plugins/SpecialUserFuncs.php
author Dan
Fri, 21 Dec 2007 18:33:56 -0500
changeset 330 c94af5b5c40f
parent 326 ab66d6d1f1f4
child 334 c72b545f1304
permissions -rw-r--r--
A minor installer fix to get the installer to run again. TODO: fix bad call to $lang->get() in preinstallation environment set up by index.php
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     2
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
Plugin Name: Special user/login-related pages
23
320acf077276 At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents: 0
diff changeset
     4
Plugin URI: http://enanocms.org/
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     5
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
Author: Dan Fuhry
317
f8356d9c3481 Rebrand as 1.0.3 (Dyrad)
Dan
parents: 292
diff changeset
     7
Version: 1.0.3
23
320acf077276 At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents: 0
diff changeset
     8
Author URI: http://enanocms.org/
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
*/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
317
f8356d9c3481 Rebrand as 1.0.3 (Dyrad)
Dan
parents: 292
diff changeset
    13
 * Version 1.0.3
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 * Copyright (C) 2006-2007 Dan Fuhry
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    18
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
 */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
$plugins->attachHook('base_classes_initted', '
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
  global $paths;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    27
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    28
      \'name\'=>\'Log in\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    29
      \'urlname\'=>\'Login\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    30
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    31
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    32
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    33
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    34
      \'name\'=>\'Log out\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    35
      \'urlname\'=>\'Logout\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    36
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    37
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    38
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    39
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    40
      \'name\'=>\'Register\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
      \'urlname\'=>\'Register\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
      \'name\'=>\'Edit Profile\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
      \'urlname\'=>\'Preferences\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    49
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    52
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
      \'name\'=>\'Contributions\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
      \'urlname\'=>\'Contributions\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    56
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    57
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    58
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    59
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    60
      \'name\'=>\'Change style\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    61
      \'urlname\'=>\'ChangeStyle\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    63
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    67
      \'name\'=>\'Activate user account\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
      \'urlname\'=>\'ActivateAccount\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
      \'namespace\'=>\'Special\',
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
    70
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    71
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    73
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    74
      \'name\'=>\'Captcha\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    75
      \'urlname\'=>\'Captcha\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    76
      \'namespace\'=>\'Special\',
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
    77
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    78
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    79
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    80
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    81
      \'name\'=>\'Forgot password\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    82
      \'urlname\'=>\'PasswordReset\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    83
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    84
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    85
      ));
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    86
    
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    87
    $paths->add_page(Array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    88
      \'name\'=>\'Member list\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    89
      \'urlname\'=>\'Memberlist\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    90
      \'namespace\'=>\'Special\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    91
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    92
      ));
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    93
      
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    94
    $paths->add_page(Array(
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    95
      \'name\'=>\'Language exporter\',
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    96
      \'urlname\'=>\'LangExportJSON\',
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    97
      \'namespace\'=>\'Special\',
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    98
      \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
    99
      ));
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   100
      
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   101
    ');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
$__login_status = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
function page_Special_Login()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   109
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   110
  global $__login_status;
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   111
  global $lang;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   112
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
  $pubkey = $session->rijndael_genkey();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   114
  $challenge = $session->dss_rand();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
  
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   116
  $locked_out = false;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   117
  // are we locked out?
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   118
  $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   119
  $duration  = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   120
  // convert to minutes
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   121
  $duration  = $duration * 60;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   122
  $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   123
  if ( $policy != 'disable' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   124
  {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   125
    $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   126
    $timestamp_cutoff = time() - $duration;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   127
    $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   128
    $fails = $db->numrows();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   129
    if ( $fails >= $threshold )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   130
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   131
      $row = $db->fetchrow();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   132
      $locked_out = true;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   133
      $lockdata = array(
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   134
          'locked_out' => true,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   135
          'lockout_threshold' => $threshold,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   136
          'lockout_duration' => ( $duration / 60 ),
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   137
          'lockout_fails' => $fails,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   138
          'lockout_policy' => $policy,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   139
          'lockout_last_time' => $row['timestamp'],
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   140
          'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   141
          'captcha' => ''
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   142
        );
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   143
      if ( $policy == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   144
      {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   145
        $lockdata['captcha'] = $session->make_captcha();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   146
      }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   147
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   148
    $db->free_result();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   149
  }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   150
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   151
  if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   152
  {
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 317
diff changeset
   153
    header('Content-type: application/json');
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   154
    $username = ( $session->user_logged_in ) ? $session->username : false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   155
    $response = Array(
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   156
      'username' => $username,
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   157
      'key' => $pubkey,
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   158
      'challenge' => $challenge,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   159
      'locked_out' => false
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
      );
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   161
    
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   162
    if ( $locked_out )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   163
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   164
      foreach ( $lockdata as $x => $y )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   165
      {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   166
        $response[$x] = $y;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   167
      }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   168
      unset($x, $y);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   169
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   170
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   171
    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
    $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   173
    echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
    return null;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   176
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
  $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   178
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   179
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   180
    if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   181
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   182
      $level = intval($_POST['auth_level']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   183
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   184
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   185
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   186
  if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
    $level = USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   189
  }
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   190
  if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   191
    $paths->main_page();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   192
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   193
  echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   194
  $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
  {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   197
    $errstring = $__login_status['error'];
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   198
    switch($__login_status['error'])
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   199
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   200
      case 'key_not_found':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   201
        $errstring = $lang->get('user_err_key_not_found');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   202
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   203
      case 'key_wrong_length':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   204
        $errstring = $lang->get('user_err_key_wrong_length');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   205
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   206
      case 'too_big_for_britches':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   207
        $errstring = $lang->get('user_err_too_big_for_britches');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   208
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   209
      case 'invalid_credentials':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   210
        $errstring = $lang->get('user_err_invalid_credentials');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   211
        if ( $__login_status['lockout_policy'] == 'lockout' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   212
        {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   213
          $errstring .= $lang->get('err_invalid_credentials_lockout', array('lockout_fails' => $__login_status['lockout_fails']));
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   214
        }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   215
        else if ( $__login_status['lockout_policy'] == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   216
        {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   217
          $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('lockout_fails' => $__login_status['lockout_fails']));
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   218
        }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   219
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   220
      case 'backend_fail':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   221
        $errstring = $lang->get('user_err_backend_fail');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   222
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   223
      case 'locked_out':
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   224
        $attempts = intval($__login_status['lockout_fails']);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   225
        if ( $attempts > $__login_status['lockout_threshold'])
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   226
          $attempts = $__login_status['lockout_threshold'];
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   227
        
