0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Special user/login-related pages
23
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
+ − 6
Author: Dan Fuhry
+ − 7
Version: 1.0
23
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13
* Version 1.0 release candidate 2
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Log in\',
+ − 29
\'urlname\'=>\'Login\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
$paths->add_page(Array(
+ − 34
\'name\'=>\'Log out\',
+ − 35
\'urlname\'=>\'Logout\',
+ − 36
\'namespace\'=>\'Special\',
+ − 37
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 38
));
+ − 39
$paths->add_page(Array(
+ − 40
\'name\'=>\'Register\',
+ − 41
\'urlname\'=>\'Register\',
+ − 42
\'namespace\'=>\'Special\',
+ − 43
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 44
));
+ − 45
$paths->add_page(Array(
+ − 46
\'name\'=>\'Edit Profile\',
+ − 47
\'urlname\'=>\'Preferences\',
+ − 48
\'namespace\'=>\'Special\',
+ − 49
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 50
));
+ − 51
+ − 52
$paths->add_page(Array(
+ − 53
\'name\'=>\'Contributions\',
+ − 54
\'urlname\'=>\'Contributions\',
+ − 55
\'namespace\'=>\'Special\',
+ − 56
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 57
));
+ − 58
+ − 59
$paths->add_page(Array(
+ − 60
\'name\'=>\'Change style\',
+ − 61
\'urlname\'=>\'ChangeStyle\',
+ − 62
\'namespace\'=>\'Special\',
+ − 63
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 64
));
+ − 65
+ − 66
$paths->add_page(Array(
+ − 67
\'name\'=>\'Activate user account\',
+ − 68
\'urlname\'=>\'ActivateAccount\',
+ − 69
\'namespace\'=>\'Special\',
+ − 70
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 71
));
+ − 72
+ − 73
$paths->add_page(Array(
+ − 74
\'name\'=>\'Captcha\',
+ − 75
\'urlname\'=>\'Captcha\',
+ − 76
\'namespace\'=>\'Special\',
+ − 77
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 78
));
+ − 79
+ − 80
$paths->add_page(Array(
+ − 81
\'name\'=>\'Forgot password\',
+ − 82
\'urlname\'=>\'PasswordReset\',
+ − 83
\'namespace\'=>\'Special\',
+ − 84
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 85
));
+ − 86
');
+ − 87
+ − 88
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 89
+ − 90
$__login_status = '';
+ − 91
+ − 92
function page_Special_Login()
+ − 93
{
+ − 94
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95
global $__login_status;
+ − 96
+ − 97
$pubkey = $session->rijndael_genkey();
+ − 98
$challenge = $session->dss_rand();
+ − 99
+ − 100
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 101
{
+ − 102
$response = Array(
+ − 103
'key' => $pubkey,
+ − 104
'challenge' => $challenge
+ − 105
);
+ − 106
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 107
$response = $json->encode($response);
+ − 108
echo $response;
+ − 109
return null;
+ − 110
}
+ − 111
+ − 112
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 113
if ( isset($_POST['login']) )
+ − 114
{
+ − 115
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 116
{
+ − 117
$level = intval($_POST['auth_level']);
+ − 118
}
+ − 119
}
+ − 120
+ − 121
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 122
{
+ − 123
$level = USER_LEVEL_MEMBER;
+ − 124
}
+ − 125
$template->header();
+ − 126
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
+ − 127
$header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ − 128
if ( isset($_POST['login']) )
+ − 129
{
+ − 130
echo '<p>'.$__login_status.'</p>';
+ − 131
}
+ − 132
if ( $p = $paths->getAllParams() )
+ − 133
{
+ − 134
echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 135
}
+ − 136
else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 137
{
+ − 138
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 139
}
+ − 140
?>
+ − 141
<div class="tblholder">
+ − 142
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 143
<tr>
+ − 144
<th colspan="3"><?php echo $header; ?></th>
+ − 145
</tr>
+ − 146
<tr>
+ − 147
<td colspan="3" class="row1">
+ − 148
<?php
+ − 149
if ( $level <= USER_LEVEL_MEMBER )
+ − 150
{
+ − 151
echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ − 152
}
+ − 153
else
+ − 154
{
+ − 155
echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ − 156
}
+ − 157
?>
+ − 158
</td>
+ − 159
</tr>
+ − 160
<tr>
+ − 161
<td class="row2">
+ − 162
Username:
+ − 163
</td>
+ − 164
<td class="row1">
+ − 165
<input name="username" size="25" type="text" <?php
+ − 166
if ( $level <= USER_LEVEL_MEMBER )
