| changeset 335 | 67bd3121a12e |
| parent 334 | c72b545f1304 |
| child 342 | ac34de920762 |
| 334:c72b545f1304 | 335:67bd3121a12e |
|---|---|
372 $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false; |
372 $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false; |
373 $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false; |
373 $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false; |
374 $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; |
374 $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; |
375 $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code); |
375 $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code); |
376 $session->start(); |
376 $session->start(); |
377 |
|
378 // Run the session_started hook to establish special pages |
|
379 $code = $plugins->setHook('session_started'); |
|
380 foreach ( $code as $cmd ) |
|
381 { |
|
382 eval($cmd); |
|
383 } |
|
384 |
|
377 if ( $result['success'] ) |
385 if ( $result['success'] ) |
378 { |
386 { |
379 $response = Array( |
387 $response = Array( |
380 'result' => 'success', |
388 'result' => 'success', |
381 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid ) |
389 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid ) |
410 else |
418 else |
411 { |
419 { |
412 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); |
420 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); |
413 } |
421 } |
414 $session->start(); |
422 $session->start(); |
423 |
|
424 // Run the session_started hook to establish special pages |
|
425 $code = $plugins->setHook('session_started'); |
|
426 foreach ( $code as $cmd ) |
|
427 { |
|
428 eval($cmd); |
|
429 } |
|
430 |
|
415 $paths->init(); |
431 $paths->init(); |
416 if($result['success']) |
432 if($result['success']) |
417 { |
433 { |
418 $template->load_theme($session->theme, $session->style); |
434 $template->load_theme($session->theme, $session->style); |
419 if(isset($_POST['return_to'])) |
435 if(isset($_POST['return_to'])) |
957 echo '</div>'; |
973 echo '</div>'; |
958 } |
974 } |
959 $template->footer(); |
975 $template->footer(); |
960 } |
976 } |
961 |
977 |
962 /* |
|
963 If you want the old preferences page back, be my guest. |
|
964 function page_Special_Preferences() { |
|
965 global $db, $session, $paths, $template, $plugins; // Common objects |
|
966 $template->header(); |
|
967 if(isset($_POST['submit'])) { |
|
968 $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']); |
|
969 if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>'; |
|
970 else echo $data; |
|
971 } else { |
|
972 echo ' |
|
973 <h3>Edit your profile</h3> |
|
974 <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post"> |
|
975 <table border="0" style="margin-left: 0.2in;"> |
|
976 <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr> |
|
977 <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr> |
|
978 <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr> |
|
979 <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr> |
|
980 <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr> |
|
981 <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr> |
|
982 <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr> |
|
983 <tr><td colspan="2"> |
|
984 <input type="submit" name="submit" value="Save Changes" /></td></tr> |
|
985 </table> |
|
986 </form> |
|
987 '; |
|
988 } |
|
989 $template->footer(); |
|
990 } |
|
991 */ |
|
992 |
|
993 function page_Special_Contributions() { |
978 function page_Special_Contributions() { |
994 global $db, $session, $paths, $template, $plugins; // Common objects |
979 global $db, $session, $paths, $template, $plugins; // Common objects |
980 global $lang; |
|
981 |
|
982 // This is a vast improvement over the old Special:Contributions in 1.0.x. |
|
983 |
|
995 $template->header(); |
984 $template->header(); |
996 $user = $paths->getParam(); |
985 $user = $paths->getParam(); |
997 if(!$user && isset($_GET['user'])) |
986 if ( !$user && isset($_GET['user']) ) |
998 { |
987 { |
999 $user = $_GET['user']; |
988 $user = $_GET['user']; |
1000 } |
989 } |
1001 elseif(!$user && !isset($_GET['user'])) |
990 else if ( !$user && !isset($_GET['user']) ) |
1002 { |