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   228
        $server_time = time();
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   229
        $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   230
        if ( $time_rem < 1 )
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   231
          $time_rem = $__login_status['lockout_duration'];
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   232
        
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   233
        $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   234
        
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   235
        $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('err_locked_out_captcha_blurb') : '';
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   236
        $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   237
        
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   238
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   239
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   240
    echo '<div class="error-box-mini">'.$errstring.'</div>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   241
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
  if ( $p = $paths->getAllParams() )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   244
    echo '<input type="hidden" name="return_to" value="'.$p.'" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
  else if ( isset($_POST['login']) && isset($_POST['return_to']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
    echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
  ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   251
    <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   252
      <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   253
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   254
          <th colspan="3"><?php echo $header; ?></th>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   255
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   256
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   257
          <td colspan="3" class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   258
            <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   259
            if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   260
            {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   261
              echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   262
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   263
            else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   264
            {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   265
              echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   266
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   267
            ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   268
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   269
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   270
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
          <td class="row2">
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   272
            <?php echo $lang->get('user_login_field_username'); ?>:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   273
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
          <td class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
            <input name="username" size="25" type="text" <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
              if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   277
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
                echo 'tabindex="1" ';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
              }
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   280
              else
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   281
              {
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   282
                echo 'tabindex="3" ';
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   283
              }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   284
              if ( $session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   285
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   286
                echo 'value="' . $session->username . '"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
              }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   288
              ?> />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   289
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   290
          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   291
          <td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   292
            <small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   293
            <?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   294
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   295
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   296
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   297
        <tr>
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   298
          <td class="row2">
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   299
            <?php echo $lang->get('user_login_field_password'); ?>:
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   300
          </td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   301
         </tr>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   302
         <?php
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   303
         if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   304
         {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   305
           ?>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   306
           <tr>
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   307
             <td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   308
           </tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   309
           <tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   310
             <td class="row3">
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   311
               <img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   312
             </td>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   313
           </tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   314
           <?php
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   315
         }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   316
         ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   317
         <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   318
           <td class="row3" colspan="3">
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   319
             <?php
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   320
             if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   321
             {
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   322
               $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   323
               $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   324
               echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   325
               echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   326
             }
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   327
             else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   328
             {
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   329
               $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   330
               $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   331
               echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   332
               echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   333
             }
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   334
             ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   335
           </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   336
         </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   337
         <tr>
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   338
           <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   339
         </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   340
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   341
    </div>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   342
      <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   343
      <input type="hidden" name="use_crypt" value="no" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   344
      <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   345
      <input type="hidden" name="crypt_data" value="" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   346
      <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   347
      <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   348
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   349
        document.forms.loginform.username.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   350
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   351
      <?php else: ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   352
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   353
        document.forms.loginform.pass.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   354
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   355
      <?php endif; ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   356
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   357
    <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   358
      echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   359
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   360
  <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   361
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   362
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   363
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   364
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   365
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   366
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   367
  global $__login_status;
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   368
  global $lang;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   369
  if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   370
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   371
    $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   372
    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   373
    $data = $json->decode($_POST['params']);
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   374
    $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   375
    $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   376
    $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   377
    $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   378
    $session->start();
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   379
    if ( $result['success'] )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   380
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   381
      $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   382
          'result' => 'success',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   383
          'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   384
        );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   385
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   386
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   387
    {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   388
      $captcha = '';
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   389
      if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   390
      {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   391
        $session->kill_captcha();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   392
        $captcha = $session->make_captcha();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   393
      }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   394
      $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   395
          'result' => 'error',
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   396
          'data' => $result,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   397
          'captcha' => $captcha
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   398
        );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   399
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   400
    $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   401
    echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   402
    $db->close();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   403
    exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   404
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   405
  if(isset($_POST['login'])) {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   406
    $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   407
    $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   408
    if($_POST['use_crypt'] == 'yes')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   409
    {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   410
      $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   411
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   412
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   413
    {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   414
      $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   415
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   416
    $session->start();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   417
    $paths->init();
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   418
    if($result['success'])
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   419
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   420
      $template->load_theme($session->theme, $session->style);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   421
      if(isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   422
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   423
        $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   424
        $subst = array(
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   425
            'username' => $session->username,
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   426
            'redir_target' => $name
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   427
          );
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   428
        redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   429
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   430
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   431
      {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   432
        $subst = array(
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   433
            'username' => $session->username,
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   434
            'redir_target' => $lang->get('user_login_success_body_mainpage')
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   435
          );
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   436
        redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   437
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   438
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   439
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   440
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   441
      $GLOBALS['__login_status'] = $result;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   442
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   443
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   444
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   445
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   446
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   447
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   448
  $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   449
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   450
  $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   451
      'result' => 'success_reset',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   452
      'user_id' => $user_id,
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   453
      'temppass' => $passkey
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   454
    );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   455
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   456
  $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   457
  echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   458
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   459
  $db->close();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   460
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   461
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   462
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   463
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   464
function page_Special_Logout() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   465
  global $db, $session, $paths, $template, $plugins; // Common objects
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   466
  global $lang;
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   467
  if ( !$session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   468
    $paths->main_page();
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   469
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   470
  $l = $session->logout();
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   471
  if ( $l == 'success' )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   472
  {
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   473
    
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   474
    redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4);
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   475
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   476
  $template->header();
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   477
  echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   478
  echo '<p>' . $l . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   479
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   480
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   481
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   482
function page_Special_Register()
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   483
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   484
  global $db, $session, $paths, $template, $plugins; // Common objects
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   485
  global $lang;
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   486
  
