cacert-webdb/pages/index/6.php

99 lines
3.3 KiB
PHP

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
</p>
<form method="post" action="index.php" autocomplete="off">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="350">
<tr>
<td colspan="2" class="title"><?=_("Lost Pass Phrase - Step 2")?></td>
</tr>
<?
srand ((double) microtime() * 1000000);
$num2 = $nums = array();
for($i = 1; $i <= 5; $i++)
{
if($_SESSION['lostpw']['user']["Q$i"] == "")
continue;
$nums[] = $i;
}
for($i = 0; $i <= count($nums); $i++)
{
if(count($num2) == count($nums))
break;
$val = rand(0, 6);
if($_SESSION['lostpw']['user']["Q$val"] == "")
{
$i--;
continue;
}
if($val < 1 || $val > 5)
{
$i--;
continue;
}
if(!in_array($val, $num2))
$num2[] = $val;
else
$i--;
if(count($num2) >= 3)
break;
}
if($i > 1)
{
$_SESSION['lostpw']['total'] = $i;
foreach($num2 as $num)
{
$q = "Q$num"; $a = "A$num";
if($_SESSION['lostpw']['user'][$q] == "")
continue;
?>
<tr>
<td class="DataTD"><?=$_SESSION['lostpw']['user'][$q]?></td>
<td class="DataTD"><input type="text" name="<?=$a?>" value="<?=$_SESSION['lostpw'][$a]?>">
<input type="hidden" name="<?=$q?>" value="<?=$_SESSION['lostpw']['user'][$q]?>"></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="newpass1"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Repeat")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="newpass2"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<? } else { ?>
<p><?=_("You do not have enough/any lost password questions set. You will not be able to continue to reset your password via this method.")?></p>
<? } ?>