Et voici le... password sécurisé en md5 par Jajascript !

ecrire/inc_session.php3

@@ -133,12 +133,66 @@ function creer_cookie_session($auteur) {
 
 
 // $login est optionnel
-function affiche_formulaire_login ($login, $redirect, $redirect_echec = '') {
+function affiche_formulaire_login($login, $redirect, $redirect_echec = '') {
+	global $flag_js;
+
 	if ($GLOBALS['flag_ecrire']) $dir = "../";
 	if (!$redirect_echec) $redirect_echec = $redirect;
 
-	echo "<form action='$dir"."spip_cookie.php3' method='post'>\n";
+	// Si Javascript, creer un formulaire fantome dans lequel sera recopie le md5
+	if ($flag_js) {
+		echo "<form action='$dir"."spip_cookie.php3' method='post' name='form_md5'>\n";
+		echo "<input type='hidden' name='session_login' value=''>\n";
+		echo "<input type='hidden' name='session_password_md5' value=''>\n";
+		echo "<input type='hidden' name='essai_login' value='oui'>\n";
+		echo "<input type='hidden' name='redirect' value='$redirect'>\n";
+		echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+		echo "</form>\n";
+
+		// A la soumission du formulaire visible, recopier les valeurs
+		// dans le formulaire fantome et valider ce dernier
+		echo "<form onSubmit='encrypt(this.session_password, this.session_password_md5); ".
+			"document.form_md5.session_login.value = this.session_login.value; ".
+			"document.form_md5.session_password_md5.value = this.session_password_md5.value; ".
+			"this.action=\"javascript:document.form_md5.submit()\";".
+			"'>\n";
+	}
+	else {
+		echo "<form action='$dir"."spip_cookie.php3' method='post'>\n";
+	}
+	echo "<fieldset>\n";
+
+	echo "<label><b>Login (identifiant de connexion au site)</b><br></label>";
+	echo "<input type='text' name='session_login' class='formo' value=\"$login\" size='40'><p>\n";
+
+	echo "<label><b>Mot de passe</b><br></label>";
+	echo "<input type='password' name='session_password' class='formo' value=\"\" size='40'><p>\n";
+
+	echo "<input type='hidden' name='session_password_md5' value=''>\n";
+
+	if (!$flag_js) {
+		echo "<input type='hidden' name='essai_login' value='oui'>\n";
+		echo "<input type='hidden' name='redirect' value='$redirect'>\n";
+		echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+	}
+	echo "<div align='right'><input type='submit' class='fondl' name='submit' value='Valider'></div>\n";
+
+	echo "</fieldset>\n";
+
+	echo "</form>";
+}
 
+/*function affiche_formulaire_login($login, $redirect, $redirect_echec = '') {
+	global $flag_js;
+
+	if ($GLOBALS['flag_ecrire']) $dir = "../";
+	if (!$redirect_echec) $redirect_echec = $redirect;
+
+	echo "<form action='$dir"."spip_cookie.php3' method='post'";
+	if ($flag_js) {
+		echo " onSubmit=\"encrypt(this.session_password, this.session_password_md5);\"";
+	}
+	echo ">\n";
 	echo "<fieldset>\n";
 
 	echo "<label><b>Login (identifiant de connexion au site)</b><br></label>";
@@ -150,11 +204,12 @@ function affiche_formulaire_login ($login, $redirect, $redirect_echec = '') {
 	echo "<input type='hidden' name='essai_login' value='oui'>\n";
 	echo "<input type='hidden' name='redirect' value='$redirect'>\n";
 	echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+	echo "<input type='hidden' name='session_password_md5' value=''>\n";
 	echo "<div align='right'><input type='submit' class='fondl' name='submit' value='Valider'></div>\n";
 
 	echo "</fieldset>\n";
 
 	echo "</form>";
-}
+}*/
 
 ?>
\ No newline at end of file

ecrire/login.php3

@@ -9,8 +9,21 @@ include_local ("inc_session.php3");
 $nom_site = lire_meta('nom_site');
 $url_site = lire_meta('adresse_site');
 
+if (!$flag_js) {
+	// Rediriger vers la version Javascript-MD5, sauf pour Netscape < 6
+	echo "<script type=\"text/javascript\"><!--\n";
+	echo "if (!(navigator.appName == 'Netscape' && parseInt(navigator.appVersion) <= 4)) ";
+	echo "window.location.href = \"login.php3?flag_js=1\";\n";
+	echo "// --></script>\n";
+}
+else {
+	// Inclure les fonctions de calcul du MD5 en Javascript
+	echo "<script type=\"text/javascript\" src=\"md5.js\"></script>";
+}
+
 install_debut_html("$nom_site : acc&egrave;s &agrave; l'espace priv&eacute;");
 
+
 // Le login est memorise dans le cookie d'admin eventuel
 if (ereg("^@(.*)$", $spip_admin, $regs)) $login = $regs[1];
 else $login = "";

spip_cookie.php3

@@ -13,7 +13,9 @@ if ($cookie_session == "non") {
 }
 else if ($essai_login == "oui") {
 	// verifie l'auteur
-	$md5pass = md5($session_password);
+	if ($session_password_md5) $md5pass = $session_password_md5;
+	else $md5pass = md5($session_password);
+
 	$login = addslashes($session_login);
 	$query = "SELECT * FROM spip_auteurs WHERE login='$login' AND pass='$md5pass'";
 	$result = spip_query($query);