| author | Dan |
| Fri, 25 Sep 2009 14:18:20 -0400 | |
| changeset 1119 | 2e045975fc65 |
| parent 1117 | 4d8ffe107a0d |
| child 1132 | 05fe0039d952 |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
2 |
/**!info** |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
3 |
{
|
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialuserfuncs_title", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
6 |
"Description" : "plugin_specialuserfuncs_desc", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
8 |
"Version" : "1.1.6", |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
10 |
} |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
11 |
**!*/ |
| 0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
|
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
15 |
* Copyright (C) 2006-2009 Dan Fuhry |
| 0 | 16 |
* |
17 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
18 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
19 |
* |
|
20 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
21 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
22 |
*/ |
|
23 |
||
24 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
25 |
||
|
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
591
diff
changeset
|
26 |
// $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();');
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
27 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
28 |
function SpecialUserFuncs_paths_init() |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
29 |
{
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
30 |
register_special_page('Login', 'specialpage_log_in');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
31 |
register_special_page('Logout', 'specialpage_log_out');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
32 |
register_special_page('Register', 'specialpage_register');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
33 |
register_special_page('Preferences', 'specialpage_preferences');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
34 |
register_special_page('Contributions', 'specialpage_contributions');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
35 |
register_special_page('ChangeStyle', 'specialpage_change_theme');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
36 |
register_special_page('ActivateAccount', 'specialpage_activate_account');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
37 |
register_special_page('Captcha', 'specialpage_captcha');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
38 |
register_special_page('PasswordReset', 'specialpage_password_reset');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
39 |
register_special_page('Memberlist', 'specialpage_member_list');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
40 |
register_special_page('LangExportJSON', 'specialpage_language_export', false);
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
41 |
register_special_page('Avatar', 'specialpage_avatar', false);
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
42 |
} |
| 0 | 43 |
|
44 |
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
|
45 |
||
46 |
$__login_status = ''; |
|
47 |
||
48 |
function page_Special_Login() |
|
49 |
{
|
|
50 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
51 |
global $__login_status; |
|
| 209 | 52 |
global $lang; |
| 0 | 53 |
|
|
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
54 |
require_once(ENANO_ROOT . '/includes/math.php'); |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
55 |
require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
56 |
global $dh_supported; |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
57 |
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
58 |
$locked_out = false; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
59 |
// are we locked out? |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
60 |
$threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
61 |
$duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
62 |
// convert to minutes |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
63 |
$duration = $duration * 60; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
64 |
$policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
65 |
if ( $policy != 'disable' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
66 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
67 |
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
68 |
$timestamp_cutoff = time() - $duration; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
69 |
$q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
70 |
$fails = $db->numrows(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
71 |
if ( $fails >= $threshold ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
72 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
73 |
$row = $db->fetchrow(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
74 |
$locked_out = true; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
75 |
$lockdata = array( |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
76 |
'locked_out' => true, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
77 |
'lockout_threshold' => $threshold, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
78 |
'lockout_duration' => ( $duration / 60 ), |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
79 |
'lockout_fails' => $fails, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
80 |
'lockout_policy' => $policy, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
81 |
'lockout_last_time' => $row['timestamp'], |
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
82 |
'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
83 |
'captcha' => '' |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
84 |
); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
85 |
if ( $policy == 'captcha' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
86 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
87 |
$lockdata['captcha'] = $session->make_captcha(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
88 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
89 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
90 |
$db->free_result(); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
91 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
92 |
|
| 0 | 93 |
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) |
94 |
{
|
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
95 |
header('Content-type: text/javascript');
|
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
96 |
$username = ( $session->user_logged_in ) ? $session->username : false; |
| 0 | 97 |
$response = Array( |
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
98 |
'username' => $username, |
| 0 | 99 |
'key' => $pubkey, |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
100 |
'challenge' => $challenge, |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
101 |
'locked_out' => false |
| 0 | 102 |
); |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
103 |
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
104 |
if ( $locked_out ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
105 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
106 |
foreach ( $lockdata as $x => $y ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
107 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
108 |
$response[$x] = $y; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
109 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
110 |
unset($x, $y); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
111 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
112 |
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
113 |
// 1.1.3: generate diffie hellman key |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
114 |
$response['dh_supported'] = $dh_supported; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
115 |
if ( $dh_supported ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
116 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
117 |
$dh_key_priv = dh_gen_private(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
118 |
$dh_key_pub = dh_gen_public($dh_key_priv); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
119 |
$dh_key_priv = $_math->str($dh_key_priv); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
120 |
$dh_key_pub = $_math->str($dh_key_pub); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
121 |
$response['dh_public_key'] = $dh_key_pub; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
122 |
// store the keys in the DB |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
123 |
$q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
124 |
if ( !$q ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
125 |
$db->die_json(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
126 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
127 |
|
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
326
diff
changeset
|
128 |
$response = enano_json_encode($response); |
| 0 | 129 |
echo $response; |
130 |
return null; |
|
131 |
} |
|
132 |
||
133 |
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
|
|
134 |
if ( isset($_POST['login']) ) |
|
135 |
{
|
|
136 |
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
|
|
137 |
{
|
|
138 |
$level = intval($_POST['auth_level']); |
|
139 |
} |
|
140 |
} |
|
141 |
||
142 |
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) |
|
143 |
{
|
|
144 |
$level = USER_LEVEL_MEMBER; |
|
145 |
} |
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
146 |
if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) |
|
1117
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
147 |
{
|
|
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
148 |
if ( $target = $paths->getAllParams() ) |
|
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
149 |
{
|
|
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
150 |
redirect(makeUrl($target), '', '', 0); |
|
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
151 |
} |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
152 |
$paths->main_page(); |
|
1117
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
153 |
} |
|
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
154 |
|
| 0 | 155 |
$template->header(); |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
156 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="try{runEncryption();}catch(e){};">';
|
| 209 | 157 |
$header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
|
| 0 | 158 |
if ( isset($_POST['login']) ) |
159 |
{
|
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
160 |
$errstring = $__login_status['error']; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
161 |
switch($__login_status['error']) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
162 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
163 |
case 'key_not_found': |
| 209 | 164 |
$errstring = $lang->get('user_err_key_not_found');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
165 |
break; |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
166 |
case 'ERR_DH_KEY_NOT_FOUND': |
|
586
234ddd896555
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
parents:
573
diff
changeset
|
167 |
$errstring = $lang->get('user_err_dh_key_not_found'); // . " -- {$__login_status['debug']}";
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
168 |
break; |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
169 |
case 'ERR_DH_KEY_NOT_INTEGER': |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
170 |
$errstring = $lang->get('user_err_dh_key_not_numeric');
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
171 |
break; |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
172 |
case 'key_wrong_length': |
| 209 | 173 |
$errstring = $lang->get('user_err_key_wrong_length');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
174 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
175 |
case 'too_big_for_britches': |
| 209 | 176 |
$errstring = $lang->get('user_err_too_big_for_britches');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
177 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
178 |
case 'invalid_credentials': |
| 209 | 179 |
$errstring = $lang->get('user_err_invalid_credentials');
|
|
1032
9e61f16a8e47
Login and sessions: fixed some improper handling of the config for lockout logic
Dan
parents:
989
diff
changeset
|
180 |
if ( getConfig('lockout_policy', 'lockout') == 'lockout' )
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
181 |
{
|
|
1032
9e61f16a8e47
Login and sessions: fixed some improper handling of the config for lockout logic
Dan
parents:
989
diff
changeset
|
182 |
$errstring .= $lang->get('user_err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
183 |
} |
|
1032
9e61f16a8e47
Login and sessions: fixed some improper handling of the config for lockout logic
Dan
parents:
989
diff
changeset
|
184 |
else if ( getConfig('lockout_policy', 'lockout') == 'captcha' )
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
185 |
{
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
186 |
$errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
187 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
188 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
189 |
case 'backend_fail': |
| 209 | 190 |
$errstring = $lang->get('user_err_backend_fail');
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
191 |
break; |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
192 |
case 'locked_out': |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
193 |
$attempts = intval($__login_status['lockout_fails']); |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
194 |
if ( $attempts > $__login_status['lockout_threshold']) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
195 |
$attempts = $__login_status['lockout_threshold']; |
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
196 |
|
|
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
197 |
$server_time = time(); |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
198 |
$time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); |
| 209 | 199 |
if ( $time_rem < 1 ) |
200 |
$time_rem = $__login_status['lockout_duration']; |
|
|
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents:
179
diff
changeset
|
201 |
|
| 209 | 202 |
$s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
|
203 |
||
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
204 |
$captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('user_err_locked_out_captcha_blurb') : '';
|
| 209 | 205 |
$errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
|
206 |
||
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
207 |
break; |
|
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
208 |
default: |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
209 |
$errstring = $lang->get($errstring); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
210 |
break; |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
211 |
} |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
212 |
echo '<div class="error-box-mini">'.$errstring.'</div>'; |
| 0 | 213 |
} |
214 |
if ( $p = $paths->getAllParams() ) |
|
215 |
{
|
|
216 |
echo '<input type="hidden" name="return_to" value="'.$p.'" />'; |
|
217 |
} |
|
218 |
else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
|
219 |
{
|
|
220 |
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />'; |
|
221 |
} |
|
222 |
?> |
|
223 |
<div class="tblholder"> |
|
224 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
225 |
<tr> |
|
226 |
<th colspan="3"><?php echo $header; ?></th> |
|
227 |
</tr> |
|
228 |
<tr> |
|
229 |
<td colspan="3" class="row1"> |
|
230 |
<?php |
|
231 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
232 |
{
|
|
| 209 | 233 |
echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
|
| 0 | 234 |
} |
235 |
else |
|
236 |
{
|
|
| 209 | 237 |
echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
|
| 0 | 238 |
} |
239 |
?> |
|
240 |
</td> |
|
241 |
</tr> |
|
242 |
<tr> |
|
243 |
<td class="row2"> |
|
| 209 | 244 |
<?php echo $lang->get('user_login_field_username'); ?>:
|
| 0 | 245 |
</td> |
246 |
<td class="row1"> |
|
247 |
<input name="username" size="25" type="text" <?php |
|
248 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
249 |
{
|
|
250 |
echo 'tabindex="1" '; |
|
251 |
} |
|
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
252 |
else |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
253 |
{
|
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
254 |
echo 'tabindex="3" '; |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
255 |
} |
| 0 | 256 |
if ( $session->user_logged_in ) |
257 |
{
|
|
258 |
echo 'value="' . $session->username . '"'; |
|
259 |
} |
|
260 |
?> /> |
|
261 |
</td> |
|
262 |
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
|
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
263 |
<td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3"> |
| 209 | 264 |
<small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
|
265 |
<?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
|
|
| 0 | 266 |
</td> |
267 |
<?php } ?> |
|
268 |
</tr> |
|
269 |
<tr> |
|
| 209 | 270 |
<td class="row2"> |
271 |
<?php echo $lang->get('user_login_field_password'); ?>:
|
|
272 |
</td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td> |
|
| 0 | 273 |
</tr> |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
274 |
<?php |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
275 |
if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
276 |
{
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
277 |
?> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
278 |
<tr> |
| 209 | 279 |
<td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
280 |
</tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
281 |
<tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
282 |
<td class="row3"> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
283 |
<img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
|
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
