| author | Dan |
| Mon, 11 Aug 2008 21:43:04 -0400 | |
| changeset 684 | 15dbbe7e7674 |
| parent 621 | 68f8a9cc0a18 |
| child 685 | 17ebe24cdf85 |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
2 |
/**!info** |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
3 |
{
|
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialuserfuncs_title", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
6 |
"Description" : "plugin_specialuserfuncs_desc", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
8 |
"Version" : "1.1.4", |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
10 |
} |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
11 |
**!*/ |
| 0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
| 536 | 15 |
* Version 1.1.4 (Caoineag alpha 4) |
16 |
* Copyright (C) 2006-2008 Dan Fuhry |
|
| 0 | 17 |
* |
18 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
19 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
20 |
* |
|
21 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
22 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
23 |
*/ |
|
24 |
||
25 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
26 |
||
|
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
591
diff
changeset
|
27 |
// $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();');
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
28 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
29 |
function SpecialUserFuncs_paths_init() |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
30 |
{
|
| 0 | 31 |
global $paths; |
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
32 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
33 |
'name'=>'specialpage_log_in', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
34 |
'urlname'=>'Login', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
35 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
36 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
37 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
38 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
39 |
'name'=>'specialpage_log_out', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
40 |
'urlname'=>'Logout', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
41 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
42 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
43 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
44 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
45 |
'name'=>'specialpage_register', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
46 |
'urlname'=>'Register', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
47 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
48 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
49 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
50 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
51 |
'name'=>'specialpage_preferences', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
52 |
'urlname'=>'Preferences', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
53 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
54 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
55 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
56 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
57 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
58 |
'name'=>'specialpage_contributions', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
59 |
'urlname'=>'Contributions', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
60 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
61 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
62 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
63 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
64 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
65 |
'name'=>'specialpage_change_theme', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
66 |
'urlname'=>'ChangeStyle', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
67 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
68 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
69 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
70 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
71 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
72 |
'name'=>'specialpage_activate_account', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
73 |
'urlname'=>'ActivateAccount', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
74 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
75 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
76 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
77 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
78 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
79 |
'name'=>'specialpage_captcha', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
80 |
'urlname'=>'Captcha', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
81 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
82 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
83 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
84 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
85 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
86 |
'name'=>'specialpage_password_reset', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
87 |
'urlname'=>'PasswordReset', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
88 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
89 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
90 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
91 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
92 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
93 |
'name'=>'specialpage_member_list', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
94 |
'urlname'=>'Memberlist', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
95 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
96 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
97 |
)); |
| 0 | 98 |
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
99 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
100 |
'name'=>'specialpage_language_export', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
101 |
'urlname'=>'LangExportJSON', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
102 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
103 |
'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
104 |
)); |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
105 |
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
106 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
107 |
'name'=>'specialpage_avatar', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
108 |
'urlname'=>'Avatar', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
109 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
110 |
'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
111 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
112 |
} |
| 0 | 113 |
|
114 |
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
|
115 |
||
116 |
$__login_status = ''; |
|
117 |
||
118 |
function page_Special_Login() |
|
119 |
{
|
|
120 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
121 |
global $__login_status; |
|
| 209 | 122 |
global $lang; |
| 0 | 123 |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
124 |
require_once( ENANO_ROOT . '/includes/diffiehellman.php' ); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
125 |
global $dh_supported, $_math; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
126 |
|
| 0 | 127 |
$pubkey = $session->rijndael_genkey(); |
128 |
$challenge = $session->dss_rand(); |
|
129 |
||
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
130 |
$locked_out = false; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
131 |
// are we locked out? |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
132 |
$threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
133 |
$duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
134 |
// convert to minutes |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
135 |
$duration = $duration * 60; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
136 |
$policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
137 |
if ( $policy != 'disable' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
138 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
139 |
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
140 |
$timestamp_cutoff = time() - $duration; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
141 |
$q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
142 |
$fails = $db->numrows(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
143 |
if ( $fails >= $threshold ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
144 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
145 |
$row = $db->fetchrow(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
146 |
$locked_out = true; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
147 |
$lockdata = array( |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
148 |
'locked_out' => true, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
149 |
'lockout_threshold' => $threshold, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
150 |
'lockout_duration' => ( $duration / 60 ), |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
151 |
'lockout_fails' => $fails, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
152 |
'lockout_policy' => $policy, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
153 |
'lockout_last_time' => $row['timestamp'], |
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
154 |
'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
155 |
'captcha' => '' |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
156 |
); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
157 |
if ( $policy == 'captcha' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
158 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
159 |
$lockdata['captcha'] = $session->make_captcha(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
160 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
161 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
162 |
$db->free_result(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
163 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
164 |
|
| 0 | 165 |
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) |
166 |
{
|
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
167 |
header('Content-type: text/javascript');
|
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
168 |
$username = ( $session->user_logged_in ) ? $session->username : false; |
| 0 | 169 |
$response = Array( |
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
170 |
'username' => $username, |
| 0 | 171 |
'key' => $pubkey, |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
172 |
'challenge' => $challenge, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
173 |
'locked_out' => false |
| 0 | 174 |
); |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
175 |
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
176 |
if ( $locked_out ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
177 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
178 |
foreach ( $lockdata as $x => $y ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
179 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
180 |
$response[$x] = $y; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
181 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
182 |
unset($x, $y); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
183 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
184 |
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
185 |
// 1.1.3: generate diffie hellman key |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
186 |
$response['dh_supported'] = $dh_supported; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
187 |
if ( $dh_supported ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
188 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
189 |
$dh_key_priv = dh_gen_private(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
190 |
$dh_key_pub = dh_gen_public($dh_key_priv); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
191 |
$dh_key_priv = $_math->str($dh_key_priv); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
192 |
$dh_key_pub = $_math->str($dh_key_pub); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
193 |
$response['dh_public_key'] = $dh_key_pub; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
194 |
// store the keys in the DB |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
195 |
$q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
196 |
if ( !$q ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
197 |
$db->die_json(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
198 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
199 |
|
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
326
diff
changeset
|
200 |
$response = enano_json_encode($response); |
| 0 | 201 |
echo $response; |
202 |
return null; |
|
203 |
} |
|
204 |
||
205 |
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
|
|
206 |
if ( isset($_POST['login']) ) |
|
207 |
{
|
|
208 |
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
|
|
209 |
{
|
|
210 |
$level = intval($_POST['auth_level']); |
|
211 |
} |
|
212 |
} |
|
213 |
||
214 |
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) |
|
215 |
{
|
|
216 |
$level = USER_LEVEL_MEMBER; |
|
217 |
} |
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
218 |
if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
219 |
$paths->main_page(); |
| 0 | 220 |
$template->header(); |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
221 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="try{runEncryption();}catch(e){};">';
|
| 209 | 222 |
$header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
|
| 0 | 223 |
if ( isset($_POST['login']) ) |
224 |
{
|
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
225 |
$errstring = $__login_status['error']; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
226 |
switch($__login_status['error']) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
227 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
228 |
case 'key_not_found': |
| 209 | 229 |
$errstring = $lang->get('user_err_key_not_found');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
230 |
break; |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
231 |
case 'ERR_DH_KEY_NOT_FOUND': |
|
586
234ddd896555
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
parents:
573
diff
changeset
|
232 |
$errstring = $lang->get('user_err_dh_key_not_found'); // . " -- {$__login_status['debug']}";
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
233 |
break; |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
234 |
case 'ERR_DH_KEY_NOT_INTEGER': |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
235 |
$errstring = $lang->get('user_err_dh_key_not_numeric');
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
236 |
break; |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
237 |
case 'key_wrong_length': |
| 209 | 238 |
$errstring = $lang->get('user_err_key_wrong_length');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
239 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
240 |
case 'too_big_for_britches': |
| 209 | 241 |
$errstring = $lang->get('user_err_too_big_for_britches');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
242 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
243 |
case 'invalid_credentials': |
| 209 | 244 |
$errstring = $lang->get('user_err_invalid_credentials');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
245 |
if ( $__login_status['lockout_policy'] == 'lockout' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
246 |
{
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
247 |
$errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
248 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
249 |
else if ( $__login_status['lockout_policy'] == 'captcha' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
250 |
{
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
251 |
$errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
252 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
253 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
254 |
case 'backend_fail': |
| 209 | 255 |
$errstring = $lang->get('user_err_backend_fail');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
256 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
257 |
case 'locked_out': |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
258 |
$attempts = intval($__login_status['lockout_fails']); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
259 |
if ( $attempts > $__login_status['lockout_threshold']) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
260 |
$attempts = $__login_status['lockout_threshold']; |
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
261 |
|
|
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
262 |
$server_time = time(); |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
263 |
$time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); |
| 209 | 264 |
if ( $time_rem < 1 ) |
265 |
$time_rem = $__login_status['lockout_duration']; |
|
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
266 |
|
| 209 | 267 |
$s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
|
268 |
||
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
269 |
$captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('user_err_locked_out_captcha_blurb') : '';
|
| 209 | 270 |
$errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
|
271 |
||
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
272 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
273 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
274 |
echo '<div class="error-box-mini">'.$errstring.'</div>'; |
| 0 | 275 |
} |
276 |
if ( $p = $paths->getAllParams() ) |
|
277 |
{
|
|
278 |
echo '<input type="hidden" name="return_to" value="'.$p.'" />'; |
|
279 |
} |
|
280 |
else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
|
281 |
{
|
|
282 |
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />'; |
|
283 |
} |
|
284 |
?> |
|
285 |
<div class="tblholder"> |
|
286 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
287 |
<tr> |
|
288 |
<th colspan="3"><?php echo $header; ?></th> |
|
289 |
</tr> |
|
290 |
<tr> |
|
291 |
<td colspan="3" class="row1"> |
|
292 |
<?php |
|
293 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
294 |
{
|
|
| 209 | 295 |
echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
|
| 0 | 296 |
} |
297 |
else |
|
298 |
{
|
|
| 209 | 299 |
echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
|
| 0 | 300 |
} |
301 |
?> |
|
302 |
</td> |
|
303 |
</tr> |
|
304 |
<tr> |
|
305 |
<td class="row2"> |
|
| 209 | 306 |
<?php echo $lang->get('user_login_field_username'); ?>:
|
| 0 | 307 |
</td> |
308 |
<td class="row1"> |
|
309 |
<input name="username" size="25" type="text" <?php |
|
310 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
311 |
{
|
|
312 |
echo 'tabindex="1" '; |
|
313 |
} |
|
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
314 |
else |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
315 |
{
|
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
316 |
echo 'tabindex="3" '; |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
317 |
} |
| 0 | 318 |
if ( $session->user_logged_in ) |
319 |
{
|
|
320 |
echo 'value="' . $session->username . '"'; |
|
321 |
} |
|
322 |
?> /> |
|
323 |
</td> |
|
324 |
