plugins/SpecialUserFuncs.php~
changeset 3 2b2084ca1e60
parent 2 0931d60f5bdb
child 4 0b3a0aedfd53
equal deleted inserted replaced
2:0931d60f5bdb 3:2b2084ca1e60
     1 <?php
       
     2 /*
       
     3 Plugin Name: Special user/login-related pages
       
     4 Plugin URI: http://enano.homelinux.org/
       
     5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
       
     6 Author: Dan Fuhry
       
     7 Version: 1.0
       
     8 Author URI: http://enano.homelinux.org/
       
     9 */
       
    10 
       
    11 /*
       
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
    13  * Version 1.0 release candidate 2
       
    14  * Copyright (C) 2006-2007 Dan Fuhry
       
    15  *
       
    16  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
    17  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
    18  *
       
    19  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    20  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    21  */
       
    22  
       
    23 global $db, $session, $paths, $template, $plugins; // Common objects
       
    24 
       
    25 $plugins->attachHook('base_classes_initted', '
       
    26   global $paths;
       
    27     $paths->add_page(Array(
       
    28       \'name\'=>\'Log in\',
       
    29       \'urlname\'=>\'Login\',
       
    30       \'namespace\'=>\'Special\',
       
    31       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    32       ));
       
    33     $paths->add_page(Array(
       
    34       \'name\'=>\'Log out\',
       
    35       \'urlname\'=>\'Logout\',
       
    36       \'namespace\'=>\'Special\',
       
    37       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    38       ));
       
    39     $paths->add_page(Array(
       
    40       \'name\'=>\'Register\',
       
    41       \'urlname\'=>\'Register\',
       
    42       \'namespace\'=>\'Special\',
       
    43       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    44       ));
       
    45     $paths->add_page(Array(
       
    46       \'name\'=>\'Edit Profile\',
       
    47       \'urlname\'=>\'Preferences\',
       
    48       \'namespace\'=>\'Special\',
       
    49       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    50       ));
       
    51     
       
    52     $paths->add_page(Array(
       
    53       \'name\'=>\'Contributions\',
       
    54       \'urlname\'=>\'Contributions\',
       
    55       \'namespace\'=>\'Special\',
       
    56       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    57       ));
       
    58     
       
    59     $paths->add_page(Array(
       
    60       \'name\'=>\'Change style\',
       
    61       \'urlname\'=>\'ChangeStyle\',
       
    62       \'namespace\'=>\'Special\',
       
    63       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    64       ));
       
    65     
       
    66     $paths->add_page(Array(
       
    67       \'name\'=>\'Activate user account\',
       
    68       \'urlname\'=>\'ActivateAccount\',
       
    69       \'namespace\'=>\'Special\',
       
    70       \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    71       ));
       
    72     
       
    73     $paths->add_page(Array(
       
    74       \'name\'=>\'Captcha\',
       
    75       \'urlname\'=>\'Captcha\',
       
    76       \'namespace\'=>\'Special\',
       
    77       \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    78       ));
       
    79     
       
    80     $paths->add_page(Array(
       
    81       \'name\'=>\'Forgot password\',
       
    82       \'urlname\'=>\'PasswordReset\',
       
    83       \'namespace\'=>\'Special\',
       
    84       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    85       ));
       
    86     ');
       
    87 
       
    88 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
       
    89 
       
    90 $__login_status = '';
       
    91 
       
    92 function page_Special_Login()
       
    93 {
       
    94   global $db, $session, $paths, $template, $plugins; // Common objects
       
    95   global $__login_status;
       
    96   
       
    97   $pubkey = $session->rijndael_genkey();
       
    98   $challenge = $session->dss_rand();
       
    99   
       
   100   if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
       
   101   {
       
   102     $response = Array(
       
   103       'key' => $pubkey,
       
   104       'challenge' => $challenge
       
   105       );
       
   106     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
   107     $response = $json->encode($response);
       
   108     echo $response;
       
   109     return null;
       