284 |
</td> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
285 |
</tr> |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
286 |
<?php |
|
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
287 |
} |
|
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
288 |
$code = $plugins->setHook('login_form_html');
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
289 |
foreach ( $code as $cmd ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
290 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
291 |
eval($cmd); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
292 |
} |
|
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
293 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
294 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
295 |
// "remember me" switch |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
296 |
// first order of business is to determine what the checkbox should say |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
297 |
$session_time = intval(getConfig('session_remember_time', '30'));
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
298 |
if ( $session_time === 0 ) |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
299 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
300 |
// sessions are infinite |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
301 |
$text_remember = $lang->get('user_login_check_remember_infinite');
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
302 |
} |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
303 |
else |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
304 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
305 |
// is the number of days evenly divisible by 7? if so, use weeks |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
306 |
if ( $session_time % 7 == 0 ) |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
307 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
308 |
$session_time = $session_time / 7; |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
309 |
$unit = 'week'; |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
310 |
} |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
311 |
else |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
312 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
313 |
$unit = 'day'; |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
314 |
} |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
315 |
// if it's not equal to 1, pluralize it |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
316 |
if ( $session_time != 1 ) |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
317 |
{
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
318 |
$unit .= 's'; |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
319 |
} |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
320 |
$text_remember = $lang->get('user_login_check_remember', array(
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
321 |
'session_length' => $session_time, |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
322 |
'length_units' => $lang->get("etc_unit_$unit")
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
323 |
)); |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
324 |
} |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
325 |
?> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
326 |
<tr> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
327 |
<td class="row2"> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
328 |
<?php echo $lang->get('user_login_field_remember'); ?>
|
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
329 |
</td> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
330 |
<td class="row1" colspan="2"> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
331 |
<label> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
332 |
<input type="checkbox" name="remember" tabindex="3" /> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
333 |
<?php echo $text_remember; ?> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
334 |
</label> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
335 |
</td> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
336 |
</tr> |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
337 |
<?php |
|
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
338 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
339 |
if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
340 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
341 |
echo '<tr> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
342 |
<td class="row3" colspan="3">'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
343 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
344 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
345 |
$nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
346 |
echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
347 |
echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
348 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
349 |
echo ' </td> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
350 |
</tr>'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
351 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
352 |
else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) ) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
353 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
354 |
echo '<tr> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
355 |
<td class="row3" colspan="3">'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
356 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
357 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
358 |
$usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
359 |
echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
360 |
echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
361 |
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
362 |
echo ' </td> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
363 |
</tr>'; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
364 |
} |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
365 |
else if ( $level > USER_LEVEL_MEMBER && !strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') && $dh_supported ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
366 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
367 |
echo '<tr>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
368 |
echo '<td class="row3" colspan="3">'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
369 |
echo '<p>' . $lang->get('user_login_dh_notice') . '</p>';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
370 |
echo '</td>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
371 |
echo '</tr>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
372 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
373 |
?> |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
374 |
|
| 0 | 375 |
<tr> |
| 1119 | 376 |
<th colspan="3" style="text-align: center" class="subhead"> |
377 |
<input type="hidden" name="login" value="true" /> |
|
378 |
<input type="submit" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '4' : '2'; ?>" /> |
|
379 |
</th> |
|
| 0 | 380 |
</tr> |
381 |
</table> |
|
382 |
</div> |
|
383 |
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" /> |
|
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
384 |
<?php if ( $level <= USER_LEVEL_MEMBER ): ?> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
385 |
<script type="text/javascript"> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
386 |
document.forms.loginform.username.focus(); |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
387 |
</script> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
388 |
<?php else: ?> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
389 |
<script type="text/javascript"> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
390 |
document.forms.loginform.pass.focus(); |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
391 |
</script> |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
392 |
<?php endif; ?> |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
393 |
<?php |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
394 |
echo $session->generate_aes_form(); |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
395 |
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
396 |
// Any additional parameters that need to be passed back? |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
397 |
if ( $p = $paths->getAllParams() ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
398 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
399 |
// ... only if we have a return_to destination. |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
400 |
$get_fwd = $_GET; |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
401 |
unset($get_fwd['do']); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
402 |
if ( isset($get_fwd['target_do']) ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
403 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
404 |
$get_fwd['do'] = $get_fwd['target_do']; |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
405 |
unset($get_fwd['target_do']); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
406 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
407 |
if ( isset($get_fwd['level']) ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
408 |
unset($get_fwd['level']); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
409 |
if ( isset($get_fwd['title']) ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
410 |
unset($get_fwd['title']); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
411 |
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
412 |
if ( !empty($get_fwd) ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
413 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
414 |
$get_string = htmlspecialchars(enano_json_encode($get_fwd)); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
415 |
echo '<input type="hidden" name="get_fwd" value="' . $get_string . '" />'; |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
416 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
417 |
} |
|
1101
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
418 |
else if ( isset($_POST['get_fwd']) ) |
|
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
419 |
{
|
|
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
420 |
echo '<input type="hidden" name="get_fwd" value="' . htmlspecialchars($_POST['get_fwd']) . '" />'; |
|
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
421 |
} |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
422 |
?> |
| 0 | 423 |
</form> |
424 |
<?php |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
425 |
echo $session->aes_javascript('loginform', 'pass');
|
| 0 | 426 |
?> |
427 |
<?php |
|
428 |
$template->footer(); |
|
429 |
} |
|
430 |
||
431 |
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called |
|
432 |
{
|
|
433 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
434 |
global $__login_status; |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
435 |
global $lang; |
|
604
6a90893622f0
Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents:
593
diff
changeset
|
436 |
require_once( ENANO_ROOT . '/includes/math.php' ); |
|
6a90893622f0
Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents:
593
diff
changeset
|
437 |
|
|
1109
c424a15a1656
Common: renamed global $title to $urlname (it broke the API from non-plugin Enano scripts)
Dan
parents:
1101
diff
changeset
|
438 |
$paths->fullpage = $GLOBALS['urlname']; |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
439 |
if ( $paths->getParam(0) === 'action.json' ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
440 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
441 |
if ( !isset($_POST['r']) ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
442 |
die('No request.');
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
443 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
444 |
$request = $_POST['r']; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
445 |
try |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
446 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
447 |
$request = enano_json_decode($request); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
448 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
449 |
catch ( Exception $e ) |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
450 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
451 |
die(enano_json_encode(array( |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
452 |
'mode' => 'error', |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
453 |
'error' => 'ERR_JSON_PARSE_FAILED' |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
454 |
))); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
455 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
456 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
457 |
echo enano_json_encode($session->process_login_request($request)); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
458 |
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
459 |
$db->close(); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
460 |
exit; |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
461 |
} |
| 0 | 462 |
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) |
463 |
{
|
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
464 |
echo 'This version of the Enano LoginAPI is deprecated. Please clear your browser\'s cache and try your login again. Developers, please use the action.json method instead.'; |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
465 |
return true; |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
466 |
} |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
467 |
if(isset($_POST['login'])) |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
468 |
{
|
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
469 |
$captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
470 |
$captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
471 |
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
472 |
try |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
473 |
{
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
474 |
$password = $session->get_aes_post('pass');
|
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
475 |
} |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
476 |
catch ( Exception $e ) |
|
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
477 |
{
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
478 |
$__login_status = array( |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
479 |
'mode' => 'error', |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
480 |
'error' => $e->getMessage() |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
481 |
); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
482 |
return false; |
| 0 | 483 |
} |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
484 |
|
|
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
485 |
// These are to allow auth plugins to work universally between JSON and HTML login forms |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
486 |
$userinfo =& $_POST; |
|
845
a4460ba8ada2
Set password in userinfo to allow auth plugins to see it (some really do need it)
Dan
parents:
843
diff
changeset
|
487 |
$userinfo['password'] =& $password; |
|
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
488 |
$req = array( |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
489 |
'level' => intval($_POST['auth_level']), |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
490 |
'remember' => isset($_POST['remember']) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
491 |
); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
492 |
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
493 |
// At this point if any extra fields were injected into the login form, we need to let plugins process it |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
494 |
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
495 |
/** |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
496 |
* Called upon processing an incoming login request from the plain HTML login form.. If you added anything to the form, |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
497 |
* that will be in the $userinfo array here and on $_POST. Expected return values are: true if your plugin has |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
498 |
* not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
499 |
* with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
500 |
* than these will be ignored. |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
501 |
* @hook login_process_userdata_json |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
502 |
*/ |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
503 |
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
504 |
$skip_normal_login = false; |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
505 |
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
506 |
$code = $plugins->setHook('login_process_userdata_json');
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
507 |
foreach ( $code as $cmd ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
508 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
509 |
$result = eval($cmd); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
510 |
if ( $result === true ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
511 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
512 |
$skip_normal_login = true; |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
513 |
$result = array('success' => true);
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
514 |
break; |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
515 |
} |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
516 |
else if ( is_array($result) ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
517 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
