-205


	<?xml version="1.0" encoding="<X-FC-ITEM DATA[Charset]>"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!--^Blog/Comments x205 H=<X-FC-REQUEST-TIME HEADER> LS=<X-FC-REQUEST-TIME LOGIN.START> L=<X-FC-REQUEST-TIME LOGIN> OS=<X-FC-REQUEST-TIME OPEN.START> O=<X-FC-REQUEST-TIME OPEN> T=<X-FC-REQUEST-TIME>--><X-FC-WHITESPACE STRIP> <!--#if expr="<X-FC-FIELD 13625 LENGTH>"--> <!--#set var="SKIN" value="?Plugin=<X-FC-FIELD 13625 MLSTRING>"--> <!--#else--> <!--#set var="SKIN" value=""--> <!--#endif--> <!--#if expr="<X-FC-SERVER VERSION> < 10537"--> <!--#set var="MAXDATA" value="255"--> <!--#else--> <!--#set var="MAXDATA" value="1023"--> <!--#endif--> <!--#set var="CAPTIONSTRING" value="<X-FC-FIELD LANG.142.5 STRING>"--> <!--#set var="PREFIX" expr="@split($CAPTIONSTRING,"^0")"--> <!--#set var="CAPTIONSTRING" value="${PREFIX}${CAPTIONSTRING}"--> <X-FC-WHITESPACE RETAIN> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><X-FC-ITEM DATA[Title]></title> <link rel="alternate" type="application/rss+xml" title="<X-FC-ITEM DATA[Title]>" href="<X-FC-OBJURL ABSOLUTE>?Plugin=RSS&Documents"/> <meta http-equiv="Content-Type" content="text/html; charset=<X-FC-ITEM DATA[Charset]>"/> <link rel="icon" href="/favicon.ico" type="image/x-icon"/> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/> <script type="text/javascript"> <!-- <!--#include virtual="/.Templates/Comments/URLEscape.inc"--> <X-FC-WHITESPACE STRIP> var path="<X-FC-OBJURL>",L="<X-FC-LOGIN>"; var XA=false; <!--#rem gRA(s,a) getResponseArgument(string,argument) --> function gRA(s,a){ var as=s.indexOf(a+"="); var ae=-1; if(as!=-1){ if(s.charAt(as+a.length+1)=='"'){ ++as; ae=s.indexOf('"',as+a.length+1); }else{ ae=s.indexOf(";",as+a.length+1); } } if(ae!=-1){ return s.substring(as+a.length+1,ae); }else{ return null; } } <!--#rem dL() doLoad() onload event handler --> <!--#set var="ONLOAD" value="dL"--> function dL(){ document.forms["CF"].elements["Body"].value=""; var LFE=document.forms["LOGINFORM"].elements; LFE["userid"].value=""; LFE["password"].value=""; <!--#if expr="$ENABLEAUTHSAVING"--> LFE["savepw"].checked=false; lc(); <!--#endif--> <!--#if expr="<X-FC-USER AUTH> == 0"--> <!--#if expr="<X-FC-SERVER SECURE> == 0 && <X-FC-SERVER SECURE.ALLOWSLOGIN> != 0"--> self.location.replace("https://<!--#echo var="HTTP_HOST"--><!--#if expr="<X-FC-SERVER SECURE.PORT> != 443"-->:<X-FC-SERVER SECURE.PORT><!--#endif--><X-FC-OBJURL>?<X-FC-URL-PARAMETER>"); <!--#elif expr="<X-FC-SERVER ALLOWSLOGIN>"--> var RO=new ARO(); if(RO!=null){ RO.CB=GACB; } if(RO==null\|\|!RO.S("/Login<X-FC-OBJURL>","Plugin=Blog&Templates=Comments&Upper=1&Lower=1&AJAX=1","text/plain")){ XA=true; } <!--#endif--> <!--#endif--> } <!--#if expr="<X-FC-SERVER ALLOWSLOGIN>"--> <!--#rem GACB(RO) GetAuthCallback(RequestObject) --> function GACB(RO){ var a=0,n="",p=0,v=""; var t=RO.obj.responseText; a=gRA(t,"auth"); if(a!=null){ XA=false; a=parseInt(a); if(a){ n=gRA(t,"name"); p=parseInt(gRA(t,"post")); L=gRA(t,"login"); v=gRA(t,"vkey"); dSL(n,p,v); } } } <!--#rem RDL() ReDoLogin() --> function RDL(){ var RO=new ARO(); var U=path; var CFT=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["CommentTable"]<!