   110   }
       
   111   
       
   112   $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
       
   113   if ( isset($_POST['login']) )
       
   114   {
       
   115     if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
       
   116     {
       
   117       $level = intval($_POST['auth_level']);
       
   118     }
       
   119   }
       
   120   
       
   121   if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
       
   122   {
       
   123     $level = USER_LEVEL_MEMBER;
       
   124   }
       
   125   $template->header();
       
   126   echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
       
   127   $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
       
   128   if ( isset($_POST['login']) )
       
   129   {
       
   130     echo '<p>'.$__login_status.'</p>';
       
   131   }
       
   132   if ( $p = $paths->getAllParams() )
       
   133   {
       
   134     echo '<input type="hidden" name="return_to" value="'.$p.'" />';
       
   135   }
       
   136   else if ( isset($_POST['login']) && isset($_POST['return_to']) )
       
   137   {
       
   138     echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
       
   139   }
       
   140   ?>
       
   141     <div class="tblholder">
       
   142       <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
       
   143         <tr>
       
   144           <th colspan="3"><?php echo $header; ?></th>
       
   145         </tr>
       
   146         <tr>
       
   147           <td colspan="3" class="row1">
       
   148             <?php
       
   149             if ( $level <= USER_LEVEL_MEMBER )
       
   150             {
       
   151               echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
       
   152             }
       
   153             else
       
   154             {
       
   155               echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
       
   156             }
       
   157             ?>
       
   158           </td>
       
   159         </tr>
       
   160         <tr>
       
   161           <td class="row2">
       
   162             Username:
       
   163           </td>
       
   164           <td class="row1">
       
   165             <input name="username" size="25" type="text" <?php
       
   166               if ( $level <= USER_LEVEL_MEMBER )
       
   167               {
       
   168                 echo 'tabindex="1" ';
       
   169               }
       
   170               if ( $session->user_logged_in )
       
   171               {
       
   172                 echo 'value="' . $session->username . '"';
       
   173               }
       
   174               ?> />
       
   175           </td>
       
   176           <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
       
   177           <td rowspan="2" class="row3">
       
   178             <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
       
   179             Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
       
   180           </td>
       
   181           <?php } ?>
       
   182         </tr>
       
   183         <tr>
       
   184           <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
       
   185          </tr>
       
   186          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
       
   187          <tr>
       
   188            <td class="row3" colspan="3">
       
   189              <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
       
   190              <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
       
   191            </td>
       
   192          </tr>
       
   193          <?php } ?>
       
   194          <tr>
       
   195            <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="3" /></th>
       
   196          </tr>
       
   197       </table>
       
   198     </div>
       
   199       <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
       
   200       <input type="hidden" name="use_crypt" value="no" />
       
   201       <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
       
   202       <input type="hidden" name="crypt_data" value="" />
       
   203       <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
       
   204     </form>
       
   205     <?php
       
   206       echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
       
   207     ?>
       
   208   <?php
       
   209   $template->footer();
       
   210 }
       
   211 
       
   212 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
       
   213 {
       
   214   global $db, $session, $paths, $template, $plugins; // Common objects
       
   215   global $__login_status;
       
   216   if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
       
   217   {
       
   218     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
   219     $data = $json->decode($_POST['params']);
       
   220     $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
       
   221     $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
       
   222     $session->start();
       
   223     //echo "$result\n$session->sid_super";
       
   224     //exit;
       
   225     if ( $result == 'success' )
       
   226     {
       
   227       $response = Array(
       
   228           'result' => 'success',
       
   229           'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
       
   230         );
       
   231     }
       
   232     else
       
   233     {
       
   234       $response = Array(
       
   235           'result' => 'error',
       
   236           'error' => $result
       
   237         );
       
   238     }
       
   239     $response = $json->encode($response);
       
   240     echo $response;
       
   241     $db->close();
       
   242     exit;
       
   243   }
       
   244   if(isset($_POST['login'])) {
       
   245     if($_POST['use_crypt'] == 'yes')
       
