Server side :
* Add $ADMIN_MODE to enable create users * Add protocol version (1 for now) * Give priority to letters in password generator Client side : * Don't still use global variable to get document after loading * Add email type in possible values for username (used by gmail)
This commit is contained in:
parent
6099b39329
commit
a994074db0
|
@ -26,8 +26,6 @@ var pkdbf2 = require("pkdbf2").pkdbf2;
|
||||||
var aes = require("jsaes").aes;
|
var aes = require("jsaes").aes;
|
||||||
var parseURI = require("parseuri").parseURI;
|
var parseURI = require("parseuri").parseURI;
|
||||||
var prefSet = require("simple-prefs");
|
var prefSet = require("simple-prefs");
|
||||||
// Global document
|
|
||||||
var doc;
|
|
||||||
var DEBUG = false;
|
var DEBUG = false;
|
||||||
|
|
||||||
|
|
||||||
|
@ -68,13 +66,13 @@ function on_sumbit()
|
||||||
salt = parseURI.parseUri(prefSet.prefs["account_url"]);
|
salt = parseURI.parseUri(prefSet.prefs["account_url"]);
|
||||||
salt = salt["host"] + salt["path"];
|
salt = salt["host"] + salt["path"];
|
||||||
|
|
||||||
console.log("salt " + salt);
|
debug("salt " + salt);
|
||||||
|
|
||||||
// Get all <input type="text">
|
// Get all <input type="text">
|
||||||
for (i=0; i<fields.length; i++)
|
for (i=0; i<fields.length; i++)
|
||||||
{
|
{
|
||||||
var field = fields[i];
|
var field = fields[i];
|
||||||
if (field.getAttribute("type") == "text")
|
if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
|
||||||
{
|
{
|
||||||
if (field.hasAttribute("name"))
|
if (field.hasAttribute("name"))
|
||||||
my_map.put(field.getAttribute("name"), field.value);
|
my_map.put(field.getAttribute("name"), field.value);
|
||||||
|
@ -131,31 +129,44 @@ function on_sumbit()
|
||||||
gPassRequest.addEventListener("load", function(evt) {
|
gPassRequest.addEventListener("load", function(evt) {
|
||||||
r = this.responseText.split("\n");
|
r = this.responseText.split("\n");
|
||||||
debug("resp " + r);
|
debug("resp " + r);
|
||||||
if (r[0] != "<end>" && r[0].startsWith("pass="))
|
protocol = r[0].split("=");
|
||||||
{
|
if (protocol[1] != "1")
|
||||||
ciphered_password = r[0].split("=");
|
|
||||||
ciphered_password = ciphered_password[1];
|
|
||||||
debug("Ciphered password : " + ciphered_password);
|
|
||||||
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
|
|
||||||
aes.finish();
|
|
||||||
// Remove salt
|
|
||||||
clear_password = clear_password.replace(/\0*$/, "");
|
|
||||||
clear_password = clear_password.substr(0, clear_password.length-3);
|
|
||||||
debug("Clear password " + clear_password);
|
|
||||||
field.value = clear_password;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
debug("No password found");
|
|
||||||
|
|
||||||
ret = false;
|
ret = false;
|
||||||
|
|
||||||
notifications.notify({
|
notifications.notify({
|
||||||
title: "gPasss",
|
title: "gPasss",
|
||||||
text: "No password found in database",
|
text: "Protocol version not supported, please upgrade your addon",
|
||||||
data: "No password found in database",
|
data: "Protocol version not supported, please upgrade your addon",
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (r[1] != "<end>" && r[1].startsWith("pass="))
|
||||||
|
{
|
||||||
|
ciphered_password = r[1].split("=");
|
||||||
|
ciphered_password = ciphered_password[1];
|
||||||
|
debug("Ciphered password : " + ciphered_password);
|
||||||
|
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
|
||||||
|
aes.finish();
|
||||||
|
// Remove salt
|
||||||
|
clear_password = clear_password.replace(/\0*$/, "");
|
||||||
|
clear_password = clear_password.substr(0, clear_password.length-3);
|
||||||
|
debug("Clear password " + clear_password);
|
||||||
|
field.value = clear_password;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
debug("No password found");
|
||||||
|
|
||||||
|
ret = false;
|
||||||
|
|
||||||
|
notifications.notify({
|
||||||
|
title: "gPasss",
|
||||||
|
text: "No password found in database",
|
||||||
|
data: "No password found in database",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