--#else-->getElementById("CommentTable")<!--#endif-->; var LFT=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["LoginTable"]<!--#else-->getElementById("LoginTable")<!--#endif-->; var LF=document.forms["LOGINFORM"]; if(path.substr(0,6).toUpperCase()=="/LOGIN"){ path=path.substr(path.indexOf("/",1),path.length); } if(LFT==null\|\|CFT==null\|\|RO==null\|\|!RO.G("/Login/Logout","Plugin=Blog&Templates=Comments&AJAX=1")){ self.location.replace("/Login/Logout?Plugin=Blog&Templates=Comments&URL="+path+"&ThreadID=<X-FC-URL-PARAMETER ThreadID>&POST=1"); L="/"; XA=true; }else{ LF.elements["userid"].value=""; LF.elements["password"].value=""; LF.elements["savedpw"].value=0; <!--#if expr="$ENABLEAUTHSAVING"--> LF.elements["savepw"].checked=false; <!--#endif--> CFT.style.display="none"; LFT.style.display="block"; XA=false; } return false; } <!--#rem dPC(F) doPostComment(form) --> function dPC(F){ var RO=null; var fs=null; var si=0; if(F.elements["Body"].value.length==0){ return false; } if(F.action.substr(0,7).toUpperCase()=="HTTP://"\|\|F.action.substr(0,8).toUpperCase()=="HTTPS://"){ si=F.action.indexOf("/",8); } if(F.action.substr(si,L.length).toUpperCase()!=L.toUpperCase()){ F.action=(si>0?F.action.substr(0,si):"")+L+F.action.substr(si+1,F.action.length); } if(!XA){ RO=new ARO(); } if(RO!=null){ var v=uesc(F.elements["Body"].value); if(v.length<1024){ RO.CB=CCB; fs="VKey="+uesc(F.elements["VKey"].value)+"&Charset="+uesc(F.elements["Charset"].value)+"&Body="+v; }else{ <!--#if expr="<X-FC-USER AUTH> == 0"--> F.action+="&XA=1"; <!--#endif--> RO=null; } } if(RO==null\|\|!RO.PF(F.action,fs,"text/plain")){ return true; } F.elements["Post"].disabled=true; return false; } <!--#rem CCB(RO) CommentCallback(RequestObject) --> function CCB(RO){ document.forms["CF"].elements["Post"].disabled=false; self.location.reload(); } <!--#rem dLI(F) doLogIn(Form) --> function dLI(F){ var I=document.images["CHALIMG"]; var rj=Math.random()Math.random()2147483647; I.onload=pL; I.src="/__Challenge?RJ="+rj; return false; } <!--#rem pL() --> function pL(){ var F=document.forms["LOGINFORM"]; var c=gRA(document.cookie+";","fcchallenge"); if(c!=null){ var RO=null; var fs=""; F.elements["challenge"].value=c; <!--#if expr="$ENABLEAUTHSAVING"--> if(F.elements["savepw"].checked){ sc(F); } <!--#endif--> DP(F); if(!XA){ RO=new ARO(); } if(RO!=null){ RO.CB=LCB; fs="userid="+uesc(F.elements["userid"].value)+"&challenge="+uesc(F.elements["challenge"].value)+"&sha1="+uesc(F.elements["sha1"].value)+"&savedpw="+uesc(F.elements["savedpw"].value)+"&origurl="+uesc(F.elements["origurl"].value+"&Upper=1&Lower=1&AJAX=1"); } if(RO==null\|\|!RO.PF(F.action,fs,"text/plain")){ F.submit(); } <!--#if expr="$ENABLEAUTHSAVING"--> if(sp!=null&&!F.elements["savepw"].checked){ cc(F); } <!--#endif--> }else{ self.location=F.action; } } <!--#rem LCB(RO) LoginCallback(RequestObject) --> function LCB(RO){ var t=RO.obj.responseText; var a=gRA(t,"auth"); if(a!=null&&parseInt(a)){ L=gRA(t,"login"); dSL(gRA(t,"name"),parseInt(gRA(t,"post")),gRA(t,"vkey")); }else{ var e=gRA(t,"err"); if(e){ alert("Error: "+e); } } } <!