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
|
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
325 |
<td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3"> |
| 209 | 326 |
<small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
|
327 |
<?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
|
|
| 0 | 328 |
</td> |
329 |
<?php } ?> |
|
330 |
</tr> |
|
331 |
<tr> |
|
| 209 | 332 |
<td class="row2"> |
333 |
<?php echo $lang->get('user_login_field_password'); ?>:
|
|
334 |
</td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td> |
|
| 0 | 335 |
</tr> |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
336 |
<?php |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
337 |
if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
338 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
339 |
?> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
340 |
<tr> |
| 209 | 341 |
<td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
342 |
</tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
343 |
<tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
344 |
<td class="row3"> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
345 |
<img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
346 |
</td> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
347 |
</tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
348 |
<?php |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
349 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
350 |
?> |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
351 |
<?php |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
352 |
if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
353 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
354 |
echo '<tr> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
355 |
<td class="row3" colspan="3">'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
356 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
357 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
358 |
$nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
359 |
echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
360 |
echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
361 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
362 |
echo ' </td> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
363 |
</tr>'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
364 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
365 |
else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
366 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
367 |
echo '<tr> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
368 |
<td class="row3" colspan="3">'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
369 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
370 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
371 |
$usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
372 |
echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
373 |
echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
374 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
375 |
echo ' </td> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
376 |
</tr>'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
377 |
} |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
378 |
else if ( $level > USER_LEVEL_MEMBER && !strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') && $dh_supported ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
379 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
380 |
echo '<tr>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
381 |
echo '<td class="row3" colspan="3">'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
382 |
echo '<p>' . $lang->get('user_login_dh_notice') . '</p>';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
383 |
echo '</td>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
384 |
echo '</tr>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
385 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
386 |
?> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
387 |
|
| 0 | 388 |
<tr> |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
389 |
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th> |
| 0 | 390 |
</tr> |
391 |
</table> |
|
392 |
</div> |
|
393 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
|
394 |
<input type="hidden" name="use_crypt" value="no" /> |
|
395 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
396 |
<input type="hidden" name="crypt_data" value="" /> |
|
397 |
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" /> |
|
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
398 |
<?php if ( $level <= USER_LEVEL_MEMBER ): ?> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
399 |
<script type="text/javascript"> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
400 |
document.forms.loginform.username.focus(); |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
401 |
</script> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
402 |
<?php else: ?> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
403 |
<script type="text/javascript"> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
404 |
document.forms.loginform.pass.focus(); |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
405 |
</script> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
406 |
<?php endif; ?> |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
407 |
<?php |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
408 |
// 1.1.4 |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
409 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
410 |
require_once( ENANO_ROOT . '/includes/diffiehellman.php' ); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
411 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
412 |
global $dh_supported, $_math; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
413 |
if ( $dh_supported ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
414 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
415 |
$dh_key_priv = dh_gen_private(); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
416 |
$dh_key_pub = dh_gen_public($dh_key_priv); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
417 |
$dh_key_priv = $_math->str($dh_key_priv); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
418 |
$dh_key_pub = $_math->str($dh_key_pub); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
419 |
// store the keys in the DB |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
420 |
$q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
421 |
if ( !$q ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
422 |
$db->_die(); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
423 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
424 |
echo "<input type=\"hidden\" name=\"dh_supported\" value=\"true\" /> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
425 |
<input type=\"hidden\" name=\"dh_public_key\" value=\"$dh_key_pub\" /> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
426 |
<input type=\"hidden\" name=\"dh_client_public_key\" value=\"\" />"; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
427 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
428 |
else |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
429 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
430 |
echo "<input type=\"hidden\" name=\"dh_supported\" value=\"false\" />"; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
431 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
432 |
?> |
| 0 | 433 |
</form> |
434 |
<?php |
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
435 |
echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key');
|
| 0 | 436 |
?> |
437 |
<?php |
|
438 |
$template->footer(); |
|
439 |
} |
|
440 |
||
441 |
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called |
|
442 |
{
|
|
443 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
444 |
global $__login_status; |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
445 |
global $lang; |
|
604
6a90893622f0
Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents:
593
diff
changeset
|
446 |
require_once( ENANO_ROOT . '/includes/math.php' ); |
|
6a90893622f0
Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents:
593
diff
changeset
|
447 |
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
448 |
if ( $paths->getParam(0) === 'action.json' ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
449 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
450 |
if ( !isset($_POST['r']) ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
451 |
die('No request.');
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
452 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
453 |
$request = $_POST['r']; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
454 |
try |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
455 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
456 |
$request = enano_json_decode($request); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
457 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
458 |
catch ( Exception $e ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
459 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
460 |
die(enano_json_encode(array( |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
461 |
'mode' => 'error', |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
462 |
'error' => 'ERR_JSON_PARSE_FAILED' |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
463 |
))); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
464 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
465 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
466 |
echo enano_json_encode($session->process_login_request($request)); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
467 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
468 |
$db->close(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
469 |
exit; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
470 |
} |
| 0 | 471 |
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) |
472 |
{
|
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
473 |
echo 'This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.'; |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
474 |
return true; |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
475 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
476 |
if(isset($_POST['login'])) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
477 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
478 |
$captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
479 |
$captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
480 |
if ( $_POST['use_crypt'] == 'yes' ) |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
481 |
{
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
482 |
$result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
483 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
484 |
else if ( $_POST['use_crypt'] == 'yes_dh' ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
485 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
486 |
// retrieve and decrypt the password using DiffieHellman |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
487 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
488 |
require_once( ENANO_ROOT . '/includes/diffiehellman.php' ); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
489 |
global $dh_supported, $_math; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
490 |
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
491 |
if ( !$dh_supported ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
492 |
{
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
493 |
die_semicritical('DiffieHellman error', 'Server does not support DiffieHellman, denying logon request');
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
494 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
495 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
496 |
// Fetch private key |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
497 |
$dh_public = $_POST['dh_public_key']; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
498 |
if ( !preg_match('/^[0-9]+$/', $dh_public) )
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
499 |
{
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
500 |
$__login_status = array( |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
501 |
'success' => false, |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
502 |
'error' => 'ERR_DH_KEY_NOT_INTEGER', |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
503 |
'debug' => "public key: $dh_public" |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
504 |
); |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
505 |
return false; |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
506 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
507 |
$q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';");
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
508 |
if ( !$q ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
509 |
$db->die_json(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
510 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
511 |
if ( $db->numrows() < 1 ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
512 |
{
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
513 |
$__login_status = array( |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
514 |
'success' => false, |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
515 |
'error' => 'ERR_DH_KEY_NOT_FOUND', |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
516 |
'debug' => "public key: $dh_public" |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
517 |
); |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
518 |
return false; |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
519 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
520 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
521 |
list($dh_private, $dh_key_id) = $db->fetchrow_num(); |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
522 |
$db->free_result(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
523 |
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
524 |
// We have the private key, now delete the key pair, we no longer need it |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
525 |
$q = $db->sql_query('DELETE FROM ' . table_prefix . "diffiehellman WHERE key_id = $dh_key_id;");
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
526 |
if ( !$q ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
527 |
$db->die_json(); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
528 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
529 |
// Generate the shared secret |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
530 |
$dh_secret = dh_gen_shared_secret($dh_private, $_POST['dh_client_public_key']); |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
531 |
$dh_secret = $_math->str($dh_secret); |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
532 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
533 |
// Did we get all our math right? |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
534 |
$dh_secret_check = sha1($dh_secret); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
535 |
$dh_hash = $_POST['crypt_key']; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
536 |
if ( $dh_secret_check !== $dh_hash ) |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
537 |
{
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
538 |
$__login_status = array( |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
539 |
'success' => false, |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
540 |
'error' => 'ERR_DH_HASH_NO_MATCH', |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
541 |
'debug' => "dh_secret_check = $dh_secret_check\ndh_hash_input = $dh_hash" |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
542 |
); |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
543 |
return false; |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
544 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
545 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
546 |
// All good! Generate the AES key |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
547 |
$aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 )); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
548 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
549 |
// decrypt user info |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
550 |
$aes_key = hexdecode($aes_key); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
551 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
552 |
$password = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX); |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
553 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
554 |
$result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); |
| 0 | 555 |
} |
556 |
else |
|
557 |
{
|
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
558 |
$result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); |
| 0 | 559 |
} |
|
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
560 |
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
561 |
if($result['success']) |
| 0 | 562 |
{
|
|
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
563 |
$session->start(); |
|
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
564 |
|
| 0 | 565 |
$template->load_theme($session->theme, $session->style); |
566 |
if(isset($_POST['return_to'])) |
|
567 |
{
|
|
568 |
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
569 |
$subst = array( |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
570 |
'username' => $session->username, |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
571 |
'redir_target' => $name |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
572 |
); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
573 |
redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
|
| 0 | 574 |
} |
575 |
else |
|
576 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
577 |
$subst = array( |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
578 |
'username' => $session->username, |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
579 |
'redir_target' => $lang->get('user_login_success_body_mainpage')
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
580 |
); |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
581 |
redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
|
| 0 | 582 |
} |
583 |
} |
|
584 |
else |
|
585 |
{
|
|
|
521
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
586 |
if ( $result['error'] === 'valid_reset' ) |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
587 |
{
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
588 |
header('HTTP/1.1 302 Temporary Redirect');
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
589 |
header('Location: ' . $result['redirect_url']);
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
590 |
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
591 |
$db->close(); |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
592 |
exit(); |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
593 |
} |
| 0 | 594 |
$GLOBALS['__login_status'] = $result; |
595 |
} |
|
596 |
} |
|
597 |
} |
|
598 |
||
599 |
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey) |
|
600 |
{
|
|
601 |
$response = Array( |
|
602 |
'result' => 'success_reset', |
|
603 |
'user_id' => $user_id, |
|
604 |
'temppass' => $passkey |
|
605 |
); |
|
606 |