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   487
  // form field trackers
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   488
  $username = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   489
  $email = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   490
  $realname = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   491
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   492
  if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   493
  {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   494
    $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   495
    die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   496
  }
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   497
  if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   498
  {
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   499
    $paths->main_page();
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   500
  }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   501
  if(isset($_POST['submit'])) 
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   502
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   503
    $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   504
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   505
    $captcharesult = $session->get_captcha($_POST['captchahash']);
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
   506
    $session->kill_captcha();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   507
    if($captcharesult != $_POST['captchacode'])
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   508
    {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   509
      $s = $lang->get('user_reg_err_captcha');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   510
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   511
    else
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   512
    {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   513
      if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   514
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   515
        $s = 'Invalid COPPA input';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   516
      }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   517
      else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   518
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   519
        $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   520
        $s = false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   521
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   522
        // decrypt password
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   523
        // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   524
        // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   525
        // forgot his password, that's his problem.
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   526
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   527
        if ( $_POST['use_crypt'] == 'yes' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   528
        {
286
b2f985e4cef3 Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents: 270
diff changeset
   529
          $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   530
          $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   531
          if ( !$crypt_key )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   532
          {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   533
            $s = $lang->get('user_reg_err_missing_key');
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   534
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   535
          else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   536
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   537
            $data = $_POST['crypt_data'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   538
            $bin_key = hexdecode($crypt_key);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   539
            //die("Decrypting with params: key $crypt_key, data $data");
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   540
            $password = $aes->decrypt($data, $bin_key, ENC_HEX);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   541
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   542
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   543
        else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   544
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   545
          $password = $_POST['password'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   546
        }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   547
        
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   548
        // CAPTCHA code was correct, create the account
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   549
        // ... and check for errors returned from the crypto API
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   550
        if ( !$s )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   551
          $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa);
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   552
      }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   553
    }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   554
    if($s == 'success' && !$coppa)
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   555
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   556
      switch(getConfig('account_activation'))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   557
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   558
        case "none":
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   559
        default:
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   560
          $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   561
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   562
        case "user":
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   563
          $str = $lang->get('user_reg_msg_success_activ_user');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   564
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   565
        case "admin":
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   566
          $str = $lang->get('user_reg_msg_success_activ_admin');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   567
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   568
      }
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   569
      die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   570
    }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   571
    else if ( $s == 'success' && $coppa )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   572
    {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   573
      $str = $lang->get('user_reg_msg_success_activ_coppa');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   574
      die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   575
    }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   576
    $username = htmlspecialchars($_POST['username']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   577
    $email    = htmlspecialchars($_POST['email']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   578
    $realname = htmlspecialchars($_POST['real_name']);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   579
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   580
  $template->header();
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   581
  echo $lang->get('user_reg_msg_greatercontrol');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   582
  
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   583
  if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   584
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   585
    $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   586
    $session->kill_captcha();
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   587
    $captchacode = $session->make_captcha();
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   588
    
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   589
    $pubkey = $session->rijndael_genkey();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   590
    $challenge = $session->dss_rand();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   591
    
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   592
    ?>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   593
      <h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   594
      <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   595
        <div class="tblholder">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   596
          <table border="0" width="100%" cellspacing="1" cellpadding="4">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   597
            <tr><th class="subhead" colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   598
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   599
            <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   600
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   601
            <!-- FIELD: Username -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   602
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   603
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   604
                <?php echo $lang->get('user_reg_lbl_field_username'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   605
                <span id="e_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   606
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   607
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   608
                <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   609
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   610
              <td class="row1" style="max-width: 24px;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   611
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   612
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   613
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   614
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   615
            <!-- FIELD: Password -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   616
            <tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   617
              <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   618
                <?php echo $lang->get('user_reg_lbl_field_password'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   619
                <span id="e_password"></span>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   620
                <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   621
                <small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   622
                <?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   623
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   624
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   625
                <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   626
              </td>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   627
              <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   628
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   629
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   630
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   631
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   632
            <!-- FIELD: Password confirmation -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   633
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   634
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   635
                <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   636
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   637
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   638
            
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   639
            <!-- FIELD: Password strength meter -->
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   640
            
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   641
            <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   642
            <tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   643
              <td class="row3" style="width: 50%;">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   644
                <div id="pwmeter"></div>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   645
              </td>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   646
            </tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   647
            <?php endif; ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   648
            