--#rem dSL(n,p,v) doSuccesfulLogin(name,postpermission,validationkey) --> <!--#set var="WELCOMESTRING" value="<X-FC-FIELD LANG.7546.5 STRING>"--> <!--#set var="WRONGUSERSTRING" value="<X-FC-FIELD LANG.7546.6 STRING>"--> <!--#set var="NOPOST" value="<X-FC-FIELD LANG.7547.5 STRING>"--> function dSL(n,p,v){ if(p){ var CFT=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["CommentTable"]<!--#else-->getElementById("CommentTable")<!--#endif-->; var LFT=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["LoginTable"]<!--#else-->getElementById("LoginTable")<!--#endif-->; var WS=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["WS"]<!--#else-->getElementById("WS")<!--#endif-->; var WUS=document.<!--#if expr="<X-FC-BROWSER NAME.MSIE>"-->all["WUS"]<!--#else-->getElementById("WUS")<!--#endif-->; var VK=document.forms["CF"].elements["VKey"]; try{ WS.innerHTML =<!--#set var="WORK" value="$WELCOMESTRING"-->"<!--#echo expr="@split($WORK,"^1")"-->"+n+"<!--#echo var="WORK"-->"; WUS.innerHTML=<!--#set var="WORK" value="$WRONGUSERSTRING"-->"<!--#echo expr="@split($WORK,"^1")"-->"+n+"<!--#echo var="WORK"-->"; LFT.style.display="none"; CFT.style.display="block"; VK.value=v; }catch(e){} }else{ alert("<!--#echo expr="@split($NOPOST,"^1")"-->"+n+"<!--#echo var="NOPOST"-->"); RDL(); } } <!--#rem ARO AsyncRequestObject A cross-browser XMLHTTPRequest object Properties: CB Callback Function to be called when the request completes or times out. Parameter is the ARO object itself. Public Methods: G(u,p) GET(url,params) Send or queue an HTTP "GET" request to the server using the given URL and the specified paramters PF(F) POSTForm(Form) Send or queue an HTTP "POST" to the server using the data from the HTML form in the argument (the URL used is the form action) S(u,p,m) SAVE(url,params,MIME Type) Send or queue an HTTP "GET" request to the server using the given URL and the specified parameters, receiving the specified MIME Type data in response Private methods: dG doGet dPF doPostForm dS doSave Private static methods: RSCH ReadyStateChangeHandler dQ deQueue --> function ARO(){ this.CB=null; <!--#if expr="<X-FC-BROWSER NAME.MSIE>"--> try{ this.obj=new ActiveXObject("Msxml2.XMLHTTP"); }catch (e){ try{ this.obj=new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){ this.obj=null; } } <!--#else--> try{ this.obj=new XMLHttpRequest(); this.obj.overrideMimeType("text/xml"); }catch(e){ this.obj=null; } <!--#endif--> if(this.obj!=null){ return this; } return null; } <!--#rem Static member: CRO CurrentRequestObject RQ RequestQueue Because the browser developers are just too dumb to implement object oriented code or parallel requests properly. --> var CRO=null; var RQ=[]; <!--#rem dQ deQueue Since the browsers seem to be able to process only one request at a time, if one a new request is made while another is in progress it is queued for later processing. This function deQueues and dispatches any pending requests in the order they were requested. --> function dQ(){ while(CRO==null&&RQ.length){ CRO=RQ[0][0]; if(RQ[0][1]=="PF"){ CRO.dPF(RQ[0][2],RQ[0][3],RQ[0][4]); }else if(RQ[0][1]=="G"){ CRO.dG(RQ[0][2],RQ[0][3]); }else if(RQ[0][1]=="S"){ CRO.dS(RQ[0][2],RA[0][3],RA[0][4]); }else{ CRO=null; } for(var i=0;i<RQ.length-1;i++){ RQ[i]=RQ[i+1]; } RQ.length-=1; } } <!