0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Special user/login-related pages
23
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
+ − 6
Author: Dan Fuhry
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 7
Version: 1.0.1
23
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13
* Version 1.0 release candidate 2
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Log in\',
+ − 29
\'urlname\'=>\'Login\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
$paths->add_page(Array(
+ − 34
\'name\'=>\'Log out\',
+ − 35
\'urlname\'=>\'Logout\',
+ − 36
\'namespace\'=>\'Special\',
+ − 37
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 38
));
+ − 39
$paths->add_page(Array(
+ − 40
\'name\'=>\'Register\',
+ − 41
\'urlname\'=>\'Register\',
+ − 42
\'namespace\'=>\'Special\',
+ − 43
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 44
));
+ − 45
$paths->add_page(Array(
+ − 46
\'name\'=>\'Edit Profile\',
+ − 47
\'urlname\'=>\'Preferences\',
+ − 48
\'namespace\'=>\'Special\',
+ − 49
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 50
));
+ − 51
+ − 52
$paths->add_page(Array(
+ − 53
\'name\'=>\'Contributions\',
+ − 54
\'urlname\'=>\'Contributions\',
+ − 55
\'namespace\'=>\'Special\',
+ − 56
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 57
));
+ − 58
+ − 59
$paths->add_page(Array(
+ − 60
\'name\'=>\'Change style\',
+ − 61
\'urlname\'=>\'ChangeStyle\',
+ − 62
\'namespace\'=>\'Special\',
+ − 63
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 64
));
+ − 65
+ − 66
$paths->add_page(Array(
+ − 67
\'name\'=>\'Activate user account\',
+ − 68
\'urlname\'=>\'ActivateAccount\',
+ − 69
\'namespace\'=>\'Special\',
+ − 70
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 71
));
+ − 72
+ − 73
$paths->add_page(Array(
+ − 74
\'name\'=>\'Captcha\',
+ − 75
\'urlname\'=>\'Captcha\',
+ − 76
\'namespace\'=>\'Special\',
+ − 77
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 78
));
+ − 79
+ − 80
$paths->add_page(Array(
+ − 81
\'name\'=>\'Forgot password\',
+ − 82
\'urlname\'=>\'PasswordReset\',
+ − 83
\'namespace\'=>\'Special\',
+ − 84
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 85
));
+ − 86
');
+ − 87
+ − 88
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 89
+ − 90
$__login_status = '';
+ − 91
+ − 92
function page_Special_Login()
+ − 93
{
+ − 94
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95
global $__login_status;
+ − 96
+ − 97
$pubkey = $session->rijndael_genkey();
+ − 98
$challenge = $session->dss_rand();
+ − 99
+ − 100
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 101
{
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 102
$username = ( $session->user_logged_in ) ? $session->username : false;
0
+ − 103
$response = Array(
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 104
'username' => $username,
0
+ − 105
'key' => $pubkey,
+ − 106
'challenge' => $challenge
+ − 107
);
+ − 108
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 109
$response = $json->encode($response);
+ − 110
echo $response;
+ − 111
return null;
+ − 112
}
+ − 113
+ − 114
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 115
if ( isset($_POST['login']) )
+ − 116
{
+ − 117
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 118
{
+ − 119
$level = intval($_POST['auth_level']);
+ − 120
}
+ − 121
}
+ − 122
+ − 123
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 124
{
+ − 125
$level = USER_LEVEL_MEMBER;
+ − 126
}
+ − 127
$template->header();
+ − 128
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
+ − 129
$header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ − 130
if ( isset($_POST['login']) )
+ − 131
{
+ − 132
echo '<p>'.$__login_status.'</p>';
+ − 133
}
+ − 134
if ( $p = $paths->getAllParams() )
+ − 135
{
+ − 136
echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 137
}
+ − 138
else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 139
{
+ − 140
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 141
}
+ − 142
?>
+ − 143
<div class="tblholder">
+ − 144
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 145
<tr>
+ − 146
<th colspan="3"><?php echo $header; ?></th>
+ − 147
</tr>
+ − 148
<tr>
+ − 149
<td colspan="3" class="row1">
+ − 150
<?php
+ − 151
if ( $level <= USER_LEVEL_MEMBER )
+ − 152
{
+ − 153
echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ − 154
}
+ − 155
else
+ − 156
{
+ − 157
echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ − 158
}
+ − 159
?>
+ − 160
</td>
+ − 161
</tr>
+ − 162
<tr>
+ − 163
<td class="row2">
+ − 164
Username:
+ − 165
</td>
+ − 166
<td class="row1">
+ − 167
<input name="username" size="25" type="text" <?php
+ − 168
if ( $level <= USER_LEVEL_MEMBER )
+ − 169
{
+ − 170
echo 'tabindex="1" ';
+ − 171
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 172
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 173
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 174
echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 175
}
0
+ − 176
if ( $session->user_logged_in )
+ − 177
{
+ − 178
echo 'value="' . $session->username . '"';
+ − 179
}
+ − 180
?> />
+ − 181
</td>
+ − 182
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 183
<td rowspan="2" class="row3">
+ − 184
<small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
+ − 185
Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ − 186
</td>
+ − 187
<?php } ?>
+ − 188
</tr>
+ − 189
<tr>
+ − 190
<td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ − 191
</tr>
+ − 192
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 193
<tr>
+ − 194
<td class="row3" colspan="3">
+ − 195
<p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
+ − 196
<p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ − 197
</td>
+ − 198
</tr>
+ − 199
<?php } ?>
+ − 200
<tr>
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 201
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
+ − 202
</tr>
+ − 203
</table>
+ − 204
</div>
+ − 205
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 206
<input type="hidden" name="use_crypt" value="no" />
+ − 207
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 208
<input type="hidden" name="crypt_data" value="" />
+ − 209
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 210
<?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 211
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 212
document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 213
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 214
<?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 215
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 216
document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 217
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 218
<?php endif; ?>
0
+ − 219
</form>
+ − 220
<?php
+ − 221
echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
+ − 222
?>
+ − 223
<?php
+ − 224
$template->footer();
+ − 225
}
+ − 226
+ − 227
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 228
{
+ − 229
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 230
global $__login_status;
+ − 231
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 232
{
+ − 233
$plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
+ − 234
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 235
$data = $json->decode($_POST['params']);
+ − 236
$level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
+ − 237
$result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ − 238
$session->start();
+ − 239
//echo "$result\n$session->sid_super";
+ − 240
//exit;
+ − 241
if ( $result == 'success' )
+ − 242
{
+ − 243
$response = Array(
+ − 244
'result' => 'success',
+ − 245
'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
+ − 246
);
+ − 247
}
+ − 248
else
+ − 249
{
+ − 250
$response = Array(
+ − 251
'result' => 'error',
+ − 252
'error' => $result
+ − 253
);
+ − 254
}
+ − 255
$response = $json->encode($response);
+ − 256
echo $response;
+ − 257
$db->close();
+ − 258
exit;
+ − 259
}
+ − 260
if(isset($_POST['login'])) {
+ − 261
if($_POST['use_crypt'] == 'yes')
+ − 262
{
+ − 263
$result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ − 264
}
+ − 265
else
+ − 266
{
+ − 267
$result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ − 268
}
+ − 269
$session->start();
+ − 270
$paths->init();
+ − 271
if($result == 'success')
+ − 272
{
+ − 273
$template->load_theme($session->theme, $session->style);
+ − 274
if(isset($_POST['return_to']))
+ − 275
{
+ − 276
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
+ − 277
redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ − 278
}
+ − 279
else
+ − 280
{
+ − 281
$paths->main_page();
+ − 282
}
+ − 283
}
+ − 284
else
+ − 285
{
+ − 286
$GLOBALS['__login_status'] = $result;
+ − 287
}
+ − 288
}
+ − 289
}
+ − 290
+ − 291
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 292
{
+ − 293
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 294
+ − 295
$response = Array(
+ − 296
'result' => 'success_reset',
+ − 297
'user_id' => $user_id,
+ − 298
'temppass' => $passkey
+ − 299
);
+ − 300
+ − 301
$response = $json->encode($response);
+ − 302
echo $response;
+ − 303
+ − 304
$db->close();
+ − 305
+ − 306
exit;
+ − 307
}
+ − 308
+ − 309
function page_Special_Logout() {
+ − 310
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 311
$l = $session->logout();
+ − 312
if($l == 'success') $paths->main_page();
+ − 313
$template->header();
+ − 314
echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ − 315
$template->footer();
+ − 316
}
+ − 317
30
+ − 318
function page_Special_Register()
+ − 319
{
0
+ − 320
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 321
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 322
{
+ − 323
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
+ − 324
die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ − 325
}
30
+ − 326
if(isset($_POST['submit']))
+ − 327
{
+ − 328
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 329
0
+ − 330
$captcharesult = $session->get_captcha($_POST['captchahash']);
+ − 331
if($captcharesult != $_POST['captchacode'])
30
+ − 332
{
0
+ − 333
$s = 'The confirmation code you entered was incorrect.';
30
+ − 334
}
0
+ − 335
else
30
+ − 336
{
+ − 337
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 338
{
+ − 339
$s = 'Invalid COPPA input';
+ − 340
}
+ − 341
else
+ − 342
{
+ − 343
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
+ − 344
+ − 345
// CAPTCHA code was correct, create the account
+ − 346
$s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);
+ − 347
}
+ − 348
}
+ − 349
if($s == 'success' && !isset($coppa))
0
+ − 350
{
+ − 351
switch(getConfig('account_activation'))
+ − 352
{
+ − 353
case "none":
+ − 354
default:
+ − 355
$str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ − 356
break;
+ − 357
case "user":
+ − 358
$str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ − 359
break;
+ − 360
case "admin":
+ − 361
$str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ − 362
break;
+ − 363
}
+ − 364
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 365
}
30
+ − 366
else if ( $s == 'success' && $coppa )
+ − 367
{
+ − 368
$str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
+ − 369
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 370
}
0
+ − 371
}
+ − 372
$template->header();
+ − 373
echo 'A user account enables you to have greater control over your browsing experience.';
30
+ − 374
+ − 375
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 376
{
+ − 377
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 378
$session->kill_captcha();
+ − 379
$captchacode = $session->make_captcha();
+ − 380
?>
+ − 381
<h3>Create a user account</h3>
+ − 382
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 383
<div class="tblholder">
+ − 384
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 385
<tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ − 386
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
+ − 387
<tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
+ − 388
<tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
+ − 389
<tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
+ − 390
<tr><td class="row1" style="width: 50%;"><?php if ( $coppa ) echo 'Your parent or guardian\'s e'; else echo 'E'; ?>-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
+ − 391
<tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
+ − 392
<tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
+ − 393
<tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
+ − 394
<tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
+ − 395
</table>
+ − 396
</div>
+ − 397
<?php
+ − 398
$val = ( $coppa ) ? 'yes' : 'no';
+ − 399
echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 400
?>
+ − 401
</form>
+ − 402
<script type="text/javascript">
+ − 403
// <![CDATA[
+ − 404
var namegood = false;
+ − 405
function validateForm()
0
+ − 406
{
30
+ − 407
var frm = document.forms.regform;
+ − 408
failed = false;
+ − 409
+ − 410
// Username
+ − 411
if(!namegood)
0
+ − 412
{
30
+ − 413
if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
+ − 414
{
+ − 415
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 416
document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ − 417
} else {
+ − 418
failed = true;
+ − 419
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 420
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 421
}
+ − 422
}
+ − 423
document.getElementById('b_username').innerHTML = '';
+ − 424
if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
+ − 425
{
+ − 426
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 427
}
+ − 428
+ − 429
// Password
+ − 430
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ − 431
{
+ − 432
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 433
document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
0
+ − 434
} else {
+ − 435
failed = true;
30
+ − 436
if(frm.password.value.length < 6)
+ − 437
document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ − 438
else if(frm.password.value != frm.password_confirm.value)
+ − 439
document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
+ − 440
else
+ − 441
document.getElementById('e_password').innerHTML = '';
+ − 442
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 443
}
+ − 444
+ − 445
// E-mail address
+ − 446
if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ − 447
{
+ − 448
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 449
} else {
+ − 450
failed = true;
+ − 451
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 452
}
+ − 453
if(failed)
+ − 454
{
+ − 455
frm.submit.disabled = 'disabled';
+ − 456
} else {
+ − 457
frm.submit.disabled = false;
0
+ − 458
}
+ − 459
}
30
+ − 460
function checkUsername()
0
+ − 461
{
30
+ − 462
var frm = document.forms.regform;
+ − 463
+ − 464
if(!namegood)
+ − 465
{
+ − 466
if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ − 467
{
+ − 468
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 469
document.getElementById('e_username').innerHTML = '';
+ − 470
} else {
+ − 471
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 472
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 473
return false;
+ − 474
}
+ − 475
}
+ − 476
+ − 477
document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ − 478
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
+ − 479
if(ajax.readyState == 4)
+ − 480
if(ajax.responseText == 'good')
+ − 481
{
+ − 482
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 483
document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ − 484
namegood = true;
+ − 485
} else if(ajax.responseText == 'bad') {
+ − 486
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 487
document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ − 488
namegood = false;
+ − 489
} else {
+ − 490
document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 491
}
+ − 492
});
0
+ − 493
}
30
+ − 494
function regenCaptcha()
0
+ − 495
{
30
+ − 496
var frm = document.forms.regform;
+ − 497
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
+ − 498
return false;
0
+ − 499
}
30
+ − 500
validateForm();
+ − 501
setTimeout('checkUsername();', 1000);
+ − 502
// ]]>
+ − 503
</script>
+ − 504
<?php
+ − 505
}
+ − 506
else
+ − 507
{
+ − 508
$year = intval( date('Y') );
+ − 509
$year = $year - 13;
+ − 510
$month = date('F');
+ − 511
$day = date('d');
+ − 512
+ − 513
$yo13_date = "$month $day, $year";
+ − 514
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 515
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 516
+ − 517
// COPPA enabled, ask age
+ − 518
echo '<div class="tblholder">';
+ − 519
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 520
echo '<tr>
+ − 521
<td class="row1">
+ − 522
Before you can register, please tell us your age.
+ − 523
</td>
+ − 524
</tr>
+ − 525
<tr>
+ − 526
<td class="row3">
+ − 527
<a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
+ − 528
<a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ − 529
</td>
+ − 530
</tr>';
+ − 531
echo '</table>';
+ − 532
echo '</div>';
+ − 533
}
0
+ − 534
$template->footer();
+ − 535
}
+ − 536
+ − 537
/*
+ − 538
If you want the old preferences page back, be my guest.
+ − 539
function page_Special_Preferences() {
+ − 540
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 541
$template->header();
+ − 542
if(isset($_POST['submit'])) {
+ − 543
$data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
+ − 544
if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
+ − 545
else echo $data;
+ − 546
} else {
+ − 547
echo '
+ − 548
<h3>Edit your profile</h3>
+ − 549
<form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
+ − 550
<table border="0" style="margin-left: 0.2in;">
+ − 551
<tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
+ − 552
<tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
+ − 553
<tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
+ − 554
<tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
+ − 555
<tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
+ − 556
<tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
+ − 557
<tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
+ − 558
<tr><td colspan="2">
+ − 559
<input type="submit" name="submit" value="Save Changes" /></td></tr>
+ − 560
</table>
+ − 561
</form>
+ − 562
';
+ − 563
}
+ − 564
$template->footer();
+ − 565
}
+ − 566
*/
+ − 567
+ − 568
function page_Special_Contributions() {
+ − 569
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 570
$template->header();
+ − 571
$user = $paths->getParam();
+ − 572
if(!$user && isset($_GET['user']))
+ − 573
{
+ − 574
$user = $_GET['user'];
+ − 575
}
+ − 576
elseif(!$user && !isset($_GET['user']))
+ − 577
{
+ − 578
echo 'No user selected!';
+ − 579
$template->footer();
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 580
return;
0
+ − 581
}
+ − 582
+ − 583
$user = $db->escape($user);
+ − 584
+ − 585
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
+ − 586
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 587
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 588
if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 589
while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 590
{
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 591
$title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 592
echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary'];
0
+ − 593
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 594
echo '<br />';
+ − 595
}
+ − 596
$db->free_result();
+ − 597
echo '<h3>Other changes:</h3>';
+ − 598
$q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
+ − 599
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 600
if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 601
while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 602
{
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 603
if ( $r['log_type'] == 'page' )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 604
{
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 605
$title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 606
echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: ';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 607
if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 608
else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 609
else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 610
else if ( $r['action'] == 'create' ) echo 'Created page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 611
else if ( $r['action'] == 'delete' ) echo 'Deleted page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 612
if ( $r['minor_edit'] ) echo '<b> - minor edit</b>';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 613
echo '<br />';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 614
}
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 615
else if($r['log_type']=='security')
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 616
{
0
+ − 617
// Not implemented, and when it is, it won't be public
+ − 618
}
+ − 619
}
+ − 620
$db->free_result();
+ − 621
$template->footer();
+ − 622
}
+ − 623
+ − 624
function page_Special_ChangeStyle()
+ − 625
{
+ − 626
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 627
if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
+ − 628
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 629
{
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 630
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 631
die('Hacking attempt');
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 632
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 633
die('Hacking attempt');
0
+ − 634
$d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 635
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
+ − 636
if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
+ − 637
if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
+ − 638
$d = $db->escape($_POST['theme']);
+ − 639
$f = $db->escape($_POST['style']);
+ − 640
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
+ − 641
if(!$db->sql_query($q))
+ − 642
{
+ − 643
$db->_die('Your theme/style preferences were not updated.');
+ − 644
}
+ − 645
else
+ − 646
{
+ − 647
redirect(makeUrl($_POST['return_to']), '', '', 0);
+ − 648
}
+ − 649
}
+ − 650
else
+ − 651
{
+ − 652
$template->header();
+ − 653
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
+ − 654
if(!$ret) $ret = getConfig('main_page');
+ − 655
?>
+ − 656
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 657
<?php if(!isset($_POST['themeselected'])) { ?>
+ − 658
<h3>Please select a new theme:</h3>
+ − 659
<p>
+ − 660
<select name="theme">
+ − 661
<?php
+ − 662
foreach($template->theme_list as $t) {
+ − 663
if($t['enabled'])
+ − 664
{
+ − 665
echo '<option value="'.$t['theme_id'].'"';
+ − 666
if($t['theme_id'] == $session->theme) echo ' selected="selected"';
+ − 667
echo '>'.$t['theme_name'].'</option>';
+ − 668
}
+ − 669
}
+ − 670
?>
+ − 671
</select>
+ − 672
</p>
+ − 673
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 674
<input type="submit" name="themeselected" value="Continue" /></p>
+ − 675
<?php } else {
+ − 676
$theme = $_POST['theme'];
+ − 677
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 678
die('Hacking attempt');
+ − 679
?>
+ − 680
<h3>Please select a stylesheet:</h3>
+ − 681
<p>
+ − 682
<select name="style">
+ − 683
<?php
+ − 684
$dir = './themes/'.$theme.'/css/';
+ − 685
$list = Array();
+ − 686
// Open a known directory, and proceed to read its contents
+ − 687
if (is_dir($dir)) {
+ − 688
if ($dh = opendir($dir)) {
+ − 689
while (($file = readdir($dh)) !== false) {
+ − 690
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 691
$list[] = substr($file, 0, strlen($file)-4);
+ − 692
}
+ − 693
}
+ − 694
closedir($dh);
+ − 695
}
+ − 696
} else die($dir.' is not a dir');
+ − 697
foreach ( $list as $l )
+ − 698
{
+ − 699
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 700
}
+ − 701
?>
+ − 702
</select>
+ − 703
</p>
+ − 704
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 705
<input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+ − 706
<input type="submit" name="allclear" value="Change style" /></p>
+ − 707
<?php } ?>
+ − 708
</form>
+ − 709
<?php
+ − 710
$template->footer();
+ − 711
}
+ − 712
}
+ − 713
+ − 714
function page_Special_ActivateAccount()
+ − 715
{
+ − 716
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 717
$user = $paths->getParam(0);
+ − 718
if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 719
$key = $paths->getParam(1);
+ − 720
if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 721
$s = $session->activate_account(str_replace('_', ' ', $user), $key);
+ − 722
if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
+ − 723
else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
+ − 724
}
+ − 725
+ − 726
function page_Special_Captcha()
+ − 727
{
+ − 728
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 729
if($paths->getParam(0) == 'make')
+ − 730
{
+ − 731
$session->kill_captcha();
+ − 732
echo $session->make_captcha();
+ − 733
return;
+ − 734
}
+ − 735
$hash = $paths->getParam(0);
+ − 736
if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
+ − 737
$code = $session->get_captcha($hash);
+ − 738
if(!$code) die('Invalid hash or IP address incorrect.');
+ − 739
require(ENANO_ROOT.'/includes/captcha.php');
+ − 740
$captcha = new captcha($code);
+ − 741
//header('Content-disposition: attachment; filename=autocaptcha.png');
+ − 742
$captcha->make_image();
+ − 743
exit;
+ − 744
}
+ − 745
+ − 746
function page_Special_PasswordReset()
+ − 747
{
+ − 748
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 749
$template->header();
+ − 750
if($paths->getParam(0) == 'stage2')
+ − 751
{
+ − 752
$user_id = intval($paths->getParam(1));
+ − 753
$encpass = $paths->getParam(2);
+ − 754
if ( $user_id < 2 )
+ − 755
{
+ − 756
echo '<p>Hacking attempt</p>';
+ − 757
$template->footer();
+ − 758
return false;
+ − 759
}
+ − 760
if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 761
{
+ − 762
echo '<p>Hacking attempt</p>';
+ − 763
$template->footer();
+ − 764
return false;
+ − 765
}
+ − 766
+ − 767
$q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 768
if($db->numrows() < 1)
+ − 769
{
+ − 770
echo '<p>Invalid credentials</p>';
+ − 771
$template->footer();
+ − 772
return false;
+ − 773
}
+ − 774
$row = $db->fetchrow();
+ − 775
$db->free_result();
+ − 776
+ − 777
if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
+ − 778
{
+ − 779
echo '<p>Password has expired</p>';
+ − 780
$template->footer();
+ − 781
return false;
+ − 782
}
+ − 783
+ − 784
if ( isset($_POST['do_stage2']) )
+ − 785
{
+ − 786
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 787
if($_POST['use_crypt'] == 'yes')
+ − 788
{
+ − 789
$crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 790
if(!$crypt_key)
+ − 791
{
+ − 792
echo 'ERROR: Couldn\'t look up public key for decryption.';
+ − 793
$template->footer();
+ − 794
return false;
+ − 795
}
+ − 796
$crypt_key = hexdecode($crypt_key);
+ − 797
$data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 798
if(strlen($data) < 6)
+ − 799
{
+ − 800
echo 'ERROR: Your password must be six characters or greater in length.';
+ − 801
$template->footer();
+ − 802
return false;
+ − 803
}
+ − 804
}
+ − 805
else
+ − 806
{
+ − 807
$data = $_POST['pass'];
+ − 808
$conf = $_POST['pass_confirm'];
+ − 809
if($data != $conf)
+ − 810
{
+ − 811
echo 'ERROR: The passwords you entered do not match.';
+ − 812
$template->footer();
+ − 813
return false;
+ − 814
}
+ − 815
if(strlen($data) < 6)
+ − 816
{
+ − 817
echo 'ERROR: Your password must be six characters or greater in length.';
+ − 818
$template->footer();
+ − 819
return false;
+ − 820
}
+ − 821
}
+ − 822
if(empty($data))
+ − 823
{
+ − 824
echo 'ERROR: Sanity check failed!';
+ − 825
$template->footer();
+ − 826
return false;
+ − 827
}
+ − 828
$encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
+ − 829
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 830
+ − 831
if($q)
+ − 832
{
+ − 833
$session->login_without_crypto($row['username'], $data);
+ − 834
echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
+ − 835
}
+ − 836
else
+ − 837
{
+ − 838
echo $db->get_error();
+ − 839
}
+ − 840
+ − 841
$template->footer();
+ − 842
return false;
+ − 843
}
+ − 844
+ − 845
// Password reset form
+ − 846
$pubkey = $session->rijndael_genkey();
+ − 847
+ − 848
?>
+ − 849
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 850
<br />
+ − 851
<div class="tblholder">
+ − 852
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 853
<tr><th colspan="2">Reset password</th></tr>
+ − 854
<tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
+ − 855
<tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
+ − 856
<tr>
+ − 857
<td colspan="2" class="row1" style="text-align: center;">
+ − 858
<input type="hidden" name="use_crypt" value="no" />
+ − 859
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 860
<input type="hidden" name="crypt_data" value="" />
+ − 861
<input type="submit" name="do_stage2" value="Reset password" />
+ − 862
</td>
+ − 863
</tr>
+ − 864
</table>
+ − 865
</div>
+ − 866
</form>
+ − 867
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 868
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 869
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 870
disableJSONExts();
0
+ − 871
str = '';
+ − 872
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 873
var key = hexToByteArray(str);
+ − 874
var pt = hexToByteArray(str);
+ − 875
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 876
var ct = byteArrayToHex(ct);
+ − 877
switch(keySizeInBits)
+ − 878
{
+ − 879
case 128:
+ − 880
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 881
break;
+ − 882
case 192:
+ − 883
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 884
break;
+ − 885
case 256:
+ − 886
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 887
break;
+ − 888
}
+ − 889
var testpassed = ( ct == v && md5_vm_test() );
+ − 890
var frm = document.forms.resetform;
+ − 891
if(testpassed)
+ − 892
{
+ − 893
frm.use_crypt.value = 'yes';
+ − 894
var cryptkey = frm.crypt_key.value;
+ − 895
frm.crypt_key.value = hex_md5(cryptkey);
+ − 896
cryptkey = hexToByteArray(cryptkey);
+ − 897
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 898
{
+ − 899
frm._login.disabled = true;
+ − 900
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 901
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 902
}
+ − 903
}
+ − 904
function runEncryption()
+ − 905
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 906
var frm = document.forms.resetform;
0
+ − 907
pass1 = frm.pass.value;
+ − 908
pass2 = frm.pass_confirm.value;
+ − 909
if ( pass1 != pass2 )
+ − 910
{
+ − 911
alert('The passwords you entered do not match.');
+ − 912
return false;
+ − 913
}
+ − 914
if ( pass1.length < 6 )
+ − 915
{
+ − 916
alert('The new password must be 6 characters or greater in length.');
+ − 917
return false;
+ − 918
}
+ − 919
if(testpassed)
+ − 920
{
+ − 921
pass = frm.pass.value;
+ − 922
pass = stringToByteArray(pass);
+ − 923
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 924
if(!cryptstring)
+ − 925
{
+ − 926
return false;
+ − 927
}
+ − 928
cryptstring = byteArrayToHex(cryptstring);
+ − 929
frm.crypt_data.value = cryptstring;
+ − 930
frm.pass.value = "";
+ − 931
frm.pass_confirm.value = "";
+ − 932
}
+ − 933
return true;
+ − 934
}
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 935
}
0
+ − 936
</script>
+ − 937
<?php
+ − 938
$template->footer();
+ − 939
return true;
+ − 940
}
+ − 941
if(isset($_POST['do_reset']))
+ − 942
{
+ − 943
if($session->mail_password_reset($_POST['username']))
+ − 944
{
+ − 945
echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
+ − 946
}
+ − 947
else
+ − 948
{
+ − 949
echo '<p>Error occured, your new password was not sent.</p>';
+ − 950
}
+ − 951
$template->footer();
+ − 952
return true;
+ − 953
}
+ − 954
echo '<p>Don\'t worry, it happens to the best of us.</p>
+ − 955
<p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
+ − 956
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 957
<p>Username: '.$template->username_field('username').'</p>
+ − 958
<p><input type="submit" name="do_reset" value="Mail new password" /></p>
+ − 959
</form>';
+ − 960
$template->footer();
+ − 961
}
+ − 962
+ − 963
?>