518 |
if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
519 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
520 |
$__login_status = array( |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
521 |
'mode' => 'error', |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
522 |
'error' => $result['error'] |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
523 |
); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
524 |
return false; |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
525 |
} |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
526 |
} |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
527 |
} |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
528 |
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
529 |
if ( !$skip_normal_login ) |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
530 |
{
|
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
531 |
$result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code, isset($_POST['remember'])); |
|
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
532 |
} |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
533 |
|
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
534 |
if($result['success']) |
| 0 | 535 |
{
|
|
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
536 |
$session->start(); |
|
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
537 |
|
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
538 |
$get_add = false; |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
539 |
if ( isset($_POST['get_fwd']) ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
540 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
541 |
try |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
542 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
543 |
$get_fwd = enano_json_decode($_POST['get_fwd']); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
544 |
$get_add = ''; |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
545 |
foreach ( $get_fwd as $key => $value ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
546 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
547 |
$get_add .= "&{$key}=" . urlencode($value);
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
548 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
549 |
$get_add = ltrim($get_add, '&'); |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
550 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
551 |
catch ( Exception $e ) |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
552 |
{
|
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
553 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
554 |
} |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
555 |
|
| 0 | 556 |
$template->load_theme($session->theme, $session->style); |
557 |
if(isset($_POST['return_to'])) |
|
558 |
{
|
|
|
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
559 |
$name = get_page_title($_POST['return_to']); |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
560 |
$subst = array( |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
561 |
'username' => $session->username, |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
562 |
'redir_target' => $name |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
563 |
); |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
564 |
redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
|
| 0 | 565 |
} |
566 |
else |
|
567 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
568 |
$subst = array( |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
569 |
'username' => $session->username, |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
570 |
'redir_target' => $lang->get('user_login_success_body_mainpage')
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
571 |
); |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
572 |
redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
|
| 0 | 573 |
} |
574 |
} |
|
575 |
else |
|
576 |
{
|
|
|
521
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
577 |
if ( $result['error'] === 'valid_reset' ) |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
578 |
{
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
579 |
header('HTTP/1.1 302 Temporary Redirect');
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
580 |
header('Location: ' . $result['redirect_url']);
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
581 |
|
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
582 |
$db->close(); |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
583 |
exit(); |
|
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents:
517
diff
changeset
|
584 |
} |
| 0 | 585 |
$GLOBALS['__login_status'] = $result; |
586 |
} |
|
587 |
} |
|
588 |
} |
|
589 |
||
590 |
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey) |
|
591 |
{
|
|
592 |
$response = Array( |
|
593 |
'result' => 'success_reset', |
|
594 |
'user_id' => $user_id, |
|
595 |
'temppass' => $passkey |
|
596 |
); |
|
597 |
||
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
326
diff
changeset
|
598 |
$response = enano_json_encode($response); |
| 0 | 599 |
echo $response; |
600 |
||
601 |
$db->close(); |
|
602 |
exit; |
|
603 |
} |
|
604 |
||
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
605 |
function page_Special_Logout() |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
606 |
{
|
| 0 | 607 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
608 |
global $lang; |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
609 |
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
610 |
if ( !$session->user_logged_in ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
611 |
$paths->main_page(); |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
612 |
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
613 |
$token = $paths->getParam(0); |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
614 |
if ( $token !== $session->csrf_token ) |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
615 |
{
|
|
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
562
diff
changeset
|
616 |
csrf_request_confirm(); |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
617 |
} |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
618 |
|
| 0 | 619 |
$l = $session->logout(); |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
620 |
if ( $l == 'success' ) |
|
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
621 |
{
|
| 741 | 622 |
$url = makeUrl(get_main_page(), false, true); |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
623 |
if ( $paths->getParam(1) ) |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
624 |
{
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
625 |
$pi = explode('/', $paths->getAllParams());
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
626 |
$pi = implode('/', array_values(array_slice($pi, 1)));
|
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
627 |
list($pid, $ns) = RenderMan::strToPageID($pi); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
628 |
$perms = $session->fetch_page_acl($pid, $ns); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
629 |
if ( $perms->get_permissions('read') )
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
630 |
{
|
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
631 |
$url = makeUrl($pi, false, true); |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
632 |
} |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
633 |
} |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
634 |
redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
|
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
635 |
} |
| 0 | 636 |
$template->header(); |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
637 |
echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
638 |
echo '<p>' . $l . '</p>'; |
| 0 | 639 |
$template->footer(); |
640 |
} |
|
641 |
||
| 30 | 642 |
function page_Special_Register() |
643 |
{
|
|
| 0 | 644 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
645 |
global $lang; |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
646 |
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
647 |
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) |
|
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
648 |
{
|
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
649 |
$paths->main_page(); |
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
650 |
} |
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
651 |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
652 |
// form field trackers |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
653 |
$username = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
654 |
$email = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
655 |
$realname = ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
656 |
|
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
657 |
$terms = getConfig('register_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
658 |
|
| 0 | 659 |
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
|
660 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
661 |
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
662 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
|
| 0 | 663 |
} |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
664 |
// are we locked out from logging in? if so, also lock out registration |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
665 |
if ( getConfig('lockout_policy') === 'lockout' )
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
666 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
667 |
$ip = $db->escape($_SERVER['REMOTE_ADDR']); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
668 |
$threshold = time() - ( 60 * intval(getConfig('lockout_duration')) );
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
669 |
$limit = intval(getConfig('lockout_threshold'));
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
670 |
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;");
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
671 |
if ( !$q ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
672 |
$db->_die(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
673 |
if ( $db->numrows() >= $limit ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
674 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
675 |
$row = $db->fetchrow(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
676 |
$db->free_result(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
677 |
$time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60);
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
678 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '</p>');
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
679 |
} |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
680 |
$db->free_result(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
681 |
} |
| 30 | 682 |
if(isset($_POST['submit'])) |
683 |
{
|
|
684 |
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; |
|
685 |
||
| 0 | 686 |
$captcharesult = $session->get_captcha($_POST['captchahash']); |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
687 |
$session->kill_captcha(); |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
688 |
// bypass captcha if logged in (at this point, if logged in, we're admin) |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
689 |
if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) ) |
| 30 | 690 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
691 |
$s = $lang->get('user_reg_err_captcha');
|
| 30 | 692 |
} |
| 0 | 693 |
else |
| 30 | 694 |
{
|
695 |
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
|
|
696 |
{
|
|
697 |
$s = 'Invalid COPPA input'; |
|
698 |
} |
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
699 |
else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) ) |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
700 |
{
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
701 |
$s = $lang->get('user_reg_err_accept_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
702 |
} |
| 30 | 703 |
else |
704 |
{
|
|
705 |
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
706 |
$s = false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
707 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
708 |
// decrypt password |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
709 |
// as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
710 |
// and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
711 |
// forgot his password, that's his problem. |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
712 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
713 |
if ( $_POST['use_crypt'] == 'yes' ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
714 |
{
|
|
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
270
diff
changeset
|
715 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
716 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
717 |
if ( !$crypt_key ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
718 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
719 |
$s = $lang->get('user_reg_err_missing_key');
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
720 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
721 |
else |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
722 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
723 |
$data = $_POST['crypt_data']; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
724 |
$bin_key = hexdecode($crypt_key); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
725 |
//die("Decrypting with params: key $crypt_key, data $data");
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
726 |
$password = $aes->decrypt($data, $bin_key, ENC_HEX); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
727 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
728 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
729 |
else |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
730 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
731 |
$password = $_POST['password']; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
732 |
} |
| 30 | 733 |
|
| 799 | 734 |
$error =& $s; |
735 |
||
736 |
/** |
|
737 |
* Validation of POST data coming from registration. Put an error message in the variable $error to stop registration. |
|
738 |
* @hook ucp_register_validate |
|
739 |
*/ |
|
740 |
||
741 |
$code = $plugins->setHook('ucp_register_validate');
|
|
742 |
foreach ( $code as $cmd ) |
|
743 |
{
|
|
744 |
eval($cmd); |
|
745 |
} |
|
746 |
||
747 |
// All things verified, create account |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
748 |
if ( !$s ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
749 |
$s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); |
| 30 | 750 |
} |
751 |
} |
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
752 |
if($s == 'success' && !$coppa) |
| 0 | 753 |
{
|
754 |
switch(getConfig('account_activation'))
|
|
755 |
{
|
|
756 |
case "none": |
|
757 |
default: |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
758 |
$str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
|
| 0 | 759 |
break; |
760 |
case "user": |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
761 |
$str = $lang->get('user_reg_msg_success_activ_user');
|
| 0 | 762 |
break; |
763 |
case "admin": |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
764 |
$str = $lang->get('user_reg_msg_success_activ_admin');
|
| 0 | 765 |
break; |
766 |
} |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
767 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
|
| 0 | 768 |
} |
| 30 | 769 |
else if ( $s == 'success' && $coppa ) |
770 |
{
|
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
771 |
$str = $lang->get('user_reg_msg_success_activ_coppa');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
772 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
|
| 30 | 773 |
} |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
774 |
$username = htmlspecialchars($_POST['username']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
775 |
$email = htmlspecialchars($_POST['email']); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
776 |
$realname = htmlspecialchars($_POST['real_name']); |
| 0 | 777 |
} |
778 |
$template->header(); |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
779 |
echo $lang->get('user_reg_msg_greatercontrol');
|
| 30 | 780 |
|
781 |
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
|
|
782 |
{
|
|
783 |
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); |
|
784 |
$session->kill_captcha(); |
|
785 |
$captchacode = $session->make_captcha(); |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
786 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
787 |
$pubkey = $session->rijndael_genkey(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
788 |
$challenge = $session->dss_rand(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
789 |
|
| 30 | 790 |
?> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
791 |
<h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
792 |
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();"> |
| 30 | 793 |
<div class="tblholder"> |
794 |
<table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
795 |
<tr><th colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
796 |
|
| 30 | 797 |
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
798 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
799 |
<!-- FIELD: Username --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
800 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
801 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
802 |
<?php echo $lang->get('user_reg_lbl_field_username'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
803 |
<span id="e_username"></span> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
804 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
805 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
806 |
<input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
807 |