--#rem RSCH() ReadyStateChangeHandler() --> ARO.prototype.RSCH=function(){ if(CRO.obj!=null&&CRO.obj.readyState==4){ if(CRO.obj.status==302){ var nu=CRO.obj.getResponseHeader("location"); if(nu.substr(0,6)=="https:"){ nu=nu.substr(0,nu.indexOf('/',9)); self.location.replace(nu+"<X-FC-OBJURL>?<X-FC-URL-PARAMETER>"); } }else{ var RO=CRO; CRO=null; if(RO.CB!=null){ RO.CB(RO); } if(RQ.length){ dQ(); } } } }; <!--#rem G(u,p) GET(url,params) --> ARO.prototype.G=function(u,p){ if(this.obj==null\|\|u==null\|\|u==""){ return false; } if(CRO!=null\|\|RQ.length>0){ RQ[RQ.length]=[this,"G",u,p]; return true; } CRO=this; return this.dG(u,p); }; <!--#rem dG(u,p) doGet(url, params) --> ARO.prototype.dG=function(u,p){ try{ this.r="G"; this.u=u; this.p=p; this.obj.open("GET",u+(p&&p.length?"?"+p:""),true); this.obj.onreadystatechange=this.RSCH; this.obj.send(null); return true; }catch(e){ CRO=null; return false; } }; <!--#rem PF(a,d,m) POSTForm(Action, Data, MIMEType) --> ARO.prototype.PF=function(a,d,m){ if(d==null\|\|d==""\|\|a==null\|\|a==""){ return false; } if(CRO!=null\|\|RQ.length>0){ RQ[RQ.length]=[this,"PF",a,d,m]; return true; } CRO=this; return this.dPF(a,d,m); }; <!--#rem dPF(u,fs,m) doPostForm(URL, FormString, MIMEType) --> ARO.prototype.dPF=function(u,fs,m){ try{ this.r="P"; this.fs=fs; this.m=m; this.obj.open("POST",u,true); this.obj.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); <!--#if expr="<X-FC-BROWSER NAME.MSIE> == 0"--> if(m){ this.obj.overrideMimeType(m); } <!--#endif--> this.obj.onreadystatechange=this.RSCH; this.obj.send(fs); return true; }catch(e){ CRO=null; return false; } }; <!--#rem S(u,p,m) Save(url,params,mimeType) --> ARO.prototype.S=function(u,p,m){ if(this.obj==null\|\|u==null\|\|u==""){ return false; } if(CRO!=null\|\|RQ.length>0){ RQ[RQ.length]=[this,"S",u,p,m]; return true; } CRO=this; return this.dS(u,p,m); }; <!--#rem dS(u,p,m) doSave(url,params,mimeType) --> ARO.prototype.dS=function(u,p,m){ try{ this.r="S"; this.u=u; this.p=p; this.m=m; <!--#if expr="<X-FC-BROWSER NAME.MSIE> == 0"--> this.obj.overrideMimeType(m); <!--#endif--> this.obj.open("GET",u+(p&&p.length?"?"+p:""),true); this.obj.onreadystatechange=this.RSCH; this.obj.send(null); return true; }catch(e){ CRO=null; return false; } }; <!--#rem The following functions are necessary since various browser developers have failed to implement arithmetic operations on unsigned 32-bit numbers correctly AND(a,b) == a&b OR(a,b) == a\|b XOR(a,b) == a^b NOT(a) == ~a ADD(a,b) == a+b LS(a,s) == a<<s RS(a,s) == a>>s --> function AND(a,b){ var hb=(a>=0x80000000)&&(b>=0x80000000); var r=0; if(a>=0x80000000){a-=0x80000000;} if(b>=0x80000000){b-=0x80000000;} r=a&b; if(hb){r+=0x80000000;} return r; } function OR(a,b){ var hb=(a>=0x80000000)\|\|(b>=0x80000000); var r=0; if(a>=0x80000000){a-=0x80000000;} if(b>=0x80000000){b-=0x80000000;} r=a\|b; if(hb){r+=0x80000000;} return r; } function XOR(a,b){ var