   246     {
       
   247       $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
       
   248     }
       
   249     else
       
   250     {
       
   251       $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
       
   252     }
       
   253     $session->start();
       
   254     $paths->init();
       
   255     if($result == 'success')
       
   256     {
       
   257       $template->load_theme($session->theme, $session->style);
       
   258       if(isset($_POST['return_to']))
       
   259       {
       
   260         $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
       
   261         redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
       
   262       }
       
   263       else
       
   264       {
       
   265         $paths->main_page();
       
   266       }
       
   267     }
       
   268     else
       
   269     {
       
   270       $GLOBALS['__login_status'] = $result;
       
   271     }
       
   272   }
       
   273 }
       
   274 
       
   275 function page_Special_Logout() {
       
   276   global $db, $session, $paths, $template, $plugins; // Common objects
       
   277   $l = $session->logout();
       
   278   if($l == 'success') $paths->main_page();
       
   279   $template->header();
       
   280   echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
       
   281   $template->footer();
       
   282 }
       
   283 
       
   284 function page_Special_Register() {
       
   285   global $db, $session, $paths, $template, $plugins; // Common objects
       
   286   if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
       
   287   {
       
   288     $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
       
   289     die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
       
   290   }
       
   291   if(isset($_POST['submit'])) {
       
   292     $captcharesult = $session->get_captcha($_POST['captchahash']);
       
   293     if($captcharesult != $_POST['captchacode'])
       
   294       $s = 'The confirmation code you entered was incorrect.';
       
   295     else
       
   296       // CAPTCHA code was correct, create the account
       
   297       $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name']);
       
   298     if($s == 'success')
       
   299     {
       
   300       switch(getConfig('account_activation'))
       
   301       {
       
   302         case "none":
       
   303         default:
       
   304           $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
       
   305           break;
       
   306         case "user":
       
   307           $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
       
   308           break;
       
   309         case "admin":
       
   310           $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
       
   311           break;
       
   312       }
       
   313       die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
       
   314     }
       
   315   }
       
   316   $template->header();
       
   317   echo 'A user account enables you to have greater control over your browsing experience.';
       
   318   $session->kill_captcha();
       
   319   $captchacode = $session->make_captcha();
       
   320   ?>
       
   321     <h3>Create a user account</h3>
       
   322     <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
       
   323       <div class="tblholder">
       
   324         <table border="0" width="100%" cellspacing="1" cellpadding="4">
       
   325           <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
       
   326           <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
       
   327           <tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
       
   328           <tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
       
   329           <tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
       
   330           <tr><td class="row1" style="width: 50%;">E-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
       
   331           <tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
       
   332           <tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
       
   333           <tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
       
   334           <tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
       
   335         </table>
       
   336       </div>
       
   337     </form>
       
   338     <script type="text/javascript">
       
   339       // <![CDATA[
       
   340       var namegood = false;
       
   341       function validateForm()
       
   342       {
       
   343         var frm = document.forms.regform;
       
   344         failed = false;
       
   345         
       
   346         // Username
       
   347         if(!namegood)
       
   348         {
       
   349           if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
       
   350           {
       
   351             document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
       
   352             document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
       
   353           } else {
       
   354             failed = true;
       
   355             document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   356             document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
       
   357           }
       
   358         }
       
   359         document.getElementById('b_username').innerHTML = '';
       
   360         if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
       
   361         {
       
   362           document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
       
   363         }
       
   364         
       
   365         // Password
       
   366         if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
       
   367         {
       
   368           document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
       
   369           document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
       
   370         } else {
       
   371           failed = true;
       
   372           if(frm.password.value.length < 6)
       
   373             document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
       
   374           else if(frm.password.value != frm.password_confirm.value)
       
   375             document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
       
   376           else
       
   377             document.getElementById('e_password').innerHTML = '';
       
   378           document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   379         }
       
   380         
       
   381         // E-mail address
       
   382         if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
       
   383         {
       
   384           document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
       
   385         } else {
       
   386           failed = true;
       
