = "Nouveau mot de passe (confirmation) :";
88
$R_eval_pass = "";
688 richard 89
$R_passwordmeter = "Propulsé par 'Shibbo Password Analyser'</a>";
647 richard 90
$R_form_button_valid = "Modifier";
91
$R_form_button_retour = "Annuler";
345 richard 92
$R_form_result1 = "Votre mot de passe a &eacute;t&eacute; modifi&eacute; avec succ&egrave;s";
93
$R_form_result2 = "Erreur de changement de mot de passe";
912 richard 94
$R_retour = "Retour &agrave; la page d'accueil ALCASAR";}
95
else {
96
$R_title = "User password change";
97
$R_form_l1 = "User";
98
$R_form_l2 = "Old password";
99
$R_form_l3 = "New password";
100
$R_form_l4 = "New password (confirmation)";
101
$R_eval_pass = "Score :";
102
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
103
$R_form_button_valid = "Modify";
104
$R_form_button_retour = "Cancel";
105
$R_form_result1 = "Your password has been successfuly changed";
106
$R_form_result2 = "Error when trying to change password";
107
$R_retour = "ALCASAR home page";
345 richard 108
}
109
echo "
110
<html>
509 richard 111
	<head>
112
		<title>$R_title</title>
113
		<meta http-equiv=\"Cache-control\" content=\"no-cache\">
114
		<meta http-equiv=\"Pragma\" content=\"no-cache\">
115
		<link rel=\"stylesheet\" href=\"../css/pass.css\" type=\"text/css\">
2003 raphael.pi 116
		<link rel=\"stylesheet\" href=\"../css/style_intercept.css\" type=\"text/css\">
647 richard 117
		<link type=\"text/css\" href=\"../css/pwdmeter.css\" media=\"screen\" rel=\"stylesheet\" />
118
		<!--[if lt IE 7]>
119
			<link type=\"text/css\" href=\"../css/ie.css\" media=\"screen\" rel=\"stylesheet\" />
120
		<![endif]-->
121
		<script type=\"text/javascript\" src=\"js/pwdmeter.js\" language=\"javascript\"></script>	
509 richard 122
	</head>
2003 raphael.pi 123
	<script type=\"text/javascript\">
124
		function valoriserDiv5(param){
125
			document.getElementById(\"box_info\").innerHTML = param.innerHTML;
126
		}
127
	</script>
128
	<body onload=\"valoriserDiv5(text_conn);\">
129
 
130
				<div id=\"cadre_titre\" class=\"titre_controle\">
131
					<p id=\"acces_controle\" class=\"titre_controle\">$R_title</p>			
132
					<div id=\"boite_logo\">
133
						<img src=\"/images/organisme.png\">
134
					</div>
647 richard 135
				</div>
2003 raphael.pi 136
				<div id=\"contenu_acces\">
647 richard 137
					<form name=\"master\" action=\"$current_page\" method=\"post\">
138
					<input type=hidden name=action value=checkpass>
139
						<table id=\"champs_pass\">
140
							<tr>
141
								<td class=\"first_item\">$R_form_l1</td>
142
								<td><input type=\"text\" name=\"login\" value=\"\" label=\"test\"></td>
143
							</tr>	
144
							<tr>
145
								<td class=\"first_item\">$R_form_l2</td>
146
								<td><input type=\"password\" name=\"passwd\" value=\"\"></td>
147
							</tr>
148
							<tr>
149
								<td class=\"first_item\">$R_form_l3</td>
150
								<td>
151
									<input type=\"password\" name=\"newpasswd\" id=\"passwordPwd\" value=\"\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" />
152
									<input type=\"text\" id=\"passwordTxt\" name=\"passwordTxt\" autocomplete=\"off\" onkeyup=\"chkPass(this.value);\" class=\"hide\" />
153
								</td>
154
							</tr>
155
							<tr>
156
								<td class=\"first_item\">$R_eval_pass</td>
157
								<td>
158
									<div id=\"scorebarBorder\">
159
										<div id=\"score\">0%</div>
160
										<div id=\"scorebar\">&nbsp;</div>
161
									</div>
162
									<div id=\"complexity\"></div>
163
								</td>
164
							</tr>
165
							<tr>
166
								<td colspan=\"2\" id=\"lien_pass\">$R_passwordmeter</td>
167
							</tr>
168
							<tr>
169
								<td class=\"first_item\">$R_form_l4</td>
170
								<td><input type=\"password\" name=\"newpasswd2\" value=\"\"></td>
171
							</tr>
172
						</table>
173
					<input type=\"submit\" class=\"btn_form\" id=\"btn_pass\" value=\"$R_form_button_valid\">