}, false);
|
}, false);
|
||||||
gPassRequest.addEventListener("error", function(evt) {
|
gPassRequest.addEventListener("error", function(evt) {
|
||||||
debug("error");
|
debug("error");
|
||||||
|
@ -179,10 +190,11 @@ function on_sumbit()
|
||||||
|
|
||||||
function document_loaded(event)
|
function document_loaded(event)
|
||||||
{
|
{
|
||||||
|
doc = event.target;
|
||||||
// If there is a password in the form, add a "submit" listener
|
// If there is a password in the form, add a "submit" listener
|
||||||
for(i=0; i<doc.document.forms.length; i++)
|
for(i=0; i<doc.forms.length; i++)
|
||||||
{
|
{
|
||||||
var form = doc.document.forms[i];
|
var form = doc.forms[i];
|
||||||
var fields = form.getElementsByTagName("input");
|
var fields = form.getElementsByTagName("input");
|
||||||
for (a=0; a<fields.length; a++)
|
for (a=0; a<fields.length; a++)
|
||||||
{
|
{
|
||||||
|
@ -202,8 +214,7 @@ var httpRequestObserver =
|
||||||
{
|
{
|
||||||
if (topic == "content-document-global-created")
|
if (topic == "content-document-global-created")
|
||||||
{
|
{
|
||||||
doc = subject;
|
subject.addEventListener("DOMContentLoaded", document_loaded, false);
|
||||||
doc.addEventListener("DOMContentLoaded", document_loaded, false);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -23,6 +23,7 @@ include('functions.php');
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
$VIEW_CIPHERED_PASSWORDS=true;
|
$VIEW_CIPHERED_PASSWORDS=true;
|
||||||
|
$ADMIN_MODE=true;
|
||||||
|
|
||||||
$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
|
$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
|
||||||
$user = (isset($_POST['user'])) ? $_POST['user'] : "";
|
$user = (isset($_POST['user'])) ? $_POST['user'] : "";
|
||||||
|
@ -48,7 +49,7 @@ else
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
global $mkey;
|
global $mkey;
|
||||||
if (isset($_POST['create_user']))
|
if ($ADMIN_MODE && isset($_POST['create_user']))
|
||||||
{
|
{
|
||||||
if (create_user($_POST['user']))
|
if (create_user($_POST['user']))
|
||||||
$user = $_POST['user'];
|
$user = $_POST['user'];
|
||||||
|
@ -68,7 +69,7 @@ else
|
||||||
<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
|
<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="admin">
|
<div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
|
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -31,12 +31,16 @@ function load_database()
|
||||||
return $db;
|
return $db;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$PROTOCOL_VERSION = 1;
|
||||||
|
|
||||||
$db = load_database();
|
$db = load_database();
|
||||||
|
|
||||||
$res = "";
|
$res = "";
|
||||||
|
|
||||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||||
|
|
||||||
|
echo "protocol=$PROTOCOL_VERSION\n";
|
||||||
|
|
||||||
for ($i=0; isset($_POST["k$i"]); $i++)
|
for ($i=0; isset($_POST["k$i"]); $i++)
|
||||||
{
|
{
|
||||||
$statement->bindValue(":login", $_POST["k$i"]);
|
$statement->bindValue(":login", $_POST["k$i"]);
|
||||||
|
|
|
@ -37,13 +37,12 @@ function generate_password()
|
||||||
// numbers 48 - 57
|
// numbers 48 - 57
|
||||||
// upper 65 - 90
|
// upper 65 - 90
|
||||||
// lower 97 - 122
|
// lower 97 - 122
|
||||||
var symbols = new Array(40, 47, 48, 57, 65, 90, 97, 122, 123, 126);
|
// Give priority to letters (65 - 122 duplicated in front and end of array)
|
||||||
// var symbols = new Array(32, 47, 58, 64, 91, 96, 123, 126, 48, 57, 65, 90, 97, 122);
|
var symbols = new Array(65, 90, 97, 122, 40, 47, 48, 57, 65, 90, 97, 122, 123, 126, 65, 90, 97, 122);
|
||||||
|
|
||||||
field = document.getElementById("new_password");
|
field = document.getElementById("new_password");
|
||||||
|
|
||||||
var res = "";
|
var res = "";
|
||||||
//for(i=0; i<16; i++)
|
|
||||||
while (res.length < 16)
|
while (res.length < 16)
|
||||||
{
|
{
|
||||||
a = Math.round(Math.random() * (symbols.length/2) * 2);
|
a = Math.round(Math.random() * (symbols.length/2) * 2);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user