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   649
            <!-- FIELD: E-mail address -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   650
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   651
              <td class="row1" style="width: 50%;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   652
                <?php
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   653
                  if ( $coppa )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   654
                  {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   655
                    echo $lang->get('user_reg_lbl_field_email_coppa');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   656
                  }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   657
                  else
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   658
                  {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   659
                    echo $lang->get('user_reg_lbl_field_email');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   660
                  }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   661
                ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   662
                <?php
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   663
                  if ( ( $x = getConfig('account_activation') ) == 'user' )
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   664
                  {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   665
                    echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   666
                  }
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   667
                ?>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   668
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   669
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   670
                <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   671
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   672
              <td class="row1" style="max-width: 24px;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   673
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   674
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   675
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   676
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   677
            <!-- FIELD: Real name -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   678
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   679
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   680
                <?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   681
                <small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   682
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   683
              <td class="row3" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   684
                <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   685
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   686
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   687
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   688
            <!-- FIELD: CAPTCHA image -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   689
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   690
              <td class="row1" style="width: 50%;" rowspan="2">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   691
                <?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   692
                <small>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   693
                  <?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   694
                  <br />
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   695
                  <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   696
                </small>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   697
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   698
              <td colspan="2" class="row1">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   699
                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   700
                <span id="b_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   701
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   702
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   703
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   704
            <!-- FIELD: CAPTCHA input field -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   705
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   706
              <td class="row1" colspan="2">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   707
                <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   708
                <input tabindex="6" name="captchacode" type="text" size="10" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   709
                <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   710
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   711
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   712
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   713
            <!-- FIELD: submit button -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   714
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   715
              <th class="subhead" colspan="3" style="text-align: center;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   716
                <input tabindex="7" type="submit" name="submit" value="Create my account" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   717
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   718
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   719
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   720
          </table>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   721
        </div>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   722
        <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   723
          $val = ( $coppa ) ? 'yes' : 'no';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   724
          echo '<input type="hidden" name="coppa" value="' . $val . '" />';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   725
        ?>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   726
        <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   727
        <input type="hidden" name="use_crypt" value="no" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   728
        <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   729
        <input type="hidden" name="crypt_data" value="" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   730
      <script type="text/javascript">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   731
        // ENCRYPTION CODE
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   732
        disableJSONExts();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   733
        str = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   734
        for(i=0;i<keySizeInBits/4;i++) str+='0';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   735
        var key = hexToByteArray(str);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   736
        var pt = hexToByteArray(str);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   737
        var ct = rijndaelEncrypt(pt, key, "ECB");
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   738
        var ct = byteArrayToHex(ct);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   739
        switch(keySizeInBits)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   740
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   741
          case 128:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   742
            v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   743
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   744
          case 192:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   745
            v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   746
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   747
          case 256:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   748
            v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   749
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   750
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   751
        var aes_testpassed = ( ct == v && md5_vm_test() );
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   752
        function runEncryption()
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   753
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   754
          var frm = document.forms.regform;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   755
          if ( frm.password.value.length < 1 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   756
            return true;
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   757
          pass1 = frm.password.value;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   758
          pass2 = frm.password_confirm.value;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   759
          if ( pass1 != pass2 )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   760
          {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   761
            alert($lang.get('user_reg_err_alert_password_nomatch'));
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   762
            return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   763
          }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   764
          if ( pass1.length < 6 && pass1.length > 0 )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   765
          {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   766
            alert($lang.get('user_reg_err_alert_password_tooshort'));
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   767
            return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   768
          }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   769
          if(aes_testpassed)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   770
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   771
            frm.use_crypt.value = 'yes';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   772
            var cryptkey = frm.crypt_key.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   773
            frm.crypt_key.value = hex_md5(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   774
            cryptkey = hexToByteArray(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   775
            if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   776
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   777
              frm.submit.disabled = true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   778
              len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   779
              alert('The key is messed up\nType: '+typeof(cryptkey)+len);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   780
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   781
            pass = frm.password.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   782
            pass = stringToByteArray(pass);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   783
            cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   784
            if(!cryptstring)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   785
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   786
              return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   787
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   788
            cryptstring = byteArrayToHex(cryptstring);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   789
            frm.crypt_data.value = cryptstring;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   790
            frm.password.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   791
            frm.password_confirm.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   792
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   793
          return true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   794
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   795
        </script>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   796
      </form>
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   797
      <!-- Don't optimize this script, it fails when compressed -->
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   798
      <enano:no-opt>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   799
        <script type="text/javascript">
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   800
          // <![CDATA[
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   801
          var namegood = false;
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   802
          function validateForm(field)
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   803
          {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   804
            if ( typeof(field) != 'object' )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   805
            {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   806
              field = {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   807
                name: '_nil',
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   808
                value: '_nil',
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   809
              }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   810
            }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   811
            // wait until $lang is initted
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   812
            if ( typeof($lang) != 'object' )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   813
            {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   814
              setTimeout('validateForm();', 200);
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   815
              return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   816
            }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   817
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   818
            failed = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   819
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   820
            // Username
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   821
            if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) 
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   822
            {
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   823
              //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
   824
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   825
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   826
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   827
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   828
                document.getElementById('e_username').innerHTML = '&nbsp;';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   829
              } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   830
                failed = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   831
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   832
                document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   833
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   834
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   835
            document.getElementById('b_username').innerHTML = '';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   836
            if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   837
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   838
              document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   839
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   840
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   841
            // Password
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   842
            if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   843
            {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   844
              if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   845
              {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   846
                document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   847
                document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   848
              } else {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   849
                failed = true;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   850
                if(frm.password.value.length < 6)
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   851
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   852
                  document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   853
                }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   854
                else if(frm.password.value != frm.password_confirm.value)
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   855
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   856
                  document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   857
                }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   858
                else
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   859
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   860
                  document.getElementById('e_password').innerHTML = '';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   861
                }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   862
                document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   863
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   864
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   865
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   866
            // E-mail address
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   867
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   868
            // workaround for idiot jEdit bug
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   869
            if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   870
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   871
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   872
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   873
              failed = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   874
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   875
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   876
            if(failed)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   877
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   878
              frm.submit.disabled = 'disabled';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   879
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   880
              frm.submit.disabled = false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   881
            }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   882
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   883
          function checkUsername()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   884
          {
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   885
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   886
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   887
            if(!namegood)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   888
            {
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
   889
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
   890
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   891
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   892
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   893
                document.getElementById('e_username').innerHTML = '&nbsp;';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   894
              } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   895
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   896
                document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   897
                return false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   898
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   899
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   900
            