   387           document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   388         }
       
   389         if(failed)
       
   390         {
       
   391           frm.submit.disabled = 'disabled';
       
   392         } else {
       
   393           frm.submit.disabled = false;
       
   394         }
       
   395       }
       
   396       function checkUsername()
       
   397       {
       
   398         var frm = document.forms.regform;
       
   399         
       
   400         if(!namegood)
       
   401         {
       
   402           if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
       
   403           {
       
   404             document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
       
   405             document.getElementById('e_username').innerHTML = '';
       
   406           } else {
       
   407             document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   408             document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
       
   409             return false;
       
   410           }
       
   411         }
       
   412         
       
   413         document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
       
   414         ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
       
   415           if(ajax.readyState == 4)
       
   416             if(ajax.responseText == 'good')
       
   417             {
       
   418               document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
       
   419               document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
       
   420               namegood = true;
       
   421             } else if(ajax.responseText == 'bad') {
       
   422               document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   423               document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
       
   424               namegood = false;
       
   425             } else {
       
   426               document.getElementById('e_username').innerHTML = ajax.responseText;
       
   427             }
       
   428         });
       
   429       }
       
   430       function regenCaptcha()
       
   431       {
       
   432         var frm = document.forms.regform;
       
   433         document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
       
   434         return false;
       
   435       }
       
   436       validateForm();
       
   437       setTimeout('checkUsername();', 1000);
       
   438       // ]]>
       
   439     </script>
       
   440   <?php
       
   441   $template->footer();
       
   442 }
       
   443 
       
   444 /*
       
   445 If you want the old preferences page back, be my guest.
       
   446 function page_Special_Preferences() {
       
   447   global $db, $session, $paths, $template, $plugins; // Common objects
       
   448   $template->header();
       
   449   if(isset($_POST['submit'])) {
       
   450     $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
       
   451     if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
       
   452     else echo $data;
       
   453   } else {
       
   454     echo '
       
   455     <h3>Edit your profile</h3>
       
   456     <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
       
   457       <table border="0" style="margin-left: 0.2in;">   
       
   458         <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
       
   459         <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
       
   460         <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
       
   461         <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
       
   462         <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
       
   463         <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
       
   464         <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
       
   465         <tr><td colspan="2">
       
   466         <input type="submit" name="submit" value="Save Changes" /></td></tr>
       
   467       </table>
       
   468     </form>
       
   469     ';
       
   470   }
       
   471   $template->footer();
       
   472 }
       
   473 */
       
   474 
       
   475 function page_Special_Contributions() {
       
   476   global $db, $session, $paths, $template, $plugins; // Common objects
       
   477   $template->header();
       
   478   $user = $paths->getParam();
       
   479   if(!$user && isset($_GET['user']))
       
   480   {
       
   481     $user = $_GET['user'];
       
   482   }
       
   483   elseif(!$user && !isset($_GET['user']))
       
   484   {
       
   485     echo 'No user selected!';
       
   486     $template->footer();
       
   487     $db->close();
       
   488     exit;
       
   489   }
       
   490   
       
   491   $user = $db->escape($user);
       
   492   
       
   493   $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
       
   494   if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
       
   495   echo 'History of edits and actions<h3>Edits:</h3>';
       
   496   if($db->numrows() < 1) echo 'No history entries in this category.';
       
   497   while($r = $db->fetchrow()) {    
       
   498     echo '<a href="#" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: '.$r['edit_summary'];
       
   499     if($r['minor_edit']) echo '<b> - minor edit</b>';
       
   500     echo '<br />';
       
   501   }
       
   502   $db->free_result();
       
   503   echo '<h3>Other changes:</h3>';
       
   504   $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
       
   505   if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
       
   506   if($db->numrows() < 1) echo 'No history entries in this category.';
       
   507   while($r = $db->fetchrow()) {
       
   508     if($r['log_type']=='page') {
       
   509     echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: ';
       
   510     if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary'];
       
   511     elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary'];
       
