# HG changeset patch # User Dan # Date 1229999179 18000 # Node ID c0724bf6039bdfda0c54267bdbe9f10666f75340 # Parent b55b87e5fafd7f6c17be70fe54366826a320a06b Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future. diff -r b55b87e5fafd -r c0724bf6039b includes/clientside/static/login.js --- a/includes/clientside/static/login.js Mon Dec 22 21:25:14 2008 -0500 +++ b/includes/clientside/static/login.js Mon Dec 22 21:26:19 2008 -0500 @@ -1158,3 +1158,25 @@ var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username)); window.location = loc; } + +window.ajaxDynamicReauth = function(adminpage) +{ + var old_sid = ENANO_SID; + var targetpage = adminpage; + ajaxLogonInit(function(k) + { + var body = document.getElementsByTagName('body')[0]; + var replace = new RegExp(old_sid, 'g'); + body.innerHTML = body.innerHTML.replace(replace, k); + ENANO_SID = k; + if ( targetpage ) + { + mb_current_obj.destroy(); + ajaxPage(targetpage); + } + }, USER_LEVEL_ADMIN); + ajaxLoginShowFriendlyError({ + error_code: 'admin_session_timed_out', + respawn_info: {} + }); +} diff -r b55b87e5fafd -r c0724bf6039b includes/pageprocess.php --- a/includes/pageprocess.php Mon Dec 22 21:25:14 2008 -0500 +++ b/includes/pageprocess.php Mon Dec 22 21:26:19 2008 -0500 @@ -202,6 +202,7 @@ $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id; $strict_no_headers = false; + $admin_fail = false; if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') ) { if ( $this->send_headers ) @@ -238,6 +239,32 @@ } } } + if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] ) + { + if ( $session->auth_level < USER_LEVEL_ADMIN ) + { + $admin_fail = true; + } + } + } + else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id ) + { + if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] ) + { + if ( $session->auth_level < USER_LEVEL_ADMIN ) + { + $admin_fail = true; + } + } + } + if ( $admin_fail ) + { + header('Content-type: text/javascript'); + echo enano_json_encode(array( + 'mode' => 'error', + 'error' => 'need_auth_to_admin' + )); + return true; } if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats ) { diff -r b55b87e5fafd -r c0724bf6039b includes/paths.php --- a/includes/paths.php Mon Dec 22 21:25:14 2008 -0500 +++ b/includes/paths.php Mon Dec 22 21:26:19 2008 -0500 @@ -379,6 +379,8 @@ // This is used in the admin panel to keep track of form submission targets $this->cpage['module'] = $this->cpage['urlname']; + $this->cpage['require_admin'] = ( $this->cpage['namespace'] === 'Admin' ); + // Page is set up, call any hooks $code = $plugins->setHook('page_set'); foreach ( $code as $cmd ) @@ -402,6 +404,8 @@ $flags['name'] = $lang->get($flags['name']); } + $flags['require_admin'] = ( $flags['namespace'] === 'Admin' ); + $pages_len = sizeof($this->pages) / 2; $this->pages[$pages_len] = $flags; $this->pages[$flags['urlname']] =& $this->pages[$pages_len]; diff -r b55b87e5fafd -r c0724bf6039b includes/plugins.php --- a/includes/plugins.php Mon Dec 22 21:25:14 2008 -0500 +++ b/includes/plugins.php Mon Dec 22 21:26:19 2008 -0500 @@ -623,6 +623,8 @@ endswitch; $cache->purge('plugins'); + $cache->purge('page_meta'); + $cache->purge('anon_sidebar'); return $return; } @@ -742,6 +744,8 @@ endswitch; $cache->purge('plugins'); + $cache->purge('page_meta'); + $cache->purge('anon_sidebar'); return $return; } @@ -967,6 +971,8 @@ endswitch; $cache->purge('plugins'); + $cache->purge('page_meta'); + $cache->purge('anon_sidebar'); return $return; } diff -r b55b87e5fafd -r c0724bf6039b language/english/user.json --- a/language/english/user.json Mon Dec 22 21:25:14 2008 -0500 +++ b/language/english/user.json Mon Dec 22 21:26:19 2008 -0500 @@ -93,6 +93,7 @@ err_backend_fail: 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.', err_locked_out: 'You have used up all %config.lockout_threshold% allowed login attempts. Please wait %time_rem% minute%plural% before attempting to log in again%captcha_blurb%.', err_locked_out_captcha_blurb: ', or enter the visual confirmation code shown above in the appropriate box', + err_admin_session_timed_out: 'Your session has timed out; please log in again using the form above.', logout_success_title: 'Logged out', logout_success_body: 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.',