0
+ − 1 <?php
+ − 2 /*
+ − 3 Plugin Name: Special user/login-related pages
23
+ − 4 Plugin URI: http://enanocms.org/
0
+ − 5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
+ − 6 Author: Dan Fuhry
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 7 Version: 1.0.1
23
+ − 8 Author URI: http://enanocms.org/
0
+ − 9 */
+ − 10
+ − 11 /*
+ − 12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13 * Version 1.0 release candidate 2
+ − 14 * Copyright (C) 2006-2007 Dan Fuhry
+ − 15 *
+ − 16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18 *
+ − 19 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21 */
+ − 22
+ − 23 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25 $plugins->attachHook('base_classes_initted', '
+ − 26 global $paths;
+ − 27 $paths->add_page(Array(
+ − 28 \'name\'=>\'Log in\',
+ − 29 \'urlname\'=>\'Login\',
+ − 30 \'namespace\'=>\'Special\',
+ − 31 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32 ));
+ − 33 $paths->add_page(Array(
+ − 34 \'name\'=>\'Log out\',
+ − 35 \'urlname\'=>\'Logout\',
+ − 36 \'namespace\'=>\'Special\',
+ − 37 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 38 ));
+ − 39 $paths->add_page(Array(
+ − 40 \'name\'=>\'Register\',
+ − 41 \'urlname\'=>\'Register\',
+ − 42 \'namespace\'=>\'Special\',
+ − 43 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 44 ));
+ − 45 $paths->add_page(Array(
+ − 46 \'name\'=>\'Edit Profile\',
+ − 47 \'urlname\'=>\'Preferences\',
+ − 48 \'namespace\'=>\'Special\',
+ − 49 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 50 ));
+ − 51
+ − 52 $paths->add_page(Array(
+ − 53 \'name\'=>\'Contributions\',
+ − 54 \'urlname\'=>\'Contributions\',
+ − 55 \'namespace\'=>\'Special\',
+ − 56 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 57 ));
+ − 58
+ − 59 $paths->add_page(Array(
+ − 60 \'name\'=>\'Change style\',
+ − 61 \'urlname\'=>\'ChangeStyle\',
+ − 62 \'namespace\'=>\'Special\',
+ − 63 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 64 ));
+ − 65
+ − 66 $paths->add_page(Array(
+ − 67 \'name\'=>\'Activate user account\',
+ − 68 \'urlname\'=>\'ActivateAccount\',
+ − 69 \'namespace\'=>\'Special\',
+ − 70 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 71 ));
+ − 72
+ − 73 $paths->add_page(Array(
+ − 74 \'name\'=>\'Captcha\',
+ − 75 \'urlname\'=>\'Captcha\',
+ − 76 \'namespace\'=>\'Special\',
+ − 77 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 78 ));
+ − 79
+ − 80 $paths->add_page(Array(
+ − 81 \'name\'=>\'Forgot password\',
+ − 82 \'urlname\'=>\'PasswordReset\',
+ − 83 \'namespace\'=>\'Special\',
+ − 84 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 85 ));
+ − 86 ');
+ − 87
+ − 88 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 89
+ − 90 $__login_status = '';
+ − 91
+ − 92 function page_Special_Login()
+ − 93 {
+ − 94 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95 global $__login_status;
+ − 96
+ − 97 $pubkey = $session->rijndael_genkey();
+ − 98 $challenge = $session->dss_rand();
+ − 99
+ − 100 if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 101 {
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 102 $username = ( $session->user_logged_in ) ? $session->username : false;
0
+ − 103 $response = Array(
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 104 'username' => $username,
0
+ − 105 'key' => $pubkey,
+ − 106 'challenge' => $challenge
+ − 107 );
+ − 108 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 109 $response = $json->encode($response);
+ − 110 echo $response;
+ − 111 return null;
+ − 112 }
+ − 113
+ − 114 $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 115 if ( isset($_POST['login']) )
+ − 116 {
+ − 117 if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 118 {
+ − 119 $level = intval($_POST['auth_level']);
+ − 120 }
+ − 121 }
+ − 122
+ − 123 if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 124 {
+ − 125 $level = USER_LEVEL_MEMBER;
+ − 126 }
+ − 127 $template->header();
+ − 128 echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
+ − 129 $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ − 130 if ( isset($_POST['login']) )
+ − 131 {
+ − 132 echo '<p>'.$__login_status.'</p>';
+ − 133 }
+ − 134 if ( $p = $paths->getAllParams() )
+ − 135 {
+ − 136 echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 137 }
+ − 138 else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 139 {