+ − 167
{
+ − 168
echo 'tabindex="1" ';
+ − 169
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 170
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 171
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 172
echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 173
}
0
+ − 174
if ( $session->user_logged_in )
+ − 175
{
+ − 176
echo 'value="' . $session->username . '"';
+ − 177
}
+ − 178
?> />
+ − 179
</td>
+ − 180
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 181
<td rowspan="2" class="row3">
+ − 182
<small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
+ − 183
Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ − 184
</td>
+ − 185
<?php } ?>
+ − 186
</tr>
+ − 187
<tr>
+ − 188
<td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ − 189
</tr>
+ − 190
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 191
<tr>
+ − 192
<td class="row3" colspan="3">
+ − 193
<p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
+ − 194
<p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ − 195
</td>
+ − 196
</tr>
+ − 197
<?php } ?>
+ − 198
<tr>
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 199
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
+ − 200
</tr>
+ − 201
</table>
+ − 202
</div>
+ − 203
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 204
<input type="hidden" name="use_crypt" value="no" />
+ − 205
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 206
<input type="hidden" name="crypt_data" value="" />
+ − 207
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 208
<?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 209
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 210
document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 211
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 212
<?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 213
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 214
document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 215
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 216
<?php endif; ?>
0
+ − 217
</form>
+ − 218
<?php
+ − 219
echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
+ − 220
?>
+ − 221
<?php
+ − 222
$template->footer();
+ − 223
}
+ − 224
+ − 225
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 226
{
+ − 227
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 228
global $__login_status;
+ − 229
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 230
{
+ − 231
$plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
+ − 232
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 233
$data = $json->decode($_POST['params']);
+ − 234
$level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
+ − 235
$result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ − 236
$session->start();
+ − 237
//echo "$result\n$session->sid_super";
+ − 238
//exit;
+ − 239
if ( $result == 'success' )
+ − 240
{
+ − 241
$response = Array(
+ − 242
'result' => 'success',
+ − 243
'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
+ − 244
);
+ − 245
}
+ − 246
else
+ − 247
{
+ − 248
$response = Array(
+ − 249
'result' => 'error',
+ − 250
'error' => $result
+ − 251
);
+ − 252
}
+ − 253
$response = $json->encode($response);
+ − 254
echo $response;
+ − 255
$db->close();
+ − 256
exit;
+ − 257
}
+ − 258
if(isset($_POST['login'])) {
+ − 259
if($_POST['use_crypt'] == 'yes')
+ − 260
{
+ − 261
$result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ − 262
}
+ − 263
else
+ − 264
{
+ − 265
$result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ − 266
}
+ − 267
$session->start();
+ − 268
$paths->init();
+ − 269
if($result == 'success')
+ − 270
{
+ − 271
$template->load_theme($session->theme, $session->style);
+ − 272
if(isset($_POST['return_to']))
+ − 273
{
+ − 274
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
+ − 275
redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ − 276
}
+ − 277
else
+ − 278
{
+ − 279
$paths->main_page();
+ − 280
}
+ − 281
}
+ − 282
else
+ − 283
{
+ − 284
$GLOBALS['__login_status'] = $result;
+ − 285
}
+ − 286
}
+ − 287
}
+ − 288
+ − 289
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 290
{
+ − 291
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 292
+ − 293
$response = Array(
+ − 294
'result' => 'success_reset',
+ − 295
'user_id' => $user_id,
+ − 296
'temppass' => $passkey
+ − 297
);
+ − 298
+ − 299