||
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
326
diff
changeset
|
607 |
$response = enano_json_encode($response); |
| 0 | 608 |
echo $response; |
609 |
||
610 |
$db->close(); |
|
611 |
exit; |
|
612 |
} |
|
613 |
||
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
614 |
function page_Special_Logout() |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
615 |
{
|
| 0 | 616 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
617 |
global $lang; |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
618 |
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
619 |
if ( !$session->user_logged_in ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
620 |
$paths->main_page(); |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
621 |
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
622 |
$token = $paths->getParam(0); |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
623 |
if ( $token !== $session->csrf_token ) |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
624 |
{
|
|
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
562
diff
changeset
|
625 |
csrf_request_confirm(); |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
626 |
} |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
627 |
|
| 0 | 628 |
$l = $session->logout(); |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
629 |
if ( $l == 'success' ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
630 |
{
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
631 |
$url = makeUrl(getConfig('main_page'), false, true);
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
632 |
if ( $paths->getParam(1) ) |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
633 |
{
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
634 |
$pi = explode('/', $paths->getAllParams());
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
635 |
$pi = implode('/', array_values(array_slice($pi, 1)));
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
636 |
list($pid, $ns) = RenderMan::strToPageID($pi); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
637 |
$perms = $session->fetch_page_acl($pid, $ns); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
638 |
if ( $perms->get_permissions('read') )
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
639 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
640 |
$url = makeUrl($pi, false, true); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
641 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
642 |
} |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
643 |
redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
644 |
} |
| 0 | 645 |
$template->header(); |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
646 |
echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
647 |
echo '<p>' . $l . '</p>'; |
| 0 | 648 |
$template->footer(); |
649 |
} |
|
650 |
||
| 30 | 651 |
function page_Special_Register() |
652 |
{
|
|
| 0 | 653 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
654 |
global $lang; |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
655 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
656 |
// form field trackers |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
657 |
$username = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
658 |
$email = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
659 |
$realname = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
660 |
|
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
661 |
$terms = getConfig('register_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
662 |
|
| 0 | 663 |
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
|
664 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
665 |
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
666 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
|
| 0 | 667 |
} |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
668 |
// are we locked out from logging in? if so, also lock out registration |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
669 |
if ( getConfig('lockout_policy') === 'lockout' )
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
670 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
671 |
$ip = $db->escape($_SERVER['REMOTE_ADDR']); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
672 |
$threshold = time() - ( 60 * intval(getConfig('lockout_duration')) );
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
673 |
$limit = intval(getConfig('lockout_threshold'));
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
674 |
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;");
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
675 |
if ( !$q ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
676 |
$db->_die(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
677 |
if ( $db->numrows() >= $limit ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
678 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
679 |
$row = $db->fetchrow(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
680 |
$db->free_result(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
681 |
$time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60);
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
682 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '</p>');
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
683 |
} |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
684 |
$db->free_result(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
685 |
} |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
686 |
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
687 |
{
|
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
688 |
$paths->main_page(); |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
689 |
} |
| 30 | 690 |
if(isset($_POST['submit'])) |
691 |
{
|
|
692 |
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; |
|
693 |
||
| 0 | 694 |
$captcharesult = $session->get_captcha($_POST['captchahash']); |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
695 |
$session->kill_captcha(); |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
696 |
if ( strtolower($captcharesult) != strtolower($_POST['captchacode']) ) |
| 30 | 697 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
698 |
$s = $lang->get('user_reg_err_captcha');
|
| 30 | 699 |
} |
| 0 | 700 |
else |
| 30 | 701 |
{
|
702 |
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
|
|
703 |
{
|
|
704 |
$s = 'Invalid COPPA input'; |
|
705 |
} |
|
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
706 |
else if ( !empty($terms) && !isset($_POST['tou_agreed']) ) |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
707 |
{
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
708 |
$s = $lang->get('user_reg_err_accept_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
709 |
} |
| 30 | 710 |
else |
711 |
{
|
|
712 |
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
713 |
$s = false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
714 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
715 |
// decrypt password |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
716 |
// as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
717 |
// and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
718 |
// forgot his password, that's his problem. |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
719 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
720 |
if ( $_POST['use_crypt'] == 'yes' ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
721 |
{
|
|
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
270
diff
changeset
|
722 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
723 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
724 |
if ( !$crypt_key ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
725 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
726 |
$s = $lang->get('user_reg_err_missing_key');
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
727 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
728 |
else |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
729 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
730 |
$data = $_POST['crypt_data']; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
731 |
$bin_key = hexdecode($crypt_key); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
732 |
//die("Decrypting with params: key $crypt_key, data $data");
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
733 |
$password = $aes->decrypt($data, $bin_key, ENC_HEX); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
734 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
735 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
736 |
else |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
737 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
738 |
$password = $_POST['password']; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
739 |
} |
| 30 | 740 |
|
741 |
// CAPTCHA code was correct, create the account |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
742 |
// ... and check for errors returned from the crypto API |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
743 |
if ( !$s ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
744 |
$s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); |
| 30 | 745 |
} |
746 |
} |
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
747 |
if($s == 'success' && !$coppa) |
| 0 | 748 |
{
|
749 |
switch(getConfig('account_activation'))
|
|
750 |
{
|
|
751 |
case "none": |
|
752 |
default: |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
753 |
$str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
|
| 0 | 754 |
break; |
755 |
case "user": |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
756 |
$str = $lang->get('user_reg_msg_success_activ_user');
|
| 0 | 757 |
break; |
758 |
case "admin": |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
759 |
$str = $lang->get('user_reg_msg_success_activ_admin');
|
| 0 | 760 |
break; |
761 |
} |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
762 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
|
| 0 | 763 |
} |
| 30 | 764 |
else if ( $s == 'success' && $coppa ) |
765 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
766 |
$str = $lang->get('user_reg_msg_success_activ_coppa');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
767 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
|
| 30 | 768 |
} |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
769 |
$username = htmlspecialchars($_POST['username']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
770 |
$email = htmlspecialchars($_POST['email']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
771 |
$realname = htmlspecialchars($_POST['real_name']); |
| 0 | 772 |
} |
773 |
$template->header(); |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
774 |
echo $lang->get('user_reg_msg_greatercontrol');
|
| 30 | 775 |
|
776 |
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
|
|
777 |
{
|
|
778 |
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); |
|
779 |
$session->kill_captcha(); |
|
780 |
$captchacode = $session->make_captcha(); |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
781 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
782 |
$pubkey = $session->rijndael_genkey(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
783 |
$challenge = $session->dss_rand(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
784 |
|
| 30 | 785 |
?> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
786 |
<h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
787 |
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();"> |
| 30 | 788 |
<div class="tblholder"> |
789 |
<table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
790 |
<tr><th class="subhead" colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
791 |
|
| 30 | 792 |
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
793 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
794 |
<!-- FIELD: Username --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
795 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
796 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
797 |
<?php echo $lang->get('user_reg_lbl_field_username'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
798 |
<span id="e_username"></span> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
799 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
800 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
801 |
<input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
802 |
</td> |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
803 |
<td class="row1" style="width: 1px;"> |
|
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
804 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
805 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
806 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
807 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
808 |
<!-- FIELD: Password --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
809 |
<tr> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
810 |
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
811 |
<?php echo $lang->get('user_reg_lbl_field_password'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
812 |
<span id="e_password"></span> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
813 |
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
814 |
<small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
815 |
<?php endif; ?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
816 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
817 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
818 |
<input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
819 |
</td> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
820 |
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
821 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
822 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
823 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
824 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
825 |
<!-- FIELD: Password confirmation --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
826 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
827 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
828 |
<input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
829 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
830 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
831 |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
832 |
<!-- FIELD: Password strength meter --> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
833 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
834 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
835 |
<tr> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
836 |
<td class="row3" style="width: 50%;"> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
837 |
<div id="pwmeter"></div> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
838 |
</td> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
839 |
</tr> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
840 |
<?php endif; ?> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
841 |
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
842 |
<!-- FIELD: E-mail address --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
843 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
844 |
<td class="row1" style="width: 50%;"> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
845 |
<?php |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
846 |
if ( $coppa ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
847 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
848 |
echo $lang->get('user_reg_lbl_field_email_coppa');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
849 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
850 |
else |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
851 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
852 |
echo $lang->get('user_reg_lbl_field_email');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
853 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
854 |
?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
855 |
<?php |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
856 |
if ( ( $x = getConfig('account_activation') ) == 'user' )
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
857 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
858 |
echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
859 |
} |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
860 |
?> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
861 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
862 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
863 |
<input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
864 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
865 |
<td class="row1" style="max-width: 24px;"> |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
866 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
867 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
868 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
869 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
870 |
<!-- FIELD: Real name --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
871 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
872 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
873 |
<?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
874 |
<small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
875 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
876 |
<td class="row3" style="width: 50%;"> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
877 |
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;"> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
878 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
879 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
880 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
881 |
<!-- FIELD: CAPTCHA image --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
882 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
883 |
<td class="row1" style="width: 50%;" rowspan="2"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
884 |
<?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
885 |
<small> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
886 |
<?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
887 |
<br /> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
888 |
<?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
889 |
</small> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
890 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
891 |
<td colspan="2" class="row1"> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
892 |
<img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
893 |
<span id="b_username"></span> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
894 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
895 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
896 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
897 |
<!-- FIELD: CAPTCHA input field --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
898 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
899 |
<td class="row1" colspan="2"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
900 |
<?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
901 |
<input tabindex="6" name="captchacode" type="text" size="10" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
902 |