+ − 140 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 141 }
+ − 142 ?>
+ − 143 <div class="tblholder">
+ − 144 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 145 <tr>
+ − 146 <th colspan="3"><?php echo $header; ?></th>
+ − 147 </tr>
+ − 148 <tr>
+ − 149 <td colspan="3" class="row1">
+ − 150 <?php
+ − 151 if ( $level <= USER_LEVEL_MEMBER )
+ − 152 {
+ − 153 echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ − 154 }
+ − 155 else
+ − 156 {
+ − 157 echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ − 158 }
+ − 159 ?>
+ − 160 </td>
+ − 161 </tr>
+ − 162 <tr>
+ − 163 <td class="row2">
+ − 164 Username:
+ − 165 </td>
+ − 166 <td class="row1">
+ − 167 <input name="username" size="25" type="text" <?php
+ − 168 if ( $level <= USER_LEVEL_MEMBER )
+ − 169 {
+ − 170 echo 'tabindex="1" ';
+ − 171 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 172 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 173 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 174 echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 175 }
0
+ − 176 if ( $session->user_logged_in )
+ − 177 {
+ − 178 echo 'value="' . $session->username . '"';
+ − 179 }
+ − 180 ?> />
+ − 181 </td>
+ − 182 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 183 <td rowspan="2" class="row3">
+ − 184 <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
+ − 185 Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ − 186 </td>
+ − 187 <?php } ?>
+ − 188 </tr>
+ − 189 <tr>
+ − 190 <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ − 191 </tr>
+ − 192 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 193 <tr>
+ − 194 <td class="row3" colspan="3">
+ − 195 <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
+ − 196 <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ − 197 </td>
+ − 198 </tr>
+ − 199 <?php } ?>
+ − 200 <tr>
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 201 <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
+ − 202 </tr>
+ − 203 </table>
+ − 204 </div>
+ − 205 <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 206 <input type="hidden" name="use_crypt" value="no" />
+ − 207 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 208 <input type="hidden" name="crypt_data" value="" />
+ − 209 <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 210 <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 211 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 212 document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 213 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 214 <?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 215 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 216 document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 217 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 218 <?php endif; ?>
0
+ − 219 </form>
+ − 220 <?php
+ − 221 echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
+ − 222 ?>
+ − 223 <?php
+ − 224 $template->footer();
+ − 225 }
+ − 226
+ − 227 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 228 {
+ − 229 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 230 global $__login_status;
+ − 231 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 232 {
+ − 233 $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
+ − 234 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 235 $data = $json->decode($_POST['params']);
+ − 236 $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
+ − 237 $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ − 238 $session->start();
+ − 239 //echo "$result\n$session->sid_super";
+ − 240 //exit;
+ − 241 if ( $result == 'success' )
+ − 242 {
+ − 243 $response = Array(
+ − 244 'result' => 'success',
+ − 245 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
+ − 246 );
+ − 247 }
+ − 248 else
+ − 249 {
+ − 250 $response = Array(
+ − 251 'result' => 'error',
+ − 252 'error' => $result
+ − 253 );
+ − 254 }
+ − 255 $response = $json->encode($response);
+ − 256 echo $response;
+ − 257 $db->close();
+ − 258 exit;
+ − 259 }
+ − 260 if(isset($_POST['login'])) {
+ − 261 if($_POST['use_crypt'] == 'yes')
+ − 262 {
+ − 263 $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ − 264 }
+ − 265 else
+ − 266 {
+ − 267 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ − 268 }
+ − 269 $session->start();
+ − 270 $paths->init();
+ − 271 if($result == 'success')
+ − 272 {
+ − 273 $template->load_theme($session->theme, $session->style);