hb=((a>=0x80000000)&&(b<0x80000000))\|\|((a<0x80000000)&&(b>=0x80000000)); var r=0; if(a>=0x80000000){a-=0x80000000;} if(b>=0x80000000){b-=0x80000000;} r=a^b; if(hb){r+=0x80000000;} return r; } function NOT(a){ var b=0x80000000; var n=0; while(b>=1){ if(a>=b){ a-=b; }else{ n+=b; } b=b/2; } return n; } function ADD(a,b){ var n=0; if(a>=0x80000000){ ++n; a-=0x80000000; } if(b>=0x80000000){ ++n; b-=0x80000000; } a+=b; if(n==1){ if(a>=0x80000000){ a-=0x80000000; }else{ a+=0x80000000; } } return a; } function LS(a,s){ for(var i=0;i<s;i++){ if(a>=0x80000000){ a-=0x80000000; } a=a2; } return a; } function RS(a,s){ for(var i=0;i<s;i++){ if(a%2){ a-=1; } a=a/2; } return a; } var hd="0123456789abcdef"; <!--#rem function H1 converts the high nibble of the byte c into a hex character --> function HEX1(c){ return hd.substr((c>>4)&0x0F,1); } <!--#rem function H2 converts the low nibble of byte c into a hex character --> function HEX2(c){ return hd.substr(c&0x0F,1); } <!--#rem SHA1 State variables --> var PD=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]; var H=[],B=[]; var KV=[0x5A827999,0x6ED9EBA1,0x8F1BBCDC,0xCA62C1D6]; var TL=0; var BL=0; function K(n){ return KV[Math.floor(n / 20)]; } function S(v,n){ return OR(LS(v,n),RS(v,32-n)); } function f(n,B,C,D){ switch(Math.floor(n/20)){ case 0:return OR(AND(B,C),AND(NOT(B),D)); case 2:return OR(OR(AND(B,C),AND(B,D)),AND(C,D)); default:return XOR(XOR(B,C),D); } }<!--#rem EC(I,L,O) Encode (Input, Length, Output) Encodes input (UINT4) into output (unsigned char). Assumes len is a multiple of 4. --> function EC(I,L,O){ var i, j; for(i=0,j=0;j<L;i++,j+=4){ O[j]=AND(RS(I[i],24),0xFF); O[j+1]=AND(RS(I[i],16),0xFF); O[j+2]=AND(RS(I[i],8),0xFF); O[j+3]=AND(I[i],0xFF); } }<!--#rem DC(I,L,O) Decode(Input, Length, Output) Decodes input (unsigned char) into output (UINT4). Assumes len is a multiple of 4. --> function DC(I,L,O){ var i, j; for (i=0,j=0;j<L;i++,j+=4){ O[i]=0; O[i]=ADD(O[i],LS(I[j],24)); O[i]=ADD(O[i],LS(I[j+1],16)); O[i]=ADD(O[i],LS(I[j+2],8)); O[i]=ADD(O[i],I[j+3]); } }<!--#rem TF(bl) Transform(block) SHA1 basic transformation. Transforms state based on block. --> function TF(bl){ var a,b,c,d,e,t; var W=[]; var i; DC(bl,64,W); for(i=16;i<80;i++){ W[i]=S(XOR(XOR(XOR(W[i-3],W[i-8]),W[i-14]),W[i-16]),1); } a=H[0];b=H[1];c=H[2];d=H[3];e=H[4]; for(i=0;i<80;i++){ t=ADD(ADD(ADD(ADD(S(a,5),f(i,b,c,d)),e),W[i]),K(i)); e=AND(d,0xFFFFFFFF); d=AND(c,0xFFFFFFFF); c=AND(S(b,30),0xFFFFFFFF); b=AND(a,0xFFFFFFFF); a=AND(t,0xFFFFFFFF); } H[0]=ADD(H[0],a); H[1]=ADD(H[1],b); H[2]=ADD(H[2],c); H[3]=ADD(H[3],d); H[4]=ADD(H[4],e); }<!--#rem CA(d, di, s, si, l) CopyArray (Destination, Destination Index, Source, Source Index, Length) --> function CA(d,di,s,si,L){ for(i=0;i<L;i++){ d[di+i]=s[si+i]; } }<!--#rem UD(I,L) Update (Input, Length) SHA1 block update operation. Continues an SHA1 message-digest operation, processing another message block, and updating the context. --> function UD(I,L){ var i=0; TL+=L; if(BL){ if(64-BL>L){ i=L; }else{ i=64-BL; } CA(B,BL,I,0,i); BL+=i; if(BL<64){ return; } TF(B); BL=0; } while(L-i>=64){ CA(B,0,I,i,64); i+=64; TF(B); } CA(B,0,I,i,L-i); BL=L-i; }<!