From bbe01633666241e5cd04a79a9b727d0f95f2fad4 Mon Sep 17 00:00:00 2001
From: Jordan Wright <jmwright798@gmail.com>
Date: Sat, 13 Feb 2016 16:11:45 -0600
Subject: [PATCH] Adding checkboxes to handle capturing credentials and
 passwords

---
 static/css/main.css            |  3 +++
 static/js/app/landing_pages.js | 18 +++++++++++++++++-
 templates/landing_pages.html   | 11 +++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/static/css/main.css b/static/css/main.css
index dcf13bb9..39da52ee 100644
--- a/static/css/main.css
+++ b/static/css/main.css
@@ -455,3 +455,6 @@ td.details-control{
 .tooltip-inner {
 	width:300px !important;
 }
+#capture_passwords {
+	display:none;
+}
diff --git a/static/js/app/landing_pages.js b/static/js/app/landing_pages.js
index 550048b4..4450eeff 100644
--- a/static/js/app/landing_pages.js
+++ b/static/js/app/landing_pages.js
@@ -9,7 +9,20 @@ var pages = []
 function save(idx) {
     var page = {}
     page.name = $("#name").val()
-    page.html = CKEDITOR.instances["html_editor"].getData();
+    editor = CKEDITOR.instances["html_editor"]
+    html = editor.getData();
+    ck_dom = $(html)
+        // Handle capturing credentials
+    if ($("#capture_credentials_checkbox").prop("checked")) {
+        ck_dom.find("form").attr("action", "")
+        if (!$("#capture_passwords_checkbox").prop("checked")) {
+            // Remove the name so the credential isn't submitted
+            ck_dom.find("input[type='password']").removeAttr("name")
+        }
+    } else {
+        ck_dom.find("form").attr("action", "#")
+    }
+    page.html = editor.getData();
     if (idx != -1) {
         page.id = pages[idx].id
         api.pageId.put(page)
@@ -163,5 +176,8 @@ $(document).ready(function() {
                 }
             }, this));
     };
+    $("#capture_credentials_checkbox").change(function(){
+    	$("#capture_passwords").toggle()
+    })
     load()
 })
diff --git a/templates/landing_pages.html b/templates/landing_pages.html
index 6efe51f8..172079ee 100644
--- a/templates/landing_pages.html
+++ b/templates/landing_pages.html
@@ -80,6 +80,17 @@
                     <textarea id="html_editor"></textarea>
                 </div>
             </div>
+	    <div class="checkbox checkbox-primary">
+                <input id="capture_credentials_checkbox" type="checkbox">
+		<label for="capture_credentials_checkbox">Capture Submitted Data <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="If the landing page contains a form, submitted input (except passwords!) will be captured."></i></label>
+            </div>
+	    <div class="checkbox checkbox-primary" id="capture_passwords">
+                <input id="capture_passwords_checkbox" type="checkbox">
+		<label for="capture_passwords_checkbox">Capture Passwords</label>
+		<div class="alert alert-warning">
+			<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not encrypted</b>. This means that captured passwords are stored in the database as cleartext. Be careful with this!
+		</div>
+            </div>
         </div>
         <div class="modal-footer">
             <button type="button" data-dismiss="modal" class="btn btn-default" onclick="dismiss()">Cancel</button>