991 { |
1003 echo 'No user selected!'; |
992 echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>'; |
1004 $template->footer(); |
993 $template->footer(); |
1005 return; |
994 return; |
1006 } |
995 } |
1007 |
996 |
1008 $user = $db->escape($user); |
997 $user = $db->escape($user); |
1009 |
998 $q = 'SELECT log_type, time_id, action, date_string, page_id, namespace, author, edit_summary, minor_edit, page_id, namespace, ( action = \'edit\' ) AS is_edit FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND log_type=\'page\' ORDER BY is_edit DESC, time_id DESC;'; |
1010 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;'; |
999 $q = $db->sql_query($q); |
1011 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); |
1000 if ( !$q ) |
1012 echo 'History of edits and actions<h3>Edits:</h3>'; |
1001 $db->_die('SpecialUserFuncs selecting contribution data'); |
1013 if($db->numrows() < 1) echo 'No history entries in this category.'; |
1002 |
1014 while($r = $db->fetchrow()) |
1003 echo '<h3>' . $lang->get('userfuncs_contribs_heading_edits') . '</h3>'; |
1015 { |
1004 |
1016 $title = get_page_title($r['page_id'], $r['namespace']); |
1005 $cnt_edits = 0; |
1017 echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary']; |
1006 $cnt_other = 0; |
1018 if($r['minor_edit']) echo '<b> - minor edit</b>'; |
1007 $current = 'cnt_edits'; |
1019 echo '<br />'; |
1008 $cls = 'row2'; |
1020 } |
1009 |
1021 $db->free_result(); |
1010 while ( $row = $db->fetchrow($q) ) |
1022 echo '<h3>Other changes:</h3>'; |
1011 { |
1023 $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;'; |
1012 if ( $current == 'cnt_edits' && $row['is_edit'] != 1 ) |
1024 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); |
1013 { |
1025 if($db->numrows() < 1) echo 'No history entries in this category.'; |
1014 // No longer processing page edits - split the table |
1026 while($r = $db->fetchrow()) |
1015 if ( $cnt_edits == 0 ) |
1027 { |
1016 { |
1028 if ( $r['log_type'] == 'page' ) |
1017 echo '<p>' . $lang->get('userfuncs_contribs_msg_no_edits') . '</p>'; |
1029 { |
1018 } |
1030 $title = get_page_title($r['page_id'], $r['namespace']); |
1019 else |
1031 echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '; |
1020 { |
1032 if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary']; |
1021 echo '</table></div>'; |
1033 else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary']; |
1022 echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>'; |
1034 else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']); |
1023 } |
1035 else if ( $r['action'] == 'create' ) echo 'Created page'; |
1024 $current = 'cnt_other'; |
1036 else if ( $r['action'] == 'delete' ) echo 'Deleted page'; |
1025 $cls = 'row2'; |
1037 if ( $r['minor_edit'] ) echo '<b> - minor edit</b>'; |
1026 } |
1038 echo '<br />'; |
1027 if ( $$current == 0 ) |
1039 } |
1028 { |
1040 else if($r['log_type']=='security') |
1029 echo '<div class="tblholder"> |
1041 { |
1030 <table border="0" cellspacing="1" cellpadding="4">'; |
1042 // Not implemented, and when it is, it won't be public |
1031 echo ' <tr> |
1043 } |
1032 <th>' . $lang->get('history_col_datetime') . '</th>'; |
1044 } |
1033 echo ' <th>' . $lang->get('history_col_page') . '</th>'; |
1034 if ( $current == 'cnt_edits' ) |
|
1035 { |
|
1036 echo ' <th>' . $lang->get('history_col_summary') . '</th>'; |
|
1037 } |
|
1038 echo ' <th>' . $lang->get('history_col_minor') . '</th>'; |
|
1039 if ( $current == 'cnt_other' ) |
|
1040 { |
|
1041 echo ' <th>' . $lang->get('history_col_action_taken') . '</th> |
|
1042 <th>' . $lang->get('history_col_extra') . '</th> |
|
1043 '; |
|
1044 } |
|
1045 echo ' <th>' . $lang->get('history_col_actions') . '</th> |
|
1046 </tr>'; |
|
1047 } |
|
1048 ++$$current; |
|
1049 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1050 |
|
1051 echo '<tr>'; |
|
1052 |
|
1053 // date & time |
|
1054 echo ' <td class="' . $cls . '">' . date('d M Y h:i a', $row['time_id']) . '</td>'; |
|
1055 |
|
1056 // page & link to said page |
|
1057 echo ' <td class="' . $cls . '"><a href="' . makeUrlNS($row['namespace'], $row['page_id']) . '">' . get_page_title_ns($row['page_id'], $row['namespace']) . '</a></td>'; |
