Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
authorDan
Mon, 22 Dec 2008 21:26:19 -0500
changeset 793 c0724bf6039b
parent 792 b55b87e5fafd
child 794 720516162012
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
includes/clientside/static/login.js file | annotate | diff | comparison | revisions
includes/pageprocess.php file | annotate | diff | comparison | revisions
includes/paths.php file | annotate | diff | comparison | revisions
includes/plugins.php file | annotate | diff | comparison | revisions
language/english/user.json file | annotate | diff | comparison | revisions 
--- a/includes/clientside/static/login.js	Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/clientside/static/login.js	Mon Dec 22 21:26:19 2008 -0500
@@ -1158,3 +1158,25 @@
   var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
   window.location = loc;
 }
+
+window.ajaxDynamicReauth = function(adminpage)
+{
+  var old_sid = ENANO_SID;
+  var targetpage = adminpage;
+  ajaxLogonInit(function(k)
+    {
+      var body = document.getElementsByTagName('body')[0];
+      var replace = new RegExp(old_sid, 'g');
+      body.innerHTML = body.innerHTML.replace(replace, k);
+      ENANO_SID = k;
+      if ( targetpage )
+      {
+        mb_current_obj.destroy();
+        ajaxPage(targetpage);
+      }
+    }, USER_LEVEL_ADMIN);
+  ajaxLoginShowFriendlyError({
+      error_code: 'admin_session_timed_out',
+      respawn_info: {}
+  });
+}
--- a/includes/pageprocess.php	Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/pageprocess.php	Mon Dec 22 21:26:19 2008 -0500
@@ -202,6 +202,7 @@
     
     $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
     $strict_no_headers = false;
+    $admin_fail = false;
     if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
     {
       if ( $this->send_headers )
@@ -238,6 +239,32 @@
           }
         }
       }
+      if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] )
+      {
+        if ( $session->auth_level < USER_LEVEL_ADMIN )
+        {
+          $admin_fail = true;
+        }
+      }
+    }
+    else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
+    {
+      if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
+      {
+        if ( $session->auth_level < USER_LEVEL_ADMIN )
+        {
+          $admin_fail = true;
+        }
+      }
+    }
+    if ( $admin_fail )
+    {
+      header('Content-type: text/javascript');
+      echo enano_json_encode(array(
+          'mode' => 'error',
+          'error' => 'need_auth_to_admin'
+        ));
+      return true;
     }
     if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
     {
--- a/includes/paths.php	Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/paths.php	Mon Dec 22 21:26:19 2008 -0500
@@ -379,6 +379,8 @@
     // This is used in the admin panel to keep track of form submission targets
     $this->cpage['module'] = $this->cpage['urlname'];
     
+    $this->cpage['require_admin'] = ( $this->cpage['namespace'] === 'Admin' );
+    
     // Page is set up, call any hooks
     $code = $plugins->setHook('page_set');
     foreach ( $code as $cmd )
@@ -402,6 +404,8 @@
         $flags['name'] = $lang->get($flags['name']);
     }
     
+    $flags['require_admin'] = ( $flags['namespace'] === 'Admin' );
+    
     $pages_len = sizeof($this->pages) / 2;
     $this->pages[$pages_len] = $flags;
     $this->pages[$flags['urlname']] =& $this->pages[$pages_len];
--- a/includes/plugins.php	Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/plugins.php	Mon Dec 22 21:26:19 2008 -0500
@@ -623,6 +623,8 @@
     endswitch;
     
     $cache->purge('plugins');
+    $cache->purge('page_meta');
+    $cache->purge('anon_sidebar');
     
     return $return;
   }
@@ -742,6 +744,8 @@
     endswitch;
     
     $cache->purge('plugins');
+    $cache->purge('page_meta');
+    $cache->purge('anon_sidebar');
     
     return $return;
   }
@@ -967,6 +971,8 @@
     endswitch;
     
     $cache->purge('plugins');
+    $cache->purge('page_meta');
+    $cache->purge('anon_sidebar');
     
     return $return;
   }
--- a/language/english/user.json	Mon Dec 22 21:25:14 2008 -0500
+++ b/language/english/user.json	Mon Dec 22 21:26:19 2008 -0500
@@ -93,6 +93,7 @@
       err_backend_fail: 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.',
       err_locked_out: 'You have used up all %config.lockout_threshold% allowed login attempts. Please wait %time_rem% minute%plural% before attempting to log in again%captcha_blurb%.',
       err_locked_out_captcha_blurb: ', or enter the visual confirmation code shown above in the appropriate box',
+      err_admin_session_timed_out: 'Your session has timed out; please log in again using the form above.',
       
       logout_success_title: 'Logged out',
       logout_success_body: 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.',
Enano CMS (1.1.x)