$response = $json->encode($response);
+ − 300
echo $response;
+ − 301
+ − 302
$db->close();
+ − 303
+ − 304
exit;
+ − 305
}
+ − 306
+ − 307
function page_Special_Logout() {
+ − 308
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 309
$l = $session->logout();
+ − 310
if($l == 'success') $paths->main_page();
+ − 311
$template->header();
+ − 312
echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ − 313
$template->footer();
+ − 314
}
+ − 315
30
+ − 316
function page_Special_Register()
+ − 317
{
0
+ − 318
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 319
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 320
{
+ − 321
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
+ − 322
die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ − 323
}
30
+ − 324
if(isset($_POST['submit']))
+ − 325
{
+ − 326
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 327
0
+ − 328
$captcharesult = $session->get_captcha($_POST['captchahash']);
+ − 329
if($captcharesult != $_POST['captchacode'])
30
+ − 330
{
0
+ − 331
$s = 'The confirmation code you entered was incorrect.';
30
+ − 332
}
0
+ − 333
else
30
+ − 334
{
+ − 335
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 336
{
+ − 337
$s = 'Invalid COPPA input';
+ − 338
}
+ − 339
else
+ − 340
{
+ − 341
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
+ − 342
+ − 343
// CAPTCHA code was correct, create the account
+ − 344
$s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);
+ − 345
}
+ − 346
}
+ − 347
if($s == 'success' && !isset($coppa))
0
+ − 348
{
+ − 349
switch(getConfig('account_activation'))
+ − 350
{
+ − 351
case "none":
+ − 352
default:
+ − 353
$str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ − 354
break;
+ − 355
case "user":
+ − 356
$str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ − 357
break;
+ − 358
case "admin":
+ − 359
$str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ − 360
break;
+ − 361
}
+ − 362
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 363
}
30
+ − 364
else if ( $s == 'success' && $coppa )
+ − 365
{
+ − 366
$str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
+ − 367
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 368
}
0
+ − 369
}
+ − 370
$template->header();
+ − 371
echo 'A user account enables you to have greater control over your browsing experience.';
30
+ − 372
+ − 373
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 374
{
+ − 375
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 376
$session->kill_captcha();
+ − 377
$captchacode = $session->make_captcha();
+ − 378
?>
+ − 379
<h3>Create a user account</h3>
+ − 380
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 381
<div class="tblholder">
+ − 382
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 383
<tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ − 384
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
+ − 385
<tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
+ − 386
<tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
+ − 387
<tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
+ − 388
<tr><td class="row1" style="width: 50%;"><?php if ( $coppa ) echo 'Your parent or guardian\'s e'; else echo 'E'; ?>-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
+ − 389
<tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
+ − 390
<tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
+ − 391
<tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
+ − 392
<tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
+ − 393
</table>
+ − 394
</div>
+ − 395
<?php
+ − 396
$val = ( $coppa ) ? 'yes' : 'no';
+ − 397
echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 398
?>
+ − 399
</form>
+ − 400
<script type="text/javascript">
+ − 401
// <![CDATA[
+ − 402
var namegood = false;
+ − 403
function validateForm()
0
+ − 404
{
30
+ − 405
var frm = document.forms.regform;
+ − 406
failed = false;
+ − 407
+ − 408
// Username
+ − 409
if(!namegood)
0
+ − 410
{
30
+ − 411
if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
+ − 412
{
+ − 413
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 414
document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ − 415
} else {
+ − 416
failed = true;
+ − 417
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 418
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 419
}
+ − 420
}
+ − 421
document.getElementById('b_username').innerHTML = '';