</td> |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
808 |
<td class="row1" style="width: 1px;"> |
|
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
809 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
810 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
811 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
812 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
813 |
<!-- FIELD: Password --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
814 |
<tr> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
815 |
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
816 |
<?php echo $lang->get('user_reg_lbl_field_password'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
817 |
<span id="e_password"></span> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
818 |
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
819 |
<small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
820 |
<?php endif; ?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
821 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
822 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
823 |
<input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
824 |
</td> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
825 |
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
826 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
827 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
828 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
829 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
830 |
<!-- FIELD: Password confirmation --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
831 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
832 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
833 |
<input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
834 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
835 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
836 |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
837 |
<!-- FIELD: Password strength meter --> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
838 |
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
839 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
840 |
<tr> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
841 |
<td class="row3" style="width: 50%;"> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
842 |
<div id="pwmeter"></div> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
843 |
</td> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
844 |
</tr> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
845 |
<?php endif; ?> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
846 |
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
847 |
<!-- FIELD: E-mail address --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
848 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
849 |
<td class="row1" style="width: 50%;"> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
850 |
<?php |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
851 |
if ( $coppa ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
852 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
853 |
echo $lang->get('user_reg_lbl_field_email_coppa');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
854 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
855 |
else |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
856 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
857 |
echo $lang->get('user_reg_lbl_field_email');
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
858 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
859 |
?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
860 |
<?php |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
861 |
if ( ( $x = getConfig('account_activation') ) == 'user' )
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
862 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
863 |
echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
864 |
} |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
865 |
?> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
866 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
867 |
<td class="row1" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
868 |
<input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
869 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
870 |
<td class="row1" style="max-width: 24px;"> |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
871 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
872 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
873 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
874 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
875 |
<!-- FIELD: Real name --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
876 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
877 |
<td class="row3" style="width: 50%;"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
878 |
<?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
879 |
<small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
880 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
881 |
<td class="row3" style="width: 50%;"> |
| 799 | 882 |
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /> |
883 |
</td> |
|
884 |
<td class="row3" style="max-width: 24px;"> |
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
885 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
886 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
887 |
|
| 799 | 888 |
<?php |
889 |
/** |
|
890 |
* Allows adding fields to the user registration form. Form is built with Enano tables, 3 columns. (Rightmost can be left empty or if you're using Javascript validation an image you can update with your own Javascript code) |
|
891 |
* @hook ucp_register_form |
|
892 |
*/ |
|
893 |
||
894 |
$code = $plugins->setHook('ucp_register_form');
|
|
895 |
foreach ( $code as $cmd ) |
|
896 |
{
|
|
897 |
eval($cmd); |
|
898 |
} |
|
899 |
?> |
|
900 |
||
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
901 |
<!-- FIELD: CAPTCHA image --> |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
902 |
<?php |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
903 |
if ( !$session->user_logged_in ): |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
904 |
?> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
905 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
906 |
<td class="row1" style="width: 50%;" rowspan="2"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
907 |
<?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
908 |
<small> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
909 |
<?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
910 |
<br /> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
911 |
<?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
912 |
</small> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
913 |
</td> |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
914 |
<td class="row1"> |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
915 |
<img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><br />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
916 |
<span id="b_username"></span> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
917 |
</td> |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
918 |
<td class="row1"> |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
919 |
</td> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
920 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
921 |
|
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
922 |
<!-- FIELD: CAPTCHA input field --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
923 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
924 |
<td class="row1" colspan="2"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
925 |
<?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
926 |
<input tabindex="6" name="captchacode" type="text" size="10" /> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
927 |
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
928 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
929 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
930 |
|
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
931 |
<!-- FIELD: TOU --> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
932 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
933 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
934 |
if ( !empty($terms) ): |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
935 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
936 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
937 |
<tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
938 |
<td class="row1" colspan="3"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
939 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
940 |
echo $lang->get('user_reg_msg_please_read_tou');
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
941 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
942 |
</td> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
943 |
</tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
944 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
945 |
<tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
946 |
<td class="row3" colspan="3"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
947 |
<div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
948 |
<?php |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
949 |
echo RenderMan::render($terms); |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
950 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
951 |
</div> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
952 |
<p style="text-align: center;"> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
953 |
<label> |
|
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
954 |
<input tabindex="7" type="checkbox" name="tou_agreed" /> |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
955 |
<b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
956 |
</label> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
957 |
</p> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
958 |
</td> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
959 |
</tr> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
960 |
|
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
961 |
<?php |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
962 |
endif; // !empty($terms) |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
963 |
endif; // $session->user_logged_in |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
964 |
?> |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
965 |
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
966 |
<!-- FIELD: submit button --> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
967 |
<tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
968 |
<th class="subhead" colspan="3" style="text-align: center;"> |
|
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
969 |
<input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" />
|
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
970 |
</td> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
971 |
</tr> |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
972 |
|
| 30 | 973 |
</table> |
974 |
</div> |
|
975 |
<?php |
|
976 |
$val = ( $coppa ) ? 'yes' : 'no'; |
|
977 |
echo '<input type="hidden" name="coppa" value="' . $val . '" />'; |
|
978 |
?> |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
979 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
980 |
<input type="hidden" name="use_crypt" value="no" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
981 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
982 |
<input type="hidden" name="crypt_data" value="" /> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
983 |
<script type="text/javascript"> |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
984 |
// ENCRYPTION CODE |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
985 |
function runEncryption() |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
986 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
987 |
var frm = document.forms.regform; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
988 |
if ( frm.password.value.length < 1 ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
989 |
return true; |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
990 |
pass1 = frm.password.value; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
991 |
pass2 = frm.password_confirm.value; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
992 |
if ( pass1 != pass2 ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
993 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
994 |
alert($lang.get('user_reg_err_alert_password_nomatch'));
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
995 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
996 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
997 |
if ( pass1.length < 6 && pass1.length > 0 ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
998 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
999 |
alert($lang.get('user_reg_err_alert_password_tooshort'));
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1000 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1001 |
} |
|
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1002 |
if(aes_self_test()) |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1003 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1004 |
frm.use_crypt.value = 'yes'; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1005 |
var cryptkey = frm.crypt_key.value; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1006 |
frm.crypt_key.value = hex_md5(cryptkey); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1007 |
cryptkey = hexToByteArray(cryptkey); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1008 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1009 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1010 |
frm.submit.disabled = true; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1011 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1012 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1013 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1014 |
pass = frm.password.value; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1015 |
pass = stringToByteArray(pass); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1016 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1017 |
if(!cryptstring) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1018 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1019 |
return false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1020 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1021 |
cryptstring = byteArrayToHex(cryptstring); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1022 |
frm.crypt_data.value = cryptstring; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1023 |
frm.password.value = ""; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1024 |
frm.password_confirm.value = ""; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1025 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1026 |
return true; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1027 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1028 |
</script> |
| 30 | 1029 |
</form> |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1030 |
<!-- Don't optimize this script, it fails when compressed --> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1031 |
<enano:no-opt> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1032 |
<script type="text/javascript"> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1033 |
// <![CDATA[ |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1034 |
var namegood = false; |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1035 |
function validateForm(field) |
| 0 | 1036 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1037 |
if ( typeof(field) != 'object' ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1038 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1039 |
field = {
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1040 |
name: '_nil', |
|
459
31c23016ab62
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
parents:
458
diff
changeset
|
1041 |
value: '_nil' |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1042 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1043 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1044 |
// wait until $lang is initted |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1045 |
if ( typeof($lang) != 'object' ) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1046 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1047 |
setTimeout('validateForm();', 200);
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1048 |
return false; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1049 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1050 |
var frm = document.forms.regform; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1051 |
failed = false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1052 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1053 |
// Username |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1054 |
if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) |
| 30 | 1055 |
{
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1056 |
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
|
|
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1057 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1058 |
if ( frm.username.value.match(regex) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1059 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1060 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1061 |
document.getElementById('e_username').innerHTML = ' ';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1062 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1063 |