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
903 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
904 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
905 |
|
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
906 |
<!-- FIELD: TOU --> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
907 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
908 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
909 |
if ( !empty($terms) ): |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
910 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
911 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
912 |
<tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
913 |
<td class="row1" colspan="3"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
914 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
915 |
echo $lang->get('user_reg_msg_please_read_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
916 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
917 |
</td> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
918 |
</tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
919 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
920 |
<tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
921 |
<td class="row3" colspan="3"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
922 |
<div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
923 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
924 |
echo RenderMan::render($terms); |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
925 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
926 |
</div> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
927 |
<p style="text-align: center;"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
928 |
<label> |
|
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
929 |
<input tabindex="7" type="checkbox" name="tou_agreed" /> |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
930 |
<b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
931 |
</label> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
932 |
</p> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
933 |
</td> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
934 |
</tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
935 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
936 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
937 |
endif; |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
938 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
939 |
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
940 |
<!-- FIELD: submit button --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
941 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
942 |
<th class="subhead" colspan="3" style="text-align: center;"> |
|
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
943 |
<input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
944 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
945 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
946 |
|
| 30 | 947 |
</table> |
948 |
</div> |
|
949 |
<?php |
|
950 |
$val = ( $coppa ) ? 'yes' : 'no'; |
|
951 |
echo '<input type="hidden" name="coppa" value="' . $val . '" />'; |
|
952 |
?> |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
953 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
954 |
<input type="hidden" name="use_crypt" value="no" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
955 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
956 |
<input type="hidden" name="crypt_data" value="" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
957 |
<script type="text/javascript"> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
958 |
// ENCRYPTION CODE |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
959 |
function runEncryption() |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
960 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
961 |
var frm = document.forms.regform; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
962 |
if ( frm.password.value.length < 1 ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
963 |
return true; |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
964 |
pass1 = frm.password.value; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
965 |
pass2 = frm.password_confirm.value; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
966 |
if ( pass1 != pass2 ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
967 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
968 |
alert($lang.get('user_reg_err_alert_password_nomatch'));
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
969 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
970 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
971 |
if ( pass1.length < 6 && pass1.length > 0 ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
972 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
973 |
alert($lang.get('user_reg_err_alert_password_tooshort'));
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
974 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
975 |
} |
|
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
976 |
if(aes_self_test()) |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
977 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
978 |
frm.use_crypt.value = 'yes'; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
979 |
var cryptkey = frm.crypt_key.value; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
980 |
frm.crypt_key.value = hex_md5(cryptkey); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
981 |
cryptkey = hexToByteArray(cryptkey); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
982 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
983 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
984 |
frm.submit.disabled = true; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
985 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
986 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
987 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
988 |
pass = frm.password.value; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
989 |
pass = stringToByteArray(pass); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
990 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
991 |
if(!cryptstring) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
992 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
993 |
return false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
994 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
995 |
cryptstring = byteArrayToHex(cryptstring); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
996 |
frm.crypt_data.value = cryptstring; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
997 |
frm.password.value = ""; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
998 |
frm.password_confirm.value = ""; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
999 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1000 |
return true; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1001 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1002 |
</script> |
| 30 | 1003 |
</form> |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1004 |
<!-- Don't optimize this script, it fails when compressed --> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1005 |
<enano:no-opt> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1006 |
<script type="text/javascript"> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1007 |
// <![CDATA[ |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1008 |
var namegood = false; |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1009 |
function validateForm(field) |
| 0 | 1010 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1011 |
if ( typeof(field) != 'object' ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1012 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1013 |
field = {
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1014 |
name: '_nil', |
|
459
31c23016ab62
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
parents:
458
diff
changeset
|
1015 |
value: '_nil' |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1016 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1017 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1018 |
// wait until $lang is initted |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1019 |
if ( typeof($lang) != 'object' ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1020 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1021 |
setTimeout('validateForm();', 200);
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1022 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1023 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1024 |
var frm = document.forms.regform; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1025 |
failed = false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1026 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1027 |
// Username |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1028 |
if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) |
| 30 | 1029 |
{
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1030 |
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
|
|
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1031 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1032 |
if ( frm.username.value.match(regex) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1033 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1034 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1035 |
document.getElementById('e_username').innerHTML = ' ';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1036 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1037 |
failed = true; |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1038 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1039 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1040 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1041 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1042 |
document.getElementById('b_username').innerHTML = '';
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1043 |
if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1') |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1044 |
{
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1045 |
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1046 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1047 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1048 |
// Password |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1049 |
if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1050 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1051 |
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1052 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1053 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1054 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1055 |
} else {
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1056 |
failed = true; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1057 |
if(frm.password.value.length < 6) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1058 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1059 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1060 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1061 |
else if(frm.password.value != frm.password_confirm.value) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1062 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1063 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1064 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1065 |
else |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1066 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1067 |
document.getElementById('e_password').innerHTML = '';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1068 |
} |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1069 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1070 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1071 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1072 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1073 |
// E-mail address |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1074 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1075 |
// workaround for idiot jEdit bug |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1076 |
if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1077 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1078 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1079 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1080 |
failed = true; |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1081 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1082 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1083 |
if(failed) |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1084 |
{
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1085 |
frm.submit.disabled = 'disabled'; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1086 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1087 |
frm.submit.disabled = false; |
| 30 | 1088 |
} |
1089 |
} |
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1090 |
function checkUsername() |
| 30 | 1091 |
{
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1092 |
var frm = document.forms.regform; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1093 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1094 |
if(!namegood) |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1095 |
{
|
|
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1096 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
|
|
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1097 |
if ( frm.username.value.match(regex) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1098 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1099 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1100 |
document.getElementById('e_username').innerHTML = ' ';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1101 |
} else {
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1102 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1103 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1104 |
return false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1105 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1106 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1107 |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1108 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1109 |
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
|
|
407
35d94240a197
Mass-fixed all AJAX functions to also check the HTTP status code before parsing the response
Dan
parents:
404
diff
changeset
|
1110 |
if ( ajax.readyState == 4 && ajax.status == 200 ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1111 |
if(ajax.responseText == 'good') |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1112 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1113 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1114 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1115 |
namegood = true; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1116 |
} else if(ajax.responseText == 'bad') {
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1117 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1118 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1119 |
namegood = false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1120 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1121 |
document.getElementById('e_username').innerHTML = ajax.responseText;
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1122 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1123 |
}); |
| 0 | 1124 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1125 |
function regenCaptcha() |
| 30 | 1126 |
{
|
| 448 | 1127 |
var frm = document.forms.regform; |
| 517 | 1128 |
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1129 |
return false; |
| 30 | 1130 |
} |
|
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1131 |
addOnloadHook(function() |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1132 |
{
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1133 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1134 |
var frm = document.forms.regform; |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1135 |
load_component('pwstrength');
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1136 |
password_score_field(frm.password); |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1137 |
<?php endif; ?> |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1138 |
load_component('crypto');
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1139 |
validateForm(); |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1140 |
setTimeout('checkUsername();', 1000);
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1141 |
}); |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1142 |
// ]]> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1143 |
</script> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1144 |
</enano:no-opt> |
| 30 | 1145 |
<?php |
1146 |
} |
|
1147 |
else |
|
1148 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1149 |
$year = intval( enano_date('Y') );
|
| 30 | 1150 |
$year = $year - 13; |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1151 |
$month = enano_date('F');
|
|
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1152 |
$day = enano_date('d');
|
| 30 | 1153 |
|
1154 |
$yo13_date = "$month $day, $year"; |
|
1155 |
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
|
|
1156 |
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
|
|
1157 |
||
1158 |
// COPPA enabled, ask age |
|
1159 |
echo '<div class="tblholder">'; |
|
1160 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
1161 |
echo '<tr> |
|
1162 |
<td class="row1"> |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1163 |
' . $lang->get('user_reg_coppa_title') . '
|
| 30 | 1164 |
</td> |
1165 |
</tr> |
|
1166 |
<tr> |
|
1167 |
<td class="row3"> |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1168 |
<a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1169 |
<a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
|
| 30 | 1170 |
</td> |
1171 |
</tr>'; |
|
1172 |
echo '</table>'; |
|
1173 |
echo '</div>'; |
|
1174 |
} |
|
| 0 | 1175 |
$template->footer(); |
1176 |
} |
|
1177 |
||
1178 |
function page_Special_Contributions() {
|
|
1179 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1180 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1181 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1182 |
// This is a vast improvement over the old Special:Contributions in 1.0.x. |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1183 |
|
| 0 | 1184 |
$template->header(); |
1185 |
$user = $paths->getParam(); |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1186 |
if ( !$user && isset($_GET['user']) ) |
| 0 | 1187 |
{
|
1188 |
$user = $_GET['user']; |
|
1189 |
} |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1190 |
else if ( !$user && !isset($_GET['user']) ) |
| 0 | 1191 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1192 |
echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>';
|
| 0 | 1193 |
$template->footer(); |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1194 |
return; |
| 0 | 1195 |
} |
1196 |
||
1197 |
$user = $db->escape($user); |
|
|
414
818b4cd12b8b
Added "is_draft != 1" where appropriate in SQL queries to prevent drafts from being treated as real revisions.