+ − 274 if(isset($_POST['return_to']))
+ − 275 {
+ − 276 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
+ − 277 redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ − 278 }
+ − 279 else
+ − 280 {
+ − 281 $paths->main_page();
+ − 282 }
+ − 283 }
+ − 284 else
+ − 285 {
+ − 286 $GLOBALS['__login_status'] = $result;
+ − 287 }
+ − 288 }
+ − 289 }
+ − 290
+ − 291 function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 292 {
+ − 293 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 294
+ − 295 $response = Array(
+ − 296 'result' => 'success_reset',
+ − 297 'user_id' => $user_id,
+ − 298 'temppass' => $passkey
+ − 299 );
+ − 300
+ − 301 $response = $json->encode($response);
+ − 302 echo $response;
+ − 303
+ − 304 $db->close();
+ − 305
+ − 306 exit;
+ − 307 }
+ − 308
+ − 309 function page_Special_Logout() {
+ − 310 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 311 $l = $session->logout();
+ − 312 if($l == 'success') $paths->main_page();
+ − 313 $template->header();
+ − 314 echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ − 315 $template->footer();
+ − 316 }
+ − 317
30
+ − 318 function page_Special_Register()
+ − 319 {
0
+ − 320 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 321 if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 322 {
+ − 323 $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
+ − 324 die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ − 325 }
30
+ − 326 if(isset($_POST['submit']))
+ − 327 {
+ − 328 $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 329
0
+ − 330 $captcharesult = $session->get_captcha($_POST['captchahash']);
+ − 331 if($captcharesult != $_POST['captchacode'])
30
+ − 332 {
0
+ − 333 $s = 'The confirmation code you entered was incorrect.';
30
+ − 334 }
0
+ − 335 else
30
+ − 336 {
+ − 337 if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 338 {
+ − 339 $s = 'Invalid COPPA input';
+ − 340 }
+ − 341 else
+ − 342 {
+ − 343 $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
+ − 344
+ − 345 // CAPTCHA code was correct, create the account
+ − 346 $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);
+ − 347 }
+ − 348 }
+ − 349 if($s == 'success' && !isset($coppa))
0
+ − 350 {
+ − 351 switch(getConfig('account_activation'))
+ − 352 {
+ − 353 case "none":
+ − 354 default:
+ − 355 $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ − 356 break;
+ − 357 case "user":
+ − 358 $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ − 359 break;
+ − 360 case "admin":
+ − 361 $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ − 362 break;
+ − 363 }
+ − 364 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 365 }
30
+ − 366 else if ( $s == 'success' && $coppa )
+ − 367 {
+ − 368 $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
+ − 369 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 370 }
0
+ − 371 }
+ − 372 $template->header();
+ − 373 echo 'A user account enables you to have greater control over your browsing experience.';
30
+ − 374
+ − 375 if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 376 {
+ − 377 $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 378 $session->kill_captcha();
+ − 379 $captchacode = $session->make_captcha();
+ − 380 ?>
+ − 381 <h3>Create a user account</h3>
+ − 382 <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 383 <div class="tblholder">
+ − 384 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 385 <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ − 386 <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
+ − 387 <tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
+ − 388 <tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
+ − 389 <tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
+ − 390 <tr><td class="row1" style="width: 50%;"><?php if ( $coppa ) echo 'Your parent or guardian\'s e'; else echo 'E'; ?>-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
+ − 391 <tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
+ − 392 <tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
+ − 393 <tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
+ − 394 <tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
+ − 395 </table>
+ − 396 </div>
+ − 397 <?php
+ − 398 $val = ( $coppa ) ? 'yes' : 'no';
+ − 399 echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 400 ?>
+ − 401 </form>
+ − 402 <script type="text/javascript">