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   901
            document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   902
            ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   903
              if(ajax.readyState == 4)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   904
                if(ajax.responseText == 'good')
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   905
                {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   906
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   907
                  document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   908
                  namegood = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   909
                } else if(ajax.responseText == 'bad') {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   910
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   911
                  document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   912
                  namegood = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   913
                } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   914
                  document.getElementById('e_username').innerHTML = ajax.responseText;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   915
                }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   916
            });
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   917
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   918
          function regenCaptcha()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   919
          {
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   920
            document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   921
            return false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   922
          }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   923
          <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   924
          var frm = document.forms.regform;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   925
          password_score_field(frm.password);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   926
          <?php endif; ?>
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   927
          validateForm();
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   928
          setTimeout('checkUsername();', 1000);
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   929
          // ]]>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   930
        </script>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   931
      </enano:no-opt>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   932
    <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   933
  }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   934
  else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   935
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   936
    $year = intval( date('Y') );
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   937
    $year = $year - 13;
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   938
    $month = date('F');
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   939
    $day = date('d');
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   940
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   941
    $yo13_date = "$month $day, $year";
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   942
    $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   943
    $link_coppa_no  = makeUrlNS('Special', 'Register', 'coppa=no',  true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   944
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   945
    // COPPA enabled, ask age
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   946
    echo '<div class="tblholder">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   947
    echo '<table border="0" cellspacing="1" cellpadding="4">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   948
    echo '<tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   949
            <td class="row1">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   950
              ' . $lang->get('user_reg_coppa_title') . '
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   951
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   952
          </tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   953
          <tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   954
            <td class="row3">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   955
              <a href="' . $link_coppa_no  . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   956
              <a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   957
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   958
          </tr>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   959
    echo '</table>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   960
    echo '</div>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   961
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   962
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   963
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   964
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   965
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   966
If you want the old preferences page back, be my guest.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   967
function page_Special_Preferences() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   968
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   969
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   970
  if(isset($_POST['submit'])) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   971
    $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   972
    if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   973
    else echo $data;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   974
  } else {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   975
    echo '
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   976
    <h3>Edit your profile</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   977
    <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   978
      <table border="0" style="margin-left: 0.2in;">   
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   979
        <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   980
        <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   981
        <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   982
        <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   983
        <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   984
        <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   985
        <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   986
        <tr><td colspan="2">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   987
        <input type="submit" name="submit" value="Save Changes" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   988
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   989
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   990
    ';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   991
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   992
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   993
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   994
*/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   995
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   996
function page_Special_Contributions() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   997
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   998
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   999
  $user = $paths->getParam();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1000
  if(!$user && isset($_GET['user']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1001
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1002
    $user = $_GET['user'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1003
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1004
  elseif(!$user && !isset($_GET['user']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1005
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1006
    echo 'No user selected!';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1007
    $template->footer();
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1008
    return;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1009
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1010
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1011
  $user = $db->escape($user);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1012
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1013
  $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1014
  if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1015
  echo 'History of edits and actions<h3>Edits:</h3>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1016
  if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1017
  while($r = $db->fetchrow())
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1018
  {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1019
    $title = get_page_title($r['page_id'], $r['namespace']);    
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1020
    echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary'];
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1021
    if($r['minor_edit']) echo '<b> - minor edit</b>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1022
    echo '<br />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1023
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1024
  $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1025
  echo '<h3>Other changes:</h3>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1026
  $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1027
  if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1028
  if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1029
  while($r = $db->fetchrow()) 
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1030
  {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1031
    if ( $r['log_type'] == 'page' )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1032
    {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1033
      $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1034
      echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: ';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1035
      if      ( $r['action'] == 'prot'   ) echo 'Protected page; reason: '.$r['edit_summary'];
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1036
      else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary'];
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1037
      else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']);
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1038
      else if ( $r['action'] == 'create' ) echo 'Created page';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1039
      else if ( $r['action'] == 'delete' ) echo 'Deleted page';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1040
      if ( $r['minor_edit'] ) echo '<b> - minor edit</b>';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1041
      echo '<br />';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1042
    }
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1043
    else if($r['log_type']=='security') 
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1044
    {
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1045
      // Not implemented, and when it is, it won't be public
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1046
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1047
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1048
  $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1049
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1050
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1051
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1052
function page_Special_ChangeStyle()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1053
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1054
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1055
  if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1056
  if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1057
  {
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1058
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1059
      die('Hacking attempt');
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1060
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1061
      die('Hacking attempt');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1062
    $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1063
    $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1064
    if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1065
    if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1066
    $d = $db->escape($_POST['theme']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1067
    $f = $db->escape($_POST['style']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1068
    $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1069
    if(!$db->sql_query($q))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1070
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1071
      $db->_die('Your theme/style preferences were not updated.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1072
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1073
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1074
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1075
      redirect(makeUrl($_POST['return_to']), '', '', 0);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1076
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1077
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1078
  else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1079
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1080
    $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1081
      $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1082
      if(!$ret) $ret = getConfig('main_page');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1083
      ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1084
        <form action="<?php echo makeUrl($paths->page); ?>" method="post">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1085
          <?php if(!isset($_POST['themeselected'])) { ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1086
            <h3>Please select a new theme:</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1087
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1088
              <select name="theme">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1089
               <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1090
                foreach($template->theme_list as $t) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1091
                  if($t['enabled'])
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1092
                  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1093
                    echo '<option value="'.$t['theme_id'].'"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1094
                    if($t['theme_id'] == $session->theme) echo ' selected="selected"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1095
                    echo '>'.$t['theme_name'].'</option>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1096
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1097
                }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1098
               ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1099
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1100
            </p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1101
            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1102
               <input type="submit" name="themeselected" value="Continue" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1103
          <?php } else { 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1104
            $theme = $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1105
            if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1106
              die('Hacking attempt');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1107
            ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1108
            <h3>Please select a stylesheet:</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1109
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1110
              <select name="style">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1111
                <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1112
                  $dir = './themes/'.$theme.'/css/';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1113
                  $list = Array();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1114
                  // Open a known directory, and proceed to read its contents
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1115
                  if (is_dir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1116
                    if ($dh = opendir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1117
                      while (($file = readdir($dh)) !== false) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1118
                        if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1119
                          $list[] = substr($file, 0, strlen($file)-4);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1120
                        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1121
                      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1122
                      closedir($dh);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1123
                    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1124
                  } else die($dir.' is not a dir');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1125
                  foreach ( $list as $l )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1126
                  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1127
                    echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1128
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1129
                ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1130
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1131
            </p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1132
            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1133
               <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1134
               <input type="submit" name="allclear" value="Change style" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1135
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1136
        </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1137
      <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1138
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1139
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1140
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1141
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1142
function page_Special_ActivateAccount()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1143
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1144
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1145
  $user = $paths->getParam(0);
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
  1146
  if(!$user) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1147
  $key = $paths->getParam(1);
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
  1148
  if(!$key) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1149
  $s = $session->activate_account(str_replace('_', ' ', $user), $key);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1150
  if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1151
  else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1152
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1153
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1154
function page_Special_Captcha()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1155
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1156
  global $db, $session, $paths, $template, $plugins; // Common objects
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1157
  if ( $paths->getParam(0) == 'make' )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1158
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1159
    $session->kill_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1160
    echo $session->make_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1161
    return;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1162
  }
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1163
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1164
  $hash = $paths->getParam(0);
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1165
  if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1166
  {
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1167
    $paths->main_page();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1168
  }
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1169
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1170
  // Determine code length
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1171
  $ip = ip2hex($_SERVER['REMOTE_ADDR']);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1172
  if ( !$ip )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1173
    die('(very desperate) Hacking attempt');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1174
  $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1175
  if ( !$q )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1176
    $db->_die('SpecialUserFuncs selecting CAPTCHA code');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1177
  if ( $db->numrows() < 1 )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1178
    die('Invalid hash or hacking attempt by IP');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1179
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1180
  // Generate code
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1181
  $row = $db->fetchrow();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1182
  $db->free_result();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1183
  $len = intval($row['len']);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1184
  if ( $len < 4 )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1185
    $len = 7;
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1186
  $code = $session->generate_captcha_code($len);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1187
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1188
  // Update database with new code
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1189
  $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1190
  if ( !$q )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1191
    $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1192
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1193
  require ( ENANO_ROOT.'/includes/captcha.php' );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1194
  $captcha = new captcha($code);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1195
  $captcha->make_image();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1196
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1197
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1198
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1199
function page_Special_PasswordReset()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1200
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1201
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1202
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1203
  if($paths->getParam(0) == 'stage2')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1204
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1205
    $user_id = intval($paths->getParam(1));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1206
    $encpass = $paths->getParam(2);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1207
    if ( $user_id < 2 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1208
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1209
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1210
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1211
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1212
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1213
    if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1214
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1215
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1216
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1217
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1218
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1219
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1220
    $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1221
    if($db->numrows() < 1)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1222
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1223
      echo '<p>Invalid credentials</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1224
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1225
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1226
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1227
    $row = $db->fetchrow();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1228
    $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1229
    
