Add PKDBF2 (server side). Not tested. BREAKS compatibility (but no one use previous version...) \!

server/index.php

@@ -90,7 +90,7 @@ if ($count == 0)
     echo "<b>No user found</b><br/>\n";
 else
 {
-    echo '<b>User</b> <select name="user">' . "\n";
+    echo '<b>User</b> <select id="selected_user" name="user">' . "\n";
     foreach($users as $u)
     {
         if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
@@ -103,7 +103,7 @@ else
         }
     }
         echo "</select>\n";
-    echo '  <b>Master key </b> <input id="see_password" type="password" name="mkey"/> <input name="see" type="submit" value="See" onclick="a = document.getElementById(\'see_password\') ; a.value=digest256(a.value);"/>' . "\n";
+    echo '  <b>Master key </b> <input id="see_password" type="password" name="mkey"/> <input name="see" type="submit" value="See" onclick="a=document.getElementById("selected_user") ; return derive_mkey(a.options[a.selectedIndex].value, "see_password") ;"/>' . "\n";
 }
 ?>
 </form>
@@ -166,9 +166,9 @@ if ($user != "")
     echo 'URL <input id="new_url" type="text" name="url"/>';
     echo 'login <input type="text" name="login" />';
     echo 'password <input id="new_password" type="text" name="pwd"/>';
-    echo 'master key <input type="password" name="mkey"/>';
+    echo 'master key <input id="new_mkey" type="password" name="mkey"/>';
     echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
-    echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); a = document.getElementById('see_password') ; a.value=digest256(a.value);\"/>";
+    echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey($user, 'new_mkey') ;\"/>";
     echo '</form>' . "\n";
 }
 ?>