436
+ − 1 /*
+ − 2 * AJAX-based intelligent login interface
+ − 3 */
+ − 4
+ − 5 /*
+ − 6 * FRONTEND
+ − 7 */
+ − 8
+ − 9 /**
+ − 10 * Performs a logon as a regular member.
+ − 11 */
+ − 12
582
+ − 13 window.ajaxLogonToMember = function()
436
+ − 14 {
+ − 15 // IE <6 pseudo-compatibility
+ − 16 if ( KILL_SWITCH )
+ − 17 return true;
+ − 18 if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19 return true;
+ − 20 ajaxLoginInit(function(k)
+ − 21 {
+ − 22 window.location.reload();
+ − 23 }, USER_LEVEL_MEMBER);
+ − 24 }
+ − 25
+ − 26 /**
+ − 27 * Authenticates to the highest level the current user is allowed to go to.
+ − 28 */
+ − 29
582
+ − 30 window.ajaxLogonToElev = function()
436
+ − 31 {
+ − 32 if ( auth_level == user_level )
+ − 33 return true;
+ − 34
+ − 35 ajaxLoginInit(function(k)
+ − 36 {
+ − 37 ENANO_SID = k;
+ − 38 var url = String(' ' + window.location).substr(1);
+ − 39 url = append_sid(url);
+ − 40 window.location = url;
+ − 41 }, user_level);
+ − 42 }
+ − 43
+ − 44 /*
+ − 45 * BACKEND
+ − 46 */
+ − 47
+ − 48 /**
+ − 49 * Holding object for various AJAX authentication information.
+ − 50 * @var object
+ − 51 */
+ − 52
+ − 53 var logindata = {};
+ − 54
+ − 55 /**
+ − 56 * Path to the image used to indicate loading progress
+ − 57 * @var string
+ − 58 */
+ − 59
+ − 60 if ( !ajax_login_loadimg_path )
+ − 61 var ajax_login_loadimg_path = false;
+ − 62
+ − 63 if ( !ajax_login_successimg_path )
+ − 64 var ajax_login_successimg_path = false;
+ − 65
+ − 66 /**
+ − 67 * Status variables
+ − 68 * @var int
+ − 69 */
+ − 70
+ − 71 var AJAX_STATUS_LOADING_KEY = 1;
+ − 72 var AJAX_STATUS_GENERATING_KEY = 2;
+ − 73 var AJAX_STATUS_LOGGING_IN = 3;
+ − 74 var AJAX_STATUS_SUCCESS = 4;
+ − 75 var AJAX_STATUS_DESTROY = 65535;
+ − 76
+ − 77 /**
+ − 78 * State constants
+ − 79 * @var int
+ − 80 */
+ − 81
+ − 82 var AJAX_STATE_EARLY_INIT = 1;
+ − 83 var AJAX_STATE_LOADING_KEY = 2;
+ − 84
+ − 85 /**
+ − 86 * Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 87 * @param function The function that will be called once authentication completes successfully.
+ − 88 * @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 89 */
+ − 90
582
+ − 91 window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 92 {
582
+ − 93 load_component('messagebox');
+ − 94 load_component('flyin');
+ − 95 load_component('SpryEffects');
+ − 96 load_component('l10n');
+ − 97 load_component('crypto');
+ − 98
436
+ − 99 logindata = {};
+ − 100
+ − 101 var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 102 logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 103
+ − 104 logindata.mb_object.onclick['Cancel'] = function()
+ − 105 {
+ − 106 // Hide the error message and captcha
+ − 107 if ( document.getElementById('ajax_login_error_box') )
+ − 108 {
+ − 109 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 110 }
+ − 111 if ( document.getElementById('autoCaptcha') )
+ − 112 {
+ − 113 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 114 setTimeout(function() {
+ − 115 var d = document.getElementById('autoCaptcha');
+ − 116 d.parentNode.removeChild(d);
+ − 117 }, to);
+ − 118 }
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 119 // Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 120 ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 121 mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 122 key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 123 key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 124 });
436
+ − 125 };
+ − 126
+ − 127 logindata.mb_object.onbeforeclick['OK'] = function()
+ − 128 {
+ − 129 ajaxLoginSubmitForm();
+ − 130 return true;
+ − 131 }
+ − 132
+ − 133 // Fetch the inner content area
+ − 134 logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 135
+ − 136 // Initialize state
+ − 137 logindata.showing_status = false;
+ − 138 logindata.user_level = user_level;
+ − 139 logindata.successfunc = call_on_finish;
+ − 140
+ − 141 // Build the "loading" window
+ − 142 ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 143
+ − 144 // Request the key
+ − 145 ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 146 }
+ − 147
+ − 148 /**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 149 * For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 150 */
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 151
582
+ − 152 window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 153 {
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 154 return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 155 }
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 156
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 157 /**
436
+ − 158 * Sets the contents of the AJAX login window to the appropriate status message.