   512     elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary'];
       
   513     elseif($r['action']=='create') echo 'Created page';
       
   514     elseif($r['action']=='delete') echo 'Deleted page';
       
   515     if($r['minor_edit']) echo '<b> - minor edit</b>';
       
   516     echo '<br />';
       
   517     } elseif($r['log_type']=='security') {
       
   518       // Not implemented, and when it is, it won't be public
       
   519     }
       
   520   }
       
   521   $db->free_result();
       
   522   $template->footer();
       
   523 }
       
   524 
       
   525 function page_Special_ChangeStyle()
       
   526 {
       
   527   global $db, $session, $paths, $template, $plugins; // Common objects
       
   528   if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
       
   529   if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
       
   530   {
       
   531     $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
       
   532     $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
       
   533     if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
       
   534     if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
       
   535     $d = $db->escape($_POST['theme']);
       
   536     $f = $db->escape($_POST['style']);
       
   537     $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
       
   538     if(!$db->sql_query($q))
       
   539     {
       
   540       $db->_die('Your theme/style preferences were not updated.');
       
   541     }
       
   542     else
       
   543     {
       
   544       redirect(makeUrl($_POST['return_to']), '', '', 0);
       
   545     }
       
   546   }
       
   547   else
       
   548   {
       
   549     $template->header();
       
   550       $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
       
   551       if(!$ret) $ret = getConfig('main_page');
       
   552       ?>
       
   553         <form action="<?php echo makeUrl($paths->page); ?>" method="post">
       
   554           <?php if(!isset($_POST['themeselected'])) { ?>
       
   555             <h3>Please select a new theme:</h3>
       
   556             <p>
       
   557               <select name="theme">
       
   558                <?php
       
   559                 foreach($template->theme_list as $t) {
       
   560                   if($t['enabled'])
       
   561                   {
       
   562                     echo '<option value="'.$t['theme_id'].'"';
       
   563                     if($t['theme_id'] == $session->theme) echo ' selected="selected"';
       
   564                     echo '>'.$t['theme_name'].'</option>';
       
   565                   }
       
   566                 }
       
   567                ?>
       
   568               </select>
       
   569             </p>
       
   570             <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
       
   571                <input type="submit" name="themeselected" value="Continue" /></p>
       
   572           <?php } else { 
       
   573             $theme = $_POST['theme'];
       
   574             if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
       
   575               die('Hacking attempt');
       
   576             ?>
       
   577             <h3>Please select a stylesheet:</h3>
       
   578             <p>
       
   579               <select name="style">
       
   580                 <?php
       
   581                   $dir = './themes/'.$theme.'/css/';
       
   582                   $list = Array();
       
   583                   // Open a known directory, and proceed to read its contents
       
   584                   if (is_dir($dir)) {
       
   585                     if ($dh = opendir($dir)) {
       
   586                       while (($file = readdir($dh)) !== false) {
       
   587                         if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
       
   588                           $list[] = substr($file, 0, strlen($file)-4);
       
   589                         }
       
   590                       }
       
   591                       closedir($dh);
       
   592                     }
       
   593                   } else die($dir.' is not a dir');
       
   594                   foreach ( $list as $l )
       
   595                   {
       
   596                     echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
       
   597                   }
       
   598                 ?>
       
   599               </select>
       
   600             </p>
       
   601             <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
       
   602                <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
       
   603                <input type="submit" name="allclear" value="Change style" /></p>
       
   604           <?php } ?>
       
   605         </form>
       
   606       <?php
       
   607     $template->footer();
       
   608   }
       
   609 }
       
   610 
       
   611 function page_Special_ActivateAccount()
       
   612 {
       
   613   global $db, $session, $paths, $template, $plugins; // Common objects
       
   614   $user = $paths->getParam(0);
       
   615   if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
       
   616   $key = $paths->getParam(1);
       
   617   if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
       
   618   $s = $session->activate_account(str_replace('_', ' ', $user), $key);
       