|
1058 |
|
1059 switch ( $row['action'] ) |
|
1060 { |
|
1061 case 'edit': |
|
1062 if ( $row['edit_summary'] == 'Automatic backup created when logs were purged' ) |
|
1063 { |
|
1064 $row['edit_summary'] = $lang->get('history_summary_clearlogs'); |
|
1065 } |
|
1066 else if ( empty($row['edit_summary']) ) |
|
1067 { |
|
1068 $row['edit_summary'] = '<span style="color: #808080">' . $lang->get('history_summary_none_given') . '</span>'; |
|
1069 } |
|
1070 echo ' <td class="' . $cls . '">' . $row['edit_summary'] . '</td>'; |
|
1071 if ( $row['minor_edit'] == 1 ) |
|
1072 { |
|
1073 echo '<td class="' . $cls . '"><b>M</b></td>'; |
|
1074 } |
|
1075 else |
|
1076 { |
|
1077 echo '<td class="' . $cls . '"></td>'; |
|
1078 } |
|
1079 break; |
|
1080 case 'prot': |
|
1081 echo ' <td class="' . $cls . '"></td>'; |
|
1082 echo ' <td class="' . $cls . '">' . $lang->get('history_log_protect') . '</td>'; |
|
1083 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>'; |
|
1084 break; |
|
1085 case 'unprot': |
|
1086 echo ' <td class="' . $cls . '"></td>'; |
|
1087 echo ' <td class="' . $cls . '">' . $lang->get('history_log_unprotect') . '</td>'; |
|
1088 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>'; |
|
1089 break; |
|
1090 case 'semiprot': |
|
1091 echo ' <td class="' . $cls . '"></td>'; |
|
1092 echo ' <td class="' . $cls . '">' . $lang->get('history_log_semiprotect') . '</td>'; |
|
1093 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>'; |
|
1094 break; |
|
1095 case 'rename': |
|
1096 echo ' <td class="' . $cls . '"></td>'; |
|
1097 echo ' <td class="' . $cls . '">' . $lang->get('history_log_rename') . '</td>'; |
|
1098 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' ' . htmlspecialchars($row['edit_summary']) . '</td>'; |
|
1099 break; |
|
1100 case 'create': |
|
1101 echo ' <td class="' . $cls . '"></td>'; |
|
1102 echo ' <td class="' . $cls . '">' . $lang->get('history_log_create') . '</td>'; |
|
1103 echo ' <td class="' . $cls . '"></td>'; |
|
1104 break; |
|
1105 case 'delete': |
|
1106 echo ' <td class="' . $cls . '"></td>'; |
|
1107 echo ' <td class="' . $cls . '">' . $lang->get('history_log_delete') . '</td>'; |
|
1108 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>'; |
|
1109 break; |
|
1110 case 'reupload': |
|
1111 echo ' <td class="' . $cls . '"></td>'; |
|
1112 echo ' <td class="' . $cls . '">' . $lang->get('history_log_uploadnew') . '</td>'; |
|
1113 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>'; |
|
1114 break; |
|
1115 } |
|
1116 |
|
1117 // actions column |
|
1118 echo ' <td class="' . $cls . '" style="text-align: center;">'; |
|
1119 if ( $row['is_edit'] == 1 ) |
|
1120 { |
|
1121 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "oldid={$row['time_id']}", true) . '">' . $lang->get('history_action_view') . '</a> | '; |
|
1122 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_restore') . '</a>'; |
|
1123 } |
|
1124 else |
|
1125 { |
|
1126 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_revert') . '</a>'; |
|
1127 } |
|
1128 echo ' </td>'; |
|
1129 |
|
1130 if ( $current == 'cnt_other' && $cnt_edits + $cnt_other >= $db->numrows($q) ) |
|
1131 { |
|
1132 echo '</table></div>'; |
|
1133 } |
|
1134 } |
|
1135 |
|
1136 if ( $current == 'cnt_edits' ) |
|
1137 { |
|
1138 // no "other" edits, close the table |
|
1139 echo '</table></div>'; |
|
1140 echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>'; |
|
1141 echo '<p>' . $lang->get('userfuncs_contribs_msg_no_other') . '</p>'; |
|
1142 } |
|
1143 |
|
1045 $db->free_result(); |
1144 $db->free_result(); |
1046 $template->footer(); |
1145 $template->footer(); |
1047 } |
1146 } |
1048 |
1147 |
1049 function page_Special_ChangeStyle() |
1148 function page_Special_ChangeStyle() |
1050 { |
1149 { |
1051 global $db, $session, $paths, $template, $plugins; // Common objects |
1150 global $db, $session, $paths, $template, $plugins; // Common objects |
1052 if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>'); |
1151 global $lang; |
1152 |
|
1153 if ( !$session->user_logged_in ) |
|
1154 { |
|
1155 die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>'); |
|
1156 } |
|
1053 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