+ − 422
if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
+ − 423
{
+ − 424
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 425
}
+ − 426
+ − 427
// Password
+ − 428
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ − 429
{
+ − 430
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 431
document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
0
+ − 432
} else {
+ − 433
failed = true;
30
+ − 434
if(frm.password.value.length < 6)
+ − 435
document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ − 436
else if(frm.password.value != frm.password_confirm.value)
+ − 437
document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
+ − 438
else
+ − 439
document.getElementById('e_password').innerHTML = '';
+ − 440
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 441
}
+ − 442
+ − 443
// E-mail address
+ − 444
if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ − 445
{
+ − 446
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 447
} else {
+ − 448
failed = true;
+ − 449
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 450
}
+ − 451
if(failed)
+ − 452
{
+ − 453
frm.submit.disabled = 'disabled';
+ − 454
} else {
+ − 455
frm.submit.disabled = false;
0
+ − 456
}
+ − 457
}
30
+ − 458
function checkUsername()
0
+ − 459
{
30
+ − 460
var frm = document.forms.regform;
+ − 461
+ − 462
if(!namegood)
+ − 463
{
+ − 464
if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ − 465
{
+ − 466
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 467
document.getElementById('e_username').innerHTML = '';
+ − 468
} else {
+ − 469
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 470
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 471
return false;
+ − 472
}
+ − 473
}
+ − 474
+ − 475
document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ − 476
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
+ − 477
if(ajax.readyState == 4)
+ − 478
if(ajax.responseText == 'good')
+ − 479
{
+ − 480
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 481
document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ − 482
namegood = true;
+ − 483
} else if(ajax.responseText == 'bad') {
+ − 484
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 485
document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ − 486
namegood = false;
+ − 487
} else {
+ − 488
document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 489
}
+ − 490
});
0
+ − 491
}
30
+ − 492
function regenCaptcha()
0
+ − 493
{
30
+ − 494
var frm = document.forms.regform;
+ − 495
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
+ − 496
return false;
0
+ − 497
}
30
+ − 498
validateForm();
+ − 499
setTimeout('checkUsername();', 1000);
+ − 500
// ]]>
+ − 501
</script>
+ − 502
<?php
+ − 503
}
+ − 504
else
+ − 505
{
+ − 506
$year = intval( date('Y') );
+ − 507
$year = $year - 13;
+ − 508
$month = date('F');
+ − 509
$day = date('d');
+ − 510
+ − 511
$yo13_date = "$month $day, $year";
+ − 512
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 513
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 514
+ − 515
// COPPA enabled, ask age
+ − 516
echo '<div class="tblholder">';
+ − 517
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 518
echo '<tr>
+ − 519
<td class="row1">
+ − 520
Before you can register, please tell us your age.
+ − 521
</td>
+ − 522
</tr>
+ − 523
<tr>
+ − 524
<td class="row3">
+ − 525
<a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
+ − 526
<a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ − 527
</td>
+ − 528
</tr>';
+ − 529
echo '</table>';
+ − 530
echo '</div>';
+ − 531
}
0
+ − 532
$template->footer();
+ − 533
}
+ − 534
+ − 535
/*
+ − 536
If you want the old preferences page back, be my guest.
+ − 537
function page_Special_Preferences() {
+ − 538
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 539
$template->header();
+ − 540
if(isset($_POST['submit'])) {
+ − 541
$data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
+ − 542
if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
+ − 543
else echo $data;
+ − 544
} else {
+ − 545
echo '
+ − 546
<h3>Edit your profile</h3>
+ − 547
<form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
+ − 548
<table border="0" style="margin-left: 0.2in;">
+ − 549
<tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
+ − 550
<tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
+ − 551
<tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
+ − 552
<tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
+ − 553
<tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
+ − 554
<tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
+ − 555
<tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
+ − 556
<tr><td colspan="2">
+ − 557
<input type="submit" name="submit" value="Save Changes" /></td></tr>
+ − 558
</table>
+ − 559
</form>
+ − 560
';
+ − 561
}
+ − 562
$template->footer();
+ − 563
}
+ − 564
*/
+ − 565
+ − 566
function page_Special_Contributions() {
+ − 567
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 568
$template->header();
+ − 569
$user = $paths->getParam();
+ − 570
if(!$user && isset($_GET['user']))
+ − 571
{
+ − 572
$user = $_GET['user'];
+ − 573
}
+ − 574
elseif(!$user && !isset($_GET['user']))
+ − 575
{
+ − 576
echo 'No user selected!';
+ − 577
$template->footer();
+ − 578
$db->close();
+ − 579
exit;
+ − 580
}
+ − 581
+ − 582
$user = $db->escape($user);
+ − 583
+ − 584
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
+ − 585
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 586
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 587
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 588
while($r = $db->fetchrow()) {
+ − 589
echo '<a href="#" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: '.$r['edit_summary'];
+ − 590
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 591
echo '<br />';
+ − 592
}
+ − 593
$db->free_result();
+ − 594
echo '<h3>Other changes:</h3>';
+ − 595
$q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
+ − 596
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 597
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 598
while($r = $db->fetchrow()) {
+ − 599
if($r['log_type']=='page') {
+ − 600
echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: ';
+ − 601
if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary'];
+ − 602
elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary'];
+ − 603
elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary'];
+ − 604
elseif($r['action']=='create') echo 'Created page';
+ − 605
elseif($r['action']=='delete') echo 'Deleted page';
+ − 606
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 607
echo '<br />';
+ − 608
} elseif($r['log_type']=='security') {
+ − 609
// Not implemented, and when it is, it won't be public
+ − 610
}
+ − 611
}
+ − 612
$db->free_result();
+ − 613
$template->footer();
+ − 614
}
+ − 615
+ − 616
function page_Special_ChangeStyle()
+ − 617
{
+ − 618
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 619
if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
+ − 620
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 621
{
+ − 622
$d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 623
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
+ − 624
if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
+ − 625
if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
+ − 626
$d = $db->escape($_POST['theme']);
+ − 627
$f = $db->escape($_POST['style']);
+ − 628
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
+ − 629
if(!$db->sql_query($q))
+ − 630
{
+ − 631
$db->_die('Your theme/style preferences were not updated.');
+ − 632
}
+ − 633
else
+ − 634
{
+ − 635
redirect(makeUrl($_POST['return_to']), '', '', 0);
+ − 636
}
+ − 637
}
+ − 638
else
+ − 639
{
+ − 640
$template->header();
+ − 641
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
+ − 642
if(!$ret) $ret = getConfig('main_page');
+ − 643
?>
+ − 644
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 645
<?php if(!isset($_POST['themeselected'])) { ?>
+ − 646
<h3>Please select a new theme:</h3>
+ − 647
<p>
+ − 648
<select name="theme">
+ − 649
<?php
+ − 650
foreach($template->theme_list as $t) {
+ − 651
if($t['enabled'])
+ − 652
{
+ − 653
echo '<option value="'.$t['theme_id'].'"';
+ − 654
if($t['theme_id'] == $session->theme) echo ' selected="selected"';
+ − 655
echo '>'.$t['theme_name'].'</option>';
+ − 656
}
+ − 657
}
+ − 658
?>
+ − 659
</select>
+ − 660
</p>
+ − 661
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 662
<input type="submit" name="themeselected" value="Continue" /></p>
+ − 663
<?php } else {
+ − 664
$theme = $_POST['theme'];
+ − 665
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 666
die('Hacking attempt');
+ − 667
?>
+ − 668