failed = true; |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1064 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1065 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1066 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1067 |
} |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1068 |
if ( document.getElementById('b_username') )
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1069 |
{
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1070 |
document.getElementById('b_username').innerHTML = '';
|
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1071 |
if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1') |
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1072 |
{
|
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1073 |
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
|
|
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
1074 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1075 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1076 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1077 |
// Password |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1078 |
if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1079 |
{
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1080 |
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1081 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1082 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1083 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1084 |
} else {
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1085 |
failed = true; |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1086 |
if(frm.password.value.length < 6) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1087 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1088 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1089 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1090 |
else if(frm.password.value != frm.password_confirm.value) |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1091 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1092 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1093 |
} |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1094 |
else |
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1095 |
{
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1096 |
document.getElementById('e_password').innerHTML = '';
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1097 |
} |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1098 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1099 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1100 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1101 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1102 |
// E-mail address |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1103 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1104 |
// workaround for idiot jEdit bug |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1105 |
if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1106 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1107 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1108 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1109 |
failed = true; |
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1110 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1111 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1112 |
if(failed) |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1113 |
{
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1114 |
frm.submit.disabled = 'disabled'; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1115 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1116 |
frm.submit.disabled = false; |
| 30 | 1117 |
} |
1118 |
} |
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1119 |
function checkUsername() |
| 30 | 1120 |
{
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1121 |
var frm = document.forms.regform; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1122 |
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1123 |
if(!namegood) |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1124 |
{
|
|
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1125 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
|
|
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1126 |
if ( frm.username.value.match(regex) ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1127 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1128 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1129 |
document.getElementById('e_username').innerHTML = ' ';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1130 |
} else {
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1131 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1132 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1133 |
return false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1134 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1135 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1136 |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1137 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1138 |
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
|
|
407
35d94240a197
Mass-fixed all AJAX functions to also check the HTTP status code before parsing the response
Dan
parents:
404
diff
changeset
|
1139 |
if ( ajax.readyState == 4 && ajax.status == 200 ) |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1140 |
if(ajax.responseText == 'good') |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1141 |
{
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1142 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1143 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1144 |
namegood = true; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1145 |
} else if(ajax.responseText == 'bad') {
|
|
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1146 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1147 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1148 |
namegood = false; |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1149 |
} else {
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1150 |
document.getElementById('e_username').innerHTML = ajax.responseText;
|
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1151 |
} |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1152 |
}); |
| 0 | 1153 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1154 |
function regenCaptcha() |
| 30 | 1155 |
{
|
| 448 | 1156 |
var frm = document.forms.regform; |
| 517 | 1157 |
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
|
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1158 |
return false; |
| 30 | 1159 |
} |
|
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1160 |
addOnloadHook(function() |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1161 |
{
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1162 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1163 |
var frm = document.forms.regform; |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1164 |
load_component('pwstrength');
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1165 |
password_score_field(frm.password); |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1166 |
<?php endif; ?> |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1167 |
load_component('crypto');
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1168 |
validateForm(); |
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1169 |
setTimeout('checkUsername();', 1000);
|
|
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1170 |
}); |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1171 |
// ]]> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1172 |
</script> |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1173 |
</enano:no-opt> |
| 30 | 1174 |
<?php |
1175 |
} |
|
1176 |
else |
|
1177 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1178 |
$year = intval( enano_date('Y') );
|
| 30 | 1179 |
$year = $year - 13; |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1180 |
$month = enano_date('F');
|
|
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1181 |
$day = enano_date('d');
|
| 30 | 1182 |
|
1183 |
$yo13_date = "$month $day, $year"; |
|
1184 |
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
|
|
1185 |
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
|
|
1186 |
||
1187 |
// COPPA enabled, ask age |
|
1188 |
echo '<div class="tblholder">'; |
|
1189 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
1190 |
echo '<tr> |
|
1191 |
<td class="row1"> |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1192 |
' . $lang->get('user_reg_coppa_title') . '
|
| 30 | 1193 |
</td> |
1194 |
</tr> |
|
1195 |
<tr> |
|
1196 |
<td class="row3"> |
|
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1197 |
<a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
|
|
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1198 |
<a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
|
| 30 | 1199 |
</td> |
1200 |
</tr>'; |
|
1201 |
echo '</table>'; |
|
1202 |
echo '</div>'; |
|
1203 |
} |
|
| 0 | 1204 |
$template->footer(); |
1205 |
} |
|
1206 |
||
|
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1207 |
function page_Special_Contributions() |
|
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1208 |
{
|
| 0 | 1209 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1210 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1211 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1212 |
// This is a vast improvement over the old Special:Contributions in 1.0.x. |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1213 |
|
| 0 | 1214 |
$template->header(); |
1215 |
$user = $paths->getParam(); |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1216 |
if ( !$user && isset($_GET['user']) ) |
| 0 | 1217 |
{
|
1218 |
$user = $_GET['user']; |
|
1219 |
} |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1220 |
else if ( !$user && !isset($_GET['user']) ) |
| 0 | 1221 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1222 |
echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>';
|
| 0 | 1223 |
$template->footer(); |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1224 |
return; |
| 0 | 1225 |
} |
1226 |
||
|
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1227 |
$url = makeUrlNS("Special", "Log/user={$user}");
|
|
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1228 |
redirect($url, '', '', 0); |
| 0 | 1229 |
} |
1230 |
||
1231 |
function page_Special_ChangeStyle() |
|
1232 |
{
|
|
1233 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1234 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1235 |
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1236 |
if ( !$session->user_logged_in ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1237 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1238 |
die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1239 |
} |
| 0 | 1240 |
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
1241 |
{
|
|
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1242 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1243 |
die('Hacking attempt');
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1244 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
|
|
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1245 |
die('Hacking attempt');
|
| 0 | 1246 |
$d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
1247 |
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1248 |
if ( !file_exists($d) || !is_dir($d) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1249 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1250 |
die('The directory "'.$d.'" does not exist.');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1251 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1252 |
if ( !file_exists($f) ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1253 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1254 |
die('The file "'.$f.'" does not exist.');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1255 |
} |
| 0 | 1256 |
$d = $db->escape($_POST['theme']); |
1257 |
$f = $db->escape($_POST['style']); |
|
1258 |
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1259 |
if ( !$db->sql_query($q) ) |
| 0 | 1260 |
{
|
1261 |
$db->_die('Your theme/style preferences were not updated.');
|
|
1262 |
} |
|
1263 |
else |
|
1264 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1265 |
redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3);
|
| 0 | 1266 |
} |
1267 |
} |
|
1268 |
else |
|
1269 |
{
|
|
1270 |
$template->header(); |
|
1271 |
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1272 |
if ( !$ret ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1273 |
{
|
| 741 | 1274 |
$ret = get_main_page(); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1275 |
} |
| 0 | 1276 |
?> |
1277 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1278 |
<?php if ( !isset($_POST['themeselected']) ) { ?>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1279 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3>
|
| 0 | 1280 |
<p> |
1281 |
<select name="theme"> |
|
1282 |
<?php |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1283 |
foreach ( $template->theme_list as $t ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1284 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1285 |
if ( $t['enabled'] ) |
| 0 | 1286 |
{
|
1287 |
echo '<option value="'.$t['theme_id'].'"'; |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1288 |
if ( $t['theme_id'] == $session->theme ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1289 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1290 |
echo ' selected="selected"'; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1291 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1292 |
echo '>' . $t['theme_name'] . '</option>'; |
| 0 | 1293 |
} |
1294 |
} |
|
1295 |
?> |
|
1296 |
</select> |
|
1297 |
</p> |
|
1298 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1299 |
<input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
|
| 0 | 1300 |
<?php } else {
|
1301 |
$theme = $_POST['theme']; |
|
1302 |
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
|
|
1303 |
die('Hacking attempt');
|
|
1304 |
?> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1305 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3>
|
| 0 | 1306 |
<p> |
1307 |
<select name="style"> |
|
1308 |
<?php |
|
1309 |
$dir = './themes/'.$theme.'/css/'; |
|
1310 |
$list = Array(); |
|
1311 |
// Open a known directory, and proceed to read its contents |
|
1312 |
if (is_dir($dir)) {
|
|
1313 |
if ($dh = opendir($dir)) {
|
|
1314 |
while (($file = readdir($dh)) !== false) {
|
|
1315 |
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
|
|
1316 |
$list[] = substr($file, 0, strlen($file)-4); |
|
1317 |
} |
|
1318 |
} |
|
1319 |
closedir($dh); |
|
1320 |
} |
|
1321 |
} else die($dir.' is not a dir'); |
|
1322 |
foreach ( $list as $l ) |
|
1323 |
{
|
|
1324 |
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>'; |
|
1325 |
} |
|
1326 |
?> |
|
1327 |
</select> |
|
1328 |
</p> |
|
1329 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
1330 |
<input type="hidden" name="theme" value="<?php echo $theme; ?>" /> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1331 |
<input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
|
| 0 | 1332 |
<?php } ?> |
1333 |
</form> |
|
1334 |
<?php |
|
1335 |
$template->footer(); |
|
1336 |
} |
|
1337 |
} |
|
1338 |
||
1339 |
function page_Special_ActivateAccount() |
|
1340 |
{
|
|
1341 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1342 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1343 |
|
| 0 | 1344 |
$user = $paths->getParam(0); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1345 |
if ( !$user ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1346 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1347 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1348 |
} |
| 0 | 1349 |
$key = $paths->getParam(1); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1350 |
if ( !$key ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1351 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1352 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1353 |
} |
| 0 | 1354 |
$s = $session->activate_account(str_replace('_', ' ', $user), $key);
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1355 |
if ( $s > 0 ) |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1356 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1357 |
die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1358 |
} |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1359 |
else |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1360 |
{
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1361 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>');
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1362 |
} |
| 0 | 1363 |
} |
1364 |
||
1365 |
function page_Special_Captcha() |
|
1366 |
{
|
|
1367 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1368 |
if ( $paths->getParam(0) == 'make' ) |
| 0 | 1369 |
{
|
1370 |
$session->kill_captcha(); |
|
1371 |
echo $session->make_captcha(); |
|
1372 |
return; |
|
1373 |
} |
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1374 |
|
| 0 | 1375 |
$hash = $paths->getParam(0); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1376 |
if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1377 |
{
|
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1378 |
$paths->main_page(); |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1379 |
} |
|
402
d907601ccad2
Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents:
401
diff
changeset
|
1380 |
|
| 987 | 1381 |
$session->make_captcha(7, $hash); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1382 |
$code = $session->generate_captcha_code(); |
| 987 | 1383 |
// Avoid letting our captchas end up on failblog.org |
1384 |
// BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png |
|
|
989
79d558a94798
Added another word to the CAPTCHA blacklist (thanks Neal).