1157 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
1054 { |
1158 { |
1055 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) |
1159 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) |
1056 die('Hacking attempt'); |
1160 die('Hacking attempt'); |
1057 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) |
1161 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) |
1058 die('Hacking attempt'); |
1162 die('Hacking attempt'); |
1059 $d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
1163 $d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
1060 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
1164 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
1061 if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.'); |
1165 if ( !file_exists($d) || !is_dir($d) ) |
1062 if(!file_exists($f)) die('The file "'.$f.'" does not exist.'); |
1166 { |
1167 die('The directory "'.$d.'" does not exist.'); |
|
1168 } |
|
1169 if ( !file_exists($f) ) |
|
1170 { |
|
1171 die('The file "'.$f.'" does not exist.'); |
|
1172 } |
|
1063 $d = $db->escape($_POST['theme']); |
1173 $d = $db->escape($_POST['theme']); |
1064 $f = $db->escape($_POST['style']); |
1174 $f = $db->escape($_POST['style']); |
1065 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
1175 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
1066 if(!$db->sql_query($q)) |
1176 if ( !$db->sql_query($q) ) |
1067 { |
1177 { |
1068 $db->_die('Your theme/style preferences were not updated.'); |
1178 $db->_die('Your theme/style preferences were not updated.'); |
1069 } |
1179 } |
1070 else |
1180 else |
1071 { |
1181 { |
1072 redirect(makeUrl($_POST['return_to']), '', '', 0); |
1182 redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3); |
1073 } |
1183 } |
1074 } |
1184 } |
1075 else |
1185 else |
1076 { |
1186 { |
1077 $template->header(); |
1187 $template->header(); |
1078 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
1188 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
1079 if(!$ret) $ret = getConfig('main_page'); |
1189 if ( !$ret ) |
1190 { |
|
1191 $ret = getConfig('main_page'); |
|
1192 } |
|
1080 ?> |
1193 ?> |
1081 <form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
1194 <form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
1082 <?php if(!isset($_POST['themeselected'])) { ?> |
1195 <?php if ( !isset($_POST['themeselected']) ) { ?> |
1083 <h3>Please select a new theme:</h3> |
1196 <h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3> |
1084 <p> |
1197 <p> |
1085 <select name="theme"> |
1198 <select name="theme"> |
1086 <?php |
1199 <?php |
1087 foreach($template->theme_list as $t) { |
1200 foreach ( $template->theme_list as $t ) |
1088 if($t['enabled']) |
1201 { |
1202 if ( $t['enabled'] ) |
|
1089 { |
1203 { |
1090 echo '<option value="'.$t['theme_id'].'"'; |
1204 echo '<option value="'.$t['theme_id'].'"'; |
1091 if($t['theme_id'] == $session->theme) echo ' selected="selected"'; |
1205 if ( $t['theme_id'] == $session->theme ) |
1092 echo '>'.$t['theme_name'].'</option>'; |
1206 { |
1207 echo ' selected="selected"'; |
|
1208 } |
|
1209 echo '>' . $t['theme_name'] . '</option>'; |
|
1093 } |
1210 } |
1094 } |
1211 } |
1095 ?> |
1212 ?> |
1096 </select> |
1213 </select> |
1097 </p> |
1214 </p> |
1098 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
1215 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
1099 <input type="submit" name="themeselected" value="Continue" /></p> |
1216 <input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p> |
1100 <?php } else { |
1217 <?php } else { |
1101 $theme = $_POST['theme']; |
1218 $theme = $_POST['theme']; |
1102 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) ) |
1219 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) ) |
1103 die('Hacking attempt'); |
1220 die('Hacking attempt'); |
1104 ?> |
1221 ?> |
1105 <h3>Please select a stylesheet:</h3> |
1222 <h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3> |
1106 <p> |
1223 <p> |
1107 <select name="style"> |
1224 <select name="style"> |
1108 <?php |
1225 <?php |
1109 $dir = './themes/'.$theme.'/css/'; |
1226 $dir = './themes/'.$theme.'/css/'; |
1110 $list = Array(); |
1227 $list = Array(); |