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1230
    if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1231
    {
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1232
      echo '<p>Your temporary password has expired. Please <a href="' . makeUrlNS('Special', 'PasswordReset') . '">request another one</a>.</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1233
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1234
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1235
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1236
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1237
    if ( isset($_POST['do_stage2']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1238
    {
286
b2f985e4cef3 Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents: 270
diff changeset
  1239
      $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1240
      if($_POST['use_crypt'] == 'yes')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1241
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1242
        $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1243
        if(!$crypt_key)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1244
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1245
          echo 'ERROR: Couldn\'t look up public key for decryption.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1246
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1247
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1248
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1249
        $crypt_key = hexdecode($crypt_key);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1250
        $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1251
        if(strlen($data) < 6)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1252
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1253
          echo 'ERROR: Your password must be six characters or greater in length.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1254
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1255
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1256
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1257
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1258
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1259
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1260
        $data = $_POST['pass'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1261
        $conf = $_POST['pass_confirm'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1262
        if($data != $conf)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1263
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1264
          echo 'ERROR: The passwords you entered do not match.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1265
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1266
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1267
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1268
        if(strlen($data) < 6)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1269
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1270
          echo 'ERROR: Your password must be six characters or greater in length.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1271
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1272
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1273
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1274
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1275
      if(empty($data))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1276
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1277
        echo 'ERROR: Sanity check failed!';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1278
        $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1279
        return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1280
      }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1281
      if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1282
      {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1283
        $min_score = intval(getConfig('pw_strength_minimum'));
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1284
        $inp_score = password_score($data);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1285
        if ( $inp_score < $min_score )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1286
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1287
          $url = makeUrl($paths->fullpage);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1288
          echo "<p>ERROR: Your password did not pass the complexity score requirement. You need $min_score points to pass; your password received a score of $inp_score. <a href=\"$url\">Go back</a></p>";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1289
          $template->footer();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1290
          return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1291
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1292
      }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1293
      $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1294
      $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1295
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1296
      if($q)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1297
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1298
        $session->login_without_crypto($row['username'], $data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1299
        echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1300
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1301
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1302
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1303
        echo $db->get_error();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1304
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1305
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1306
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1307
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1308
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1309
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1310
    // Password reset form
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1311
    $pubkey = $session->rijndael_genkey();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1312
    