174
					<input type=\"button\" class=\"btn_form\" id=\"btn_retour\" value=\"$R_form_button_retour\" onclick=\"location.replace('http://alcasar');\">
175
				</div>
509 richard 176
			</div>
647 richard 177
			<div id=\"info_pass\">
178
						<table id=\"tablePwdStatus\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\">
179
					<tr>
180
						<th colspan=\"2\">Additions</th>
181
						<th class=\"txtCenter\">Type</th>
182
						<th class=\"txtCenter\">Rate</th>
183
						<th class=\"txtCenter\">Count</th>
184
						<th class=\"txtCenter\">Bonus</th>
185
					</tr>
186
					<tr>
187
						<td width=\"1%\"><div id=\"div_nLength\" class=\"fail\">&nbsp;</div></td>
188
						<td width=\"94%\">Number of Characters</td>
189
						<td width=\"1%\" class=\"txtCenter\">Flat</td>
190
						<td width=\"1%\" class=\"txtCenter italic\">+(n*4)</td>
191
						<td width=\"1%\"><div id=\"nLength\" class=\"box\">&nbsp;</div></td>
192
						<td width=\"1%\"><div id=\"nLengthBonus\" class=\"boxPlus\">&nbsp;</div></td>
193
					</tr>	
194
					<tr>
195
						<td><div id=\"div_nAlphaUC\" class=\"fail\">&nbsp;</div></td>
196
						<td>Uppercase Letters</td>
197
						<td class=\"txtCenter\">Cond/Incr</td>
198
						<td nowrap=\"nowrap\" class=\"txtCenter italic\">+((len-n)*2)</td>
199
					   <td><div id=\"nAlphaUC\" class=\"box\">&nbsp;</div></td>
200
						<td><div id=\"nAlphaUCBonus\" class=\"boxPlus\">&nbsp;</div></td>
201
					</tr>	
202
					<tr>
203
						<td><div id=\"div_nAlphaLC\" class=\"fail\">&nbsp;</div></td>
204
						<td>Lowercase Letters</td>
205
						<td class=\"txtCenter\">Cond/Incr</td>
206
						<td class=\"txtCenter italic\">+((len-n)*2)</td>
207
						<td><div id=\"nAlphaLC\" class=\"box\">&nbsp;</div></td>
208
						<td><div id=\"nAlphaLCBonus\" class=\"boxPlus\">&nbsp;</div></td>
209
					</tr>
210
					<tr>
211
						<td><div id=\"div_nNumber\" class=\"fail\">&nbsp;</div></td>
212
						<td>Numbers</td>
213
						<td class=\"txtCenter\">Cond</td>
214
						<td class=\"txtCenter italic\">+(n*4)</td>
215
						<td><div id=\"nNumber\" class=\"box\">&nbsp;</div></td>
216
						<td><div id=\"nNumberBonus\" class=\"boxPlus\">&nbsp;</div></td>
217
				   </tr>
218
					<tr>
219
						<td><div id=\"div_nSymbol\" class=\"fail\">&nbsp;</div></td>
220
						<td>Symbols</td>
221
						<td class=\"txtCenter\">Flat</td>
222
						<td class=\"txtCenter italic\">+(n*6)</td>
223
						<td><div id=\"nSymbol\" class=\"box\">&nbsp;</div></td>
224
						<td><div id=\"nSymbolBonus\" class=\"boxPlus\">&nbsp;</div></td>
225
				   </tr>
226
					<tr>
227
						<td><div id=\"div_nMidChar\" class=\"fail\">&nbsp;</div></td>
228
						<td>Middle Numbers or Symbols</td>
229
						<td class=\"txtCenter\">Flat</td>
230
						<td class=\"txtCenter italic\">+(n*2)</td>
231
						<td><div id=\"nMidChar\" class=\"box\">&nbsp;</div></td>
232
						<td><div id=\"nMidCharBonus\" class=\"boxPlus\">&nbsp;</div></td>
233
				   </tr>
234
					<tr>
235
						<td><div id=\"div_nRequirements\" class=\"fail\">&nbsp;</div></td>
236
						<td>Requirements</td>
237
						<td class=\"txtCenter\">Flat</td>
238
						<td class=\"txtCenter italic\">+(n*2)</td>
239
						<td><div id=\"nRequirements\" class=\"box\">&nbsp;</div></td>
240
						<td><div id=\"nRequirementsBonus\" class=\"boxPlus\">&nbsp;</div></td>
241
				   </tr>
242
					<tr>
243
						<th colspan=\"6\">Deductions</th>
244
					</tr>
245
					<tr>
246
						<td width=\"1%\"><div id=\"div_nAlphasOnly\" class=\"pass\">&nbsp;</div></td>
247
						<td width=\"94%\">Letters Only</td>
248
						<td width=\"1%\" class=\"txtCenter\">Flat</td>
249
						<td width=\"1%\" class=\"txtCenter italic\">-n</td>
250
						<td width=\"1%\"><div id=\"nAlphasOnly\" class=\"box\">&nbsp;</div></td>
251
						<td width=\"1%\"><div id=\"nAlphasOnlyBonus\" class=\"boxMinus\">&nbsp;</div></td>