Dan
parents:
411
diff
changeset
|
1198 |
$q = 'SELECT log_type, time_id, action, date_string, page_id, namespace, author, edit_summary, minor_edit, page_id, namespace, ( action = \'edit\' ) AS is_edit FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND log_type=\'page\' AND is_draft != 1 ORDER BY is_edit DESC, time_id DESC;'; |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1199 |
$q = $db->sql_query($q); |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1200 |
if ( !$q ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1201 |
$db->_die('SpecialUserFuncs selecting contribution data');
|
| 0 | 1202 |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1203 |
echo '<h3>' . $lang->get('userfuncs_contribs_heading_edits') . '</h3>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1204 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1205 |
$cnt_edits = 0; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1206 |
$cnt_other = 0; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1207 |
$current = 'cnt_edits'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1208 |
$cls = 'row2'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1209 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1210 |
while ( $row = $db->fetchrow($q) ) |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1211 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1212 |
if ( $current == 'cnt_edits' && $row['is_edit'] != 1 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1213 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1214 |
// No longer processing page edits - split the table |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1215 |
if ( $cnt_edits == 0 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1216 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1217 |
echo '<p>' . $lang->get('userfuncs_contribs_msg_no_edits') . '</p>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1218 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1219 |
else |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1220 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1221 |
echo '</table></div>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1222 |
echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1223 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1224 |
$current = 'cnt_other'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1225 |
$cls = 'row2'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1226 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1227 |
if ( $$current == 0 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1228 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1229 |
echo '<div class="tblholder"> |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1230 |
<table border="0" cellspacing="1" cellpadding="4">'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1231 |
echo ' <tr> |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1232 |
<th>' . $lang->get('history_col_datetime') . '</th>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1233 |
echo ' <th>' . $lang->get('history_col_page') . '</th>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1234 |
if ( $current == 'cnt_edits' ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1235 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1236 |
echo ' <th>' . $lang->get('history_col_summary') . '</th>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1237 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1238 |
echo ' <th>' . $lang->get('history_col_minor') . '</th>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1239 |
if ( $current == 'cnt_other' ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1240 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1241 |
echo ' <th>' . $lang->get('history_col_action_taken') . '</th>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1242 |
<th>' . $lang->get('history_col_extra') . '</th>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1243 |
'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1244 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1245 |
echo ' <th>' . $lang->get('history_col_actions') . '</th>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1246 |
</tr>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1247 |
} |
|
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
1248 |
$$current++; |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1249 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1250 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1251 |
echo '<tr>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1252 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1253 |
// date & time |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1254 |
echo ' <td class="' . $cls . '">' . enano_date('d M Y h:i a', $row['time_id']) . '</td>';
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1255 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1256 |
// page & link to said page |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1257 |
echo ' <td class="' . $cls . '"><a href="' . makeUrlNS($row['namespace'], $row['page_id']) . '">' . get_page_title_ns($row['page_id'], $row['namespace']) . '</a></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1258 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1259 |
switch ( $row['action'] ) |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1260 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1261 |
case 'edit': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1262 |
if ( $row['edit_summary'] == 'Automatic backup created when logs were purged' ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1263 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1264 |
$row['edit_summary'] = $lang->get('history_summary_clearlogs');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1265 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1266 |
else if ( empty($row['edit_summary']) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1267 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1268 |
$row['edit_summary'] = '<span style="color: #808080">' . $lang->get('history_summary_none_given') . '</span>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1269 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1270 |
echo ' <td class="' . $cls . '">' . $row['edit_summary'] . '</td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1271 |
if ( $row['minor_edit'] == 1 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1272 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1273 |
echo '<td class="' . $cls . '"><b>M</b></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1274 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1275 |
else |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1276 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1277 |
echo '<td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1278 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1279 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1280 |
case 'prot': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1281 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1282 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_protect') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1283 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1284 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1285 |
case 'unprot': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1286 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1287 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_unprotect') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1288 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1289 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1290 |
case 'semiprot': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1291 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1292 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_semiprotect') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1293 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1294 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1295 |
case 'rename': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1296 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1297 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_rename') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1298 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' ' . htmlspecialchars($row['edit_summary']) . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1299 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1300 |
case 'create': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1301 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1302 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_create') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1303 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1304 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1305 |
case 'delete': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1306 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1307 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_delete') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1308 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1309 |
break; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1310 |
case 'reupload': |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1311 |
echo ' <td class="' . $cls . '"></td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1312 |
echo ' <td class="' . $cls . '">' . $lang->get('history_log_uploadnew') . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1313 |
echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1314 |
break; |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1315 |
} |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1316 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1317 |
// actions column |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1318 |
echo ' <td class="' . $cls . '" style="text-align: center;">'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1319 |
if ( $row['is_edit'] == 1 ) |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1320 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1321 |
echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "oldid={$row['time_id']}", true) . '">' . $lang->get('history_action_view') . '</a> | ';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1322 |
echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_restore') . '</a>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1323 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1324 |
else |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1325 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1326 |
echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_revert') . '</a>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1327 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1328 |
echo ' </td>'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1329 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1330 |
if ( $current == 'cnt_other' && $cnt_edits + $cnt_other >= $db->numrows($q) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1331 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1332 |
echo '</table></div>'; |
| 0 | 1333 |
} |
1334 |
} |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1335 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1336 |
if ( $current == 'cnt_edits' ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1337 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1338 |
// no "other" edits, close the table |
|
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
1339 |
if ( $cnt_edits > 0 ) |
|
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
1340 |
echo '</table></div>'; |
|
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
1341 |
else |
|
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
1342 |
echo '<p>' . $lang->get('userfuncs_contribs_msg_no_edits') . '</p>';
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1343 |
echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1344 |
echo '<p>' . $lang->get('userfuncs_contribs_msg_no_other') . '</p>';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1345 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1346 |
|
| 0 | 1347 |
$db->free_result(); |
1348 |
$template->footer(); |
|
1349 |
} |
|
1350 |
||
1351 |
function page_Special_ChangeStyle() |
|
1352 |
{
|
|
1353 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1354 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1355 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1356 |
if ( !$session->user_logged_in ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1357 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1358 |
die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1359 |
} |
| 0 | 1360 |
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
1361 |
{
|
|
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1362 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1363 |
die('Hacking attempt');
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1364 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1365 |
die('Hacking attempt');
|
| 0 | 1366 |
$d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
1367 |
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1368 |
if ( !file_exists($d) || !is_dir($d) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1369 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1370 |
die('The directory "'.$d.'" does not exist.');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1371 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1372 |
if ( !file_exists($f) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1373 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1374 |
die('The file "'.$f.'" does not exist.');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1375 |
} |
| 0 | 1376 |
$d = $db->escape($_POST['theme']); |
1377 |
$f = $db->escape($_POST['style']); |
|
1378 |
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1379 |
if ( !$db->sql_query($q) ) |
| 0 | 1380 |
{
|
1381 |
$db->_die('Your theme/style preferences were not updated.');
|
|
1382 |
} |
|
1383 |
else |
|
1384 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1385 |
redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3);
|
| 0 | 1386 |
} |
1387 |
} |
|
1388 |
else |
|
1389 |
{
|
|
1390 |
$template->header(); |
|
1391 |
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1392 |
if ( !$ret ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1393 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1394 |
$ret = getConfig('main_page');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1395 |
} |
| 0 | 1396 |
?> |
1397 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1398 |
<?php if ( !isset($_POST['themeselected']) ) { ?>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1399 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3>
|
| 0 | 1400 |
<p> |
1401 |
<select name="theme"> |
|
1402 |
<?php |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1403 |
foreach ( $template->theme_list as $t ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1404 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1405 |
if ( $t['enabled'] ) |
| 0 | 1406 |
{
|
1407 |
echo '<option value="'.$t['theme_id'].'"'; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1408 |
if ( $t['theme_id'] == $session->theme ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1409 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1410 |
echo ' selected="selected"'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1411 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1412 |
echo '>' . $t['theme_name'] . '</option>'; |
| 0 | 1413 |
} |
1414 |
} |
|
1415 |
?> |
|
1416 |
</select> |
|
1417 |
</p> |
|
1418 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1419 |
