diff options
| -rw-r--r-- | phpBB/templates/subSilver/index_body.html | 257 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/login_body.html | 255 |
2 files changed, 511 insertions, 1 deletions
diff --git a/phpBB/templates/subSilver/index_body.html b/phpBB/templates/subSilver/index_body.html index 71137afc4a..cf3ab9d5db 100644 --- a/phpBB/templates/subSilver/index_body.html +++ b/phpBB/templates/subSilver/index_body.html @@ -1,5 +1,260 @@ <!-- INCLUDE overall_header.html --> +<script language="javascript" type="text/javascript"> +<!-- +/* + * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message + * Digest Algorithm, as defined in RFC 1321. + * Copyright (C) Paul Johnston 1999 - 2000. + * Updated by Greg Holt 2000 - 2001. + * See http://pajhome.org.uk/site/legal.html for details. + */ + +/* + * Convert a 32-bit number to a hex string with ls-byte first + */ +var hex_chr = "0123456789abcdef"; +function rhex(num) +{ + str = ""; + for(j = 0; j <= 3; j++) + str += hex_chr.charAt((num >> (j * 8 + 4)) & 0x0F) + + hex_chr.charAt((num >> (j * 8)) & 0x0F); + return str; +} + +/* + * Convert a string to a sequence of 16-word blocks, stored as an array. + * Append padding bits and the length, as described in the MD5 standard. + */ +function str2blks_MD5(str) +{ + nblk = ((str.length + 8) >> 6) + 1; + blks = new Array(nblk * 16); + for(i = 0; i < nblk * 16; i++) blks[i] = 0; + for(i = 0; i < str.length; i++) + blks[i >> 2] |= str.charCodeAt(i) << ((i % 4) * 8); + blks[i >> 2] |= 0x80 << ((i % 4) * 8); + blks[nblk * 16 - 2] = str.length * 8; + return blks; +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function add(x, y) +{ + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); +} + +/* + * Bitwise rotate a 32-bit number to the left + */ +function rol(num, cnt) +{ + return (num << cnt) | (num >>> (32 - cnt)); +} + +/* + * These functions implement the basic operation for each round of the + * algorithm. + */ +function cmn(q, a, b, x, s, t) +{ + return add(rol(add(add(a, q), add(x, t)), s), b); +} +function ff(a, b, c, d, x, s, t) +{ + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} +function gg(a, b, c, d, x, s, t) +{ + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} +function hh(a, b, c, d, x, s, t) +{ + return cmn(b ^ c ^ d, a, b, x, s, t); +} +function ii(a, b, c, d, x, s, t) +{ + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} + +/* + * Take a string and return the hex representation of its MD5. + */ +function MD5(str) +{ + x = str2blks_MD5(str); + var a = 1732584193; + var b = -271733879; + var c = -1732584194; + var d = 271733878; + + for(i = 0; i < x.length; i += 16) + { + var olda = a; + var oldb = b; + var oldc = c; + var oldd = d; + + a = ff(a, b, c, d, x[i+ 0], 7 , -680876936); + d = ff(d, a, b, c, x[i+ 1], 12, -389564586); + c = ff(c, d, a, b, x[i+ 2], 17, 606105819); + b = ff(b, c, d, a, x[i+ 3], 22, -1044525330); + a = ff(a, b, c, d, x[i+ 4], 7 , -176418897); + d = ff(d, a, b, c, x[i+ 5], 12, 1200080426); + c = ff(c, d, a, b, x[i+ 6], 17, -1473231341); + b = ff(b, c, d, a, x[i+ 7], 22, -45705983); + a = ff(a, b, c, d, x[i+ 8], 7 , 1770035416); + d = ff(d, a, b, c, x[i+ 9], 12, -1958414417); + c = ff(c, d, a, b, x[i+10], 17, -42063); + b = ff(b, c, d, a, x[i+11], 22, -1990404162); + a = ff(a, b, c, d, x[i+12], 7 , 1804603682); + d = ff(d, a, b, c, x[i+13], 12, -40341101); + c = ff(c, d, a, b, x[i+14], 17, -1502002290); + b = ff(b, c, d, a, x[i+15], 22, 1236535329); + + a = gg(a, b, c, d, x[i+ 1], 5 , -165796510); + d = gg(d, a, b, c, x[i+ 6], 9 , -1069501632); + c = gg(c, d, a, b, x[i+11], 14, 643717713); + b = gg(b, c, d, a, x[i+ 0], 20, -373897302); + a = gg(a, b, c, d, x[i+ 5], 5 , -701558691); + d = gg(d, a, b, c, x[i+10], 9 , 38016083); + c = gg(c, d, a, b, x[i+15], 14, -660478335); + b = gg(b, c, d, a, x[i+ 4], 20, -405537848); + a = gg(a, b, c, d, x[i+ 9], 5 , 568446438); + d = gg(d, a, b, c, x[i+14], 9 , -1019803690); + c = gg(c, d, a, b, x[i+ 3], 14, -187363961); + b = gg(b, c, d, a, x[i+ 8], 20, 1163531501); + a = gg(a, b, c, d, x[i+13], 5 , -1444681467); + d = gg(d, a, b, c, x[i+ 2], 9 , -51403784); + c = gg(c, d, a, b, x[i+ 7], 14, 1735328473); + b = gg(b, c, d, a, x[i+12], 20, -1926607734); + + a = hh(a, b, c, d, x[i+ 5], 4 , -378558); + d = hh(d, a, b, c, x[i+ 8], 11, -2022574463); + c = hh(c, d, a, b, x[i+11], 16, 1839030562); + b = hh(b, c, d, a, x[i+14], 23, -35309556); + a = hh(a, b, c, d, x[i+ 1], 4 , -1530992060); + d = hh(d, a, b, c, x[i+ 4], 11, 1272893353); + c = hh(c, d, a, b, x[i+ 7], 16, -155497632); + b = hh(b, c, d, a, x[i+10], 23, -1094730640); + a = hh(a, b, c, d, x[i+13], 4 , 681279174); + d = hh(d, a, b, c, x[i+ 0], 11, -358537222); + c = hh(c, d, a, b, x[i+ 3], 16, -722521979); + b = hh(b, c, d, a, x[i+ 6], 23, 76029189); + a = hh(a, b, c, d, x[i+ 9], 4 , -640364487); + d = hh(d, a, b, c, x[i+12], 11, -421815835); + c = hh(c, d, a, b, x[i+15], 16, 530742520); + b = hh(b, c, d, a, x[i+ 2], 23, -995338651); + + a = ii(a, b, c, d, x[i+ 0], 6 , -198630844); + d = ii(d, a, b, c, x[i+ 7], 10, 1126891415); + c = ii(c, d, a, b, x[i+14], 15, -1416354905); + b = ii(b, c, d, a, x[i+ 5], 21, -57434055); + a = ii(a, b, c, d, x[i+12], 6 , 1700485571); + d = ii(d, a, b, c, x[i+ 3], 10, -1894986606); + c = ii(c, d, a, b, x[i+10], 15, -1051523); + b = ii(b, c, d, a, x[i+ 1], 21, -2054922799); + a = ii(a, b, c, d, x[i+ 8], 6 , 1873313359); + d = ii(d, a, b, c, x[i+15], 10, -30611744); + c = ii(c, d, a, b, x[i+ 6], 15, -1560198380); + b = ii(b, c, d, a, x[i+13], 21, 1309151649); + a = ii(a, b, c, d, x[i+ 4], 6 , -145523070); + d = ii(d, a, b, c, x[i+11], 10, -1120210379); + c = ii(c, d, a, b, x[i+ 2], 15, 718787259); + b = ii(b, c, d, a, x[i+ 9], 21, -343485551); + + a = add(a, olda); + b = add(b, oldb); + c = add(c, oldc); + d = add(d, oldd); + } + return rhex(a) + rhex(b) + rhex(c) + rhex(d); +} + +function valid_js() { + // anything that claims NS 4 or higher functionality better work + if (navigator.userAgent.indexOf("Mozilla/") == 0) { + return (parseInt(navigator.appVersion) >= 4); + } + return false; +} + +function hash(form,login_url) { + // this is Javascript enabled browser + //document.login_form[".js"].value=1; + // rudimentary check for a 4.x brower. should catch IE4+ and NS4.