--#rem F() Final () SHA1 finalization. Ends an SHA1 message-digest operation, writing the the message digest and zeroizing the context. --> function F(){ var D=[]; var R=""; B[BL++]=0x80; if(BL<56){ CA(B,BL,PD,0,59-BL); }else{ if(BL<64){ CA(B,BL,PD,0,64-BL); } TF(B); CA(B,0,PD,0,58); } B[59]=AND(RS(AND(TL,0xE0000000),29),0xFF); TL=LS(TL,3); B[60]=AND(RS(TL,24),0xFF); B[61]=AND(RS(TL,16),0xFF); B[62]=AND(RS(TL,8),0xFF); B[63]=AND(TL,0xFF); TF(B);<!--#rem Store state in digest--> EC(H,20,D); for(i=0;i<20;i++){ R+=String(HEX1(D[i])); R+=String(HEX2(D[i])); } return R; }<!--#rem SHA1(C,P) SHA1(challenge, password) computes the SHA-1 digest of the given password --> function SHA1(C,P){ var c=[],p=[]; var u; var s,d;<!--#rem Transfer challenge string to challenge byte array as UTF-8--> for (s=0,d=0;s<C.length;s++){ u=C.charCodeAt(s); if(u<0x80){ c[d++]=u; }else if(u<0x0800){ c[d++]=OR(RS(u,6),0xC0); c[d++]=OR(AND(u,0x0000003F),0x80); }else if(u<0x00010000){ c[d++]=OR(RS(u,12),0xE0); c[d++]=OR(AND(RS(u,6),0x0000003F),0x80); c[d++]=OR(AND(u,0x0000003F),0x80); }else if(u<0x00200000){ c[d++]=OR(RS(u,18),0xF0); c[d++]=OR(AND(RS(u,12),0x0000003F),0x80); c[d++]=OR(AND(RS(u,6),0x0000003F),0x80); c[d++]=OR(AND(u,0x0000003F),0x80); } }<!--#rem Transfer password string to password byte array as UTF-8--> for (s=0,d=0;s<P.length;s++){ u=P.charCodeAt(s); if(u<0x80){ p[d++]=u; }else if(u<0x0800){ p[d++]=OR(RS(u,6),0xC0); p[d++]=OR(AND(u,0x0000003F),0x80); }else if(u<0x00010000){ p[d++]=OR(RS(u,12),0xE0); p[d++]=OR(AND(RS(u,6),0x0000003F),0x80); p[d++]=OR(AND(u,0x0000003F),0x80); }else if(u<0x00200000){ p[d++]=OR(RS(u,18),0xF0); p[d++]=OR(AND(RS(u,12),0x0000003F),0x80); p[d++]=OR(AND(RS(u,6),0x0000003F),0x80); p[d++]=OR(AND(u,0x0000003F),0x80); } }<!--#rem Load magic initialization constants.--> H[0]=0x67452301; H[1]=0xEFCDAB89; H[2]=0x98BADCFE; H[3]=0x10325476; H[4]=0xC3D2E1F0; TL=0; BL=0; UD(c,c.length); UD(p,p.length); return F(); }<!--#rem DP(F) DigestPassword(Form) Determines if an SHA1 digest can be computed for the target HTML form, and if so computes it. --> function DP(F){ var p=self.sp; var E=F.elements; if(p==null){ p=E["password"].value.toUpperCase(); }else{ E["savedpw"].value="1"; } if (E["userid"].length==0){ return false; } E["sha1"].value=SHA1(E["challenge"].value,p); E["password"].value=""; return true; } var sp=null; <!--#if expr="$ENABLEAUTHSAVING"--> <!--#rem lc LoadCredentials checks for cookie saved credentials and pre-fills the login form with them --> function lc(){ var C=document.cookie; var t=null; var s=C.indexOf("fc1="); var e; var c; if(s!=-1){ var D=new Date(); D.setTime(D.getTime() + 7776000000); s+=4; e=C.indexOf(';',s); if(e==-1){ e=C.length; } t=C.substring(s,e); if(t.length){ document.cookie="fc1="+t+";path=/;expires="+D.toGMTString(); document.forms["LOGINFORM"].elements["userid"].value=du(t); s=C.indexOf("fc2="); if(s!=-1){ s+=4; e=C.indexOf(';',s); if(e==-1){ e=C.length; } t=C.substring(s,e); if(t.length){ document.cookie="fc2="+t+";path=/;expires="+D.toGMTString(); self.sp=t; document.forms["LOGINFORM"].elements["password"].value="**********"; } } } } }<!