<input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
|
| 0 | 1420 |
<?php } else {
|
1421 |
$theme = $_POST['theme']; |
|
1422 |
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
|
|
1423 |
die('Hacking attempt');
|
|
1424 |
?> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1425 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3>
|
| 0 | 1426 |
<p> |
1427 |
<select name="style"> |
|
1428 |
<?php |
|
1429 |
$dir = './themes/'.$theme.'/css/'; |
|
1430 |
$list = Array(); |
|
1431 |
// Open a known directory, and proceed to read its contents |
|
1432 |
if (is_dir($dir)) {
|
|
1433 |
if ($dh = opendir($dir)) {
|
|
1434 |
while (($file = readdir($dh)) !== false) {
|
|
1435 |
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
|
|
1436 |
$list[] = substr($file, 0, strlen($file)-4); |
|
1437 |
} |
|
1438 |
} |
|
1439 |
closedir($dh); |
|
1440 |
} |
|
1441 |
} else die($dir.' is not a dir'); |
|
1442 |
foreach ( $list as $l ) |
|
1443 |
{
|
|
1444 |
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>'; |
|
1445 |
} |
|
1446 |
?> |
|
1447 |
</select> |
|
1448 |
</p> |
|
1449 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
1450 |
<input type="hidden" name="theme" value="<?php echo $theme; ?>" /> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1451 |
<input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
|
| 0 | 1452 |
<?php } ?> |
1453 |
</form> |
|
1454 |
<?php |
|
1455 |
$template->footer(); |
|
1456 |
} |
|
1457 |
} |
|
1458 |
||
1459 |
function page_Special_ActivateAccount() |
|
1460 |
{
|
|
1461 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1462 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1463 |
|
| 0 | 1464 |
$user = $paths->getParam(0); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1465 |
if ( !$user ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1466 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1467 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1468 |
} |
| 0 | 1469 |
$key = $paths->getParam(1); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1470 |
if ( !$key ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1471 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1472 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1473 |
} |
| 0 | 1474 |
$s = $session->activate_account(str_replace('_', ' ', $user), $key);
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1475 |
if ( $s > 0 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1476 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1477 |
die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1478 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1479 |
else |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1480 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1481 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1482 |
} |
| 0 | 1483 |
} |
1484 |
||
1485 |
function page_Special_Captcha() |
|
1486 |
{
|
|
1487 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1488 |
if ( $paths->getParam(0) == 'make' ) |
| 0 | 1489 |
{
|
1490 |
$session->kill_captcha(); |
|
1491 |
echo $session->make_captcha(); |
|
1492 |
return; |
|
1493 |
} |
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1494 |
|
| 0 | 1495 |
$hash = $paths->getParam(0); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1496 |
if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1497 |
{
|
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1498 |
$paths->main_page(); |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1499 |
} |
|
402
d907601ccad2
Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents:
401
diff
changeset
|
1500 |
|
|
d907601ccad2
Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents:
401
diff
changeset
|
1501 |
$session->make_captcha(7, $hash); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1502 |
$code = $session->generate_captcha_code(); |
|
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1503 |
$q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1504 |
if ( !$q ) |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1505 |
$db->_die(); |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1506 |
|
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1507 |
require ( ENANO_ROOT.'/includes/captcha.php' ); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1508 |
$captcha = captcha_object($hash, 'freecap'); |
|
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
459
diff
changeset
|
1509 |
// $captcha->debug = true; |
| 0 | 1510 |
$captcha->make_image(); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1511 |
|
| 0 | 1512 |
exit; |
1513 |
} |
|
1514 |
||
1515 |
function page_Special_PasswordReset() |
|
1516 |
{
|
|
1517 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1518 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1519 |
|
| 0 | 1520 |
$template->header(); |
1521 |
if($paths->getParam(0) == 'stage2') |
|
1522 |
{
|
|
1523 |
$user_id = intval($paths->getParam(1)); |
|
1524 |
$encpass = $paths->getParam(2); |
|
1525 |
if ( $user_id < 2 ) |
|
1526 |
{
|
|
1527 |
echo '<p>Hacking attempt</p>'; |
|
1528 |
$template->footer(); |
|
1529 |
return false; |
|
1530 |
} |
|
1531 |
if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
|
|
1532 |
{
|
|
1533 |
echo '<p>Hacking attempt</p>'; |
|
1534 |
$template->footer(); |
|
1535 |
return false; |
|
1536 |
} |
|
1537 |
||
1538 |
$q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
|
|
1539 |
if($db->numrows() < 1) |
|
1540 |
{
|
|
1541 |
echo '<p>Invalid credentials</p>'; |
|
1542 |
$template->footer(); |
|
1543 |
return false; |
|
1544 |
} |
|
1545 |
$row = $db->fetchrow(); |
|
1546 |
$db->free_result(); |
|
1547 |
||
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1548 |
if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
| 0 | 1549 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1550 |
echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>';
|
| 0 | 1551 |
$template->footer(); |
1552 |
return false; |
|
1553 |
} |
|
1554 |
||
1555 |
if ( isset($_POST['do_stage2']) ) |
|
1556 |
{
|
|
|
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
270
diff
changeset
|
1557 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
| 0 | 1558 |
if($_POST['use_crypt'] == 'yes') |
1559 |
{
|
|
1560 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
|
1561 |
if(!$crypt_key) |
|
1562 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1563 |
echo $lang->get('user_err_key_not_found');
|
| 0 | 1564 |
$template->footer(); |
1565 |
return false; |
|
1566 |
} |
|
1567 |
$crypt_key = hexdecode($crypt_key); |
|
1568 |
$data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX); |
|
1569 |
if(strlen($data) < 6) |
|
1570 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1571 |
echo $lang->get('userfuncs_passreset_err_too_short');
|
| 0 | 1572 |
$template->footer(); |
1573 |
return false; |
|
1574 |
} |
|
1575 |
} |
|
1576 |
else |
|
1577 |
{
|
|
1578 |
$data = $_POST['pass']; |
|
1579 |
$conf = $_POST['pass_confirm']; |
|
1580 |
if($data != $conf) |
|
1581 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1582 |
echo $lang->get('userfuncs_passreset_err_no_match');
|
| 0 | 1583 |
$template->footer(); |
1584 |
return false; |
|
1585 |
} |
|
1586 |
if(strlen($data) < 6) |
|
1587 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1588 |
echo $lang->get('userfuncs_passreset_err_too_short');
|
| 0 | 1589 |
$template->footer(); |
1590 |
return false; |
|
1591 |
} |
|
1592 |
} |
|
1593 |
if(empty($data)) |
|
1594 |
{
|
|
1595 |
echo 'ERROR: Sanity check failed!'; |
|
1596 |
$template->footer(); |
|
1597 |
return false; |
|
1598 |
} |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1599 |
if ( getConfig('pw_strength_enable') == '1' )
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1600 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1601 |
$min_score = intval(getConfig('pw_strength_minimum'));
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1602 |
$inp_score = password_score($data); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1603 |
if ( $inp_score < $min_score ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1604 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1605 |
$url = makeUrl($paths->fullpage); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1606 |
echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>";
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1607 |
$template->footer(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1608 |
return false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1609 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1610 |
} |
|
591
2529833a7731
Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
Dan
parents:
590
diff
changeset
|
1611 |
$encpass = $session->pk_encrypt($data, ENC_HEX); |
| 0 | 1612 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
|
1613 |
||
1614 |
if($q) |
|
1615 |
{
|
|
1616 |
$session->login_without_crypto($row['username'], $data); |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1617 |
echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(getConfig('main_page')))) . '</p>';
|
| 0 | 1618 |
} |
1619 |
else |
|
1620 |
{
|
|
1621 |
echo $db->get_error(); |
|
1622 |
} |
|
1623 |
||
1624 |
$template->footer(); |
|
1625 |
return false; |
|
1626 |
} |
|
1627 |
||
1628 |
// Password reset form |
|
1629 |
$pubkey = $session->rijndael_genkey(); |
|
1630 |
||
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1631 |
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1632 |
$pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : '';
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1633 |
$pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : '';
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1634 |
|
| 0 | 1635 |
?> |
1636 |
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
|
1637 |
<br /> |
|
1638 |
<div class="tblholder"> |
|
1639 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1640 |
<tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1641 |
<tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1642 |
<tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1643 |
<?php echo $pw_meter; ?> |
| 0 | 1644 |
<tr> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1645 |
<td colspan="2" class="row3" style="text-align: center;"> |
| 0 | 1646 |
<input type="hidden" name="use_crypt" value="no" /> |
1647 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
1648 |
<input type="hidden" name="crypt_data" value="" /> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1649 |
<input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" />
|
| 0 | 1650 |
</td> |
1651 |
</tr> |
|
1652 |
</table> |
|
1653 |
</div> |
|
1654 |
</form> |
|
1655 |
<script type="text/javascript"> |
|
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1656 |
if ( !KILL_SWITCH ) |
|
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1657 |
{
|
|
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1658 |
disableJSONExts(); |
| 0 | 1659 |
str = ''; |
1660 |
for(i=0;i<keySizeInBits/4;i++) str+='0'; |
|
1661 |
var key = hexToByteArray(str); |
|
1662 |
var pt = hexToByteArray(str); |
|
1663 |
var ct = rijndaelEncrypt(pt, key, "ECB"); |
|
1664 |
var ct = byteArrayToHex(ct); |
|
1665 |
switch(keySizeInBits) |
|
1666 |
{
|
|
1667 |
case 128: |
|
1668 |
v = '66e94bd4ef8a2c3b884cfa59ca342b2e'; |
|
1669 |
break; |
|
1670 |
case 192: |
|
1671 |
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7'; |
|
1672 |
break; |
|
1673 |
case 256: |
|
1674 |
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087'; |
|
1675 |
break; |
|
1676 |
} |
|
1677 |
var testpassed = ( ct == v && md5_vm_test() ); |
|
1678 |
var frm = document.forms.resetform; |
|
1679 |
if(testpassed) |
|
1680 |
{
|
|
1681 |
frm.use_crypt.value = 'yes'; |
|
1682 |
var cryptkey = frm.crypt_key.value; |
|
1683 |
frm.crypt_key.value = hex_md5(cryptkey); |
|
1684 |
cryptkey = hexToByteArray(cryptkey); |
|
1685 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
1686 |
{
|
|
1687 |
frm._login.disabled = true; |
|
1688 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
|
1689 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
|
|
1690 |
} |
|
1691 |
} |
|
1692 |
function runEncryption() |
|
1693 |
{
|
|
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1694 |
var frm = document.forms.resetform; |
| 0 | 1695 |
pass1 = frm.pass.value; |
1696 |
pass2 = frm.pass_confirm.value; |
|
1697 |
if ( pass1 != pass2 ) |
|
1698 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1699 |
alert($lang.get('userfuncs_passreset_err_no_match'));
|
| 0 | 1700 |
return false; |
1701 |
} |
|
1702 |
if ( pass1.length < 6 ) |
|
1703 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1704 |
alert($lang.get('userfuncs_passreset_err_too_short'));
|
| 0 | 1705 |
return false; |
1706 |
} |
|
1707 |
if(testpassed) |
|
1708 |
{
|
|
1709 |
pass = frm.pass.value; |
|
1710 |
pass = stringToByteArray(pass); |
|
1711 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
|
1712 |
if(!cryptstring) |
|
1713 |
{
|
|
1714 |
return false; |
|
1715 |
} |
|
1716 |
cryptstring = byteArrayToHex(cryptstring); |
|
1717 |
frm.crypt_data.value = cryptstring; |
|
1718 |
frm.pass.value = ""; |
|
1719 |
frm.pass_confirm.value = ""; |
|
1720 |
} |
|
1721 |
return true; |
|
1722 |
} |
|
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1723 |
} |
| 0 | 1724 |
</script> |
1725 |
<?php |
|
1726 |
$template->footer(); |
|
1727 |
return true; |
|
1728 |
} |
|
1729 |
if(isset($_POST['do_reset'])) |
|
1730 |
{
|
|
1731 |
if($session->mail_password_reset($_POST['username'])) |
|
1732 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1733 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>';
|
| 0 | 1734 |
} |
1735 |
else |
|
1736 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1737 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>';
|
| 0 | 1738 |
} |
1739 |
$template->footer(); |
|
1740 |
return true; |
|
1741 |
} |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1742 |
echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1743 |
<p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p>
|
| 0 | 1744 |
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1745 |
<p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1746 |
<p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p>
|
| 0 | 1747 |
</form>'; |
1748 |
$template->footer(); |
|
1749 |
} |
|
1750 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1751 |
function page_Special_Memberlist() |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1752 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1753 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1754 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1755 |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1756 |
$template->header(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1757 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1758 |
$startletters = 'abcdefghijklmnopqrstuvwxyz'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1759 |
$startletters = enano_str_split($startletters); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1760 |
$startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1761 |
if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1762 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1763 |
$startletter = ''; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1764 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1765 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1766 |
$startletter_sql = $startletter; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1767 |
if ( $startletter == 'chr' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1768 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1769 |
$startletter_sql = '([^a-z])'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1770 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1771 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1772 |
