cacert-webdb/pages/index/6.php

101 lines
3.4 KiB
PHP
Raw Permalink Normal View History

2004-10-16 00:28:17 +00:00
<? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2004-10-16 00:28:17 +00:00
*/ ?>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
</p>
2006-08-14 17:41:18 +00:00
<form method="post" action="index.php" autocomplete="off">
2004-10-16 00:28:17 +00:00
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="350">
<tr>
<td colspan="2" class="title"><?=_("Lost Pass Phrase - Step 2")?></td>
</tr>
<?
srand ((double) microtime() * 1000000);
2005-07-01 13:12:14 +00:00
$num2 = $nums = array();
for($i = 1; $i <= 5; $i++)
2004-10-16 00:28:17 +00:00
{
2005-07-01 13:12:14 +00:00
if($_SESSION['lostpw']['user']["Q$i"] == "")
continue;
$nums[] = $i;
}
2008-09-19 20:35:34 +00:00
for($i = 0; $i < count($nums); $i++)
2005-07-01 13:12:14 +00:00
{
if(count($num2) == count($nums))
break;
2008-09-19 20:35:34 +00:00
$val = rand(1, 5);
2005-07-01 13:12:14 +00:00
if($_SESSION['lostpw']['user']["Q$val"] == "")
{
$i--;
continue;
}
if($val < 1 || $val > 5)
{
$i--;
continue;
}
if(!in_array($val, $num2))
$num2[] = $val;
else
$i--;
if(count($num2) >= 3)
break;
2004-10-16 00:28:17 +00:00
}
2008-10-02 19:41:12 +00:00
if($i > 1)
2005-07-01 13:12:14 +00:00
{
2008-10-02 15:08:43 +00:00
$_SESSION['lostpw']['total'] = count($num2);
2005-07-01 13:12:14 +00:00
foreach($num2 as $num)
2004-10-16 00:28:17 +00:00
{
$q = "Q$num"; $a = "A$num";
2005-05-13 15:34:39 +00:00
if($_SESSION['lostpw']['user'][$q] == "")
continue;
2004-10-16 00:28:17 +00:00
?>
<tr>
2005-05-13 15:34:39 +00:00
<td class="DataTD"><?=$_SESSION['lostpw']['user'][$q]?></td>
2008-10-07 16:47:01 +00:00
<td class="DataTD"><input type="text" name="<?=$a?>" autocomplete="off">
2008-09-19 21:10:35 +00:00
<input type="hidden" name="<?=$q?>" value="<?=sanitizeHTML($_SESSION['lostpw']['user'][$q])?>"></td>
2004-10-16 00:28:17 +00:00
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
2008-10-02 21:24:13 +00:00
<td class="DataTD"><input type="password" name="newpass1" autocomplete="off"></td>
2004-10-16 00:28:17 +00:00
</tr>
<tr>
<td class="DataTD"><?=_("Repeat")?><font color="red">*</font>: </td>
2008-10-02 21:24:13 +00:00
<td class="DataTD"><input type="password" name="newpass2" autocomplete="off"></td>
2004-10-16 00:28:17 +00:00
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
2005-07-01 13:12:14 +00:00
<? } else { ?>
<p><?=_("You do not have enough/any lost password questions set. You will not be able to continue to reset your password via this method.")?></p>
<? } ?>