Dan
parents:
987
diff
changeset
|
1385 |
foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word )
|
| 987 | 1386 |
{
|
1387 |
if ( stristr($code, $word) ) |
|
1388 |
{
|
|
1389 |
// but don't put too much effort into this (will only correct this once) |
|
1390 |
$code = $session->generate_captcha_code(); |
|
1391 |
break; |
|
1392 |
} |
|
1393 |
} |
|
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1394 |
$q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
|
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1395 |
if ( !$q ) |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1396 |
$db->_die(); |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1397 |
|
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1398 |
require ( ENANO_ROOT.'/includes/captcha.php' ); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1399 |
$captcha = captcha_object($hash, 'freecap'); |
|
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
459
diff
changeset
|
1400 |
// $captcha->debug = true; |
| 0 | 1401 |
$captcha->make_image(); |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1402 |
|
| 0 | 1403 |
exit; |
1404 |
} |
|
1405 |
||
1406 |
function page_Special_PasswordReset() |
|
1407 |
{
|
|
1408 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1409 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1410 |
|
| 0 | 1411 |
$template->header(); |
1412 |
if($paths->getParam(0) == 'stage2') |
|
1413 |
{
|
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1414 |
require_once(ENANO_ROOT . '/includes/math.php'); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1415 |
require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1416 |
|
| 0 | 1417 |
$user_id = intval($paths->getParam(1)); |
1418 |
$encpass = $paths->getParam(2); |
|
1419 |
if ( $user_id < 2 ) |
|
1420 |
{
|
|
1421 |
echo '<p>Hacking attempt</p>'; |
|
1422 |
$template->footer(); |
|
1423 |
return false; |
|
1424 |
} |
|
1425 |
if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
|
|
1426 |
{
|
|
1427 |
echo '<p>Hacking attempt</p>'; |
|
1428 |
$template->footer(); |
|
1429 |
return false; |
|
1430 |
} |
|
1431 |
||
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1432 |
$q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
|
| 0 | 1433 |
if($db->numrows() < 1) |
1434 |
{
|
|
1435 |
echo '<p>Invalid credentials</p>'; |
|
1436 |
$template->footer(); |
|
1437 |
return false; |
|
1438 |
} |
|
1439 |
$row = $db->fetchrow(); |
|
1440 |
$db->free_result(); |
|
1441 |
||
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1442 |
$temp_pass = $session->pk_decrypt($encpass); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1443 |
$temp_hmac = hmac_sha1($temp_pass, $row['password_salt']); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1444 |
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1445 |
if ( $temp_hmac !== $row['temp_password'] ) |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1446 |
{
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1447 |
echo '<p>Invalid credentials</p>'; |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1448 |
$template->footer(); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1449 |
return false; |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1450 |
} |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1451 |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1452 |
if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
| 0 | 1453 |
{
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1454 |
echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>';
|
| 0 | 1455 |
$template->footer(); |
1456 |
return false; |
|
1457 |
} |
|
1458 |
||
1459 |
if ( isset($_POST['do_stage2']) ) |
|
1460 |
{
|
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1461 |
$data = $session->get_aes_post('pass');
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1462 |
|
| 0 | 1463 |
if(empty($data)) |
1464 |
{
|
|
1465 |
echo 'ERROR: Sanity check failed!'; |
|
1466 |
$template->footer(); |
|
1467 |
return false; |
|
1468 |
} |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1469 |
if ( strlen($data) < 6 ) |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1470 |
{
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1471 |
echo '<p>' . $lang->get('userfuncs_passreset_err_too_short') . '</p>';
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1472 |
$template->footer(); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1473 |
return false; |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1474 |
} |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1475 |
if ( $_POST['use_crypt'] == 'no' ) |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1476 |
{
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1477 |
if ( $_POST['pass'] !== $_POST['pass_confirm'] ) |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1478 |
{
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1479 |
echo '<p>' . $lang->get('userfuncs_passreset_err_no_match') . '</p>';
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1480 |
$template->footer(); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1481 |
return false; |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1482 |
} |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1483 |
} |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1484 |
if ( getConfig('pw_strength_enable') == '1' )
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1485 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1486 |
$min_score = intval(getConfig('pw_strength_minimum'));
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1487 |
$inp_score = password_score($data); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1488 |
if ( $inp_score < $min_score ) |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1489 |
{
|
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1490 |
$url = makeUrl($paths->fullpage); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1491 |
echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>";
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1492 |
$template->footer(); |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1493 |
return false; |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1494 |
} |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1495 |
} |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1496 |
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1497 |
$session->set_password($user_id, $data); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1498 |
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1499 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';');
|
| 0 | 1500 |
|
1501 |
if($q) |
|
1502 |
{
|
|
1503 |
$session->login_without_crypto($row['username'], $data); |
|
| 741 | 1504 |
echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '</p>';
|
| 0 | 1505 |
} |
1506 |
else |
|
1507 |
{
|
|
1508 |
echo $db->get_error(); |
|
1509 |
} |
|
1510 |
||
1511 |
$template->footer(); |
|
1512 |
return false; |
|
1513 |
} |
|
1514 |
||
1515 |
// Password reset form |
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1516 |
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1517 |
$pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div></td></tr>' : '';
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1518 |
$pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : '';
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1519 |
|
| 0 | 1520 |
?> |
1521 |
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
|
1522 |
<br /> |
|
1523 |
<div class="tblholder"> |
|
1524 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1525 |
<tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1526 |
<tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1527 |
<tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
|
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1528 |
<?php echo $pw_meter; ?> |
| 0 | 1529 |
<tr> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1530 |
<td colspan="2" class="row3" style="text-align: center;"> |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1531 |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1532 |
<input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" />
|
| 0 | 1533 |
</td> |
1534 |
</tr> |
|
1535 |
</table> |
|
1536 |
</div> |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1537 |
<?php echo $session->generate_aes_form(); ?> |
| 0 | 1538 |
</form> |
1539 |
<script type="text/javascript"> |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1540 |
addOnloadHook(function() |
| 0 | 1541 |
{
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1542 |
load_component('pwstrength');
|
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1543 |
password_score_field(document.forms.resetform.pass); |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1544 |
}); |
| 0 | 1545 |
</script> |
1546 |
<?php |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1547 |
echo $session->aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key');
|
| 0 | 1548 |
$template->footer(); |
1549 |
return true; |
|
1550 |
} |
|
|
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1551 |
if ( $session->user_logged_in ) |
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1552 |
{
|
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1553 |
$paths->main_page(); |
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1554 |
} |
|
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1555 |
|
| 0 | 1556 |
if(isset($_POST['do_reset'])) |
1557 |
{
|
|
1558 |
if($session->mail_password_reset($_POST['username'])) |
|
1559 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1560 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>';
|
| 0 | 1561 |
} |
1562 |
else |
|
1563 |
{
|
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1564 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>';
|
| 0 | 1565 |
} |
1566 |
$template->footer(); |
|
1567 |
return true; |
|
1568 |
} |
|
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1569 |
echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1570 |
<p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p>
|
| 0 | 1571 |
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1572 |
<p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p>
|
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1573 |
<p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p>
|
| 0 | 1574 |
</form>'; |
1575 |
$template->footer(); |
|
1576 |
} |
|
1577 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1578 |
function page_Special_Memberlist() |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1579 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1580 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1581 |
global $lang; |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1582 |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1583 |
$template->header(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1584 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1585 |
$startletters = 'abcdefghijklmnopqrstuvwxyz'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1586 |
$startletters = enano_str_split($startletters); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1587 |
$startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1588 |
if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1589 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1590 |
$startletter = ''; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1591 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1592 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1593 |
$startletter_sql = $startletter; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1594 |
if ( $startletter == 'chr' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1595 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1596 |
$startletter_sql = '([^a-z])'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1597 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1598 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1599 |
// offset |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1600 |
$perpage = 25; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1601 |
$page = (( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 1) - 1; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1602 |
$offset = $page * $perpage; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1603 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1604 |
// sort order |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1605 |
$sortkeys = array( |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1606 |
'uid' => 'u.user_id', |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1607 |
'username' => 'u.username', |
| 111 | 1608 |
'email' => 'u.email', |
1609 |
'regist' => 'u.reg_time' |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1610 |
); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1611 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1612 |
$sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1613 |
$sort_sqllet = $sortkeys[$sortby]; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1614 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1615 |
$target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1616 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1617 |
$sortorders = array(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1618 |
foreach ( $sortkeys as $k => $_unused ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1619 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1620 |
$sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1621 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1622 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1623 |
// Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1624 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1625 |
echo '<div class="tblholder"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1626 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1627 |
<tr>'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1628 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1629 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1630 |
foreach ( $startletters as $letter ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1631 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1632 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1633 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1634 |
echo ' </tr> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1635 |
</table> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1636 |
</div>'; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1637 |
|
| 105 | 1638 |
// User search |
1639 |
if ( isset($_GET['finduser']) ) |
|
1640 |
{
|
|
1641 |
$finduser = str_replace(array( '%', '_'), |
|
1642 |
array('\\%', '\\_'),
|
|
1643 |
$_GET['finduser']); |
|
1644 |
$finduser = str_replace(array('*', '?'),
|
|
1645 |
array('%', '_'),
|
|
1646 |
$finduser); |
|
1647 |
$finduser = $db->escape($finduser); |