   619   if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
       
   620   else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
       
   621 }
       
   622 
       
   623 function page_Special_Captcha()
       
   624 {
       
   625   global $db, $session, $paths, $template, $plugins; // Common objects
       
   626   if($paths->getParam(0) == 'make')
       
   627   {
       
   628     $session->kill_captcha();
       
   629     echo $session->make_captcha();
       
   630     return;
       
   631   }
       
   632   $hash = $paths->getParam(0);
       
   633   if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
       
   634   $code = $session->get_captcha($hash);
       
   635   if(!$code) die('Invalid hash or IP address incorrect.');
       
   636   require(ENANO_ROOT.'/includes/captcha.php');
       
   637   $captcha = new captcha($code);
       
   638   //header('Content-disposition: attachment; filename=autocaptcha.png');
       
   639   $captcha->make_image();
       
   640   exit;
       
   641 }
       
   642 
       
   643 function page_Special_PasswordReset()
       
   644 {
       
   645   global $db, $session, $paths, $template, $plugins; // Common objects
       
   646   $template->header();
       
   647   if($paths->getParam(0) == 'stage2')
       
   648   {
       
   649     $user_id = intval($paths->getParam(1));
       
   650     $encpass = $paths->getParam(2);
       
   651     if ( $user_id < 2 )
       
   652     {
       
   653       echo '<p>Hacking attempt</p>';
       
   654       $template->footer();
       
   655       return false;
       
   656     }
       
   657     if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
       
   658     {
       
   659       echo '<p>Hacking attempt</p>';
       
   660       $template->footer();
       
   661       return false;
       
   662     }
       
   663     
       
   664     $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
       
   665     if($db->numrows() < 1)
       
   666     {
       
   667       echo '<p>Invalid credentials</p>';
       
   668       $template->footer();
       
   669       return false;
       
   670     }
       
   671     $row = $db->fetchrow();
       
   672     $db->free_result();
       
   673     
       
   674     if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
       
   675     {
       
   676       echo '<p>Password has expired</p>';
       
   677       $template->footer();
       
   678       return false;
       
   679     }
       
   680     
       
   681     if ( isset($_POST['do_stage2']) )
       
   682     {
       
   683       $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
   684       if($_POST['use_crypt'] == 'yes')
       
   685       {
       
   686         $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
       
   687         if(!$crypt_key)
       
   688         {
       
   689           echo 'ERROR: Couldn\'t look up public key for decryption.';
       
   690           $template->footer();
       
   691           return false;
       
   692         }
       
   693         $crypt_key = hexdecode($crypt_key);
       
   694         $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
       
   695         if(strlen($data) < 6)
       
   696         {
       
   697           echo 'ERROR: Your password must be six characters or greater in length.';
       
   698           $template->footer();
       
   699           return false;
       
   700         }
       
   701       }
       
   702       else
       
   703       {
       
   704         $data = $_POST['pass'];
       
   705         $conf = $_POST['pass_confirm'];
       
   706         if($data != $conf)
       
   707         {
       
   708           echo 'ERROR: The passwords you entered do not match.';
       
   709           $template->footer();
       
   710           return false;
       
   711         }
       
   712         if(strlen($data) < 6)
       
   713         {
       
   714           echo 'ERROR: Your password must be six characters or greater in length.';
       
   715           $template->footer();
       
   716           return false;
       
   717         }
       
   718       }
       
   719       if(empty($data))
       
   720       {
       
   721         echo 'ERROR: Sanity check failed!';
       
   722         $template->footer();
       
   723         return false;
       
   724       }
       
   725       $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
       
   726       $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
       
   727       
       
   728       if($q)
       
   729       {
       
   730         $session->login_without_crypto($row['username'], $data);
       
   731         echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
       
   732       }
       
   733       else
       
   734       {
       
   735         echo $db->get_error();
       
   736       }
       
   737       
       
   738       $template->footer();
       
   739       return false;
       
   740     }
       
   741     
       
   742     // Password reset form
       
   743     $pubkey = $session->rijndael_genkey();
       