// offset |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1773 |
$offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1774 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1775 |
// sort order |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1776 |
$sortkeys = array( |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1777 |
'uid' => 'u.user_id', |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1778 |
'username' => 'u.username', |
| 111 | 1779 |
'email' => 'u.email', |
1780 |
'regist' => 'u.reg_time' |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1781 |
); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1782 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1783 |
$sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1784 |
$sort_sqllet = $sortkeys[$sortby]; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1785 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1786 |
$target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1787 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1788 |
$sortorders = array(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1789 |
foreach ( $sortkeys as $k => $_unused ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1790 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1791 |
$sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1792 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1793 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1794 |
// Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1795 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1796 |
echo '<div class="tblholder"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1797 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1798 |
<tr>'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1799 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1800 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1801 |
foreach ( $startletters as $letter ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1802 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1803 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1804 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1805 |
echo ' </tr> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1806 |
</table> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1807 |
</div>'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1808 |
|
| 105 | 1809 |
// User search |
1810 |
if ( isset($_GET['finduser']) ) |
|
1811 |
{
|
|
1812 |
$finduser = str_replace(array( '%', '_'), |
|
1813 |
array('\\%', '\\_'),
|
|
1814 |
$_GET['finduser']); |
|
1815 |
$finduser = str_replace(array('*', '?'),
|
|
1816 |
array('%', '_'),
|
|
1817 |
$finduser); |
|
1818 |
$finduser = $db->escape($finduser); |
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1819 |
$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; |
| 105 | 1820 |
$finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; |
1821 |
} |
|
1822 |
else |
|
1823 |
{
|
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1824 |
if ( ENANO_DBLAYER == 'MYSQL' ) |
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1825 |
$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
|
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1826 |
else if ( ENANO_DBLAYER == 'PGSQL' ) |
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1827 |
$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; |
| 105 | 1828 |
$finduser_url = ''; |
1829 |
} |
|
1830 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1831 |
// Column markers |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1832 |
$headings = '<tr> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1833 |
<th style="max-width: 50px;"> |
| 105 | 1834 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
|
1835 |
</th> |
|
1836 |
<th> |
|
| 342 | 1837 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a>
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1838 |
</th> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1839 |
<th> |
| 342 | 1840 |
' . $lang->get('userfuncs_ml_column_userlevel') . '
|
| 111 | 1841 |
</th> |
1842 |
<th> |
|
| 342 | 1843 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a>
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1844 |
</th> |
| 111 | 1845 |
<th> |
| 342 | 1846 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a>
|
| 111 | 1847 |
</th> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1848 |
</tr>'; |
| 105 | 1849 |
|
1850 |
// determine number of rows |
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1851 |
$q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
|
| 105 | 1852 |
if ( !$q ) |
1853 |
$db->_die(); |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1854 |
|
| 105 | 1855 |
$num_rows = $db->numrows(); |
1856 |
$db->free_result(); |
|
1857 |
||
1858 |
if ( !empty($finduser_url) ) |
|
1859 |
{
|
|
| 342 | 1860 |
switch ( $num_rows ) |
1861 |
{
|
|
1862 |
case 0: |
|
1863 |
$str = $lang->get('userfuncs_ml_msg_matches_zero'); break;
|
|
1864 |
case 1: |
|
1865 |
$str = $lang->get('userfuncs_ml_msg_matches_one'); break;
|
|
1866 |
default: |
|
1867 |
$str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break;
|
|
1868 |
} |
|
1869 |
echo "<h3>$str</h3>"; |
|
| 105 | 1870 |
} |
1871 |
||
1872 |
// main selector |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1873 |
$pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : ''; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1874 |
$q = $db->sql_unbuffered_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1875 |
LEFT JOIN '.table_prefix.'users_extra AS x |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1876 |
ON ( u.user_id = x.user_id ) |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1877 |
LEFT JOIN ' . table_prefix . 'comments AS c |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1878 |
ON ( u.user_id = c.user_id ) |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1879 |
WHERE ' . $username_where . ' AND u.username != \'Anonymous\' |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1880 |
GROUP BY u.user_id' . $pgsql_additional_group_by . ' |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1881 |
ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';'); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1882 |
if ( !$q ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1883 |
$db->_die(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1884 |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1885 |
// formatter parameters |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1886 |
$formatter = new MemberlistFormatter(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1887 |
$formatters = array( |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1888 |
'username' => array($formatter, 'username'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1889 |
'user_level' => array($formatter, 'user_level'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1890 |
'email' => array($formatter, 'email'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1891 |
'reg_time' => array($formatter, 'reg_time'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1892 |
'infobit' => array($formatter, 'infobit') |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1893 |
); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1894 |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1895 |
$html = paginate( |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1896 |
$q, // MySQL result resource |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1897 |
'<tr> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1898 |
<td class="{_css_class}">{user_id}</td>
|
| 111 | 1899 |
<td class="{_css_class}" style="text-align: left;">{username}</td>
|
1900 |
<td class="{_css_class}">{user_level}</td>
|
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1901 |
<td class="{_css_class}">{email}</small></td>
|
| 111 | 1902 |
<td class="{_css_class}">{reg_time}</td>
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1903 |
</tr> |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1904 |
<tr> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1905 |
<td colspan="5" class="row3" style="text-align: left;"> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1906 |
<div id="ml_moreinfo_{user_id}" style="display: none;">
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1907 |
{infobit}
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1908 |
</div> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1909 |
</td> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1910 |
</tr> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1911 |
', // TPL code for rows |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1912 |
$num_rows, // Number of results |
| 105 | 1913 |
makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1914 |
$offset, // Start at this number |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1915 |
25, // Results per page |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1916 |
$formatters, // Formatting hooks |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1917 |
'<div class="tblholder"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1918 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1919 |
' . $headings . ' |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1920 |
', // Header (printed before rows) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1921 |
' ' . $headings . ' |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1922 |
</table> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1923 |
</div> |
| 105 | 1924 |
' . |
1925 |
'<div style="float: left;"> |
|
1926 |
<form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
|
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1927 |
. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' ) |
|
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents:
111
diff
changeset
|
1928 |
. ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') |
| 342 | 1929 |
. '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br />
|
1930 |
<small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>'
|
|
| 105 | 1931 |
. '</form> |
1932 |
</div>' // Footer (printed after rows) |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1933 |
); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1934 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1935 |
if ( $num_rows < 1 ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1936 |
{
|
| 342 | 1937 |
echo ( isset($_GET['finduser']) ) ? '<p>' . $lang->get('userfuncs_ml_err_nousers_find') . '</p>' :
|
1938 |
'<p>' . $lang->get('userfuncs_ml_err_nousers') . '</p>';
|
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1939 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1940 |
else |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1941 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1942 |
echo $html; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1943 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1944 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1945 |
$template->footer(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1946 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1947 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1948 |
/** |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1949 |
* Class for formatting results for the memberlist. |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1950 |
* @access private |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1951 |
*/ |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1952 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1953 |
class MemberlistFormatter |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1954 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1955 |
function username($username, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1956 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1957 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 342 | 1958 |
global $lang; |
1959 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1960 |
$userpage = $paths->nslist['User'] . sanitize_page_id($username); |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1961 |
$class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1962 |
$anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . ' onclick="load_component(\'SpryEffects\'); var el = document.getElementById(\'ml_moreinfo_' . $row['user_id'] . '\'); if ( !el.fx ) el.fx = new Spry.Effect.Blind(el, { duration: 500, from: \'0%\', to: \'100%\', toggle: true }); el.fx.start(); return false;">' . htmlspecialchars($username) . '</a>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1963 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1964 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1965 |
$anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
|
| 342 | 1966 |
onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1967 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1968 |
return $anchor; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1969 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1970 |
function user_level($level, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1971 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1972 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 342 | 1973 |
global $lang; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1974 |
switch ( $level ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1975 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1976 |
case USER_LEVEL_GUEST: |
| 342 | 1977 |
$s_level = $lang->get('userfuncs_ml_level_guest'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1978 |
case USER_LEVEL_MEMBER: |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1979 |
case USER_LEVEL_CHPREF: |
| 342 | 1980 |
$s_level = $lang->get('userfuncs_ml_level_member'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1981 |
case USER_LEVEL_MOD: |
| 342 | 1982 |
$s_level = $lang->get('userfuncs_ml_level_mod'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1983 |
case USER_LEVEL_ADMIN: |
| 342 | 1984 |
$s_level = $lang->get('userfuncs_ml_level_admin'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1985 |
default: |
| 342 | 1986 |
$s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level ));
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1987 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1988 |
return $s_level; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1989 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1990 |
function email($addy, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1991 |
{
|
| 342 | 1992 |
global $lang; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1993 |
if ( $row['email_public'] == '1' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1994 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1995 |
global $email; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1996 |
$addy = $email->encryptEmail($addy); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1997 |
return $addy; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1998 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1999 |
else |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
2000 |
{
|
| 342 | 2001 |
return '<small><' . $lang->get('userfuncs_ml_email_nonpublic') . '></small>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
2002 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
2003 |
} |
| 111 | 2004 |
/** |
2005 |
* Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. |
|
2006 |
* @param int UNIX timestamp |
|
2007 |
* @return string |
|
2008 |
*/ |
|
2009 |
||
2010 |
function format_date($time) |
|
2011 |
{
|
|
| 342 | 2012 |
global $lang; |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2013 |
// Our formattting string to pass to enano_date() |
