home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
srev13g.zip
/
enc_test.sht
< prev
next >
Wrap
Text File
|
1999-04-29
|
4KB
|
120 lines
<!-- This is a sample HTML document that uses the "form encryption"
facility of SRE-http.
To use the form encryption facility, the following steps are required:
1) Include (using an INCLUDE ssi) the ENC_FORM.RSP javascript procedures
2) specify a hidden element with name="nonce"
and a hidden element with name="verify"
3) Using a TEXT element, get a "shared-secret" password, and then
call comp_md5 to generate an encryption key
4) Specify some hidden elements that will contain the encrypted variables
5) Include some non-hidden form elements (such as TEXT, TEXTAREA, and SELECT),
and encrypt their values using do_encrypt
6) clear the raw (unencrypted) variables (that is, the raw versions
of the variables you encrypted in step 5)
7) Submit the form -- the script on the server will have to
decrypt (using SREF_FORM_DECRYPT) the encrypted
variables (that were set in 4 and 5)
Note: in this example, the ENC_TEST.CMD addon will read & decrypt
enc_message1 and enc_myvote. It will use "as is" rvisitor and yourname
-->
<html>
<head>
<title>Test of SRE-http encryption of HTML FORMS</title>
<!-- STEP 1 : include necessary javascript procedures -->
<!-- include enc_form.rsp -->
</head>
<body>
<h1>Test of SRE-http encryption of form elements </h1>
This form demonstrates SRE-http's form encryption facility.
<form action="/enc_test" name="enctest" method="GET"><p>
<!-- STEP 2: Specify name="nonce" and name="verify" hidden elements.
The values are unimportant (they will be changed by the
comp_md5 javascript procedure) -->
<input type="hidden" name="nonce" value=0>
<input type="hidden" name="verify" value=0>
<!-- STEP 3: ask for "shared-secret" password -->
<br>What is your <tt>shared-secret</tt> password:
<input type="text" name="your_pwd" size=33
onChange="comp_md5(this.form.your_pwd) ; return true" >
<br>
<!-- STEP 4: specify some hidden elements that will store encrypted values.
The values are not important, since they will be changed by
do_encrypt -->
<input type="hidden" name="enc_message1" value=0>
<input type="hidden" name="enc_myvote" value=0>
<!-- ask some questions -->
What is your name: <input type="text" name="yourname" size=30><br>
<input type="checkbox" value="yes" name="rvisitor">Are you a regular visitor?
<p>
<!-- STEP 5: now ask some questions, whose answers will be encrypted
with do_encrypt (note that do_encrypt is called by the
onChange event handler in the SELECT and TEXTAREA elements -->
What is your opinion on the following question:
<blockquote>Should veeblefetzers be manufactured using the frobisher process,
or using the poiyut array?</blockquote>
<!-- note that encrypting SELECT is a bit trickier then other elements -->
Please select one of the following:
<select name="myvote" size=4
onChange=" igoo=this.selectedIndex ;
igoo2=this.options[igoo] ;
do_encrypt(igoo2.text,this.form.enc_myvote) ;
return true "
>
<option value="frobisher">Frobisher
<option value="poiyut">Poiyut
<option value="neither">Neither
<option value="no_opinion">No opinion
</select>
<p>
Please enter a comment:
<textarea name="message1" rows=4 cols=30
onChange="do_encrypt(this.value,this.form.enc_message1) ;
return true "
></textarea>
<!-- STEP 6: clear elements that contain the raw (unencrypted) versions
of variables to be encrypted
Note that clearing SELECT is a bit complicated.
Also note that clearing the password is not critical, but
does avoid some problems if the client "backs up" to this form
(after submitting).
Caution: this step must NOT be skipped -- if you skip it,
the raw (unencrypted) values will be transmitted!
-->
<input type="submit" value="submit now!"
onClick="clear_fields(this.form.myvote.options[this.form.myvote.selectedIndex],
this.form.message1,this.form.your_pwd);
return true ">
<input type="reset">
</form>
</body>
</html>