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1313
    $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1314
    $pw_meter =      ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">Password strength rating:</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1315
    $pw_blurb =      ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>Your password needs to have a score of at least <b>'.getConfig('pw_strength_minimum').'</b>.</small>' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1316
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1317
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1318
    <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1319
      <br />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1320
      <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1321
        <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1322
          <tr><th colspan="2">Reset password</th></tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1323
          <tr><td class="row1">Password:<?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1324
          <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1325
          <?php echo $pw_meter; ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1326
          <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1327
            <td colspan="2" class="row1" style="text-align: center;">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1328
              <input type="hidden" name="use_crypt" value="no" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1329
              <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1330
              <input type="hidden" name="crypt_data" value="" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1331
              <input type="submit" name="do_stage2" value="Reset password" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1332
            </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1333
          </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1334
        </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1335
      </div>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1336
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1337
    <script type="text/javascript">
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1338
    if ( !KILL_SWITCH )
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1339
    {
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1340
      disableJSONExts();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1341
      str = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1342
      for(i=0;i<keySizeInBits/4;i++) str+='0';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1343
      var key = hexToByteArray(str);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1344
      var pt = hexToByteArray(str);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1345
      var ct = rijndaelEncrypt(pt, key, "ECB");
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1346
      var ct = byteArrayToHex(ct);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1347
      switch(keySizeInBits)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1348
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1349
        case 128:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1350
          v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1351
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1352
        case 192:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1353
          v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1354
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1355
        case 256:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1356
          v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1357
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1358
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1359
      var testpassed = ( ct == v && md5_vm_test() );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1360
      var frm = document.forms.resetform;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1361
      if(testpassed)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1362
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1363
        frm.use_crypt.value = 'yes';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1364
        var cryptkey = frm.crypt_key.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1365
        frm.crypt_key.value = hex_md5(cryptkey);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1366
        cryptkey = hexToByteArray(cryptkey);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1367
        if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1368
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1369
          frm._login.disabled = true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1370
          len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1371
          alert('The key is messed up\nType: '+typeof(cryptkey)+len);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1372
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1373
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1374
      function runEncryption()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1375
      {
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1376
        var frm = document.forms.resetform;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1377
        pass1 = frm.pass.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1378
        pass2 = frm.pass_confirm.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1379
        if ( pass1 != pass2 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1380
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1381
          alert('The passwords you entered do not match.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1382
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1383
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1384
        if ( pass1.length < 6 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1385
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1386
          alert('The new password must be 6 characters or greater in length.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1387
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1388
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1389
        if(testpassed)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1390
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1391
          pass = frm.pass.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1392
          pass = stringToByteArray(pass);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1393
          cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1394
          if(!cryptstring)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1395
          {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1396
            return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1397
          }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1398
          cryptstring = byteArrayToHex(cryptstring);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1399
          frm.crypt_data.value = cryptstring;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1400
          frm.pass.value = "";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1401
          frm.pass_confirm.value = "";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1402
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1403
        return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1404
      }
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1405
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1406
    </script>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1407
    <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1408
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1409
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1410
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1411
  if(isset($_POST['do_reset']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1412
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1413
    if($session->mail_password_reset($_POST['username']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1414
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1415
      echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1416
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1417
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1418
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1419
      echo '<p>Error occured, your new password was not sent.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1420
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1421
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1422
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1423
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1424
  echo '<p>Don\'t worry, it happens to the best of us.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1425
        <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1426
        <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1427
          <p>Username:  '.$template->username_field('username').'</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1428
          <p><input type="submit" name="do_reset" value="Mail new password" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1429
        </form>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1430
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1431
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1432
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1433
function page_Special_Memberlist()
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1434
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1435
  global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1436
  $template->header();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1437
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1438
  $startletters = 'abcdefghijklmnopqrstuvwxyz';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1439
  $startletters = enano_str_split($startletters);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1440
  $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1441
  if ( !in_array($startletter, $startletters) && $startletter != 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1442
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1443
    $startletter = '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1444
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1445
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1446
  $startletter_sql = $startletter;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1447
  if ( $startletter == 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1448
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1449
    $startletter_sql = '([^a-z])';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1450
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1451
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1452
  // offset
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1453
  $offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1454
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1455
  // sort order
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1456
  $sortkeys = array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1457
      'uid' => 'u.user_id',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1458
      'username' => 'u.username',
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1459
      'email' => 'u.email',
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1460
      'regist' => 'u.reg_time'
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1461
    );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1462
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1463
  $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1464
  $sort_sqllet = $sortkeys[$sortby];
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1465
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1466
  $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1467
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1468
  $sortorders = array();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1469
  foreach ( $sortkeys as $k => $_unused )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1470
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1471
    $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1472
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1473
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1474
  // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1475
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1476
  echo '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1477
          <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1478
            <tr>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1479
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1480
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1481
  foreach ( $startletters as $letter )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1482
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1483
    echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1484
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1485
  echo '    </tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1486
          </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1487
        </div>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1488
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1489
  // formatter parameters
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1490
  $formatter = new MemberlistFormatter();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1491
  $formatters = array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1492
    'username' => array($formatter, 'username'),
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1493
    'user_level' => array($formatter, 'user_level'),
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1494
    'email' => array($formatter, 'email'),
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1495
    'reg_time' => array($formatter, 'reg_time')
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1496
    );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1497
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1498
  // User search             
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1499
  if ( isset($_GET['finduser']) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1500
  {
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1501
    $finduser = str_replace(array(  '%',   '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1502
                            array('\\%', '\\_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1503
                            $_GET['finduser']);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1504
    $finduser = str_replace(array('*', '?'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1505
                            array('%', '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1506
                            $finduser);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1507
    $finduser = $db->escape($finduser);
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1508
    $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1509
    $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1510
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1511
  else
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1512
  {
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1513
    if ( ENANO_DBLAYER == 'MYSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1514
      $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1515
    else if ( ENANO_DBLAYER == 'PGSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1516
      $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1517
    $finduser_url = '';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1518
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1519
  
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1520
  // Column markers
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1521
  $headings = '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1522
                 <th style="max-width: 50px;">
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1523
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1524
                 </th>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1525
                 <th>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1526
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">Username</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1527
                 </th>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1528
                 <th>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1529
                   Title
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1530
                 </th>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1531
                 <th>
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1532
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">E-mail</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1533
                 </th>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1534
                 <th>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1535
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">Registered</a>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1536
                 </th>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1537
               </tr>';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1538
               