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1648 |
$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; |
| 105 | 1649 |
$finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; |
1650 |
} |
|
1651 |
else |
|
1652 |
{
|
|
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1653 |
if ( ENANO_DBLAYER == 'MYSQL' ) |
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1654 |
$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
|
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1655 |
else if ( ENANO_DBLAYER == 'PGSQL' ) |
|
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1656 |
$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; |
| 105 | 1657 |
$finduser_url = ''; |
1658 |
} |
|
1659 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1660 |
// Column markers |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1661 |
$headings = '<tr> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1662 |
<th style="max-width: 50px;"> |
| 105 | 1663 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
|
1664 |
</th> |
|
1665 |
<th> |
|
| 342 | 1666 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a>
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1667 |
</th> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1668 |
<th> |
| 342 | 1669 |
' . $lang->get('userfuncs_ml_column_userlevel') . '
|
| 111 | 1670 |
</th> |
1671 |
<th> |
|
| 342 | 1672 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a>
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1673 |
</th> |
| 111 | 1674 |
<th> |
| 342 | 1675 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a>
|
| 111 | 1676 |
</th> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1677 |
</tr>'; |
| 105 | 1678 |
|
1679 |
// determine number of rows |
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1680 |
$q = $db->sql_query('SELECT COUNT(u.user_id) FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
|
| 105 | 1681 |
if ( !$q ) |
1682 |
$db->_die(); |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1683 |
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1684 |
list($num_rows) = $db->fetchrow_num(); |
| 105 | 1685 |
$db->free_result(); |
1686 |
||
1687 |
if ( !empty($finduser_url) ) |
|
1688 |
{
|
|
| 342 | 1689 |
switch ( $num_rows ) |
1690 |
{
|
|
1691 |
case 0: |
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1692 |
$str = ''; /* $lang->get('userfuncs_ml_msg_matches_zero'); */ break;
|
| 342 | 1693 |
case 1: |
1694 |
$str = $lang->get('userfuncs_ml_msg_matches_one'); break;
|
|
1695 |
default: |
|
1696 |
$str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break;
|
|
1697 |
} |
|
1698 |
echo "<h3>$str</h3>"; |
|
| 105 | 1699 |
} |
1700 |
||
1701 |
// main selector |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1702 |
$pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : ''; |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1703 |
$q = $db->sql_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1704 |
LEFT JOIN '.table_prefix.'users_extra AS x |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1705 |
ON ( u.user_id = x.user_id ) |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1706 |
LEFT JOIN ' . table_prefix . 'comments AS c |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1707 |
ON ( u.user_id = c.user_id ) |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1708 |
WHERE ' . $username_where . ' AND u.username != \'Anonymous\' |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1709 |
GROUP BY u.user_id' . $pgsql_additional_group_by . ' |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1710 |
ORDER BY ' . $sort_sqllet . ' ' . $target_order . ' |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1711 |
LIMIT ' . $perpage . ' OFFSET ' . $offset . ';'); |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1712 |
if ( !$q ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1713 |
$db->_die(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1714 |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1715 |
// formatter parameters |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1716 |
$formatter = new MemberlistFormatter(); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1717 |
$formatters = array( |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1718 |
'username' => array($formatter, 'username'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1719 |
'user_level' => array($formatter, 'user_level'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1720 |
'email' => array($formatter, 'email'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1721 |
'reg_time' => array($formatter, 'reg_time'), |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1722 |
'infobit' => array($formatter, 'infobit') |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1723 |
); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1724 |
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1725 |
$result_url = makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order );
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1726 |
$paginator = generate_paginator($page, ceil($num_rows / $perpage), $result_url); |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1727 |
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1728 |
if ( $num_rows > 0 ) |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1729 |
{
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1730 |
if ( $num_rows > $perpage ) |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1731 |
echo $paginator; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1732 |
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1733 |
echo '<div class="tblholder"> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1734 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1735 |
' . $headings; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1736 |
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1737 |
$i = 0; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1738 |
while ( $row = $db->fetchrow($q) ) |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1739 |
{
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1740 |
$i++; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1741 |
$cls = ( $i % 2 == 0 ) ? 'row2' : 'row1'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1742 |
echo '<tr>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1743 |
echo '<td class="' . $cls . '">' . $row['user_id'] . '</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1744 |
echo '<td class="' . $cls . '" style="text-align: left;">' . $formatter->username($row['username'], $row) . '</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1745 |
echo '<td class="' . $cls . '">' . $formatter->user_level($row['user_level'], $row) . '</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1746 |
echo '<td class="' . $cls . '">' . $formatter->email($row['email'], $row) . '</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1747 |
echo '<td class="' . $cls . '">' . $formatter->reg_time($row['reg_time'], $row) . '</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1748 |
echo '</tr>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1749 |
echo '<tr>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1750 |
echo '<td colspan="5" class="row3" style="text-align: left;"> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1751 |
<div id="ml_moreinfo_' . $row['user_id'] . '" style="display: none;"> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1752 |
' . $formatter->infobit(true, $row) . ' |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1753 |
</div> |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1754 |
</td>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1755 |
echo '</tr>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1756 |
} |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1757 |
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1758 |
echo ' ' . $headings . ' |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1759 |
</table> |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1760 |
</div> |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1761 |
'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1762 |
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1763 |
if ( $num_rows > $perpage ) |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1764 |
echo $paginator; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1765 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1766 |
else |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1767 |
{
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1768 |
echo '<h2 class="emptymessage">' . $lang->get('log_msg_no_results') . '</h2>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1769 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1770 |
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1771 |
echo '<div style="float: left;"> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1772 |
<form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1773 |
. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' ) |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1774 |
. ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1775 |
. '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br />
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1776 |
<small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>'
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1777 |
. '</form> |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1778 |
</div>'; |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1779 |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1780 |
$template->footer(); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1781 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1782 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1783 |
/** |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1784 |
* Class for formatting results for the memberlist. |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1785 |
* @access private |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1786 |
*/ |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1787 |
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1788 |
class MemberlistFormatter |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1789 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1790 |
function username($username, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1791 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1792 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 342 | 1793 |
global $lang; |
1794 |
||
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1795 |
$userpage = $paths->nslist['User'] . sanitize_page_id($username); |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1796 |
$class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"'; |
| 743 | 1797 |
$anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . ' onclick="load_component(\'jquery\'); load_component(\'jquery-ui\'); var el = document.getElementById(\'ml_moreinfo_' . $row['user_id'] . '\'); $(el).toggle(\'blind\'); return false;">' . htmlspecialchars($username) . '</a>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1798 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1799 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1800 |
$anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
|
| 342 | 1801 |
onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1802 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1803 |
return $anchor; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1804 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1805 |
function user_level($level, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1806 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1807 |
global $db, $session, $paths, $template, $plugins; // Common objects |
| 342 | 1808 |
global $lang; |
|
908
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1809 |
/* |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1810 |
switch ( $level ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1811 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1812 |
case USER_LEVEL_GUEST: |
| 342 | 1813 |
$s_level = $lang->get('userfuncs_ml_level_guest'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1814 |
case USER_LEVEL_MEMBER: |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1815 |
case USER_LEVEL_CHPREF: |
| 342 | 1816 |
$s_level = $lang->get('userfuncs_ml_level_member'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1817 |
case USER_LEVEL_MOD: |
| 342 | 1818 |
$s_level = $lang->get('userfuncs_ml_level_mod'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1819 |
case USER_LEVEL_ADMIN: |
| 342 | 1820 |
$s_level = $lang->get('userfuncs_ml_level_admin'); break;
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1821 |
default: |
| 342 | 1822 |
$s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level ));
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1823 |
} |
|
908
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1824 |
*/ |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1825 |
|
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1826 |
// TODO: Requested by mm3. Is this too CPU-intensive? Optimize? |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1827 |
// Performance yield =/= about the same (but only 4 users under testing conditions) |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1828 |
$rankdata = $session->get_user_rank($row['user_id']); |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1829 |
$s_level = '<span style="' . $rankdata['rank_style'] . '">' . $lang->get($rankdata['rank_title']) . '</span>'; |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1830 |
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1831 |
return $s_level; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1832 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1833 |
function email($addy, $row) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1834 |
{
|
| 342 | 1835 |
global $lang; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1836 |
if ( $row['email_public'] == '1' ) |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1837 |
{
|
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1838 |
global $email; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1839 |
$addy = $email->encryptEmail($addy); |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1840 |
return $addy; |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1841 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1842 |
else |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1843 |
{
|
| 342 | 1844 |
return '<small><' . $lang->get('userfuncs_ml_email_nonpublic') . '></small>';
|
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1845 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1846 |
} |
| 111 | 1847 |
/** |
1848 |
* Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. |
|
