2004-10-16 00:28:17 +00:00
< ? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright ( C ) 2004 - 2008 CAcert Inc .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; version 2 of the License .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA
2004-10-16 00:28:17 +00:00
*/ ?>
2007-08-21 16:31:07 +00:00
< p style = " border:dotted 1px #900;padding:0.3em;background-color:#ffe; " >
< b >< ? = _ ( " In light of the number of people having issues with making up a password we have the following suggestions: " ) ?> </b><br><br>
< ? = _ ( " To get a password that will work, we suggest the following example " ) ?> : Fr3d Sm|7h<br><br>
< ? = _ ( " This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary... " ) ?>
</ p >
2006-08-14 17:41:18 +00:00
< form method = " post " action = " index.php " autocomplete = " off " >
2004-10-16 00:28:17 +00:00
< table align = " center " valign = " middle " border = " 0 " cellspacing = " 0 " cellpadding = " 0 " class = " wrapper " width = " 350 " >
< tr >
< td colspan = " 2 " class = " title " >< ? = _ ( " Lost Pass Phrase - Step 2 " ) ?> </td>
</ tr >
< ?
srand (( double ) microtime () * 1000000 );
2005-07-01 13:12:14 +00:00
$num2 = $nums = array ();
for ( $i = 1 ; $i <= 5 ; $i ++ )
2004-10-16 00:28:17 +00:00
{
2005-07-01 13:12:14 +00:00
if ( $_SESSION [ 'lostpw' ][ 'user' ][ " Q $i " ] == " " )
continue ;
$nums [] = $i ;
}
2008-09-19 20:35:34 +00:00
for ( $i = 0 ; $i < count ( $nums ); $i ++ )
2005-07-01 13:12:14 +00:00
{
if ( count ( $num2 ) == count ( $nums ))
break ;
2008-09-19 20:35:34 +00:00
$val = rand ( 1 , 5 );
2005-07-01 13:12:14 +00:00
if ( $_SESSION [ 'lostpw' ][ 'user' ][ " Q $val " ] == " " )
{
$i -- ;
continue ;
}
if ( $val < 1 || $val > 5 )
{
$i -- ;
continue ;
}
if ( ! in_array ( $val , $num2 ))
$num2 [] = $val ;
else
$i -- ;
if ( count ( $num2 ) >= 3 )
break ;
2004-10-16 00:28:17 +00:00
}
2008-10-02 19:41:12 +00:00
if ( $i > 1 )
2005-07-01 13:12:14 +00:00
{
2008-10-02 15:08:43 +00:00
$_SESSION [ 'lostpw' ][ 'total' ] = count ( $num2 );
2005-07-01 13:12:14 +00:00
foreach ( $num2 as $num )
2004-10-16 00:28:17 +00:00
{
$q = " Q $num " ; $a = " A $num " ;
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ 'lostpw' ][ 'user' ][ $q ] == " " )
continue ;
2004-10-16 00:28:17 +00:00
?>
< tr >
2005-05-13 15:34:39 +00:00
< td class = " DataTD " >< ? = $_SESSION [ 'lostpw' ][ 'user' ][ $q ] ?> </td>
2008-10-02 21:24:13 +00:00
< td class = " DataTD " >< input type = " text " name = " <?= $a ?> " value = " <?=sanitizeHTML(array_key_exists( $a , $_SESSION['lostpw'] )? $_SESSION['lostpw'] [ $a ]: " " )?> " autocomplete = " off " >
2008-09-19 21:10:35 +00:00
< input type = " hidden " name = " <?= $q ?> " value = " <?=sanitizeHTML( $_SESSION['lostpw'] ['user'][ $q ])?> " ></ td >
2004-10-16 00:28:17 +00:00
</ tr >
< ? } ?>
< tr >
< td class = " DataTD " >< ? = _ ( " New Pass Phrase " ) ?> <font color="red">*</font>: </td>
2008-10-02 21:24:13 +00:00
< td class = " DataTD " >< input type = " password " name = " newpass1 " autocomplete = " off " ></ td >
2004-10-16 00:28:17 +00:00
</ tr >
< tr >
< td class = " DataTD " >< ? = _ ( " Repeat " ) ?> <font color="red">*</font>: </td>
2008-10-02 21:24:13 +00:00
< td class = " DataTD " >< input type = " password " name = " newpass2 " autocomplete = " off " ></ td >
2004-10-16 00:28:17 +00:00
</ tr >
< tr >
< td class = " DataTD " colspan = " 2 " >< font color = " red " >*</ font >< ? = _ ( " Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol. " ) ?> </td>
</ tr >
< tr >
< td class = " DataTD " colspan = " 2 " >< input type = " submit " name = " process " value = " <?=_( " Next " )?> " ></ td >
</ tr >
</ table >
< input type = " hidden " name = " oldid " value = " <?= $id ?> " >
</ form >
2005-07-01 13:12:14 +00:00
< ? } else { ?>
< p >< ? = _ ( " You do not have enough/any lost password questions set. You will not be able to continue to reset your password via this method. " ) ?> </p>
< ? } ?>