252
					</tr>	
253
					<tr>
254
						<td><div id=\"div_nNumbersOnly\" class=\"pass\">&nbsp;</div></td>
255
						<td>Numbers Only</td>
256
						<td class=\"txtCenter\">Flat</td>
257
						<td class=\"txtCenter italic\">-n</td>
258
						<td><div id=\"nNumbersOnly\" class=\"box\">&nbsp;</div></td>
259
						<td><div id=\"nNumbersOnlyBonus\" class=\"boxMinus\">&nbsp;</div></td>
260
					</tr>	
261
					<tr>
262
						<td><div id=\"div_nRepChar\" class=\"pass\">&nbsp;</div></td>
263
						<td>Repeat Characters (Case Insensitive)</td>
264
						<td class=\"txtCenter\">Comp</td>
265
						<td nowrap=\"nowrap\" class=\"txtCenter italic\"> - </td>
266
						<td><div id=\"nRepChar\" class=\"box\">&nbsp;</div></td>
267
						<td><div id=\"nRepCharBonus\" class=\"boxMinus\">&nbsp;</div></td>
268
					</tr>	
269
					<tr>
270
						<td><div id=\"div_nConsecAlphaUC\" class=\"pass\">&nbsp;</div></td>
271
						<td>Consecutive Uppercase Letters</td>
272
						<td class=\"txtCenter\">Flat</td>
273
						<td class=\"txtCenter italic\">-(n*2)</td>
274
						<td><div id=\"nConsecAlphaUC\" class=\"box\">&nbsp;</div></td>
275
						<td><div id=\"nConsecAlphaUCBonus\" class=\"boxMinus\">&nbsp;</div></td>
276
					</tr>	
277
					<tr>
278
						<td><div id=\"div_nConsecAlphaLC\" class=\"pass\">&nbsp;</div></td>
279
						<td>Consecutive Lowercase Letters</td>
280
						<td class=\"txtCenter\">Flat</td>
281
						<td class=\"txtCenter italic\">-(n*2)</td>
282
						<td><div id=\"nConsecAlphaLC\" class=\"box\">&nbsp;</div></td>
283
						<td><div id=\"nConsecAlphaLCBonus\" class=\"boxMinus\">&nbsp;</div></td>
284
					</tr>	
285
					<tr>
286
						<td><div id=\"div_nConsecNumber\" class=\"pass\">&nbsp;</div></td>
287
						<td>Consecutive Numbers</td>
288
						<td class=\"txtCenter\">Flat</td>
289
						<td class=\"txtCenter italic\">-(n*2)</td>
290
						<td><div id=\"nConsecNumber\" class=\"box\">&nbsp;</div></td>
291
						<td><div id=\"nConsecNumberBonus\" class=\"boxMinus\">&nbsp;</div></td>
292
					</tr>	
293
					<tr>
294
						<td><div id=\"div_nSeqAlpha\" class=\"pass\">&nbsp;</div></td>
295
						<td>Sequential Letters (3+)</td>
296
						<td class=\"txtCenter\">Flat</td>
297
						<td class=\"txtCenter italic\">-(n*3)</td>
298
						<td><div id=\"nSeqAlpha\" class=\"box\">&nbsp;</div></td>
299
						<td><div id=\"nSeqAlphaBonus\" class=\"boxMinus\">&nbsp;</div></td>
300
					</tr>	
301
					<tr>
302
						<td><div id=\"div_nSeqNumber\" class=\"pass\">&nbsp;</div></td>
303
						<td>Sequential Numbers (3+)</td>
304
						<td class=\"txtCenter\">Flat</td>
305
						<td class=\"txtCenter italic\">-(n*3)</td>
306
						<td><div id=\"nSeqNumber\" class=\"box\">&nbsp;</div></td>
307
						<td><div id=\"nSeqNumberBonus\" class=\"boxMinus\">&nbsp;</div></td>
308
					</tr>	
309
					<tr>
310
						<td><div id=\"div_nSeqSymbol\" class=\"pass\">&nbsp;</div></td>
311
						<td>Sequential Symbols (3+)</td>
312
						<td class=\"txtCenter\">Flat</td>
313
						<td class=\"txtCenter italic\">-(n*3)</td>
314
						<td><div id=\"nSeqSymbol\" class=\"box\">&nbsp;</div></td>
315
						<td><div id=\"nSeqSymbolBonus\" class=\"boxMinus\">&nbsp;</div></td>
316
					</tr>	
317
					<tr>
318
						<th colspan=\"6\">Legend</th>
319
					</tr>
320
					<tr>
321
						<td colspan=\"6\">
322
							<ul id=\"listLegend\">
323
								<li><div class=\"exceed imgLegend\">&nbsp;</div> <span class=\"bold\">Exceptional:</span> Exceeds minimum standards. Additional bonuses are applied.</li>
324
								<li><div class=\"pass imgLegend\">&nbsp;</div> <span class=\"bold\">Sufficient:</span> Meets minimum standards. Additional bonuses are applied.</li>
325
								<li><div class=\"warn imgLegend\">&nbsp;</div> <span class=\"bold\">Warning:</span> Advisory against employing bad practices. Overall score is reduced.</li>
326