+ − 403 // <![CDATA[
+ − 404 var namegood = false;
+ − 405 function validateForm()
0
+ − 406 {
30
+ − 407 var frm = document.forms.regform;
+ − 408 failed = false;
+ − 409
+ − 410 // Username
+ − 411 if(!namegood)
0
+ − 412 {
30
+ − 413 if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
+ − 414 {
+ − 415 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 416 document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ − 417 } else {
+ − 418 failed = true;
+ − 419 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 420 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 421 }
+ − 422 }
+ − 423 document.getElementById('b_username').innerHTML = '';
+ − 424 if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
+ − 425 {
+ − 426 document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 427 }
+ − 428
+ − 429 // Password
+ − 430 if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ − 431 {
+ − 432 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 433 document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
0
+ − 434 } else {
+ − 435 failed = true;
30
+ − 436 if(frm.password.value.length < 6)
+ − 437 document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ − 438 else if(frm.password.value != frm.password_confirm.value)
+ − 439 document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
+ − 440 else
+ − 441 document.getElementById('e_password').innerHTML = '';
+ − 442 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 443 }
+ − 444
+ − 445 // E-mail address
+ − 446 if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ − 447 {
+ − 448 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 449 } else {
+ − 450 failed = true;
+ − 451 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 452 }
+ − 453 if(failed)
+ − 454 {
+ − 455 frm.submit.disabled = 'disabled';
+ − 456 } else {
+ − 457 frm.submit.disabled = false;
0
+ − 458 }
+ − 459 }
30
+ − 460 function checkUsername()
0
+ − 461 {
30
+ − 462 var frm = document.forms.regform;
+ − 463
+ − 464 if(!namegood)
+ − 465 {
+ − 466 if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ − 467 {
+ − 468 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 469 document.getElementById('e_username').innerHTML = '';
+ − 470 } else {
+ − 471 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 472 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 473 return false;
+ − 474 }
+ − 475 }
+ − 476
+ − 477 document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ − 478 ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
+ − 479 if(ajax.readyState == 4)
+ − 480 if(ajax.responseText == 'good')
+ − 481 {
+ − 482 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 483 document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ − 484 namegood = true;
+ − 485 } else if(ajax.responseText == 'bad') {
+ − 486 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 487 document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ − 488 namegood = false;
+ − 489 } else {
+ − 490 document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 491 }
+ − 492 });
0
+ − 493 }
30
+ − 494 function regenCaptcha()
0
+ − 495 {
30
+ − 496 var frm = document.forms.regform;
+ − 497 document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
+ − 498 return false;
0
+ − 499 }
30
+ − 500 validateForm();
+ − 501 setTimeout('checkUsername();', 1000);
+ − 502 // ]]>
+ − 503 </script>
+ − 504 <?php
+ − 505 }
+ − 506 else
+ − 507 {
+ − 508 $year = intval( date('Y') );
+ − 509 $year = $year - 13;
+ − 510 $month = date('F');
+ − 511 $day = date('d');
+ − 512
+ − 513 $yo13_date = "$month $day, $year";
+ − 514 $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 515 $link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 516
+ − 517 // COPPA enabled, ask age
+ − 518 echo '<div class="tblholder">';
+ − 519 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 520 echo '<tr>
+ − 521 <td class="row1">
+ − 522 Before you can register, please tell us your age.
+ − 523 </td>
+ − 524 </tr>
+ − 525 <tr>
+ − 526 <td class="row3">
+ − 527 <a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
+ − 528 <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ − 529 </td>
+ − 530 </tr>';
+ − 531 echo '</table>';
+ − 532 echo '</div>';
+ − 533 }
0
+ − 534 $template->footer();
+ − 535 }
+ − 536
+ − 537 /*
+ − 538 If you want the old preferences page back, be my guest.