   744     
       
   745     ?>
       
   746     <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
       
   747       <br />
       
   748       <div class="tblholder">
       
   749         <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
       
   750           <tr><th colspan="2">Reset password</th></tr>
       
   751           <tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
       
   752           <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
       
   753           <tr>
       
   754             <td colspan="2" class="row1" style="text-align: center;">
       
   755               <input type="hidden" name="use_crypt" value="no" />
       
   756               <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
       
   757               <input type="hidden" name="crypt_data" value="" />
       
   758               <input type="submit" name="do_stage2" value="Reset password" />
       
   759             </td>
       
   760           </tr>
       
   761         </table>
       
   762       </div>
       
   763     </form>
       
   764     <script type="text/javascript">
       
   765     disableJSONExts();
       
   766       str = '';
       
   767       for(i=0;i<keySizeInBits/4;i++) str+='0';
       
   768       var key = hexToByteArray(str);
       
   769       var pt = hexToByteArray(str);
       
   770       var ct = rijndaelEncrypt(pt, key, "ECB");
       
   771       var ct = byteArrayToHex(ct);
       
   772       switch(keySizeInBits)
       
   773       {
       
   774         case 128:
       
   775           v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
       
   776           break;
       
   777         case 192:
       
   778           v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
       
   779           break;
       
   780         case 256:
       
   781           v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
       
   782           break;
       
   783       }
       
   784       var testpassed = ( ct == v && md5_vm_test() );
       
   785       var frm = document.forms.resetform;
       
   786       if(testpassed)
       
   787       {
       
   788         frm.use_crypt.value = 'yes';
       
   789         var cryptkey = frm.crypt_key.value;
       
   790         frm.crypt_key.value = hex_md5(cryptkey);
       
   791         cryptkey = hexToByteArray(cryptkey);
       
   792         if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
       
   793         {
       
   794           frm._login.disabled = true;
       
   795           len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
       
   796           alert('The key is messed up\nType: '+typeof(cryptkey)+len);
       
   797         }
       
   798       }
       
   799       function runEncryption()
       
   800       {
       
   801         pass1 = frm.pass.value;
       
   802         pass2 = frm.pass_confirm.value;
       
   803         if ( pass1 != pass2 )
       
   804         {
       
   805           alert('The passwords you entered do not match.');
       
   806           return false;
       
   807         }
       
   808         if ( pass1.length < 6 )
       
   809         {
       
   810           alert('The new password must be 6 characters or greater in length.');
       
   811           return false;
       
   812         }
       
   813         if(testpassed)
       
   814         {
       
   815           pass = frm.pass.value;
       
   816           pass = stringToByteArray(pass);
       
   817           cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
       
   818           if(!cryptstring)
       
   819           {
       
   820             return false;
       
   821           }
       
   822           cryptstring = byteArrayToHex(cryptstring);
       
   823           frm.crypt_data.value = cryptstring;
       
   824           frm.pass.value = "";
       
   825           frm.pass_confirm.value = "";
       
   826         }
       
   827         return true;
       
   828       }
       
   829     </script>
       
   830     <?php
       
   831     $template->footer();
       
   832     return true;
       
   833   }
       
   834   if(isset($_POST['do_reset']))
       
   835   {
       
   836     if($session->mail_password_reset($_POST['username']))
       
   837     {
       
   838       echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
       
   839     }
       
   840     else
       
   841     {
       
   842       echo '<p>Error occured, your new password was not sent.</p>';
       
   843     }
       
   844     $template->footer();
       
   845     return true;
       
   846   }
       
   847   echo '<p>Don\'t worry, it happens to the best of us.</p>
       
   848         <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
       
   849         <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
       
   850           <p>Username:  '.$template->username_field('username').'</p>
       
   851           <p><input type="submit" name="do_reset" value="Mail new password" /></p>
       
   852         </form>';
       
   853   $template->footer();
       
   854 }
       
   855 
       
   856 ?>