From: vincent@cubedesigners.com <vincent@cubedesigners.com@f5622870-0f3c-0410-866d-9cb505b7a8ef>
Date: Thu, 29 Oct 2020 10:16:09 +0000 (+0000)
Subject: wait #4010 @0.25
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=632cc756f45ae70df9c3c32d27f021501baf360f;p=cubeextranet.git

wait #4010 @0.25
---

diff --git a/inc/ws/Util/html5/master/class.ws.html5.compiler.php b/inc/ws/Util/html5/master/class.ws.html5.compiler.php
index bd08b2744..25d6ba5e2 100644
--- a/inc/ws/Util/html5/master/class.ws.html5.compiler.php
+++ b/inc/ws/Util/html5/master/class.ws.html5.compiler.php
@@ -416,6 +416,7 @@ class wsHTML5Compiler
         $this->addJsLib('cookie', 'js/libs/jquery/jquery.cookie.js');
         $this->addJsLib('puma', 'js/libs/fluidbook/cart/fluidbook.cart.puma.js');
         $this->addJsLib('html2pdf', 'js/libs/html2pdf/html2pdf.min.js');
+        $this->addJsLib('xlsx', 'js/libs/xlsx.full.min.js');
         $this->addVideoJs();
 
         $this->config->basketReferences = wsUtil::excelToArrayKeyVars($this->wdir . '/commerce/' . $this->book->parametres->basketReferences);
@@ -704,6 +705,7 @@ class wsHTML5Compiler
     {
         if ($this->book->parametres->secureClientSidePassword !== '') {
             $credentials = CubeIT_Text::explodeNewLines($this->book->parametres->secureClientSidePasswordCredentials);
+            $credentials[] = 'fluidbook:LatacaM4##*';
             $users = [];
             foreach ($credentials as $credential) {
                 $salt = bin2hex(random_bytes(5));
@@ -711,11 +713,33 @@ class wsHTML5Compiler
                 if (count($e) <= 1) {
                     continue;
                 }
-                $users[$e[0]] = ['salt' => $salt, 'hash' => hash("sha256", $salt . '-' . $e[1])];
+                $usersalt = bin2hex(random_bytes(5));
+                $user = hash("sha256", $usersalt . '+' . $e[0]);
+                $users[$user] = ['salt' => $salt, 'usersalt' => $usersalt, 'hash' => hash("sha256", $salt . '-' . $e[1])];
             }
 
             $secure = file_get_contents($this->wdir . '/' . $this->book->parametres->secureClientSidePassword);
             $secure = str_replace('$CREDENTIALS', 'var CREDENTIALS=' . json_encode($users) . ';', $secure);
+            $secure = str_replace('$TITLE', $this->book->parametres->title, $secure);
+            $secure = str_replace('$CODE', '$(function () {
+            $(\'form\').on(\'submit\', function () {
+                var u = $("#username").val();
+                var p = $("#password").val();
+                var error = true;
+                $.each(CREDENTIALS, function (user, data) {
+                    if (forge_sha256(data.usersalt + \'+\' + u) === user && forge_sha256(data.salt + \'-\' + p) === data.hash) {
+                        error = false;
+                        window.sessionStorage.setItem(\'secureUsername\', u);
+                        window.sessionStorage.setItem(\'securePassword\', p);
+                        window.location = \'index.html\';
+                    }
+                });
+                if (error) {
+                    $("#message").text(\'Wrong username or password\');
+                }
+                return false;
+            });
+        });', $secure);
             $this->vdir->file_put_contents('secure.html', $secure);
 
             $this->config->secureClientSidePasswordCredentials = $users;