diff --git a/ecrire/inc_session.php3 b/ecrire/inc_session.php3
index d19cd62e9ab036c395e101d6f00598caa1a17d94..c150ab914faef6e283f8926357912987d6107f38 100644
--- a/ecrire/inc_session.php3
+++ b/ecrire/inc_session.php3
@@ -133,12 +133,66 @@ function creer_cookie_session($auteur) {
// $login est optionnel
-function affiche_formulaire_login ($login, $redirect, $redirect_echec = '') {
+function affiche_formulaire_login($login, $redirect, $redirect_echec = '') {
+ global $flag_js;
+
if ($GLOBALS['flag_ecrire']) $dir = "../";
if (!$redirect_echec) $redirect_echec = $redirect;
- echo "<form action='$dir"."spip_cookie.php3' method='post'>\n";
+ // Si Javascript, creer un formulaire fantome dans lequel sera recopie le md5
+ if ($flag_js) {
+ echo "<form action='$dir"."spip_cookie.php3' method='post' name='form_md5'>\n";
+ echo "<input type='hidden' name='session_login' value=''>\n";
+ echo "<input type='hidden' name='session_password_md5' value=''>\n";
+ echo "<input type='hidden' name='essai_login' value='oui'>\n";
+ echo "<input type='hidden' name='redirect' value='$redirect'>\n";
+ echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+ echo "</form>\n";
+
+ // A la soumission du formulaire visible, recopier les valeurs
+ // dans le formulaire fantome et valider ce dernier
+ echo "<form onSubmit='encrypt(this.session_password, this.session_password_md5); ".
+ "document.form_md5.session_login.value = this.session_login.value; ".
+ "document.form_md5.session_password_md5.value = this.session_password_md5.value; ".
+ "this.action=\"javascript:document.form_md5.submit()\";".
+ "'>\n";
+ }
+ else {
+ echo "<form action='$dir"."spip_cookie.php3' method='post'>\n";
+ }
+ echo "<fieldset>\n";
+
+ echo "<label><b>Login (identifiant de connexion au site)</b><br></label>";
+ echo "<input type='text' name='session_login' class='formo' value=\"$login\" size='40'><p>\n";
+
+ echo "<label><b>Mot de passe</b><br></label>";
+ echo "<input type='password' name='session_password' class='formo' value=\"\" size='40'><p>\n";
+
+ echo "<input type='hidden' name='session_password_md5' value=''>\n";
+
+ if (!$flag_js) {
+ echo "<input type='hidden' name='essai_login' value='oui'>\n";
+ echo "<input type='hidden' name='redirect' value='$redirect'>\n";
+ echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+ }
+ echo "<div align='right'><input type='submit' class='fondl' name='submit' value='Valider'></div>\n";
+
+ echo "</fieldset>\n";
+
+ echo "</form>";
+}
+/*function affiche_formulaire_login($login, $redirect, $redirect_echec = '') {
+ global $flag_js;
+
+ if ($GLOBALS['flag_ecrire']) $dir = "../";
+ if (!$redirect_echec) $redirect_echec = $redirect;
+
+ echo "<form action='$dir"."spip_cookie.php3' method='post'";
+ if ($flag_js) {
+ echo " onSubmit=\"encrypt(this.session_password, this.session_password_md5);\"";
+ }
+ echo ">\n";
echo "<fieldset>\n";
echo "<label><b>Login (identifiant de connexion au site)</b><br></label>";
@@ -150,11 +204,12 @@ function affiche_formulaire_login ($login, $redirect, $redirect_echec = '') {
echo "<input type='hidden' name='essai_login' value='oui'>\n";
echo "<input type='hidden' name='redirect' value='$redirect'>\n";
echo "<input type='hidden' name='redirect_echec' value='$redirect_echec'>\n";
+ echo "<input type='hidden' name='session_password_md5' value=''>\n";
echo "<div align='right'><input type='submit' class='fondl' name='submit' value='Valider'></div>\n";
echo "</fieldset>\n";
echo "</form>";
-}
+}*/
?>
\ No newline at end of file
diff --git a/ecrire/login.php3 b/ecrire/login.php3
index 1ffe784eda5bd8ed67700c19c01738b89cd2fc7a..9f50e0d2e96a5abc3a589a9120dcedbb49860f51 100644
--- a/ecrire/login.php3
+++ b/ecrire/login.php3
@@ -9,8 +9,21 @@ include_local ("inc_session.php3");
$nom_site = lire_meta('nom_site');
$url_site = lire_meta('adresse_site');
+if (!$flag_js) {
+ // Rediriger vers la version Javascript-MD5, sauf pour Netscape < 6
+ echo "<script type=\"text/javascript\"><!--\n";
+ echo "if (!(navigator.appName == 'Netscape' && parseInt(navigator.appVersion) <= 4)) ";
+ echo "window.location.href = \"login.php3?flag_js=1\";\n";
+ echo "// --></script>\n";
+}
+else {
+ // Inclure les fonctions de calcul du MD5 en Javascript
+ echo "<script type=\"text/javascript\" src=\"md5.js\"></script>";
+}
+
install_debut_html("$nom_site : accès à l'espace privé");
+
// Le login est memorise dans le cookie d'admin eventuel
if (ereg("^@(.*)$", $spip_admin, $regs)) $login = $regs[1];
else $login = "";
diff --git a/spip_cookie.php3 b/spip_cookie.php3
index ec8fc21b495742b51a3b7089d939771f50c00b51..d5def679263b74487f177717a0f9efe255063418 100644
--- a/spip_cookie.php3
+++ b/spip_cookie.php3
@@ -13,7 +13,9 @@ if ($cookie_session == "non") {
}
else if ($essai_login == "oui") {
// verifie l'auteur
- $md5pass = md5($session_password);
+ if ($session_password_md5) $md5pass = $session_password_md5;
+ else $md5pass = md5($session_password);
+
$login = addslashes($session_login);
$query = "SELECT * FROM spip_auteurs WHERE login='$login' AND pass='$md5pass'";
$result = spip_query($query);