								<li><div class=\"fail imgLegend\">&nbsp;</div> <span class=\"bold\">Failure:</span> Does not meet the minimum standards. Overall score is reduced.</li>
327
							</ul>
328
						</td>
329
					</tr>
330
				</table>
331
			   <table id=\"tablePwdNotes\" cellpadding=\"5\" cellspacing=\"1\" border=\"0\">
332
					<tr>
333
						<th>Quick Footnotes</th>
334
					</tr>
335
					<tr>
336
						<td>
337
							&bull; <strong>Flat:</strong> Rates that add/remove in non-changing increments.<br />
338
							&bull; <strong>Incr:</strong> Rates that add/remove in adjusting increments.<br />
339
							&bull; <strong>Cond:</strong> Rates that add/remove depending on additional factors.<br />
340
							&bull; <strong>Comp:</strong> Rates that are too complex to summarize. See source code for details.<br />
341
							&bull; <strong>n:</strong> Refers to the total number of occurrences.<br />
342
							&bull; <strong>len:</strong> Refers to the total password length.<br />
343
							&bull; Additional bonus scores are given for increased character variety.<br />
344
							&bull; Final score is a cumulative result of all bonuses minus deductions.<br />
345
							&bull; Final score is capped with a minimum of 0 and a maximum of 100.<br />
346
							&bull; Score and Complexity ratings are not conditional on meeting minimum requirements.<br />
347
						</td>
348
					</tr>
349
					<tr>
350
						<th>DISCLAIMER</th>
351
					</tr>
352
					<tr>
353
						<td>
354
							<p>This application is designed to assess the strength of password strings.  The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation.  Since no official weighting system exists, we created our own formulas to assess the overall strength of a given password.  Please note, that this application does not utilize the typical \"days-to-crack\" approach for strength determination.  We have found that particular system to be severely lacking and unreliable for real-world scenarios.  This application is neither perfect nor foolproof, and should only be utilized as a loose guide in determining methods for improving the password creation process. </p>
355
						</td>
356
					</tr>
357
				</table>
509 richard 358
";
345 richard 359
 
360
if (is_file("sql/drivers/$config[sql_type]/functions.php"))
361
	include_once("sql/drivers/$config[sql_type]/functions.php");
362
else{
363
	echo "<b>Could not include SQL library</b><br>\n";
364
	exit();
365
}
366
if (isset($action)){
367
	if ($action == 'checkpass'){
368
	$link = @da_sql_pconnect($config);
647 richard 369
		if ($link){
370
			$res = @da_sql_query($link,$config,
371
				"SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login'
372
				AND attribute = '$config[sql_password_attribute]';");
373
			if ($res){
374
				$row = @da_sql_fetch_array($res,$config);
375
				if (is_file("crypt/$config[general_encryption_method].php")){
376
					include("crypt/$config[general_encryption_method].php");
377
					$enc_passwd = $row['value'];
378
					$passwd = da_encrypt($passwd,$enc_passwd);
379
					$newpasswd = da_encrypt($newpasswd,$enc_passwd);
380
					$newpasswd2 = da_encrypt($newpasswd2,$enc_passwd);
381
					if (($passwd == $enc_passwd) and ($newpasswd == $newpasswd2)){
382
						$msg = '<font color=blue><b>'.$R_form_result1.'</b></font>';
383
						$res2 = @da_sql_query($link,$config,
384
							"UPDATE $config[sql_check_table] set value='$newpasswd' WHERE username = '$login'
385
							AND attribute = '$config[sql_password_attribute]';");}
386
					else
387
						$msg = '<font color=red><b>'.$R_form_result2.'</b></font>';
388
				}
345 richard 389
				else
647 richard 390
					echo "<b>Could not open encryption library file</b><br>\n";
345 richard 391
			}
392
		}
647 richard 393
		echo "<span align=center>$msg</span>\n";
345 richard 394
	}
395
}
396
?>
397
</body>
398
</html>
2003 raphael.pi 399