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1539
  // determine number of rows
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1540
  $q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1541
  if ( !$q )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1542
    $db->_die();
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1543
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1544
  $num_rows = $db->numrows();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1545
  $db->free_result();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1546
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1547
  if ( !empty($finduser_url) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1548
  {
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1549
    $s = ( $num_rows == 1 ) ? '' : 'es';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1550
    echo "<h3 style='float: left;'>Search returned $num_rows match$s</h3>";
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1551
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1552
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1553
  // main selector
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1554
  $q = $db->sql_unbuffered_query('SELECT u.user_id, u.username, u.reg_time, u.email, u.user_level, u.reg_time, x.email_public FROM '.table_prefix.'users AS u
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1555
                                    LEFT JOIN '.table_prefix.'users_extra AS x
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1556
                                      ON ( u.user_id = x.user_id )
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1557
                                    WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1558
                                    ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';');
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1559
  if ( !$q )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1560
    $db->_die();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1561
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1562
  $html = paginate(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1563
            $q,                                                                                                       // MySQL result resource
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1564
            '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1565
               <td class="{_css_class}">{user_id}</td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1566
               <td class="{_css_class}" style="text-align: left;">{username}</td>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1567
               <td class="{_css_class}">{user_level}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1568
               <td class="{_css_class}">{email}</small></td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1569
               <td class="{_css_class}">{reg_time}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1570
             </tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1571
             ',                                                                                                       // TPL code for rows
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1572
             $num_rows,                                                                                               // Number of results
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1573
             makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1574
             $offset,                                                                                                 // Start at this number
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1575
             25,                                                                                                      // Results per page
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1576
             $formatters,                                                                                             // Formatting hooks
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1577
             '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1578
                <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1579
                  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1580
                 ',                                                                                                   // Header (printed before rows)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1581
             '  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1582
                 </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1583
              </div>
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1584
              ' .
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1585
              '<div style="float: left;">
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1586
                <form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1587
               . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
115
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 111
diff changeset
  1588
               . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '')
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1589
               . '<p>Find a member: ' . $template->username_field('finduser') . ' <input type="submit" value="Go" /><br /><small>You may use the following wildcards: * to match multiple characters, ? to match a single character.</small></p>'
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1590
               . '</form>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1591
               </div>'                                                                                                // Footer (printed after rows)
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1592
          );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1593
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1594
  if ( $num_rows < 1 )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1595
  {
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1596
    echo ( isset($_GET['finduser']) ) ? '<p>Sorry - no users that matched your query could be found. Please try some different search terms.</p>' : '<p>Sorry - no users with usernames that start with that letter could be found.</p>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1597
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1598
  else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1599
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1600
    echo $html;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1601
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1602
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1603
  $template->footer();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1604
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1605
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1606
/**
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1607
 * Class for formatting results for the memberlist.
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1608
 * @access private
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1609
 */
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1610
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1611
class MemberlistFormatter
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1612
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1613
  function username($username, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1614
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1615
    global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1616
    $userpage = $paths->nslist['User'] . sanitize_page_id($username);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1617
    $class = ( isPage($userpage) ) ? ' title="Click to view this user\'s userpage"' : ' class="wikilink-nonexistent" title="This user hasn\'t created a userpage yet, but you can still view profile details by clicking this link."';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1618
    $anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . '>' . htmlspecialchars($username) . '</a>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1619
    if ( $session->user_level >= USER_LEVEL_ADMIN )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1620
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1621
      $anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1622
                               onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">Administer user</a></small>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1623
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1624
    return $anchor;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1625
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1626
  function user_level($level, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1627
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1628
    global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1629
    switch ( $level )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1630
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1631
      case USER_LEVEL_GUEST:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1632
        $s_level = 'Guest'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1633
      case USER_LEVEL_MEMBER:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1634
      case USER_LEVEL_CHPREF:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1635
        $s_level = 'Member'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1636
      case USER_LEVEL_MOD:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1637
        $s_level = 'Moderator'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1638
      case USER_LEVEL_ADMIN:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1639
        $s_level = 'Site administrator'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1640
      default:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1641
        $s_level = 'Unknown (level ' . $level . ')';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1642
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1643
    return $s_level;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1644
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1645
  function email($addy, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1646
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1647
    if ( $row['email_public'] == '1' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1648
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1649
      global $email;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1650
      $addy = $email->encryptEmail($addy);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1651
      return $addy;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1652
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1653
    else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1654
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1655
      return '<small>&lt;Non-public&gt;</small>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1656
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1657
  }
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1658
  /**
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1659
   * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1660
   * @param int UNIX timestamp
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1661
   * @return string
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1662
   */
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1663
  
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1664
  function format_date($time)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1665
  {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1666
    // Our formattting string to pass to date()
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1667
    // This should not include minute/second info, only today's date in whatever format suits your fancy
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1668
    $formatstring = 'F j, Y';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1669
    // Today's date
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1670
    $today = date($formatstring);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1671
    // Yesterday's date
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1672
    $yesterday = date($formatstring, (time() - (24*60*60)));
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1673
    // Date on the input
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1674
    $then = date($formatstring, $time);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1675
    // "X days ago" logic
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1676
    for ( $i = 2; $i <= 6; $i++ )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1677
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1678
      // hours_in_day * minutes_in_hour * seconds_in_minute * num_days
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1679
      $offset = 24 * 60 * 60 * $i;
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1680
      $days_ago = date($formatstring, (time() - $offset));
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1681
      // so does the input timestamp match the date from $i days ago?
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1682
      if ( $then == $days_ago )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1683
      {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1684
        // yes, return $i
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1685
        return "$i days ago";
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1686
      }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1687
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1688
    // either yesterday, today, or before 6 days ago
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1689
    switch($then)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1690
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1691
      case $today:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1692
        return 'Today';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1693
      case $yesterday:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1694
        return 'Yesterday';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1695
      default:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1696
        return $then;
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1697
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1698
    //     .--.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1699
    //    |o_o |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1700
    //    |!_/ |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1701
    //   //   \ \
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1702
    //  (|     | )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1703
    // /'\_   _/`\
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1704
    // \___)=(___/
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1705
    return 'Linux rocks!';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1706
  }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1707
  function reg_time($time, $row)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1708
  {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1709
    return $this->format_date($time);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1710
  }
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1711
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1712
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1713
function page_Special_LangExportJSON()
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1714
{
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1715
  global $db, $session, $paths, $template, $plugins; // Common objects
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1716
  global $lang;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1717
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1718
  $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1719
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1720
  if ( $lang->lang_id == $lang_id )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1721
    $lang_local =& $lang;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1722
  else
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1723
    $lang_local = new Language($lang_id);
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1724
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1725
  $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1726
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1727
  $timestamp = date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1728
  header("Last-Modified: $timestamp");
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1729
  header("Date: $timestamp");
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1730
  header('Content-type: text/javascript');
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1731
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1732
  $lang_local->fetch();
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1733
  echo "if ( typeof(enano_lang) != 'object' )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1734
  var enano_lang = new Object();
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1735
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1736
enano_lang[{$lang->lang_id}] = " . $json->encode($lang_local->strings) . ";";
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1737
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1738
}
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1739
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1740
?>