1849 |
* @param int UNIX timestamp |
|
1850 |
* @return string |
|
1851 |
*/ |
|
1852 |
||
| 912 | 1853 |
public static function format_date($time) |
| 111 | 1854 |
{
|
|
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
1855 |
// merged into enano_date() :) |
|
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
1856 |
return enano_date(ED_DATE, $time); |
| 111 | 1857 |
} |
1858 |
function reg_time($time, $row) |
|
1859 |
{
|
|
1860 |
return $this->format_date($time); |
|
1861 |
} |
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1862 |
function infobit($_, $row) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1863 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1864 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1865 |
global $lang; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1866 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1867 |
$bit = ''; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1868 |
if ( $row['user_has_avatar'] == 1 ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1869 |
{
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1870 |
$bit .= '<div style="float: left; margin-right: 10px;"> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1871 |
<img alt=" " src="' . make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']) . '" /> |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1872 |
</div>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1873 |
} |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1874 |
$rank_data = $session->get_user_rank(intval($row['user_id'])); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1875 |
$userpage = $paths->nslist['User'] . sanitize_page_id($row['username']); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1876 |
$title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1877 |
$bit .= '<a' . $title . ' href="' . makeUrlNS('User', $row['username'], false, true) . '" style="font-size: x-large; ' . $rank_data['rank_style'] . '">' . htmlspecialchars($row['username']) . '</a><br />';
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1878 |
if ( $rank_data['user_title'] ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1879 |
$bit .= htmlspecialchars($rank_data['user_title']) . '<br />'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1880 |
if ( $rank_data['rank_title'] ) |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1881 |
$bit .= '<small>' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '</small><br />'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1882 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1883 |
$bit .= '<div style="text-align: right;"> |
|
969
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
parents:
960
diff
changeset
|
1884 |
<a href="' . makeUrlNS('Special', "PrivateMessages/Compose/To/{$row['username']}", false, true) . '" class="abutton icon abutton_blue" style="background-image: url(' . cdnPath . '/images/icons/send_pm.png);">' . $lang->get('comment_btn_send_privmsg') . '</a>
|
|
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
parents:
960
diff
changeset
|
1885 |
<a href="' . makeUrlNS('Special', "PrivateMessages/FriendList/Add/{$row['username']}", false, true) . '" class="abutton icon abutton_green" style="background-image: url(' . cdnPath . '/images/icons/add_buddy.png);">' . $lang->get('comment_btn_add_buddy') . '</a>
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1886 |
</div>'; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1887 |
|
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1888 |
return $bit; |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1889 |
} |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1890 |
} |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1891 |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1892 |
function page_Special_LangExportJSON() |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1893 |
{
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1894 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1895 |
global $lang; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1896 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1897 |
$lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1898 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1899 |
if ( $lang->lang_id == $lang_id ) |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1900 |
$lang_local =& $lang; |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1901 |
else |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1902 |
$lang_local = new Language($lang_id); |
|
782
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1903 |
|
|
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1904 |
$lang_local->get('meta_meta');
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1905 |
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1906 |
$lang_strings = enano_json_encode($lang_local->strings); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1907 |
$etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1908 |
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1909 |
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1910 |
{
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1911 |
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1912 |
{
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1913 |
header('HTTP/1.1 304 Not Modified');
|
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1914 |
exit(); |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1915 |
} |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1916 |
} |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1917 |
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1918 |
$timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1919 |
// generate expires header |
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1920 |
$expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
|
|
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1921 |
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1922 |
header("Last-Modified: $timestamp");
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1923 |
header("Date: $timestamp");
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1924 |
header("ETag: \"$etag\"");
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1925 |
header('Content-type: text/javascript');
|
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1926 |
header("Expires: $expires");
|
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1927 |
|
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1928 |
$lang_local->fetch(); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1929 |
echo "if ( typeof(enano_lang) != 'object' ) |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1930 |
var enano_lang = new Object(); |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1931 |
|
|
782
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1932 |
enano_lang[{$lang_local->lang_id}] = " . $lang_strings . ";";
|
|
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
1933 |
|
|
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
1934 |
gzip_output(); |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1935 |
|
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1936 |
exit(0); |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1937 |
} |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1938 |
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1939 |
/** |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1940 |
* Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4. |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1941 |
*/ |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1942 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1943 |
function page_Special_Avatar() |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1944 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1945 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1946 |
global $aggressive_optimize_html; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1947 |
$aggressive_optimize_html = false; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1948 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1949 |
$img_types = array( |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1950 |
IMAGE_TYPE_PNG => 'png', |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1951 |
IMAGE_TYPE_GIF => 'gif', |
|
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1952 |
IMAGE_TYPE_JPG => 'jpg', |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1953 |
IMAGE_TYPE_GRV => 'grv' |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1954 |
); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1955 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1956 |
$avi_id = $paths->getParam(0); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1957 |
if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) )
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1958 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1959 |
echo 'Doesn\'t match the regexp'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1960 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1961 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1962 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1963 |
$avi_id_dec = hexdecode($avi_id); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1964 |
$avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec);
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1965 |
if ( !$avi_id_dec ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1966 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1967 |
echo 'Bad unpack'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1968 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1969 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1970 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1971 |
// check parameters |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1972 |
if ( !isset($img_types[$avi_id_dec['img_type']]) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1973 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1974 |
echo 'Invalid image type'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1975 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1976 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1977 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1978 |
// build file path |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1979 |
$avi_type = $img_types[$avi_id_dec['img_type']]; |
|
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1980 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1981 |
// is this a gravatar? |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1982 |
if ( $avi_type == 'grv' ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1983 |
{
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1984 |
// yes, we'll have to redirect |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1985 |
// sanitize UID |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1986 |
$uid = intval($avi_id_dec['uid']); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1987 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1988 |
// fetch email |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1989 |
$q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;");
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1990 |
if ( !$q ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1991 |
$db->_die(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1992 |
if ( $db->numrows() < 1 ) |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1993 |
return false; |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1994 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1995 |
list($email) = $db->fetchrow_num(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1996 |
$db->free_result(); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1997 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1998 |
$url = make_gravatar_url($url); |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1999 |
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2000 |
// ship out the redirect |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2001 |
header('HTTP/1.1 302 Permanent Redirect');
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2002 |
header("Location: $url");
|
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2003 |
} |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
2004 |
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2005 |
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type;
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2006 |
if ( file_exists($avi_path) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2007 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2008 |
$avi_mod_time = @filemtime($avi_path); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2009 |
$avi_mod_time = date('r', $avi_mod_time);
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2010 |
$avi_size = @filesize($avi_path); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2011 |
header("Last-Modified: $avi_mod_time");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2012 |
header("Content-Length: $avi_size");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2013 |
header("Content-Type: image/$avi_type");
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2014 |
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2015 |
header("Cache-Control: public");
|
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2016 |
// expire it 30 days from now |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2017 |
$expiry_time = time() + ( 86400 * 30 ); |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
2018 |
header("Expires: " . date('r', $expiry_time));
|
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2019 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2020 |
$fh = @fopen($avi_path, 'r'); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2021 |
if ( !$fh ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2022 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2023 |
echo 'Could not open file'; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2024 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2025 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2026 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2027 |
while ( $fd = @fread($fh, 1024) ) |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2028 |
{
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2029 |
echo $fd; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2030 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2031 |
fclose($fh); |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2032 |
|
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2033 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2034 |
return true; |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2035 |
} |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2036 |
|
| 0 | 2037 |
?> |