* + var url; + + if (arguments.length > 1 && login_url != "") { // in case login_url is not passed in + url = login_url; + } else { + url = "http://login.yahoo.com/config/login"; + } + url += "?"; + + if (valid_js()) { + var passwd = form.passwd.value; + var hash1 = MD5(form.passwd.value); + var challenge = form[".challenge"].value; + var hash2 = MD5(form.passwd.value) + challenge; + var hash; + if(form.passwd.value){ + hash=MD5(hash2); + } else { + hash=""; + } + var js = 0; + + for(i=0; i<form.elements.length; i++){ + if(form.elements[i].name.length <=0) { + continue; + } + if(i > 0){ + url += "&"; + } + url += form.elements[i].name; + url += "="; + if(form.elements[i].name == "passwd"){ + url += hash; + } else if (form.elements[i].type == "checkbox" && !form.elements[i].checked) { + url += ""; + } else if (form.elements[i].type == "radio" && !form.elements[i].checked) { + url += ""; + } else if (form.elements[i].name == ".save"){ + url += "1"; // "Sign in" causes problem with the space + } else if (form.elements[i].name == ".js"){ + js = 1; + url += "1"; + } else { + url += escape(form.elements[i].value); + } + } + // indicate the password is hashed. + url += "&.hash=1"; + if(js == 0){ + url += "&.js=1"; + } + url += "&.md5=1"; + //alert("url=" + url); + location.href=url; + // prevent from running this again. Allow the server response to submit the form directly + form.onsubmit=null; + + // abort normal form submission + return false; + } + // allow normal form submission + return true; +} +//--> +</script> + <table width="100%" cellspacing="0" cellpadding="2" border="0" align="center"> <tr> <td width="100%" align="left" valign="bottom"><table width="100%" cellspacing="0" cellpadding="0" border="0"> @@ -67,7 +322,7 @@ </tr> <tr> <td class="row1" height="28" align="center" valign="middle"><span class="gensmall">{L_USERNAME}: - <input class="post" type="text" name="username" size="10" /> {L_PASSWORD}: <input class="post" type="password" name="password" size="10" /> {L_AUTO_LOGIN} <input class="text" type="checkbox" name="autologin" /> <input type="submit" class="mainoption" name="login" value="{L_LOGIN}" /></span></td> + <input class="post" type="text" name="username" size="10" /> {L_PASSWORD}: <input class="post" type="password" name="password" size="10" /> {L_LOG_ME_IN} <input class="text" type="checkbox" name="autologin" /> <input type="submit" class="mainoption" name="login" value="{L_LOGIN}" /></span></td> </tr> </table></form> <!-- ENDIF --> diff --git a/phpBB/templates/subSilver/login_body.html b/phpBB/templates/subSilver/login_body.html index c11cdd98f3..a74ee2cfcf 100644 --- a/phpBB/templates/subSilver/login_body.html +++ b/phpBB/templates/subSilver/login_body.html @@ -1,5 +1,260 @@ <!-- INCLUDE overall_header.html --> + +<script language="javascript" type="text/javascript"> +<!-- +/* + * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message + * Digest Algorithm, as defined in RFC 1321. + * Copyright (C) Paul Johnston 1999 - 2000. + * Updated by Greg Holt 2000 - 2001. + * See http://pajhome.org.uk/site/legal.html for details. + */ + +/* + * Convert a 32-bit number to a hex string with ls-byte first + */ +var hex_chr = "0123456789abcdef"; +function rhex(num) +{ + str = ""; + for(j = 0; j <= 3; j++) + str += hex_chr.charAt((num >> (j * 8 + 4)) & 0x0F) + + hex_chr.charAt((num >> (j * 8)) & 0x0F); + return str; +} + +/* + * Convert a string to a sequence of 16-word blocks, stored as an array. + * Append padding bits and the length, as described in the MD5 standard. + */ +function str2blks_MD5(str) +{ + nblk = ((str.length + 8) >> 6) + 1; + blks = new Array(nblk * 16); + for(i = 0; i < nblk * 16; i++) blks[i] = 0; + for(i = 0; i < str.length; i++) + blks[i >> 2] |= str.charCodeAt(i) << ((i % 4) * 8); + blks[i >> 2] |= 0x80 << ((i % 4) * 8); + blks[nblk * 16 - 2] = str.length * 8; + return blks; +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function add(x, y) +{ + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); +} + +/* + * Bitwise rotate a 32-bit number to the left + */ +function rol(num, cnt) +{ + return (num << cnt) | (num >>> (32 - cnt)); +} + +/* + * These functions implement the basic operation for each round of the + * algorithm. + */ +function cmn(q, a, b, x, s, t) +{ + return add(rol(add(add(a, q), add(x, t)), s), b); +} +function ff(a, b, c, d, x, s, t) +{ + return cmn((b & c) | ((~b) & d), a, b, x, s, t); +} +function gg(a, b, c, d, x, s, t) +{ + return cmn((b & d) | (c & (~d)), a, b, x, s, t); +} +function hh(a, b, c, d, x, s, t) +{ + return cmn(b ^ c ^ d, a, b, x, s, t); +} +function ii(a, b, c, d, x, s, t) +{ + return cmn(c ^ (b | (~d)), a, b, x, s, t); +} + +/* + * Take a string and return the hex representation of its MD5. + */ +function MD5(str) +{ + x = str2blks_MD5(str); + var a = 1732584193; + var b = -271733879; + var c = -1732584194; + var d = 271733878; + for(i = 0; i < x.length; i += 16) + { + var olda = a; + var oldb = b; + var oldc = c; + var oldd = d; + + a = ff(a, b, c, d, x[i+ 0], 7 , -680876936); + d = ff(d, a, b, c, x[i+ 1], 12, -389564586); + c = ff(c, d, a, b, x[i+ 2], 17, 606105819); + b = ff(b, c, d, a, x[i+ 3], 22, -1044525330); + a = ff(a, b, c, d, x[i+ 4], 7 , -176418897); + d = ff(d, a, b, c, x[i+ 5], 12, 1200080426); + c = ff(c, d, a, b, x[i+ 6], 17, -1473231341); + b = ff(b, c, d, a, x[i+ 7], 22, -45705983); + a = ff(a, b, c, d, x[i+ 8], 7 , 1770035416); + d = ff(d, a, b, c, x[i+ 9], 12, -1958414417); + c = ff(c, d, a, b, x[i+10], 17, -42063); + b = ff(b, c, d, a, x[i+11], 22, -1990404162); + a = ff(a, b, c, d, x[i+12], 7 , 1804603682); + d = ff(d, a, b, c, x[i+13], 12, -40341101); + c = ff(c, d, a, b, x[i+14], 17, -1502002290); + b = ff(b, c, d, a, x[i+15], 22, 1236535329); + + a = gg(a, b, c, d, x[i+ 1], 5 , -165796510); + d = gg(d, a, b, c, x[i+ 6], 9 , -1069501632); + c = gg(c, d, a, b, x[i+11], 14, 643717713); + b = gg(b, c, d, a, x[i+ 0], 20, -373897302); + a = gg(a, b, c, d, x[i+ 5], 5 , -701558691); + d = gg(d, a, b, c, x[i+10], 9 , 38016083); + c = gg(c, d, a, b, x[i+15], 14, -660478335); + b = gg(b, c, d, a, x[i+ 4], 20, -405537848); + a = gg(a, b, c, d, x[i+ 9], 5 , 568446438); + d = gg(d, a, b, c, x[i+14], 9 , -1019803690); + c = gg(c, d, a, b, x[i+ 3], 14, -187363961); + b = gg(b, c, d, a, x[i+ 8], 20, 1163531501); + a = gg(a, b, c, d, x[i+13], 5 , -1444681467); + d = gg(d, a, b, c, x[i+ 2], 9 , -51403784); + c = gg(c, d, a, b, x[i+ 7], 14, 1735328473); + b = gg(b, c, d, a, x[i+12], 20, -1926607734); + + a = hh(a, b, c, d, x[i+ 5], 4 , -378558); + d = hh(d, a, b, c, x[i+ 8], 11, -2022574463); + c = hh(c, d, a, b, x[i+11], 16, 1839030562); + b = hh(b, c, d, a, x[i+14], 23, -35309556); + a = hh(a, b, c, d, x[i+ 1], 4 , -1530992060); + d = hh(d, a, b, c, x[i+ 4], 11, 1272893353); + c = hh(c, d, a, b, x[i+ 7], 16, -155497632); + b = hh(b, c, d, a, x[i+10], 23, -1094730640); + a = hh(a, b, c, d, x[i+13], 4 , 