| 111 | 2014 |
// This should not include minute/second info, only today's date in whatever format suits your fancy |
2015 |
$formatstring = 'F j, Y'; |
|
2016 |
// Today's date |
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2017 |
$today = enano_date($formatstring); |
| 111 | 2018 |
// Yesterday's date |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2019 |
$yesterday = enano_date($formatstring, (time() - (24*60*60))); |
| 111 | 2020 |
// Date on the input |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2021 |
$then = enano_date($formatstring, $time); |
| 111 | 2022 |
// "X days ago" logic |
2023 |
for ( $i = 2; $i <= 6; $i++ ) |
|
2024 |
{
|
|
2025 |
// hours_in_day * minutes_in_hour * seconds_in_minute * num_days |
|
2026 |
$offset = 24 * 60 * 60 * $i; |
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2027 |
$days_ago = enano_date($formatstring, (time() - $offset)); |
| 111 | 2028 |
// so does the input timestamp match the date from $i days ago? |
2029 |
if ( $then == $days_ago ) |
|
2030 |
{
|
|
2031 |
// yes, return $i |
|
| 342 | 2032 |
return $lang->get('userfuncs_ml_date_daysago', array('days_ago' => $i));
|
| 111 | 2033 |
} |
2034 |
} |
|
2035 |
// either yesterday, today, or before 6 days ago |
|
2036 |
switch($then) |
|
2037 |
{
|
|
2038 |
case $today: |
|
| 342 | 2039 |
return $lang->get('userfuncs_ml_date_today');
|
| 111 | 2040 |
case $yesterday: |
| 342 | 2041 |
return $lang->get('userfuncs_ml_date_yesterday');
|
| 111 | 2042 |
default: |
2043 |
return $then; |
|
2044 |
} |
|
2045 |
// .--. |
|
2046 |
// |o_o | |
|
2047 |
// |!_/ | |
|
2048 |
// // \ \ |
|
2049 |
// (| | ) |
|
2050 |
// /'\_ _/`\ |
|
2051 |
// \___)=(___/ |
|
2052 |
return 'Linux rocks!'; |
|
2053 |
} |
|
2054 |
function reg_time($time, $row) |
|
2055 |
{
|
|
2056 |
return $this->format_date($time); |
|
2057 |
} |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2058 |
function infobit($_, $row) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2059 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2060 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2061 |
global $lang; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2062 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2063 |
$bit = ''; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2064 |
if ( $row['user_has_avatar'] == 1 ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2065 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2066 |
$bit .= '<div style="float: left; margin-right: 10px;"> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2067 |
<img alt=" " src="' . make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']) . '" /> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2068 |
</div>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2069 |
} |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2070 |
$rank_data = $session->get_user_rank(intval($row['user_id'])); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2071 |
$userpage = $paths->nslist['User'] . sanitize_page_id($row['username']); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2072 |
$title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2073 |
$bit .= '<a' . $title . ' href="' . makeUrlNS('User', $row['username'], false, true) . '" style="font-size: x-large; ' . $rank_data['rank_style'] . '">' . htmlspecialchars($row['username']) . '</a><br />';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2074 |
if ( $rank_data['user_title'] ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2075 |
$bit .= htmlspecialchars($rank_data['user_title']) . '<br />'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2076 |
if ( $rank_data['rank_title'] ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2077 |
$bit .= '<small>' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '</small><br />'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2078 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2079 |
$bit .= '<div style="text-align: right;"> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2080 |
<a href="' . makeUrlNS('Special', "PrivateMessages/Compose/To/{$row['username']}", false, true) . '" class="abutton abutton_blue"><img alt=" " src="' . cdnPath . '/images/icons/send_pm.png" /> ' . $lang->get('comment_btn_send_privmsg') . '</a>
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2081 |
<a href="' . makeUrlNS('Special', "PrivateMessages/FriendList/Add/{$row['username']}", false, true) . '" class="abutton abutton_green"><img alt=" " src="' . cdnPath . '/images/icons/add_buddy.png" /> ' . $lang->get('comment_btn_add_buddy') . '</a>
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2082 |
</div>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2083 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2084 |
return $bit; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2085 |
} |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
2086 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
2087 |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2088 |
function page_Special_LangExportJSON() |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2089 |
{
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2090 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2091 |
global $lang; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2092 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2093 |
$lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2094 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2095 |
if ( $lang->lang_id == $lang_id ) |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2096 |
$lang_local =& $lang; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2097 |
else |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2098 |
$lang_local = new Language($lang_id); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2099 |
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2100 |
$lang_strings = enano_json_encode($lang_local->strings); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2101 |
$etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2102 |
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2103 |
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2104 |
{
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2105 |
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2106 |
{
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2107 |
header('HTTP/1.1 304 Not Modified');
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2108 |
exit(); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2109 |
} |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2110 |
} |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2111 |
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
2112 |
$timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
2113 |
// generate expires header |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
2114 |
$expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
2115 |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2116 |
header("Last-Modified: $timestamp");
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2117 |
header("Date: $timestamp");
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2118 |
header("ETag: \"$etag\"");
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2119 |
header('Content-type: text/javascript');
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
2120 |
header("Expires: $expires");
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2121 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2122 |
$lang_local->fetch(); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2123 |
echo "if ( typeof(enano_lang) != 'object' ) |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2124 |
var enano_lang = new Object(); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2125 |
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2126 |
enano_lang[{$lang->lang_id}] = " . $lang_strings . ";";
|
|
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
2127 |
|
|
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
2128 |
gzip_output(); |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2129 |
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
2130 |
exit(0); |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2131 |
} |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
2132 |
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2133 |
/** |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2134 |
* Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4. |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2135 |
*/ |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2136 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2137 |
function page_Special_Avatar() |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2138 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2139 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2140 |
global $aggressive_optimize_html; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2141 |
$aggressive_optimize_html = false; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2142 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2143 |
$img_types = array( |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2144 |
IMAGE_TYPE_PNG => 'png', |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2145 |
IMAGE_TYPE_GIF => 'gif', |
|
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2146 |
IMAGE_TYPE_JPG => 'jpg', |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2147 |
IMAGE_TYPE_GRV => 'grv' |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2148 |
); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2149 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2150 |
$avi_id = $paths->getParam(0); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2151 |
if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) )
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2152 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2153 |
echo 'Doesn\'t match the regexp'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2154 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2155 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2156 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2157 |
$avi_id_dec = hexdecode($avi_id); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2158 |
$avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec);
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2159 |
if ( !$avi_id_dec ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2160 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2161 |
echo 'Bad unpack'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2162 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2163 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2164 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2165 |
// check parameters |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2166 |
if ( !isset($img_types[$avi_id_dec['img_type']]) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2167 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2168 |
echo 'Invalid image type'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2169 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2170 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2171 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2172 |
// build file path |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2173 |
$avi_type = $img_types[$avi_id_dec['img_type']]; |
|
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2174 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2175 |
// is this a gravatar? |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2176 |
if ( $avi_type == 'grv' ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2177 |
{
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2178 |
// yes, we'll have to redirect |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2179 |
// sanitize UID |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2180 |
$uid = intval($avi_id_dec['uid']); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2181 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2182 |
// fetch email |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2183 |
$q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;");
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2184 |
if ( !$q ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2185 |
$db->_die(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2186 |
if ( $db->numrows() < 1 ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2187 |
return false; |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2188 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2189 |
list($email) = $db->fetchrow_num(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2190 |
$db->free_result(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2191 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2192 |
$url = make_gravatar_url($url); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2193 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2194 |
// ship out the redirect |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2195 |
header('HTTP/1.1 302 Permanent Redirect');
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2196 |
header("Location: $url");
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2197 |
} |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2198 |
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2199 |
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type;
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2200 |
if ( file_exists($avi_path) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2201 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2202 |
$avi_mod_time = @filemtime($avi_path); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2203 |
$avi_mod_time = date('r', $avi_mod_time);
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2204 |
$avi_size = @filesize($avi_path); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2205 |
header("Last-Modified: $avi_mod_time");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2206 |
header("Content-Length: $avi_size");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2207 |
header("Content-Type: image/$avi_type");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2208 |
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2209 |
header("Cache-Control: public");
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2210 |
// expire it 30 days from now |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2211 |
$expiry_time = time() + ( 86400 * 30 ); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2212 |
header("Expires: " . date('r', $expiry_time));
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2213 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2214 |
$fh = @fopen($avi_path, 'r'); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2215 |
if ( !$fh ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2216 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2217 |
echo 'Could not open file'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2218 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2219 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2220 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2221 |
while ( $fd = @fread($fh, 1024) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2222 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2223 |
echo $fd; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2224 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2225 |
fclose($fh); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2226 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2227 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2228 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2229 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2230 |
|
| 0 | 2231 |
?> |