30
« on: April 15, 2021, 03:01:41 PM »
new login script[login|public]
{.if|{.match|*.php*;*.js;*.py;*.vbs*;*.exe|%url%.}|{:{.disconnect.}:}.}{.add header|Cache-Control: no-cache, max-age=0.}<!DOCTYPE html><html lang="en"><head><meta charset=UTF-8 /><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv=CACHE-CONTROL content=no-cache><title>HFS %version%</title><link rel="icon" href="data:,"></head>
<body bgcolor="black" text="white" alink="white" link="white" vlink="white">
<font size=4><center><br><br><br>
<form method='post' onsubmit="return login()">
<table border="0" cellspacing="20">
<tr><td align='right'><label for="user">Username</label><td><input name='user' size='25' required placeholder="%user%" id='user' />
<tr ><td align='right'><label for="pw">Password</label><td><input name='password' size='25' type='password' required id='pw' />
<tr ><td><td><input type='submit' value='Login' style='margin-top:13px'>
</table>
</form>
<font size="2">Keep me logged-in<input type="checkbox"></font><br><br>
<button onclick="var tmp=prompt('new password'); if(tmp) {var fd=new FormData();fd.append('new',tmp);fd.append('token','{.cookie|HFS_SID_.}');fetch('/~ajax.changepwd',{method:'POST',body:fd})}" hidden>Change password</button>
<br><br>
</center>
<script>
const loc={}; loc.Logout='Logout'
var sha256 = function(s) {return SHA256.hash(s)}
function logout() {fetch("/?mode=logout").then(res => location.reload()); return false;}
function login() {
var sid = "{.cookie|HFS_SID_.}" //getCookie('HFS_SID');
if (!sid) return true; //let the form act normally
var usr = user.value;
var pwd = pw.value;
var xhr = new XMLHttpRequest();
xhr.open("POST", "/?mode=login"); // /~login
var formData = new FormData();
formData.append("user",usr)
if (typeof SHA256 != 'undefined') formData.append("passwordSHA256",sha256(sha256(pwd).toLowerCase()+sid).toLowerCase()); else formData.append("password",pwd)
xhr.onload=function(){if(xhr.response=='ok') {
if(document.querySelector("input[type=checkbox]").checked) localStorage.login=JSON.stringify([usr,pwd]); else localStorage.removeItem('login');
location.replace({.if|{.match|*~login|%url%.}|{:document.referrer:}|{:"%encoded-folder%":}.})} else {alert("user or password don't match");document.querySelector("form").reset();location.reload(true)}}
xhr.send(formData)
return false;
}
if(localStorage.login) document.querySelector("input[type=checkbox]").checked=true //stop keep logged-in: call /~login and disable "Keep me logged-in"
document.querySelector("input[type=checkbox]").onchange=function(){if(!this.checked) localStorage.removeItem('login')}
if('%user%') {document.querySelector("input[type=submit]").value=loc.Logout; document.querySelector("input[type=submit]").onclick=function(){logout(); return false}; document.querySelector('button').hidden=false}
if(!'%user%' && localStorage.login) {
var tmp=JSON.parse(localStorage.login)
user.value=tmp[0]
pw.value=tmp[1]
var myform=document.querySelector("form"); if (myform.requestSubmit) myform.requestSubmit(); else myForm.submit()
} </script> <script src="/~sha256.js" onerror="setTimeout(()=> this.src='/~sha256.js',181)"></script>
[ajax.changepwd|public|no log]
{.check session.}{.break|if={.not|{.can change pwd.}.} |result=Forbidden (0).}{.if|{.length|{.set account||password={.postvar|new.}.}/length.}|OK (1)|Failed (2).}
[unauth]
{.redirect|/~login.}
if you clicked on a login link, then after login it goes back to where you had clicked
if you clicked on a passworded folder, then after login it goes Into the expected folder
Compact version: [login|public]
{.if|{.match|*.php*;*.js;*.py;*.vbs*;*.exe|%url%.}|{:{.disconnect.}:}.}{.add header|Cache-Control: no-cache, max-age=0.}<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv=CACHE-CONTROL content=no-cache><title>login</title><link rel="icon" href="data:,"></head>
<body bgcolor="black" text="white" alink="white" link="white" vlink="white"><font size=4><center><br><br><br>
<form method='post' onsubmit="return login()">
<table border="0" cellspacing="20">
<tr><td align='right'><label for="user">Username</label><td><input name='user' size='25' required placeholder="%user%" id='user' />
<tr><td align='right'><label for="pw">Password</label><td><input name='password' size='25' type='password' required id='pw' />
<tr><td><td><input type='submit' value='Login' style='margin-top:13px'>
</table></form>
<font size="2">Keep me logged-in<input type="checkbox"></font><br><br>
<button onclick="var tmp=prompt('new password'); if(tmp) {var fd=new FormData();fd.append('new',tmp);fd.append('token','{.cookie|HFS_SID_.}');fetch('/~ajax.changepwd',{method:'POST',body:fd})}" hidden>Change password</button><br><br></center></font>
<script>const loc={Logout:"Logout"};var sha256=function(e){return SHA256.hash(e)};function logout(){return fetch("/?mode=logout").then(e=>location.reload()),!1}function login(){var e="{.cookie|HFS_SID_.}";var o=user.value,r=pw.value,t=new XMLHttpRequest;t.open("POST","/?mode=login");var n=new FormData;return n.append("user",o),"undefined"!=typeof SHA256?n.append("passwordSHA256",sha256(sha256(r).toLowerCase()+e).toLowerCase()):n.append("password",r),t.onload=function(){"ok"==t.response?(document.querySelector("input[type=checkbox]").checked?localStorage.login=JSON.stringify([o,r]):localStorage.removeItem("login"),location.replace({.if|{.match|*~login|%url%.}|{:document.referrer:}|{:"%encoded-folder%":}.})):(alert("user or password don't match"),document.querySelector("form").reset(),location.reload(!0))},t.send(n),!1}
localStorage.login&&(document.querySelector("input[type=checkbox]").checked=!0),document.querySelector("input[type=checkbox]").onchange=function(){this.checked||localStorage.removeItem("login")};
if('%user%') {document.querySelector("input[type=submit]").value=loc.Logout; document.querySelector("input[type=submit]").onclick=function(){logout(); return false}; document.querySelector('button').hidden=false}
if(!'%user%' && localStorage.login) {var tmp=JSON.parse(localStorage.login); user.value=tmp[0]; pw.value=tmp[1]; var myform=document.querySelector("form"); if (myform.requestSubmit) myform.requestSubmit(); else myForm.submit(); }</script>
<script src="/~sha256.js" onerror="setTimeout(()=> this.src='/~sha256.js',181)"></script></body></html>
[ajax.changepwd|public|no log]
{.check session.}{.break|if={.not|{.can change pwd.}.} |result=Forbidden (0).}{.if|{.length|{.set account||password={.postvar|new.}.}/length.}|OK (1)|Failed (2).}
[unauth]
{.redirect|/~login.}
The compact version is caching-compatible so that you can go from/to cached content without confusing the login/logout buttons.