1126 ?> |
1243 ?> |
1127 </select> |
1244 </select> |
1128 </p> |
1245 </p> |
1129 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
1246 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
1130 <input type="hidden" name="theme" value="<?php echo $theme; ?>" /> |
1247 <input type="hidden" name="theme" value="<?php echo $theme; ?>" /> |
1131 <input type="submit" name="allclear" value="Change style" /></p> |
1248 <input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p> |
1132 <?php } ?> |
1249 <?php } ?> |
1133 </form> |
1250 </form> |
1134 <?php |
1251 <?php |
1135 $template->footer(); |
1252 $template->footer(); |
1136 } |
1253 } |
1137 } |
1254 } |
1138 |
1255 |
1139 function page_Special_ActivateAccount() |
1256 function page_Special_ActivateAccount() |
1140 { |
1257 { |
1141 global $db, $session, $paths, $template, $plugins; // Common objects |
1258 global $db, $session, $paths, $template, $plugins; // Common objects |
1259 global $lang; |
|
1260 |
|
1142 $user = $paths->getParam(0); |
1261 $user = $paths->getParam(0); |
1143 if(!$user) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>'); |
1262 if ( !$user ) |
1263 { |
|
1264 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>'); |
|
1265 } |
|
1144 $key = $paths->getParam(1); |
1266 $key = $paths->getParam(1); |
1145 if(!$key) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>'); |
1267 if ( !$key ) |
1268 { |
|
1269 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>'); |
|
1270 } |
|
1146 $s = $session->activate_account(str_replace('_', ' ', $user), $key); |
1271 $s = $session->activate_account(str_replace('_', ' ', $user), $key); |
1147 if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>'); |
1272 if ( $s > 0 ) |
1148 else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>'); |
1273 { |
1274 die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>'); |
|
1275 } |
|
1276 else |
|
1277 { |
|
1278 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>'); |
|
1279 } |
|
1149 } |
1280 } |
1150 |
1281 |
1151 function page_Special_Captcha() |
1282 function page_Special_Captcha() |
1152 { |
1283 { |
1153 global $db, $session, $paths, $template, $plugins; // Common objects |
1284 global $db, $session, $paths, $template, $plugins; // Common objects |
1194 } |
1325 } |
1195 |
1326 |
1196 function page_Special_PasswordReset() |
1327 function page_Special_PasswordReset() |
1197 { |
1328 { |
1198 global $db, $session, $paths, $template, $plugins; // Common objects |
1329 global $db, $session, $paths, $template, $plugins; // Common objects |
1330 global $lang; |
|
1331 |
|
1199 $template->header(); |
1332 $template->header(); |
1200 if($paths->getParam(0) == 'stage2') |
1333 if($paths->getParam(0) == 'stage2') |
1201 { |
1334 { |
1202 $user_id = intval($paths->getParam(1)); |
1335 $user_id = intval($paths->getParam(1)); |
1203 $encpass = $paths->getParam(2); |
1336 $encpass = $paths->getParam(2); |
1224 $row = $db->fetchrow(); |
1357 $row = $db->fetchrow(); |
1225 $db->free_result(); |
1358 $db->free_result(); |
1226 |
1359 |
1227 if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
1360 if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
1228 { |
1361 { |
1229 echo '<p>Your temporary password has expired. Please <a href="' . makeUrlNS('Special', 'PasswordReset') . '">request another one</a>.</p>'; |
1362 echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>'; |
1230 $template->footer(); |
1363 $template->footer(); |
1231 return false; |
1364 return false; |
1232 } |
1365 } |
1233 |
1366 |
1234 if ( isset($_POST['do_stage2']) ) |
1367 if ( isset($_POST['do_stage2']) ) |
1237 if($_POST['use_crypt'] == 'yes') |
1370 if($_POST['use_crypt'] == 'yes') |
1238 { |
1371 { |
1239 $crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
1372 $crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
1240 if(!$crypt_key) |
1373 if(!$crypt_key) |
1241 { |
1374 { |
1242 echo 'ERROR: Couldn\'t look up public key for decryption.'; |
1375 echo $lang->get('user_err_key_not_found'); |
1243 $template->footer(); |
1376 $template->footer(); |
1244 return false; |
1377 return false; |
1245 } |
1378 } |
1246 $crypt_key = hexdecode($crypt_key); |