+ − 539 function page_Special_Preferences() {
+ − 540 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 541 $template->header();
+ − 542 if(isset($_POST['submit'])) {
+ − 543 $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
+ − 544 if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
+ − 545 else echo $data;
+ − 546 } else {
+ − 547 echo '
+ − 548 <h3>Edit your profile</h3>
+ − 549 <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
+ − 550 <table border="0" style="margin-left: 0.2in;">
+ − 551 <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
+ − 552 <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
+ − 553 <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
+ − 554 <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
+ − 555 <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
+ − 556 <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
+ − 557 <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
+ − 558 <tr><td colspan="2">
+ − 559 <input type="submit" name="submit" value="Save Changes" /></td></tr>
+ − 560 </table>
+ − 561 </form>
+ − 562 ';
+ − 563 }
+ − 564 $template->footer();
+ − 565 }
+ − 566 */
+ − 567
+ − 568 function page_Special_Contributions() {
+ − 569 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 570 $template->header();
+ − 571 $user = $paths->getParam();
+ − 572 if(!$user && isset($_GET['user']))
+ − 573 {
+ − 574 $user = $_GET['user'];
+ − 575 }
+ − 576 elseif(!$user && !isset($_GET['user']))
+ − 577 {
+ − 578 echo 'No user selected!';
+ − 579 $template->footer();
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 580 return;
0
+ − 581 }
+ − 582
+ − 583 $user = $db->escape($user);
+ − 584
+ − 585 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
+ − 586 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 587 echo 'History of edits and actions<h3>Edits:</h3>';
+ − 588 if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 589 while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 590 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 591 $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 592 echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary'];
0
+ − 593 if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 594 echo '<br />';
+ − 595 }
+ − 596 $db->free_result();
+ − 597 echo '<h3>Other changes:</h3>';
+ − 598 $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
+ − 599 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 600 if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 601 while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 602 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 603 if ( $r['log_type'] == 'page' )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 604 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 605 $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 606 echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: ';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 607 if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 608 else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 609 else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 610 else if ( $r['action'] == 'create' ) echo 'Created page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 611 else if ( $r['action'] == 'delete' ) echo 'Deleted page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 612 if ( $r['minor_edit'] ) echo '<b> - minor edit</b>';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 613 echo '<br />';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 614 }
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 615 else if($r['log_type']=='security')
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 616 {
0
+ − 617 // Not implemented, and when it is, it won't be public
+ − 618 }
+ − 619 }
+ − 620 $db->free_result();
+ − 621 $template->footer();
+ − 622 }
+ − 623
+ − 624 function page_Special_ChangeStyle()
+ − 625 {
+ − 626 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 627 if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
+ − 628 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 629 {
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 630 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 631 die('Hacking attempt');
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 632 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 633 die('Hacking attempt');
0
+ − 634 $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 635 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
+ − 636 if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
+ − 637 if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
+ − 638 $d = $db->escape($_POST['theme']);
+ − 639 $f = $db->escape($_POST['style']);
+ − 640 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
+ − 641 if(!$db->sql_query($q))
+ − 642 {
+ − 643 $db->_die('Your theme/style preferences were not updated.');
+ − 644 }
+ − 645 else
+ − 646 {
+ − 647 redirect(makeUrl($_POST['return_to']), '', '', 0);