--#rem sc SaveCredentials Saves the current contents of the form in a cookie. May pop up a warning dialog if attempt to save pw. --> function sc(F){ var u=F.elements["userid"].value; var p=F.elements["password"].value; if(sp==null&&u.length){ var D=new Date(); D.setTime(D.getTime() + 7776000000); if(p.length){ <!--#if expr="<X-FC-FIELD LANG.7539.1 LENGTH>"--> if(confirm("<X-FC-FIELD LANG.7539.1 STRING>")){ <!--#else--> if(1){ <!--#endif--> document.cookie="fc1="+eu(u)+";path=/;expires="+D.toGMTString(); document.cookie="fc2="+SHA1(u.toUpperCase(),p.toUpperCase())+";path=/;expires="+D.toGMTString(); } }else{ document.cookie="fc1="+eu(u)+";path=/;expires="+D.toGMTString(); document.cookie="fc2=;path=/;expires="+D.toGMTString(); } } }<!--#rem cc ClearCredentials Clears any cookie saved credentials --> function cc(F){ var D=new Date(); D.setTime(D.getTime() + 7776000000); F.elements["userid"].value=""; F.elements["password"].value=""; document.cookie="fc1=;path=/;expires="+D.toGMTString(); document.cookie="fc2=;path=/;expires="+D.toGMTString(); }<!--#rem eu EncodeUserID Extremely simple scramble algorithm to provide minimal obfuscation for saved userid cookies. Note that this is effectively security by obscurity and will only serve to discourage rank amateurs. --> function eu(p){ var pa=[],sa=[]; var oa=""; var s="<X-FC-SERVER NAME>"; var i=0; var cs=0; for(i=0;i<64;i++){ sa[i]=s.charCodeAt(i%s.length); if(cs==0){ sa[i]=sa[i]%256; } } pa[0]=p.length; for(i=0;i<p.length;i++) { pa[i+1]=p.charCodeAt(i); if(pa[i+1]>255){ cs=1; } } for(i=p.length;i<64;i++){ pa[i+1]=Math.floor(Math.random()(cs==1?65535:255)); } for(i=0;i<64;i++){ if(i%2){ pa[i]=pa[i]+sa[i]; if(cs){ pa[i]=pa[i]%65536; }else{ pa[i]=pa[i]%256; } }else{ pa[i]=pa[i]-sa[i]; if(pa[i]<0&&cs){ pa[i]+=65536; }else if(pa[i]<0){ pa[i]+=256; } } } if(cs){ for(i=0;i<64;i++){ oa+=hd.charAt(AND(RS(AND(pa[(i+2)%64],0x00F0),4),0x000F)); } for(i=0;i<64;i++){ oa+=hd.charAt(AND(RS(AND(pa[(i+11)%64],0xF000),12),0x000F)); } for(i=0;i<64;i++){ oa+=hd.charAt(AND(RS(AND(pa[(i+5)%64],0x0F00),8),0x000F)); } for(i=0;i<64;i++){ oa+=hd.charAt(AND(pa[(i+1)%64],0x000F)); } }else{ for(i=0;i<64;i++){ oa+=hd.charAt(AND(pa[(i+7)%64],0x0F)); } for(i=0;i<64;i++){ oa+=hd.charAt(AND(RS(AND(pa[(i+4)%64],0xF0),4),0x0F)); } } return oa; } <!--#rem du DecodeUserID Decodes a userID encoded using EncodeUserID --> function du(e){ var pa=[],sa=[]; var cs=(e.length==52?1:0); var s="<X-FC-SERVER NAME>"; var i=0; var p=""; for(i=0;i<64;i++){ sa[i]=s.charCodeAt(i%s.length); if(cs==0){ sa[i]=sa[i]%256; } } for(i=0;i<64;i++){ pa[i]=0; } if(cs){ for(i=0;i<64;i++){ pa[(i+2)%64]+=(0x0010parseInt(e.charAt(i),16)); } for(i=64;i<128;i++){ pa[(i+11)%64]+=(0x1000parseInt(e.charAt(i),16)); } for(i=128;i<192;i++){ pa[(i+5)%64]+=(0x0100parseInt(e.charAt(i),16)); } for(i=192;i<256;i++){ pa[(i+1)%64]+=(parseInt(e.charAt(i),16)); } }else{ for(i=0;i<64;i++){ pa[(i+7)%64]+=(parseInt(e.charAt(i),16)); } for(i=64;i<128;i++){ pa[(i+4)%64]+=(0x10parseInt(e.charAt(i),16)); } } for(i=0;i<64;i++){ pa[i]+=(cs==1?65536:256); } for(i=0;i<64;i++){ if(i%2){ pa[i]=pa[i]-sa[i]; }else{ pa[i]=pa[i]+sa[i]; } } for(i=0;i<64;i++){ pa[i]=pa[i]%(cs?65536:256); } for(i=1;i<(pa[0]+1);i++){ p+=String.fromCharCode(pa[i]); } return p; } <!