681279174); + d = hh(d, a, b, c, x[i+ 0], 11, -358537222); + c = hh(c, d, a, b, x[i+ 3], 16, -722521979); + b = hh(b, c, d, a, x[i+ 6], 23, 76029189); + a = hh(a, b, c, d, x[i+ 9], 4 , -640364487); + d = hh(d, a, b, c, x[i+12], 11, -421815835); + c = hh(c, d, a, b, x[i+15], 16, 530742520); + b = hh(b, c, d, a, x[i+ 2], 23, -995338651); + + a = ii(a, b, c, d, x[i+ 0], 6 , -198630844); + d = ii(d, a, b, c, x[i+ 7], 10, 1126891415); + c = ii(c, d, a, b, x[i+14], 15, -1416354905); + b = ii(b, c, d, a, x[i+ 5], 21, -57434055); + a = ii(a, b, c, d, x[i+12], 6 , 1700485571); + d = ii(d, a, b, c, x[i+ 3], 10, -1894986606); + c = ii(c, d, a, b, x[i+10], 15, -1051523); + b = ii(b, c, d, a, x[i+ 1], 21, -2054922799); + a = ii(a, b, c, d, x[i+ 8], 6 , 1873313359); + d = ii(d, a, b, c, x[i+15], 10, -30611744); + c = ii(c, d, a, b, x[i+ 6], 15, -1560198380); + b = ii(b, c, d, a, x[i+13], 21, 1309151649); + a = ii(a, b, c, d, x[i+ 4], 6 , -145523070); + d = ii(d, a, b, c, x[i+11], 10, -1120210379); + c = ii(c, d, a, b, x[i+ 2], 15, 718787259); + b = ii(b, c, d, a, x[i+ 9], 21, -343485551); + + a = add(a, olda); + b = add(b, oldb); + c = add(c, oldc); + d = add(d, oldd); + } + return rhex(a) + rhex(b) + rhex(c) + rhex(d); +} + +function valid_js() { + // anything that claims NS 4 or higher functionality better work + if (navigator.userAgent.indexOf("Mozilla/") == 0) { + return (parseInt(navigator.appVersion) >= 4); + } + return false; +} + +function hash(form,login_url) { + // this is Javascript enabled browser + //document.login_form[".js"].value=1; + // rudimentary check for a 4.x brower. should catch IE4+ and NS4.* + var url; + + if (arguments.length > 1 && login_url != "") { // in case login_url is not passed in + url = login_url; + } else { + url = "http://login.yahoo.com/config/login"; + } + url += "?"; + + if (valid_js()) { + var passwd = form.passwd.value; + var hash1 = MD5(form.passwd.value); + var challenge = form[".challenge"].value; + var hash2 = MD5(form.passwd.value) + challenge; + var hash; + if(form.passwd.value){ + hash=MD5(hash2); + } else { + hash=""; + } + var js = 0; + + for(i=0; i<form.elements.length; i++){ + if(form.elements[i].name.length <=0) { + continue; + } + if(i > 0){ + url += "&"; + } + url += form.elements[i].name; + url += "="; + if(form.elements[i].name == "passwd"){ + url += hash; + } else if (form.elements[i].type == "checkbox" && !form.elements[i].checked) { + url += ""; + } else if (form.elements[i].type == "radio" && !form.elements[i].checked) { + url += ""; + } else if (form.elements[i].name == ".save"){ + url += "1"; // "Sign in" causes problem with the space + } else if (form.elements[i].name == ".js"){ + js = 1; + url += "1"; + } else { + url += escape(form.elements[i].value); + } + } + // indicate the password is hashed. + url += "&.hash=1"; + if(js == 0){ + url += "&.js=1"; + } + url += "&.md5=1"; + //alert("url=" + url); + location.href=url; + // prevent from running this again. Allow the server response to submit the form directly + form.onsubmit=null; + + // abort normal form submission + return false; + } + // allow normal form submission + return true; +} +//--> +</script> + <form action="{S_LOGIN_ACTION}" method="post"> <table width="100%" cellspacing="2" cellpadding="2" border="0" align="center"> |