Source code taken from cacert-20110820.tar.bz2
[cacert.git] / pages / index / 6.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
19 <?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
20 </p>
21
22 <form method="post" action="index.php" autocomplete="off">
23 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="350">
24 <tr>
25 <td colspan="2" class="title"><?=_("Lost Pass Phrase - Step 2")?></td>
26 </tr>
27 <?
28 srand ((double) microtime() * 1000000);
29 $num2 = $nums = array();
30 for($i = 1; $i <= 5; $i++)
31 {
32 if($_SESSION['lostpw']['user']["Q$i"] == "")
33 continue;
34 $nums[] = $i;
35 }
36
37 for($i = 0; $i < count($nums); $i++)
38 {
39 if(count($num2) == count($nums))
40 break;
41
42 $val = rand(1, 5);
43 if($_SESSION['lostpw']['user']["Q$val"] == "")
44 {
45 $i--;
46 continue;
47 }
48
49 if($val < 1 || $val > 5)
50 {
51 $i--;
52 continue;
53 }
54
55 if(!in_array($val, $num2))
56 $num2[] = $val;
57 else
58 $i--;
59
60 if(count($num2) >= 3)
61 break;
62 }
63
64 if($i > 1)
65 {
66
67 $_SESSION['lostpw']['total'] = count($num2);
68
69 foreach($num2 as $num)
70 {
71 $q = "Q$num"; $a = "A$num";
72 if($_SESSION['lostpw']['user'][$q] == "")
73 continue;
74 ?>
75 <tr>
76 <td class="DataTD"><?=$_SESSION['lostpw']['user'][$q]?></td>
77 <td class="DataTD"><input type="text" name="<?=$a?>" autocomplete="off">
78 <input type="hidden" name="<?=$q?>" value="<?=sanitizeHTML($_SESSION['lostpw']['user'][$q])?>"></td>
79 </tr>
80 <? } ?>
81 <tr>
82 <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
83 <td class="DataTD"><input type="password" name="newpass1" autocomplete="off"></td>
84 </tr>
85 <tr>
86 <td class="DataTD"><?=_("Repeat")?><font color="red">*</font>: </td>
87 <td class="DataTD"><input type="password" name="newpass2" autocomplete="off"></td>
88 </tr>
89 <tr>
90 <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
91 </tr>
92 <tr>
93 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
94 </tr>
95 </table>
96 <input type="hidden" name="oldid" value="<?=$id?>">
97 </form>
98 <? } else { ?>
99 <p><?=_("You do not have enough/any lost password questions set. You will not be able to continue to reset your password via this method.")?></p>
100 <? } ?>