<h3>Please select a stylesheet:</h3>
+ − 669
<p>
+ − 670
<select name="style">
+ − 671
<?php
+ − 672
$dir = './themes/'.$theme.'/css/';
+ − 673
$list = Array();
+ − 674
// Open a known directory, and proceed to read its contents
+ − 675
if (is_dir($dir)) {
+ − 676
if ($dh = opendir($dir)) {
+ − 677
while (($file = readdir($dh)) !== false) {
+ − 678
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 679
$list[] = substr($file, 0, strlen($file)-4);
+ − 680
}
+ − 681
}
+ − 682
closedir($dh);
+ − 683
}
+ − 684
} else die($dir.' is not a dir');
+ − 685
foreach ( $list as $l )
+ − 686
{
+ − 687
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 688
}
+ − 689
?>
+ − 690
</select>
+ − 691
</p>
+ − 692
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 693
<input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+ − 694
<input type="submit" name="allclear" value="Change style" /></p>
+ − 695
<?php } ?>
+ − 696
</form>
+ − 697
<?php
+ − 698
$template->footer();
+ − 699
}
+ − 700
}
+ − 701
+ − 702
function page_Special_ActivateAccount()
+ − 703
{
+ − 704
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 705
$user = $paths->getParam(0);
+ − 706
if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 707
$key = $paths->getParam(1);
+ − 708
if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 709
$s = $session->activate_account(str_replace('_', ' ', $user), $key);
+ − 710
if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
+ − 711
else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
+ − 712
}
+ − 713
+ − 714
function page_Special_Captcha()
+ − 715
{
+ − 716
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 717
if($paths->getParam(0) == 'make')
+ − 718
{
+ − 719
$session->kill_captcha();
+ − 720
echo $session->make_captcha();
+ − 721
return;
+ − 722
}
+ − 723
$hash = $paths->getParam(0);
+ − 724
if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
+ − 725
$code = $session->get_captcha($hash);
+ − 726
if(!$code) die('Invalid hash or IP address incorrect.');
+ − 727
require(ENANO_ROOT.'/includes/captcha.php');
+ − 728
$captcha = new captcha($code);
+ − 729
//header('Content-disposition: attachment; filename=autocaptcha.png');
+ − 730
$captcha->make_image();
+ − 731
exit;
+ − 732
}
+ − 733
+ − 734
function page_Special_PasswordReset()
+ − 735
{
+ − 736
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 737
$template->header();
+ − 738
if($paths->getParam(0) == 'stage2')
+ − 739
{
+ − 740
$user_id = intval($paths->getParam(1));
+ − 741
$encpass = $paths->getParam(2);
+ − 742
if ( $user_id < 2 )
+ − 743
{
+ − 744
echo '<p>Hacking attempt</p>';
+ − 745
$template->footer();
+ − 746
return false;
+ − 747
}
+ − 748
if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 749
{
+ − 750
echo '<p>Hacking attempt</p>';
+ − 751
$template->footer();
+ − 752
return false;
+ − 753
}
+ − 754
+ − 755
$q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 756
if($db->numrows() < 1)
+ − 757
{
+ − 758
echo '<p>Invalid credentials</p>';
+ − 759
$template->footer();
+ − 760
return false;
+ − 761
}
+ − 762
$row = $db->fetchrow();
+ − 763
$db->free_result();
+ − 764
+ − 765
if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
+ − 766
{
+ − 767
echo '<p>Password has expired</p>';
+ − 768
$template->footer();
+ − 769
return false;
+ − 770
}
+ − 771
+ − 772
if ( isset($_POST['do_stage2']) )
+ − 773
{
+ − 774
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 775
if($_POST['use_crypt'] == 'yes')
+ − 776
{
+ − 777
$crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 778
if(!$crypt_key)
+ − 779
{
+ − 780
echo 'ERROR: Couldn\'t look up public key for decryption.';
+ − 781
$template->footer();
+ − 782
return false;
+ − 783
}
+ − 784
$crypt_key = hexdecode($crypt_key);
+ − 785
$data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 786
if(strlen($data) < 6)
+ − 787
{
+ − 788
echo 'ERROR: Your password must be six characters or greater in length.';
+ − 789
$template->footer();
+ − 790
return false;
+ − 791
}
+ − 792
}
+ − 793
else
+ − 794
{
+ − 795
$data = $_POST['pass'];
+ − 796
$conf = $_POST['pass_confirm'];
+ − 797
if($data != $conf)
+ − 798
{
+ − 799
echo 'ERROR: The passwords you entered do not match.';
+ − 800
$template->footer();
+ − 801
return false;
+ − 802
}
+ − 803
if(strlen($data) < 6)
+ − 804
{
+ − 805
echo 'ERROR: Your password must be six characters or greater in length.';
+ − 806