1379 $crypt_key = hexdecode($crypt_key); |
1247 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX); |
1380 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX); |
1248 if(strlen($data) < 6) |
1381 if(strlen($data) < 6) |
1249 { |
1382 { |
1250 echo 'ERROR: Your password must be six characters or greater in length.'; |
1383 echo $lang->get('userfuncs_passreset_err_too_short'); |
1251 $template->footer(); |
1384 $template->footer(); |
1252 return false; |
1385 return false; |
1253 } |
1386 } |
1254 } |
1387 } |
1255 else |
1388 else |
1256 { |
1389 { |
1257 $data = $_POST['pass']; |
1390 $data = $_POST['pass']; |
1258 $conf = $_POST['pass_confirm']; |
1391 $conf = $_POST['pass_confirm']; |
1259 if($data != $conf) |
1392 if($data != $conf) |
1260 { |
1393 { |
1261 echo 'ERROR: The passwords you entered do not match.'; |
1394 echo $lang->get('userfuncs_passreset_err_no_match'); |
1262 $template->footer(); |
1395 $template->footer(); |
1263 return false; |
1396 return false; |
1264 } |
1397 } |
1265 if(strlen($data) < 6) |
1398 if(strlen($data) < 6) |
1266 { |
1399 { |
1267 echo 'ERROR: Your password must be six characters or greater in length.'; |
1400 echo $lang->get('userfuncs_passreset_err_too_short'); |
1268 $template->footer(); |
1401 $template->footer(); |
1269 return false; |
1402 return false; |
1270 } |
1403 } |
1271 } |
1404 } |
1272 if(empty($data)) |
1405 if(empty($data)) |
1280 $min_score = intval(getConfig('pw_strength_minimum')); |
1413 $min_score = intval(getConfig('pw_strength_minimum')); |
1281 $inp_score = password_score($data); |
1414 $inp_score = password_score($data); |
1282 if ( $inp_score < $min_score ) |
1415 if ( $inp_score < $min_score ) |
1283 { |
1416 { |
1284 $url = makeUrl($paths->fullpage); |
1417 $url = makeUrl($paths->fullpage); |
1285 echo "<p>ERROR: Your password did not pass the complexity score requirement. You need $min_score points to pass; your password received a score of $inp_score. <a href=\"$url\">Go back</a></p>"; |
1418 echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>"; |
1286 $template->footer(); |
1419 $template->footer(); |
1287 return false; |
1420 return false; |
1288 } |
1421 } |
1289 } |
1422 } |
1290 $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX); |
1423 $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX); |
1291 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';'); |
1424 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';'); |
1292 |
1425 |
1293 if($q) |
1426 if($q) |
1294 { |
1427 { |
1295 $session->login_without_crypto($row['username'], $data); |
1428 $session->login_without_crypto($row['username'], $data); |
1296 echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>'; |
1429 echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(getConfig('main_page')))) . '</p>'; |
1297 } |
1430 } |
1298 else |
1431 else |
1299 { |
1432 { |
1300 echo $db->get_error(); |
1433 echo $db->get_error(); |
1301 } |
1434 } |
1306 |
1439 |
1307 // Password reset form |
1440 // Password reset form |
1308 $pubkey = $session->rijndael_genkey(); |
1441 $pubkey = $session->rijndael_genkey(); |
1309 |
1442 |
1310 $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; |
1443 $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; |
1311 $pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">Password strength rating:</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : ''; |
1444 $pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : ''; |
1312 $pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>Your password needs to have a score of at least <b>'.getConfig('pw_strength_minimum').'</b>.</small>' : ''; |
1445 $pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : ''; |
1313 |
1446 |
1314 ?> |
1447 ?> |
1315 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
1448 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
1316 <br /> |
1449 <br /> |
1317 <div class="tblholder"> |
1450 <div class="tblholder"> |
1318 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
1451 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
1319 <tr><th colspan="2">Reset password</th></tr> |
1452 <tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr> |