+ − 648 }
+ − 649 }
+ − 650 else
+ − 651 {
+ − 652 $template->header();
+ − 653 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
+ − 654 if(!$ret) $ret = getConfig('main_page');
+ − 655 ?>
+ − 656 <form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 657 <?php if(!isset($_POST['themeselected'])) { ?>
+ − 658 <h3>Please select a new theme:</h3>
+ − 659 <p>
+ − 660 <select name="theme">
+ − 661 <?php
+ − 662 foreach($template->theme_list as $t) {
+ − 663 if($t['enabled'])
+ − 664 {
+ − 665 echo '<option value="'.$t['theme_id'].'"';
+ − 666 if($t['theme_id'] == $session->theme) echo ' selected="selected"';
+ − 667 echo '>'.$t['theme_name'].'</option>';
+ − 668 }
+ − 669 }
+ − 670 ?>
+ − 671 </select>
+ − 672 </p>
+ − 673 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 674 <input type="submit" name="themeselected" value="Continue" /></p>
+ − 675 <?php } else {
+ − 676 $theme = $_POST['theme'];
+ − 677 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 678 die('Hacking attempt');
+ − 679 ?>
+ − 680 <h3>Please select a stylesheet:</h3>
+ − 681 <p>
+ − 682 <select name="style">
+ − 683 <?php
+ − 684 $dir = './themes/'.$theme.'/css/';
+ − 685 $list = Array();
+ − 686 // Open a known directory, and proceed to read its contents
+ − 687 if (is_dir($dir)) {
+ − 688 if ($dh = opendir($dir)) {
+ − 689 while (($file = readdir($dh)) !== false) {
+ − 690 if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 691 $list[] = substr($file, 0, strlen($file)-4);
+ − 692 }
+ − 693 }
+ − 694 closedir($dh);
+ − 695 }
+ − 696 } else die($dir.' is not a dir');
+ − 697 foreach ( $list as $l )
+ − 698 {
+ − 699 echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 700 }
+ − 701 ?>
+ − 702 </select>
+ − 703 </p>
+ − 704 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 705 <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+ − 706 <input type="submit" name="allclear" value="Change style" /></p>
+ − 707 <?php } ?>
+ − 708 </form>
+ − 709 <?php
+ − 710 $template->footer();
+ − 711 }
+ − 712 }
+ − 713
+ − 714 function page_Special_ActivateAccount()
+ − 715 {
+ − 716 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 717 $user = $paths->getParam(0);
+ − 718 if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 719 $key = $paths->getParam(1);
+ − 720 if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 721 $s = $session->activate_account(str_replace('_', ' ', $user), $key);
+ − 722 if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
+ − 723 else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
+ − 724 }
+ − 725
+ − 726 function page_Special_Captcha()
+ − 727 {
+ − 728 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 729 if($paths->getParam(0) == 'make')
+ − 730 {
+ − 731 $session->kill_captcha();
+ − 732 echo $session->make_captcha();
+ − 733 return;
+ − 734 }
+ − 735 $hash = $paths->getParam(0);
+ − 736 if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
+ − 737 $code = $session->get_captcha($hash);
+ − 738 if(!$code) die('Invalid hash or IP address incorrect.');
+ − 739 require(ENANO_ROOT.'/includes/captcha.php');
+ − 740 $captcha = new captcha($code);
+ − 741 //header('Content-disposition: attachment; filename=autocaptcha.png');
+ − 742 $captcha->make_image();
+ − 743 exit;
+ − 744 }
+ − 745
+ − 746 function page_Special_PasswordReset()
+ − 747 {
+ − 748 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 749 $template->header();
+ − 750 if($paths->getParam(0) == 'stage2')
+ − 751 {
+ − 752 $user_id = intval($paths->getParam(1));
+ − 753 $encpass = $paths->getParam(2);
+ − 754 if ( $user_id < 2 )
+ − 755 {
+ − 756 echo '<p>Hacking attempt</p>';
+ − 757 $template->footer();
+ − 758 return false;
+ − 759 }
+ − 760 if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 761 {
+ − 762 echo '<p>Hacking attempt</p>';
+ − 763 $template->footer();
+ − 764 return false;
+ − 765 }
+ − 766
+ − 767 $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 768 if($db->numrows() < 1)
+ − 769 {
+ − 770 echo '<p>Invalid credentials</p>';
+ − 771 $template->footer();
+ − 772 return false;
+ − 773 }
+ − 774 $row = $db->fetchrow();
+ − 775 $db->free_result();
+ − 776
+ − 777 if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
+ − 778 {
+ − 779 echo '<p>Password has expired</p>';
+ − 780 $template->footer();
+ − 781 return false;
+ − 782 }
+ − 783
+ − 784 if ( isset($_POST['do_stage2']) )
+ − 785 {
+ − 786 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 787 if($_POST['use_crypt'] == 'yes')
+ − 788 {
+ − 789 $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 790 if(!$crypt_key)
+ − 791 {
+ − 792 echo 'ERROR: Couldn\'t look up public key for decryption.';
+ − 793 $template->footer();
+ − 794 return false;
+ − 795 }
+ − 796 $crypt_key = hexdecode($crypt_key);
+ − 797 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 798 if(strlen($data) < 6)
+ − 799 {
+ − 800 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 801 $template->footer();
+ − 802 return false;
+ − 803 }
+ − 804 }
+ − 805 else
+ − 806 {
+ − 807 $data = $_POST['pass'];
+ − 808 $conf = $_POST['pass_confirm'];
+ − 809 if($data != $conf)
+ − 810 {
+ − 811 echo 'ERROR: The passwords you entered do not match.';
+ − 812 $template->footer();
+ − 813 return false;
+ − 814 }
+ − 815 if(strlen($data) < 6)
+ − 816 {
+ − 817 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 818 $template->footer();
+ − 819 return false;
+ − 820 }
+ − 821 }
+ − 822 if(empty($data))
+ − 823 {
+ − 824 echo 'ERROR: Sanity check failed!';
+ − 825 $template->footer();
+ − 826 return false;
+ − 827 }
+ − 828 $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
+ − 829 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 830
+ − 831 if($q)
+ − 832 {
+ − 833 $session->login_without_crypto($row['username'], $data);
+ − 834 echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
+ − 835 }
+ − 836 else
+ − 837 {
+ − 838 echo $db->get_error();
+ − 839 }
+ − 840
+ − 841 $template->footer();
+ − 842 return false;
+ − 843 }
+ − 844
+ − 845 // Password reset form
+ − 846 $pubkey = $session->rijndael_genkey();
+ − 847
+ − 848 ?>
+ − 849 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 850 <br />
+ − 851 <div class="tblholder">
+ − 852 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 853 <tr><th colspan="2">Reset password</th></tr>
+ − 854 <tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
+ − 855 <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
+ − 856 <tr>
+ − 857 <td colspan="2" class="row1" style="text-align: center;">
+ − 858 <input type="hidden" name="use_crypt" value="no" />
+ − 859 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 860 <input type="hidden" name="crypt_data" value="" />
+ − 861 <input type="submit" name="do_stage2" value="Reset password" />
+ − 862 </td>
+ − 863 </tr>
+ − 864 </table>
+ − 865 </div>
+ − 866 </form>
+ − 867 <script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 868 if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 869 {
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 870 disableJSONExts();
0
+ − 871 str = '';
+ − 872 for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 873 var key = hexToByteArray(str);
+ − 874 var pt = hexToByteArray(str);
+ − 875 var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 876 var ct = byteArrayToHex(ct);
+ − 877 switch(keySizeInBits)
+ − 878 {
+ − 879 case 128:
+ − 880 v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 881 break;
+ − 882 case 192:
+ − 883 v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 884 break;
+ − 885 case 256:
+ − 886 v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 887 break;
+ − 888 }
+ − 889 var testpassed = ( ct == v && md5_vm_test() );
+ − 890 var frm = document.forms.resetform;
+ − 891 if(testpassed)
+ − 892 {
+ − 893 frm.use_crypt.value = 'yes';
+ − 894 var cryptkey = frm.crypt_key.value;
+ − 895 frm.crypt_key.value = hex_md5(cryptkey);
+ − 896 cryptkey = hexToByteArray(cryptkey);
+ − 897 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 898 {
+ − 899 frm._login.disabled = true;
+ − 900 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 901 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 902 }
+ − 903 }
+ − 904 function runEncryption()
+ − 905 {
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 906 var frm = document.forms.resetform;
0
+ − 907 pass1 = frm.pass.value;
+ − 908 pass2 = frm.pass_confirm.value;
+ − 909 if ( pass1 != pass2 )
+ − 910 {
+ − 911 alert('The passwords you entered do not match.');
+ − 912 return false;
+ − 913 }
+ − 914 if ( pass1.length < 6 )
+ − 915 {
+ − 916 alert('The new password must be 6 characters or greater in length.');
+ − 917 return false;
+ − 918 }
+ − 919 if(testpassed)
+ − 920 {
+ − 921 pass = frm.pass.value;
+ − 922 pass = stringToByteArray(pass);
+ − 923 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 924 if(!cryptstring)
+ − 925 {
+ − 926 return false;
+ − 927 }
+ − 928 cryptstring = byteArrayToHex(cryptstring);
+ − 929 frm.crypt_data.value = cryptstring;
+ − 930 frm.pass.value = "";
+ − 931 frm.pass_confirm.value = "";
+ − 932 }
+ − 933 return true;
+ − 934 }
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 935 }
0
+ − 936 </script>
+ − 937 <?php
+ − 938 $template->footer();
+ − 939 return true;
+ − 940 }
+ − 941 if(isset($_POST['do_reset']))
+ − 942 {
+ − 943 if($session->mail_password_reset($_POST['username']))
+ − 944 {
+ − 945 echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
+ − 946 }
+ − 947 else
+ − 948 {
+ − 949 echo '<p>Error occured, your new password was not sent.</p>';
+ − 950 }
+ − 951 $template->footer();
+ − 952 return true;
+ − 953 }
+ − 954 echo '<p>Don\'t worry, it happens to the best of us.</p>
+ − 955 <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
+ − 956 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 957 <p>Username: '.$template->username_field('username').'</p>
+ − 958 <p><input type="submit" name="do_reset" value="Mail new password" /></p>
+ − 959 </form>';
+ − 960 $template->footer();
+ − 961 }
+ − 962
+ − 963 ?>