$template->footer();
+ − 807
return false;
+ − 808
}
+ − 809
}
+ − 810
if(empty($data))
+ − 811
{
+ − 812
echo 'ERROR: Sanity check failed!';
+ − 813
$template->footer();
+ − 814
return false;
+ − 815
}
+ − 816
$encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
+ − 817
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 818
+ − 819
if($q)
+ − 820
{
+ − 821
$session->login_without_crypto($row['username'], $data);
+ − 822
echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
+ − 823
}
+ − 824
else
+ − 825
{
+ − 826
echo $db->get_error();
+ − 827
}
+ − 828
+ − 829
$template->footer();
+ − 830
return false;
+ − 831
}
+ − 832
+ − 833
// Password reset form
+ − 834
$pubkey = $session->rijndael_genkey();
+ − 835
+ − 836
?>
+ − 837
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 838
<br />
+ − 839
<div class="tblholder">
+ − 840
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 841
<tr><th colspan="2">Reset password</th></tr>
+ − 842
<tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
+ − 843
<tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
+ − 844
<tr>
+ − 845
<td colspan="2" class="row1" style="text-align: center;">
+ − 846
<input type="hidden" name="use_crypt" value="no" />
+ − 847
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 848
<input type="hidden" name="crypt_data" value="" />
+ − 849
<input type="submit" name="do_stage2" value="Reset password" />
+ − 850
</td>
+ − 851
</tr>
+ − 852
</table>
+ − 853
</div>
+ − 854
</form>
+ − 855
<script type="text/javascript">
+ − 856
disableJSONExts();
+ − 857
str = '';
+ − 858
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 859
var key = hexToByteArray(str);
+ − 860
var pt = hexToByteArray(str);
+ − 861
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 862
var ct = byteArrayToHex(ct);
+ − 863
switch(keySizeInBits)
+ − 864
{
+ − 865
case 128:
+ − 866
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 867
break;
+ − 868
case 192:
+ − 869
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 870
break;
+ − 871
case 256:
+ − 872
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 873
break;
+ − 874
}
+ − 875
var testpassed = ( ct == v && md5_vm_test() );
+ − 876
var frm = document.forms.resetform;
+ − 877
if(testpassed)
+ − 878
{
+ − 879
frm.use_crypt.value = 'yes';
+ − 880
var cryptkey = frm.crypt_key.value;
+ − 881
frm.crypt_key.value = hex_md5(cryptkey);
+ − 882
cryptkey = hexToByteArray(cryptkey);
+ − 883
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 884
{
+ − 885
frm._login.disabled = true;
+ − 886
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 887
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 888
}
+ − 889
}
+ − 890
function runEncryption()
+ − 891
{
+ − 892
pass1 = frm.pass.value;
+ − 893
pass2 = frm.pass_confirm.value;
+ − 894
if ( pass1 != pass2 )
+ − 895
{
+ − 896
alert('The passwords you entered do not match.');
+ − 897
return false;
+ − 898
}
+ − 899
if ( pass1.length < 6 )
+ − 900
{
+ − 901
alert('The new password must be 6 characters or greater in length.');
+ − 902
return false;
+ − 903
}
+ − 904
if(testpassed)
+ − 905
{
+ − 906
pass = frm.pass.value;
+ − 907
pass = stringToByteArray(pass);
+ − 908
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 909
if(!cryptstring)
+ − 910
{
+ − 911
return false;
+ − 912
}
+ − 913
cryptstring = byteArrayToHex(cryptstring);
+ − 914
frm.crypt_data.value = cryptstring;
+ − 915
frm.pass.value = "";
+ − 916
frm.pass_confirm.value = "";
+ − 917
}
+ − 918
return true;
+ − 919
}
+ − 920
</script>
+ − 921
<?php
+ − 922
$template->footer();
+ − 923
return true;
+ − 924
}
+ − 925
if(isset($_POST['do_reset']))
+ − 926
{
+ − 927
if($session->mail_password_reset($_POST['username']))
+ − 928
{
+ − 929
echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
+ − 930
}
+ − 931
else
+ − 932
{
+ − 933
echo '<p>Error occured, your new password was not sent.</p>';
+ − 934
}
+ − 935
$template->footer();
+ − 936
return true;
+ − 937
}
+ − 938
echo '<p>Don\'t worry, it happens to the best of us.</p>
+ − 939
<p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
+ − 940
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 941
<p>Username: '.$template->username_field('username').'</p>
+ − 942
<p><input type="submit" name="do_reset" value="Mail new password" /></p>
+ − 943
</form>';
+ − 944
$template->footer();
+ − 945
}
+ − 946
+ − 947
?>