1320 <tr><td class="row1">Password:<?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr> |
1453 <tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr> |
1321 <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr> |
1454 <tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr> |
1322 <?php echo $pw_meter; ?> |
1455 <?php echo $pw_meter; ?> |
1323 <tr> |
1456 <tr> |
1324 <td colspan="2" class="row1" style="text-align: center;"> |
1457 <td colspan="2" class="row3" style="text-align: center;"> |
1325 <input type="hidden" name="use_crypt" value="no" /> |
1458 <input type="hidden" name="use_crypt" value="no" /> |
1326 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
1459 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
1327 <input type="hidden" name="crypt_data" value="" /> |
1460 <input type="hidden" name="crypt_data" value="" /> |
1328 <input type="submit" name="do_stage2" value="Reset password" /> |
1461 <input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" /> |
1329 </td> |
1462 </td> |
1330 </tr> |
1463 </tr> |
1331 </table> |
1464 </table> |
1332 </div> |
1465 </div> |
1333 </form> |
1466 </form> |
1373 var frm = document.forms.resetform; |
1506 var frm = document.forms.resetform; |
1374 pass1 = frm.pass.value; |
1507 pass1 = frm.pass.value; |
1375 pass2 = frm.pass_confirm.value; |
1508 pass2 = frm.pass_confirm.value; |
1376 if ( pass1 != pass2 ) |
1509 if ( pass1 != pass2 ) |
1377 { |
1510 { |
1378 alert('The passwords you entered do not match.'); |
1511 alert($lang.get('userfuncs_passreset_err_no_match')); |
1379 return false; |
1512 return false; |
1380 } |
1513 } |
1381 if ( pass1.length < 6 ) |
1514 if ( pass1.length < 6 ) |
1382 { |
1515 { |
1383 alert('The new password must be 6 characters or greater in length.'); |
1516 alert($lang.get('userfuncs_passreset_err_too_short')); |
1384 return false; |
1517 return false; |
1385 } |
1518 } |
1386 if(testpassed) |
1519 if(testpassed) |
1387 { |
1520 { |
1388 pass = frm.pass.value; |
1521 pass = frm.pass.value; |
1407 } |
1540 } |
1408 if(isset($_POST['do_reset'])) |
1541 if(isset($_POST['do_reset'])) |
1409 { |
1542 { |
1410 if($session->mail_password_reset($_POST['username'])) |
1543 if($session->mail_password_reset($_POST['username'])) |
1411 { |
1544 { |
1412 echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>'; |
1545 echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>'; |
1413 } |
1546 } |
1414 else |
1547 else |
1415 { |
1548 { |
1416 echo '<p>Error occured, your new password was not sent.</p>'; |
1549 echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>'; |
1417 } |
1550 } |
1418 $template->footer(); |
1551 $template->footer(); |
1419 return true; |
1552 return true; |
1420 } |
1553 } |
1421 echo '<p>Don\'t worry, it happens to the best of us.</p> |
1554 echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p> |
1422 <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p> |
1555 <p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p> |
1423 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
1556 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
1424 <p>Username: '.$template->username_field('username').'</p> |
1557 <p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p> |
1425 <p><input type="submit" name="do_reset" value="Mail new password" /></p> |
1558 <p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p> |
1426 </form>'; |
1559 </form>'; |
1427 $template->footer(); |
1560 $template->footer(); |
1428 } |
1561 } |
1429 |
1562 |
1430 function page_Special_Memberlist() |
1563 function page_Special_Memberlist() |
1431 { |
1564 { |
1432 global $db, $session, $paths, $template, $plugins; // Common objects |
1565 global $db, $session, $paths, $template, $plugins; // Common objects |
1566 global $lang; |
|
1567 |
|
1433 $template->header(); |
1568 $template->header(); |
1434 |
1569 |
1435 $startletters = 'abcdefghijklmnopqrstuvwxyz'; |
1570 $startletters = 'abcdefghijklmnopqrstuvwxyz'; |
1436 $startletters = enano_str_split($startletters); |
1571 $startletters = enano_str_split($startletters); |
1437 $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |
1572 $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |