plugins/SpecialUserFuncs.php
author Dan Fuhry <dan@enanocms.org>
Tue, 12 Jul 2011 22:13:37 -0400
changeset 343 7e6537fd4730
parent 336 4fb4b6647e96
permissions -rw-r--r--
SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     2
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
Plugin Name: Special user/login-related pages
23
320acf077276 At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents: 0
diff changeset
     4
Plugin URI: http://enanocms.org/
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     5
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
Author: Dan Fuhry
318
eec2dfd2f0a3 Rebrand as v1.0.6 (Roane)
Dan
parents: 285
diff changeset
     7
Version: 1.0.6
23
320acf077276 At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents: 0
diff changeset
     8
Author URI: http://enanocms.org/
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
*/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
285
e72bf2c24875 Rebrand as 1.0.4 (Ellyyllon)
Dan
parents: 283
diff changeset
    13
 * Version 1.0.4
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 * Copyright (C) 2006-2007 Dan Fuhry
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    18
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
 */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
$plugins->attachHook('base_classes_initted', '
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
  global $paths;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    27
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    28
      \'name\'=>\'Log in\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    29
      \'urlname\'=>\'Login\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    30
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    31
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    32
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    33
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    34
      \'name\'=>\'Log out\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    35
      \'urlname\'=>\'Logout\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    36
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    37
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    38
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    39
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    40
      \'name\'=>\'Register\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
      \'urlname\'=>\'Register\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
      \'name\'=>\'Edit Profile\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
      \'urlname\'=>\'Preferences\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    49
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    52
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
      \'name\'=>\'Contributions\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
      \'urlname\'=>\'Contributions\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    56
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    57
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    58
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    59
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    60
      \'name\'=>\'Change style\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    61
      \'urlname\'=>\'ChangeStyle\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    63
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    67
      \'name\'=>\'Activate user account\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
      \'urlname\'=>\'ActivateAccount\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
      \'namespace\'=>\'Special\',
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
    70
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    71
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    73
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    74
      \'name\'=>\'Captcha\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    75
      \'urlname\'=>\'Captcha\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    76
      \'namespace\'=>\'Special\',
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
    77
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    78
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    79
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    80
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    81
      \'name\'=>\'Forgot password\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    82
      \'urlname\'=>\'PasswordReset\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    83
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    84
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    85
      ));
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    86
    
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    87
    $paths->add_page(Array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    88
      \'name\'=>\'Member list\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    89
      \'urlname\'=>\'Memberlist\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    90
      \'namespace\'=>\'Special\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    91
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
    92
      ));
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    93
    ');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    94
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    95
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    96
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    97
$__login_status = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    99
function page_Special_Login()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   100
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   101
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
  global $__login_status;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
  $pubkey = $session->rijndael_genkey();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
  $challenge = $session->dss_rand();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
  if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
  {
260
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 256
diff changeset
   109
    header('Content-type: application/json');
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   110
    $username = ( $session->user_logged_in ) ? $session->username : false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   111
    $response = Array(
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   112
      'username' => $username,
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
      'key' => $pubkey,
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   114
      'challenge' => $challenge
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
      );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   117
    $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   118
    echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   119
    return null;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   120
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   122
  $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   124
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   125
    if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   126
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   127
      $level = intval($_POST['auth_level']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   128
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   129
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   130
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   131
  if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   132
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   133
    $level = USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   134
  }
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   135
  if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   136
    $paths->main_page();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   137
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   138
  echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   139
  $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   140
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   141
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   142
    echo '<p>'.$__login_status.'</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   143
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   144
  if ( $p = $paths->getAllParams() )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   145
  {
343
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   146
    echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($p).'" />';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   147
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   148
  else if ( isset($_POST['login']) && isset($_POST['return_to']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   149
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   150
    echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   151
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   152
  ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   153
    <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   154
      <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   155
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   156
          <th colspan="3"><?php echo $header; ?></th>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   157
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   158
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   159
          <td colspan="3" class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
            <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   161
            if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   162
            {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   163
              echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   164
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   165
            else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   166
            {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   167
              echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   168
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   169
            ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   170
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   171
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   173
          <td class="row2">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
            Username:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   176
          <td class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
            <input name="username" size="25" type="text" <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   178
              if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   179
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   180
                echo 'tabindex="1" ';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   181
              }
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   182
              else
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   183
              {
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   184
                echo 'tabindex="3" ';
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   185
              }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   186
              if ( $session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
                echo 'value="' . $session->username . '"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   189
              }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   190
              ?> />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   191
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   192
          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   193
          <td rowspan="2" class="row3">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   194
            <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
            Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   198
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   199
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   200
          <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   201
         </tr>
235
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   202
         <?php if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt'] != '0' ) ) ) { ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   203
         <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   204
           <td class="row3" colspan="3">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   205
             <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   206
             <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   207
           </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   208
         </tr>
235
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   209
         <?php } else if ( isset($_GET['use_crypt']) && $_GET['use_crypt'] == '0' && $level <= USER_LEVEL_MEMBER ) { ?>
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   210
         <tr>
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   211
           <td class="row3" colspan="3">
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   212
             <p><b>Encrypted logon has been disabled.</b> Unless you live in a country where encryption technology is illegal, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=1', true); ?>">use encryption when you log on</a> to help protect against password sniffing.</p>
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   213
           </td>
b3cfaf0a505c Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents: 229
diff changeset
   214
         </tr>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   215
         <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   216
         <tr>
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   217
           <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
         </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   219
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   220
    </div>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   221
      <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   222
      <input type="hidden" name="use_crypt" value="no" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   223
      <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   224
      <input type="hidden" name="crypt_data" value="" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   225
      <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   226
      <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   227
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   228
        document.forms.loginform.username.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   229
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   230
      <?php else: ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   231
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   232
        document.forms.loginform.pass.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   233
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   234
      <?php endif; ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   235
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   236
    <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   237
      echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   238
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   239
  <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   240
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   241
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   244
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
  global $__login_status;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
  if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
    $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   251
    $data = $json->decode($_POST['params']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   252
    $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   253
    $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   254
    $session->start();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   255
    //echo "$result\n$session->sid_super";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   256
    //exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   257
    if ( $result == 'success' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   258
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   259
      $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   260
          'result' => 'success',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   261
          'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   262
        );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   263
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   264
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   265
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   266
      $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   267
          'result' => 'error',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   268
          'error' => $result
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   269
        );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   270
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
    $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   272
    echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   273
    $db->close();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
    exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
  if(isset($_POST['login'])) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   277
    if($_POST['use_crypt'] == 'yes')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
      $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   280
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   281
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   283
      $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   284
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   285
    $session->start();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   286
    $paths->init();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
    if($result == 'success')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   288
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   289
      $template->load_theme($session->theme, $session->style);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   290
      if(isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   291
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   292
        $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
343
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   293
        redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . htmlspecialchars($name) . '...' );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   294
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   295
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   296
      {
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   297
        redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   298
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   299
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   300
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   301
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   302
      $GLOBALS['__login_status'] = $result;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   303
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   304
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   305
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   306
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   307
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   308
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   309
  $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   310
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   311
  $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   312
      'result' => 'success_reset',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   313
      'user_id' => $user_id,
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   314
      'temppass' => $passkey
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   315
    );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   316
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   317
  $response = $json->encode($response);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   318
  echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   319
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   320
  $db->close();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   321
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   322
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   323
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   324
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   325
function page_Special_Logout() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   326
  global $db, $session, $paths, $template, $plugins; // Common objects
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   327
  if ( !$session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   328
    $paths->main_page();
343
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   329
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   330
  $token = $paths->getParam(0);
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   331
  if ( $token !== $session->csrf_token )
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   332
  	  csrf_request_confirm();
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   333
  
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   334
  $target_page = ($p = $paths->getParam(1)) ? $p : getConfig('main_page');
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   335
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   336
  $l = $session->logout();
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   337
  if ( $l == 'success' )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   338
  {
343
7e6537fd4730 SECURITY: Fixed several XSS vulns reported by Secunia, mostly in Private Messaging. Also backported CSRF protection API from 1.1.x, and protected Private Messaging and logout functions.
Dan Fuhry <dan@enanocms.org>
parents: 336
diff changeset
   339
    redirect(makeUrl($target_page, false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   340
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   341
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   342
  echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   343
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   344
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   345
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   346
function page_Special_Register()
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   347
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   348
  global $db, $session, $paths, $template, $plugins; // Common objects
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   349
  
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   350
  // form field trackers
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   351
  $username = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   352
  $email = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   353
  $realname = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   354
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   355
  if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   356
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   357
    $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   358
    die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   359
  }
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   360
  if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   361
  {
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   362
    $paths->main_page();
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   363
  }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   364
  if(isset($_POST['submit'])) 
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   365
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   366
    $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   367
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   368
    $captcharesult = $session->get_captcha($_POST['captchahash']);
212
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
   369
    $session->kill_captcha();
283
e133d321fce4 Made all captcha fields case-insensitive (thanks pkeating)
Dan
parents: 274
diff changeset
   370
    if(strtolower($captcharesult) != strtolower($_POST['captchacode']))
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   371
    {
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   372
      $s = 'The confirmation code you entered was incorrect.';
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   373
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   374
    else
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   375
    {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   376
      if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   377
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   378
        $s = 'Invalid COPPA input';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   379
      }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   380
      else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   381
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   382
        $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   383
        $s = false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   384
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   385
        // decrypt password
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   386
        // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   387
        // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   388
        // forgot his password, that's his problem.
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   389
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   390
        if ( $_POST['use_crypt'] == 'yes' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   391
        {
229
b2f985e4cef3 Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents: 217
diff changeset
   392
          $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   393
          $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   394
          if ( !$crypt_key )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   395
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   396
            $s = 'Couldn\'t look up public encryption key';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   397
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   398
          else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   399
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   400
            $data = $_POST['crypt_data'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   401
            $bin_key = hexdecode($crypt_key);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   402
            //die("Decrypting with params: key $crypt_key, data $data");
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   403
            $password = $aes->decrypt($data, $bin_key, ENC_HEX);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   404
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   405
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   406
        else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   407
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   408
          $password = $_POST['password'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   409
        }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   410
        
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   411
        // CAPTCHA code was correct, create the account
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   412
        // ... and check for errors returned from the crypto API
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   413
        if ( !$s )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   414
          $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa);
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   415
      }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   416
    }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   417
    if($s == 'success' && !$coppa)
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   418
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   419
      switch(getConfig('account_activation'))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   420
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   421
        case "none":
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   422
        default:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   423
          $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   424
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   425
        case "user":
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   426
          $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   427
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   428
        case "admin":
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   429
          $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   430
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   431
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   432
      die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   433
    }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   434
    else if ( $s == 'success' && $coppa )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   435
    {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   436
      $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   437
      die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   438
    }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   439
    $username = htmlspecialchars($_POST['username']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   440
    $email    = htmlspecialchars($_POST['email']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   441
    $realname = htmlspecialchars($_POST['real_name']);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   442
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   443
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   444
  echo 'A user account enables you to have greater control over your browsing experience.';
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   445
  
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   446
  if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   447
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   448
    $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   449
    $session->kill_captcha();
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   450
    $captchacode = $session->make_captcha();
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   451
    
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   452
    $pubkey = $session->rijndael_genkey();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   453
    $challenge = $session->dss_rand();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   454
    
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   455
    ?>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   456
      <h3>Create a user account</h3>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   457
      <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="runEncryption();">
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   458
        <div class="tblholder">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   459
          <table border="0" width="100%" cellspacing="1" cellpadding="4">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   460
            <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   461
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   462
            <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   463
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   464
            <!-- FIELD: Username -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   465
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   466
              <td class="row1" style="width: 50%;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   467
                Preferred username:
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   468
                <span id="e_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   469
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   470
              <td class="row1" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   471
                <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   472
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   473
              <td class="row1" style="max-width: 24px;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   474
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   475
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   476
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   477
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   478
            <!-- FIELD: Password -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   479
            <tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   480
              <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   481
                Password:
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   482
                <span id="e_password"></span>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   483
                <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   484
                <small>It needs to score at least <b><?php echo getConfig('pw_strength_minimum'); ?></b> for your registration to be accepted.</small>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   485
                <?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   486
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   487
              <td class="row3" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   488
                <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm();" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   489
              </td>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   490
              <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   491
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   492
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   493
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   494
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   495
            <!-- FIELD: Password confirmation -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   496
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   497
              <td class="row3" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   498
                <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   499
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   500
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   501
            
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   502
            <!-- FIELD: Password strength meter -->
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   503
            
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   504
            <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   505
            <tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   506
              <td class="row3" style="width: 50%;">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   507
                <div id="pwmeter"></div>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   508
              </td>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   509
            </tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   510
            <?php endif; ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   511
            
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   512
            <!-- FIELD: E-mail address -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   513
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   514
              <td class="row1" style="width: 50%;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   515
                <?php
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   516
                  if ( $coppa ) echo 'Your parent or guardian\'s e'; 
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   517
                  else echo 'E';
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   518
                ?>-mail address:
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   519
                <?php
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   520
                  if ( ( $x = getConfig('account_activation') ) == 'user' )
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   521
                  {
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   522
                    echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small>';
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   523
                  }
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   524
                ?>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   525
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   526
              <td class="row1" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   527
                <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm();" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   528
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   529
              <td class="row1" style="max-width: 24px;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   530
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   531
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   532
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   533
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   534
            <!-- FIELD: Real name -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   535
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   536
              <td class="row3" style="width: 50%;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   537
                Real name:<br />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   538
                <small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   539
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   540
              <td class="row3" style="width: 50%;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   541
                <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   542
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   543
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   544
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   545
            <!-- FIELD: CAPTCHA image -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   546
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   547
              <td class="row1" style="width: 50%;" rowspan="2">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   548
                Visual confirmation<br />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   549
                <small>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   550
                  Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   551
                  <br />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   552
                  If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   553
                </small>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   554
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   555
              <td colspan="2" class="row1">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   556
                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   557
                <span id="b_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   558
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   559
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   560
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   561
            <!-- FIELD: CAPTCHA input field -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   562
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   563
              <td class="row1" colspan="2">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   564
                Code:
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   565
                <input tabindex="6" name="captchacode" type="text" size="10" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   566
                <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   567
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   568
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   569
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   570
            <!-- FIELD: submit button -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   571
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   572
              <th class="subhead" colspan="3" style="text-align: center;">
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   573
                <input tabindex="7" type="submit" name="submit" value="Create my account" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   574
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   575
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   576
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   577
          </table>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   578
        </div>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   579
        <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   580
          $val = ( $coppa ) ? 'yes' : 'no';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   581
          echo '<input type="hidden" name="coppa" value="' . $val . '" />';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   582
        ?>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   583
        <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   584
        <input type="hidden" name="use_crypt" value="no" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   585
        <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   586
        <input type="hidden" name="crypt_data" value="" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   587
      <script type="text/javascript">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   588
        // ENCRYPTION CODE
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   589
        disableJSONExts();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   590
        str = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   591
        for(i=0;i<keySizeInBits/4;i++) str+='0';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   592
        var key = hexToByteArray(str);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   593
        var pt = hexToByteArray(str);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   594
        var ct = rijndaelEncrypt(pt, key, "ECB");
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   595
        var ct = byteArrayToHex(ct);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   596
        switch(keySizeInBits)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   597
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   598
          case 128:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   599
            v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   600
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   601
          case 192:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   602
            v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   603
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   604
          case 256:
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   605
            v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   606
            break;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   607
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   608
        var aes_testpassed = ( ct == v && md5_vm_test() );
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   609
        function runEncryption()
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   610
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   611
          var frm = document.forms.regform;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   612
          if ( frm.password.value.length < 1 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   613
            return true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   614
          if(aes_testpassed)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   615
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   616
            frm.use_crypt.value = 'yes';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   617
            var cryptkey = frm.crypt_key.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   618
            frm.crypt_key.value = hex_md5(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   619
            cryptkey = hexToByteArray(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   620
            if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   621
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   622
              frm.submit.disabled = true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   623
              len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   624
              alert('The key is messed up\nType: '+typeof(cryptkey)+len);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   625
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   626
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   627
          pass1 = frm.password.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   628
          pass2 = frm.password_confirm.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   629
          if ( pass1 != pass2 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   630
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   631
            alert('The passwords you entered do not match.');
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   632
            return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   633
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   634
          if ( pass1.length < 6 && pass1.length > 0 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   635
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   636
            alert('The new password must be 6 characters or greater in length.');
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   637
            return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   638
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   639
          if(aes_testpassed)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   640
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   641
            pass = frm.password.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   642
            pass = stringToByteArray(pass);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   643
            cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   644
            if(!cryptstring)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   645
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   646
              return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   647
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   648
            cryptstring = byteArrayToHex(cryptstring);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   649
            frm.crypt_data.value = cryptstring;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   650
            frm.password.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   651
            frm.password_confirm.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   652
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   653
          return true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   654
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   655
        </script>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   656
      </form>
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   657
      <!-- Don't optimize this script, it fails when compressed -->
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   658
      <enano:no-opt>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   659
        <script type="text/javascript">
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   660
          // <![CDATA[
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   661
          var namegood = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   662
          function validateForm()
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   663
          {
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   664
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   665
            failed = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   666
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   667
            // Username
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   668
            if(!namegood)
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   669
            {
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   670
              //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
217
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 212
diff changeset
   671
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   672
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   673
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   674
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   675
                document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   676
              } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   677
                failed = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   678
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   679
                document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   680
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   681
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   682
            document.getElementById('b_username').innerHTML = '';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   683
            if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   684
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   685
              document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   686
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   687
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   688
            // Password
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   689
            if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   690
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   691
              document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   692
              document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   693
            } else {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   694
              failed = true;
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   695
              if(frm.password.value.length < 6)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   696
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   697
                document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   698
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   699
              else if(frm.password.value != frm.password_confirm.value)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   700
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   701
                document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   702
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   703
              else
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   704
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   705
                document.getElementById('e_password').innerHTML = '';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   706
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   707
              document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   708
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   709
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   710
            // E-mail address
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   711
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   712
            // workaround for idiot jEdit bug
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   713
            if ( validateEmail(frm.email.value) )
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   714
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   715
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   716
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   717
              failed = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   718
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   719
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   720
            if(failed)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   721
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   722
              frm.submit.disabled = 'disabled';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   723
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   724
              frm.submit.disabled = false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   725
            }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   726
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   727
          function checkUsername()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   728
          {
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   729
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   730
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   731
            if(!namegood)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   732
            {
217
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 212
diff changeset
   733
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 212
diff changeset
   734
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   735
              {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   736
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   737
                document.getElementById('e_username').innerHTML = '';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   738
              } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   739
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   740
                document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   741
                return false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   742
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   743
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   744
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   745
            document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   746
            ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   747
              if(ajax.readyState == 4)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   748
                if(ajax.responseText == 'good')
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   749
                {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   750
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   751
                  document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   752
                  namegood = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   753
                } else if(ajax.responseText == 'bad') {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   754
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   755
                  document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   756
                  namegood = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   757
                } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   758
                  document.getElementById('e_username').innerHTML = ajax.responseText;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   759
                }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   760
            });
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   761
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   762
          function regenCaptcha()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   763
          {
274
f725a16e4a20 Fixed broken regenCaptcha() in Special:Register
Dan
parents: 263
diff changeset
   764
            var frm = document.forms.regform;
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   765
            document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   766
            return false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   767
          }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   768
          <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   769
          var frm = document.forms.regform;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   770
          password_score_field(frm.password);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   771
          <?php endif; ?>
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   772
          validateForm();
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   773
          setTimeout('checkUsername();', 1000);
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   774
          // ]]>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   775
        </script>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   776
      </enano:no-opt>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   777
    <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   778
  }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   779
  else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   780
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   781
    $year = intval( date('Y') );
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   782
    $year = $year - 13;
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   783
    $month = date('F');
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   784
    $day = date('d');
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   785
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   786
    $yo13_date = "$month $day, $year";
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   787
    $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   788
    $link_coppa_no  = makeUrlNS('Special', 'Register', 'coppa=no',  true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   789
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   790
    // COPPA enabled, ask age
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   791
    echo '<div class="tblholder">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   792
    echo '<table border="0" cellspacing="1" cellpadding="4">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   793
    echo '<tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   794
            <td class="row1">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   795
              Before you can register, please tell us your age.
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   796
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   797
          </tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   798
          <tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   799
            <td class="row3">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   800
              <a href="' . $link_coppa_no  . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   801
              <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   802
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   803
          </tr>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   804
    echo '</table>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   805
    echo '</div>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   806
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   807
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   808
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   809
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   810
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   811
If you want the old preferences page back, be my guest.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   812
function page_Special_Preferences() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   813
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   814
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   815
  if(isset($_POST['submit'])) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   816
    $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   817
    if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   818
    else echo $data;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   819
  } else {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   820
    echo '
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   821
    <h3>Edit your profile</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   822
    <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   823
      <table border="0" style="margin-left: 0.2in;">   
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   824
        <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   825
        <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   826
        <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   827
        <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   828
        <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   829
        <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   830
        <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   831
        <tr><td colspan="2">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   832
        <input type="submit" name="submit" value="Save Changes" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   833
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   834
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   835
    ';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   836
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   837
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   838
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   839
*/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   840
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   841
function page_Special_Contributions() {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   842
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   843
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   844
  $user = $paths->getParam();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   845
  if(!$user && isset($_GET['user']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   846
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   847
    $user = $_GET['user'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   848
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   849
  elseif(!$user && !isset($_GET['user']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   850
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   851
    echo 'No user selected!';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   852
    $template->footer();
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   853
    return;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   854
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   855
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   856
  $user = $db->escape($user);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   857
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   858
  $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   859
  if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   860
  echo 'History of edits and actions<h3>Edits:</h3>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   861
  if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   862
  while($r = $db->fetchrow())
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   863
  {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   864
    $title = get_page_title($r['page_id'], $r['namespace']);    
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   865
    echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary'];
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   866
    if($r['minor_edit']) echo '<b> - minor edit</b>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   867
    echo '<br />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   868
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   869
  $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   870
  echo '<h3>Other changes:</h3>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   871
  $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   872
  if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   873
  if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   874
  while($r = $db->fetchrow()) 
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   875
  {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   876
    if ( $r['log_type'] == 'page' )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   877
    {
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   878
      $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   879
      echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: ';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   880
      if      ( $r['action'] == 'prot'   ) echo 'Protected page; reason: '.$r['edit_summary'];
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   881
      else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary'];
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   882
      else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']);
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   883
      else if ( $r['action'] == 'create' ) echo 'Created page';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   884
      else if ( $r['action'] == 'delete' ) echo 'Deleted page';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   885
      if ( $r['minor_edit'] ) echo '<b> - minor edit</b>';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   886
      echo '<br />';
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   887
    }
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   888
    else if($r['log_type']=='security') 
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   889
    {
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   890
      // Not implemented, and when it is, it won't be public
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   891
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   892
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   893
  $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   894
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   895
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   896
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   897
function page_Special_ChangeStyle()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   898
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   899
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   900
  if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   901
  if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   902
  {
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   903
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   904
      die('Hacking attempt');
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   905
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
   906
      die('Hacking attempt');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   907
    $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   908
    $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   909
    if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   910
    if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   911
    $d = $db->escape($_POST['theme']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   912
    $f = $db->escape($_POST['style']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   913
    $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   914
    if(!$db->sql_query($q))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   915
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   916
      $db->_die('Your theme/style preferences were not updated.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   917
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   918
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   919
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   920
      redirect(makeUrl($_POST['return_to']), '', '', 0);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   921
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   922
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   923
  else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   924
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   925
    $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   926
      $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   927
      if(!$ret) $ret = getConfig('main_page');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   928
      ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   929
        <form action="<?php echo makeUrl($paths->page); ?>" method="post">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   930
          <?php if(!isset($_POST['themeselected'])) { ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   931
            <h3>Please select a new theme:</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   932
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   933
              <select name="theme">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   934
               <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   935
                foreach($template->theme_list as $t) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   936
                  if($t['enabled'])
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   937
                  {
336
4fb4b6647e96 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents: 318
diff changeset
   938
                    echo '<option value="'.htmlspecialchars($t['theme_id']).'"';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   939
                    if($t['theme_id'] == $session->theme) echo ' selected="selected"';
336
4fb4b6647e96 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents: 318
diff changeset
   940
                    echo '>'.htmlspecialchars($t['theme_name']).'</option>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   941
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   942
                }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   943
               ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   944
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   945
            </p>
336
4fb4b6647e96 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents: 318
diff changeset
   946
            <p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   947
               <input type="submit" name="themeselected" value="Continue" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   948
          <?php } else { 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   949
            $theme = $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   950
            if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   951
              die('Hacking attempt');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   952
            ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   953
            <h3>Please select a stylesheet:</h3>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   954
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   955
              <select name="style">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   956
                <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   957
                  $dir = './themes/'.$theme.'/css/';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   958
                  $list = Array();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   959
                  // Open a known directory, and proceed to read its contents
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   960
                  if (is_dir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   961
                    if ($dh = opendir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   962
                      while (($file = readdir($dh)) !== false) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   963
                        if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   964
                          $list[] = substr($file, 0, strlen($file)-4);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   965
                        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   966
                      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   967
                      closedir($dh);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   968
                    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   969
                  } else die($dir.' is not a dir');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   970
                  foreach ( $list as $l )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   971
                  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   972
                    echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   973
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   974
                ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   975
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   976
            </p>
336
4fb4b6647e96 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents: 318
diff changeset
   977
            <p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
4fb4b6647e96 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents: 318
diff changeset
   978
               <input type="hidden" name="theme" value="<?php echo htmlspecialchars($theme); ?>" />
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   979
               <input type="submit" name="allclear" value="Change style" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   980
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   981
        </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   982
      <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   983
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   984
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   985
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   986
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   987
function page_Special_ActivateAccount()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   988
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   989
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   990
  $user = $paths->getParam(0);
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
   991
  if(!$user) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   992
  $key = $paths->getParam(1);
116
77c75179bb95 Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents: 115
diff changeset
   993
  if(!$key) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   994
  $s = $session->activate_account(str_replace('_', ' ', $user), $key);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   995
  if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   996
  else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   997
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   998
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   999
function page_Special_Captcha()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1000
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1001
  global $db, $session, $paths, $template, $plugins; // Common objects
212
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1002
  if ( $paths->getParam(0) == 'make' )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1003
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1004
    $session->kill_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1005
    echo $session->make_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1006
    return;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1007
  }
212
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1008
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1009
  $hash = $paths->getParam(0);
212
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1010
  if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1011
  {
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1012
    $paths->main_page();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1013
  }
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1014
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1015
  // Determine code length
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1016
  $ip = ip2hex($_SERVER['REMOTE_ADDR']);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1017
  if ( !$ip )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1018
    die('(very desperate) Hacking attempt');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1019
  $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1020
  if ( !$q )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1021
    $db->_die('SpecialUserFuncs selecting CAPTCHA code');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1022
  if ( $db->numrows() < 1 )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1023
    die('Invalid hash or hacking attempt by IP');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1024
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1025
  // Generate code
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1026
  $row = $db->fetchrow();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1027
  $db->free_result();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1028
  $len = intval($row['len']);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1029
  if ( $len < 4 )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1030
    $len = 7;
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1031
  $code = $session->generate_captcha_code($len);
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1032
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1033
  // Update database with new code
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1034
  $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1035
  if ( !$q )
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1036
    $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1037
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 181
diff changeset
  1038
  require ( ENANO_ROOT.'/includes/captcha.php' );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1039
  $captcha = new captcha($code);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1040
  $captcha->make_image();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1041
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1042
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1043
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1044
function page_Special_PasswordReset()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1045
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1046
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1047
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1048
  if($paths->getParam(0) == 'stage2')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1049
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1050
    $user_id = intval($paths->getParam(1));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1051
    $encpass = $paths->getParam(2);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1052
    if ( $user_id < 2 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1053
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1054
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1055
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1056
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1057
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1058
    if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1059
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1060
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1061
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1062
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1063
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1064
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1065
    $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1066
    if($db->numrows() < 1)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1067
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1068
      echo '<p>Invalid credentials</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1069
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1070
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1071
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1072
    $row = $db->fetchrow();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1073
    $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1074
    
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1075
    if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1076
    {
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1077
      echo '<p>Your temporary password has expired. Please <a href="' . makeUrlNS('Special', 'PasswordReset') . '">request another one</a>.</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1078
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1079
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1080
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1081
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1082
    if ( isset($_POST['do_stage2']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1083
    {
229
b2f985e4cef3 Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents: 217
diff changeset
  1084
      $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1085
      if($_POST['use_crypt'] == 'yes')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1086
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1087
        $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1088
        if(!$crypt_key)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1089
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1090
          echo 'ERROR: Couldn\'t look up public key for decryption.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1091
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1092
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1093
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1094
        $crypt_key = hexdecode($crypt_key);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1095
        $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1096
        if(strlen($data) < 6)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1097
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1098
          echo 'ERROR: Your password must be six characters or greater in length.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1099
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1100
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1101
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1102
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1103
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1104
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1105
        $data = $_POST['pass'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1106
        $conf = $_POST['pass_confirm'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1107
        if($data != $conf)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1108
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1109
          echo 'ERROR: The passwords you entered do not match.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1110
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1111
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1112
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1113
        if(strlen($data) < 6)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1114
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1115
          echo 'ERROR: Your password must be six characters or greater in length.';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1116
          $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1117
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1118
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1119
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1120
      if(empty($data))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1121
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1122
        echo 'ERROR: Sanity check failed!';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1123
        $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1124
        return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1125
      }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1126
      if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1127
      {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1128
        $min_score = intval(getConfig('pw_strength_minimum'));
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1129
        $inp_score = password_score($data);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1130
        if ( $inp_score < $min_score )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1131
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1132
          $url = makeUrl($paths->fullpage);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1133
          echo "<p>ERROR: Your password did not pass the complexity score requirement. You need $min_score points to pass; your password received a score of $inp_score. <a href=\"$url\">Go back</a></p>";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1134
          $template->footer();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1135
          return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1136
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1137
      }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1138
      $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1139
      $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1140
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1141
      if($q)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1142
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1143
        $session->login_without_crypto($row['username'], $data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1144
        echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1145
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1146
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1147
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1148
        echo $db->get_error();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1149
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1150
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1151
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1152
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1153
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1154
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1155
    // Password reset form
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1156
    $pubkey = $session->rijndael_genkey();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1157
    
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1158
    $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1159
    $pw_meter =      ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">Password strength rating:</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1160
    $pw_blurb =      ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>Your password needs to have a score of at least <b>'.getConfig('pw_strength_minimum').'</b>.</small>' : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1161
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1162
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1163
    <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1164
      <br />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1165
      <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1166
        <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1167
          <tr><th colspan="2">Reset password</th></tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1168
          <tr><td class="row1">Password:<?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1169
          <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1170
          <?php echo $pw_meter; ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1171
          <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1172
            <td colspan="2" class="row1" style="text-align: center;">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1173
              <input type="hidden" name="use_crypt" value="no" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1174
              <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1175
              <input type="hidden" name="crypt_data" value="" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1176
              <input type="submit" name="do_stage2" value="Reset password" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1177
            </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1178
          </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1179
        </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1180
      </div>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1181
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1182
    <script type="text/javascript">
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1183
    if ( !KILL_SWITCH )
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1184
    {
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1185
      disableJSONExts();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1186
      str = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1187
      for(i=0;i<keySizeInBits/4;i++) str+='0';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1188
      var key = hexToByteArray(str);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1189
      var pt = hexToByteArray(str);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1190
      var ct = rijndaelEncrypt(pt, key, "ECB");
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1191
      var ct = byteArrayToHex(ct);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1192
      switch(keySizeInBits)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1193
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1194
        case 128:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1195
          v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1196
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1197
        case 192:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1198
          v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1199
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1200
        case 256:
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1201
          v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1202
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1203
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1204
      var testpassed = ( ct == v && md5_vm_test() );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1205
      var frm = document.forms.resetform;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1206
      if(testpassed)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1207
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1208
        frm.use_crypt.value = 'yes';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1209
        var cryptkey = frm.crypt_key.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1210
        frm.crypt_key.value = hex_md5(cryptkey);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1211
        cryptkey = hexToByteArray(cryptkey);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1212
        if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1213
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1214
          frm._login.disabled = true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1215
          len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1216
          alert('The key is messed up\nType: '+typeof(cryptkey)+len);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1217
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1218
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1219
      function runEncryption()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1220
      {
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1221
        var frm = document.forms.resetform;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1222
        pass1 = frm.pass.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1223
        pass2 = frm.pass_confirm.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1224
        if ( pass1 != pass2 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1225
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1226
          alert('The passwords you entered do not match.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1227
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1228
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1229
        if ( pass1.length < 6 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1230
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1231
          alert('The new password must be 6 characters or greater in length.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1232
          return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1233
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1234
        if(testpassed)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1235
        {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1236
          pass = frm.pass.value;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1237
          pass = stringToByteArray(pass);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1238
          cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1239
          if(!cryptstring)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1240
          {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1241
            return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1242
          }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1243
          cryptstring = byteArrayToHex(cryptstring);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1244
          frm.crypt_data.value = cryptstring;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1245
          frm.pass.value = "";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1246
          frm.pass_confirm.value = "";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1247
        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1248
        return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1249
      }
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 32
diff changeset
  1250
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1251
    </script>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1252
    <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1253
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1254
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1255
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1256
  if(isset($_POST['do_reset']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1257
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1258
    if($session->mail_password_reset($_POST['username']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1259
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1260
      echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1261
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1262
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1263
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1264
      echo '<p>Error occured, your new password was not sent.</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1265
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1266
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1267
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1268
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1269
  echo '<p>Don\'t worry, it happens to the best of us.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1270
        <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1271
        <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1272
          <p>Username:  '.$template->username_field('username').'</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1273
          <p><input type="submit" name="do_reset" value="Mail new password" /></p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1274
        </form>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1275
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1276
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1277
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1278
function page_Special_Memberlist()
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1279
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1280
  global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1281
  $template->header();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1282
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1283
  $startletters = 'abcdefghijklmnopqrstuvwxyz';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1284
  $startletters = enano_str_split($startletters);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1285
  $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1286
  if ( !in_array($startletter, $startletters) && $startletter != 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1287
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1288
    $startletter = '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1289
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1290
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1291
  $startletter_sql = $startletter;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1292
  if ( $startletter == 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1293
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1294
    $startletter_sql = '([^a-z])';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1295
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1296
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1297
  // offset
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1298
  $offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1299
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1300
  // sort order
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1301
  $sortkeys = array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1302
      'uid' => 'u.user_id',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1303
      'username' => 'u.username',
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1304
      'email' => 'u.email',
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1305
      'regist' => 'u.reg_time'
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1306
    );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1307
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1308
  $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1309
  $sort_sqllet = $sortkeys[$sortby];
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1310
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1311
  $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1312
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1313
  $sortorders = array();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1314
  foreach ( $sortkeys as $k => $_unused )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1315
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1316
    $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1317
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1318
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1319
  // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1320
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1321
  echo '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1322
          <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1323
            <tr>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1324
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1325
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1326
  foreach ( $startletters as $letter )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1327
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1328
    echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1329
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1330
  echo '    </tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1331
          </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1332
        </div>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1333
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1334
  // formatter parameters
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1335
  $formatter = new MemberlistFormatter();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1336
  $formatters = array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1337
    'username' => array($formatter, 'username'),
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1338
    'user_level' => array($formatter, 'user_level'),
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1339
    'email' => array($formatter, 'email'),
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1340
    'reg_time' => array($formatter, 'reg_time')
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1341
    );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1342
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1343
  // User search             
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1344
  if ( isset($_GET['finduser']) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1345
  {
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1346
    $finduser = str_replace(array(  '%',   '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1347
                            array('\\%', '\\_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1348
                            $_GET['finduser']);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1349
    $finduser = str_replace(array('*', '?'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1350
                            array('%', '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1351
                            $finduser);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1352
    $finduser = $db->escape($finduser);
261
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1353
    $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1354
    $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1355
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1356
  else
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1357
  {
261
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1358
    if ( ENANO_DBLAYER == 'MYSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1359
      $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1360
    else if ( ENANO_DBLAYER == 'PGSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1361
      $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1362
    $finduser_url = '';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1363
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1364
  
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1365
  // Column markers
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1366
  $headings = '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1367
                 <th style="max-width: 50px;">
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1368
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1369
                 </th>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1370
                 <th>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1371
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">Username</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1372
                 </th>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1373
                 <th>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1374
                   Title
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1375
                 </th>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1376
                 <th>
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1377
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">E-mail</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1378
                 </th>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1379
                 <th>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1380
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">Registered</a>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1381
                 </th>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1382
               </tr>';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1383
               
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1384
  // determine number of rows
261
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1385
  $q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1386
  if ( !$q )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1387
    $db->_die();
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1388
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1389
  $num_rows = $db->numrows();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1390
  $db->free_result();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1391
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1392
  if ( !empty($finduser_url) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1393
  {
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1394
    $s = ( $num_rows == 1 ) ? '' : 'es';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1395
    echo "<h3 style='float: left;'>Search returned $num_rows match$s</h3>";
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1396
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1397
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1398
  // main selector
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1399
  $q = $db->sql_unbuffered_query('SELECT u.user_id, u.username, u.reg_time, u.email, u.user_level, u.reg_time, x.email_public FROM '.table_prefix.'users AS u
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1400
                                    LEFT JOIN '.table_prefix.'users_extra AS x
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1401
                                      ON ( u.user_id = x.user_id )
261
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1402
                                    WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1403
                                    ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';');
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1404
  if ( !$q )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1405
    $db->_die();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1406
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1407
  $html = paginate(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1408
            $q,                                                                                                       // MySQL result resource
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1409
            '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1410
               <td class="{_css_class}">{user_id}</td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1411
               <td class="{_css_class}" style="text-align: left;">{username}</td>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1412
               <td class="{_css_class}">{user_level}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1413
               <td class="{_css_class}">{email}</small></td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1414
               <td class="{_css_class}">{reg_time}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1415
             </tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1416
             ',                                                                                                       // TPL code for rows
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1417
             $num_rows,                                                                                               // Number of results
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1418
             makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1419
             $offset,                                                                                                 // Start at this number
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1420
             25,                                                                                                      // Results per page
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1421
             $formatters,                                                                                             // Formatting hooks
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1422
             '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1423
                <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1424
                  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1425
                 ',                                                                                                   // Header (printed before rows)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1426
             '  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1427
                 </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1428
              </div>
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1429
              ' .
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1430
              '<div style="float: left;">
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1431
                <form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
261
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 256
diff changeset
  1432
               . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
115
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 111
diff changeset
  1433
               . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '')
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1434
               . '<p>Find a member: ' . $template->username_field('finduser') . ' <input type="submit" value="Go" /><br /><small>You may use the following wildcards: * to match multiple characters, ? to match a single character.</small></p>'
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1435
               . '</form>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1436
               </div>'                                                                                                // Footer (printed after rows)
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1437
          );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1438
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1439
  if ( $num_rows < 1 )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1440
  {
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1441
    echo ( isset($_GET['finduser']) ) ? '<p>Sorry - no users that matched your query could be found. Please try some different search terms.</p>' : '<p>Sorry - no users with usernames that start with that letter could be found.</p>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1442
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1443
  else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1444
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1445
    echo $html;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1446
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1447
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1448
  $template->footer();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1449
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1450
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1451
/**
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1452
 * Class for formatting results for the memberlist.
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1453
 * @access private
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1454
 */
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1455
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1456
class MemberlistFormatter
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1457
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1458
  function username($username, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1459
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1460
    global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1461
    $userpage = $paths->nslist['User'] . sanitize_page_id($username);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1462
    $class = ( isPage($userpage) ) ? ' title="Click to view this user\'s userpage"' : ' class="wikilink-nonexistent" title="This user hasn\'t created a userpage yet, but you can still view profile details by clicking this link."';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1463
    $anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . '>' . htmlspecialchars($username) . '</a>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1464
    if ( $session->user_level >= USER_LEVEL_ADMIN )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1465
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1466
      $anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1467
                               onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">Administer user</a></small>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1468
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1469
    return $anchor;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1470
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1471
  function user_level($level, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1472
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1473
    global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1474
    switch ( $level )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1475
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1476
      case USER_LEVEL_GUEST:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1477
        $s_level = 'Guest'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1478
      case USER_LEVEL_MEMBER:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1479
      case USER_LEVEL_CHPREF:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1480
        $s_level = 'Member'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1481
      case USER_LEVEL_MOD:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1482
        $s_level = 'Moderator'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1483
      case USER_LEVEL_ADMIN:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1484
        $s_level = 'Site administrator'; break;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1485
      default:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1486
        $s_level = 'Unknown (level ' . $level . ')';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1487
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1488
    return $s_level;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1489
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1490
  function email($addy, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1491
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1492
    if ( $row['email_public'] == '1' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1493
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1494
      global $email;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1495
      $addy = $email->encryptEmail($addy);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1496
      return $addy;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1497
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1498
    else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1499
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1500
      return '<small>&lt;Non-public&gt;</small>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1501
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1502
  }
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1503
  /**
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1504
   * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1505
   * @param int UNIX timestamp
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1506
   * @return string
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1507
   */
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1508
  
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1509
  function format_date($time)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1510
  {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1511
    // Our formattting string to pass to date()
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1512
    // This should not include minute/second info, only today's date in whatever format suits your fancy
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1513
    $formatstring = 'F j, Y';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1514
    // Today's date
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1515
    $today = date($formatstring);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1516
    // Yesterday's date
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1517
    $yesterday = date($formatstring, (time() - (24*60*60)));
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1518
    // Date on the input
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1519
    $then = date($formatstring, $time);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1520
    // "X days ago" logic
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1521
    for ( $i = 2; $i <= 6; $i++ )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1522
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1523
      // hours_in_day * minutes_in_hour * seconds_in_minute * num_days
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1524
      $offset = 24 * 60 * 60 * $i;
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1525
      $days_ago = date($formatstring, (time() - $offset));
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1526
      // so does the input timestamp match the date from $i days ago?
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1527
      if ( $then == $days_ago )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1528
      {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1529
        // yes, return $i
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1530
        return "$i days ago";
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1531
      }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1532
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1533
    // either yesterday, today, or before 6 days ago
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1534
    switch($then)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1535
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1536
      case $today:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1537
        return 'Today';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1538
      case $yesterday:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1539
        return 'Yesterday';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1540
      default:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1541
        return $then;
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1542
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1543
    //     .--.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1544
    //    |o_o |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1545
    //    |!_/ |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1546
    //   //   \ \
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1547
    //  (|     | )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1548
    // /'\_   _/`\
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1549
    // \___)=(___/
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1550
    return 'Linux rocks!';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1551
  }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1552
  function reg_time($time, $row)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1553
  {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1554
    return $this->format_date($time);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1555
  }
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1556
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1557
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1558
?>