--#endif ENABLEAUTHSAVING--> <!--#endif SERVER.ALLOWSLOGIN--> <X-FC-WHITESPACE RETAIN> //--> </script> <!--#include virtual="/.Templates/WebStyle.inc${SKIN}"--> <!--#include virtual="/.Templates/WebHeader.inc${SKIN}"--> <X-FC-WHITESPACE STRIP> <!--#set var="ARTICLENDX" value="-1"--> <!--#set var="NUMCOMMENTS" value="0"--> <!--#set var="INDEX" value="-1"--> <!--#while expr="++$INDEX < <X-FC-NUMITEMS>"--> <!--#if expr="<X-FC-LIST-ITEM `$INDEX` EXISTS>"--> <!--#if expr="<X-FC-LIST-ITEM `$INDEX` COLUMN[Status] Unapproved> == 0 && <X-FC-LIST-ITEM `$INDEX` COLUMN[Status] Deleted> == 0 && `<X-FC-LIST-ITEM `$INDEX` COLUMN[ThreadID] HEX>` == `<X-FC-URL-PARAMETER ThreadID>`"--> <!--#if expr="<X-FC-LIST-ITEM `$INDEX` COLUMN[ObjType] IsDoc>"--> <!--#set var="ARTICLENDX" value="$INDEX"--> <!--#elif expr="<X-FC-LIST-ITEM `$INDEX` COLUMN[ObjType] IsMsg>"--> <!--#set var="NUMCOMMENTS" expr="$NUMCOMMENTS + 1"--> <!--#endif--> <!--#endif--> <!--#endif--> <!--#endwhile--> <table width="100%" cellpadding="0" cellspacing="0" border="0" summary="" style="padding-left:10px;padding-right:10px;"> <tr> <td width="100%"><table width="100%" cellpadding="0" cellspacing="0" border="0" summary=""> <tr> <td style="height:5px;"></td> </tr> <!--#if expr="$ARTICLENDX != -1"--> <tr> <td><a class="SubTitleB" href="<X-FC-OBJURL>?Plugin=Blog&Documents=1&OpenArticleURL=<X-FC-LIST-ITEM-URI `$ARTICLENDX` RELATIVE>"><X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[Subject]></a></td> </tr> <tr> <td style="height:3px;"></td> </tr> <tr> <td class="BlogLine" style="height:1px;"></td> </tr> <tr> <td style="height:3px;"></td> </tr> <tr> <td><table width="100%" cellpadding="0" cellspacing="0" border="0" summary=""> <tr> <td class="DocInfo" nowrap="nowrap"><!--#if expr="<X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[1001] EXISTS>"--><X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[1001] LONGTIME><!--#else--><X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[DATE] LONGTIME><!--#endif--></td> <td class="DocInfo" align="right" nowrap="nowrap"><X-FC-FIELD LANG.7546.1 STRING> <X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[8082] HTML></td> </tr> </table></td> </tr> <!--#if expr="<X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[8063] EXISTS>"--> <tr> <td style="height:15px;"></td> </tr> <tr> <td class="gt"><!--#echo expr="@substr(`<X-FC-LIST-ITEM `$ARTICLENDX` COLUMN[8063]>`,0,250)"--></td> </tr> <!--#endif--> <!--#endif ARTICLENDX != -1--> <tr> <td style="height:30px;"></td> </tr> <tr> <td class="BlogHColor" style="height:3px;"></td> </tr> <tr> <td class="BlogHColor"><div class="BlogHInfo" style="white-space:nowrap;"> <!--#set var="COMMENTSSTR" value="<X-FC-FIELD LANG.7547.6 STRING>"--><!--#echo expr="@split($COMMENTSSTR, "^1")"--><!--#echo var="NUMCOMMENTS"--><!--#echo var="COMMENTSSTR"--></div></td> </tr> <tr> <td class="BlogHColor" style="height:3px;"></td> </tr> <tr> <td style="height:20px;"></td> </tr> <X-FC-WHITEPSACE RETAIN>