+ − 159 * @param int One of AJAX_STATUS_*
+ − 160 */
+ − 161
582
+ − 162 window.ajaxLoginSetStatus = function(status)
436
+ − 163 {
+ − 164 if ( !logindata.mb_inner )
+ − 165 return false;
+ − 166 if ( logindata.showing_status )
+ − 167 {
+ − 168 var div = document.getElementById('ajax_login_status');
+ − 169 if ( div )
+ − 170 logindata.mb_inner.removeChild(div);
+ − 171 }
+ − 172 switch(status)
+ − 173 {
+ − 174 case AJAX_STATUS_LOADING_KEY:
+ − 175
+ − 176 // Create the status div
+ − 177 var div = document.createElement('div');
+ − 178 div.id = 'ajax_login_status';
+ − 179 div.style.marginTop = '10px';
+ − 180 div.style.textAlign = 'center';
+ − 181
+ − 182 // The circly ball ajaxy image + status message
+ − 183 var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 184
+ − 185 // Insert the status message
+ − 186 div.appendChild(document.createTextNode(status_msg));
+ − 187
+ − 188 // Append a br or two to space things properly
+ − 189 div.appendChild(document.createElement('br'));
+ − 190 div.appendChild(document.createElement('br'));
+ − 191
+ − 192 var img = document.createElement('img');
+ − 193 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 194 div.appendChild(img);
+ − 195
+ − 196 // Another coupla brs
+ − 197 div.appendChild(document.createElement('br'));
+ − 198 div.appendChild(document.createElement('br'));
+ − 199
+ − 200 // The link to the full login form
+ − 201 var small = document.createElement('small');
+ − 202 small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 203 div.appendChild(small);
+ − 204
+ − 205 // Insert the entire message into the login window
+ − 206 logindata.mb_inner.innerHTML = '';
+ − 207 logindata.mb_inner.appendChild(div);
+ − 208
+ − 209 break;
+ − 210 case AJAX_STATUS_GENERATING_KEY:
+ − 211
+ − 212 // Create the status div
+ − 213 var div = document.createElement('div');
+ − 214 div.id = 'ajax_login_status';
+ − 215 div.style.marginTop = '10px';
+ − 216 div.style.textAlign = 'center';
+ − 217
+ − 218 // The circly ball ajaxy image + status message
+ − 219 var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 220
+ − 221 // Insert the status message
+ − 222 div.appendChild(document.createTextNode(status_msg));
+ − 223
+ − 224 // Append a br or two to space things properly
+ − 225 div.appendChild(document.createElement('br'));
+ − 226 div.appendChild(document.createElement('br'));
+ − 227
+ − 228 var img = document.createElement('img');
+ − 229 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 230 div.appendChild(img);
+ − 231
+ − 232 // Another coupla brs
+ − 233 div.appendChild(document.createElement('br'));
+ − 234 div.appendChild(document.createElement('br'));
+ − 235
+ − 236 // The link to the full login form
+ − 237 var small = document.createElement('small');
+ − 238 small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 239 div.appendChild(small);
+ − 240
+ − 241 // Insert the entire message into the login window
+ − 242 logindata.mb_inner.innerHTML = '';
+ − 243 logindata.mb_inner.appendChild(div);
+ − 244
+ − 245 break;
+ − 246 case AJAX_STATUS_LOGGING_IN:
+ − 247
+ − 248 // Create the status div
+ − 249 var div = document.createElement('div');
+ − 250 div.id = 'ajax_login_status';
+ − 251 div.style.marginTop = '10px';
+ − 252 div.style.textAlign = 'center';
+ − 253
+ − 254 // The circly ball ajaxy image + status message
+ − 255 var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 256
+ − 257 // Insert the status message
+ − 258 div.appendChild(document.createTextNode(status_msg));
+ − 259
+ − 260 // Append a br or two to space things properly
+ − 261 div.appendChild(document.createElement('br'));
+ − 262 div.appendChild(document.createElement('br'));
+ − 263
+ − 264 var img = document.createElement('img');
+ − 265 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 266 div.appendChild(img);
+ − 267
+ − 268 // Insert the entire message into the login window
+ − 269 logindata.mb_inner.innerHTML = '';
+ − 270 logindata.mb_inner.appendChild(div);
+ − 271
+ − 272 break;
+ − 273 case AJAX_STATUS_SUCCESS:
+ − 274
+ − 275 // Create the status div
+ − 276 var div = document.createElement('div');
+ − 277 div.id = 'ajax_login_status';
+ − 278 div.style.marginTop = '10px';
+ − 279 div.style.textAlign = 'center';
+ − 280
+ − 281 // The circly ball ajaxy image + status message
+ − 282 var status_msg = $lang.get('user_login_success_short');
+ − 283
+ − 284 // Insert the status message
+ − 285 div.appendChild(document.createTextNode(status_msg));
+ − 286
+ − 287 // Append a br or two to space things properly
+ − 288 div.appendChild(document.createElement('br'));
+ − 289 div.appendChild(document.createElement('br'));
+ − 290
+ − 291 var img = document.createElement('img');
+ − 292 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 293 div.appendChild(img);
+ − 294
+ − 295 // Insert the entire message into the login window
+ − 296 logindata.mb_inner.innerHTML = '';
+ − 297 logindata.mb_inner.appendChild(div);
+ − 298
+ − 299 case AJAX_STATUS_DESTROY:
+ − 300 case null:
+ − 301 case undefined:
+ − 302 logindata.showing_status = false;
+ − 303 return null;
+ − 304 break;
+ − 305 }
+ − 306 logindata.showing_status = true;
+ − 307 }
+ − 308
+ − 309 /**
+ − 310 * Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 311 * @param object JSON packet to send
+ − 312 */
+ − 313
582
+ − 314 window.ajaxLoginPerformRequest = function(json)
436
+ − 315 {
+ − 316 json = toJSONString(json);
+ − 317 json = ajaxEscape(json);
+ − 318 ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function()
+ − 319 {
+ − 320 if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 321 {
+ − 322 // parse response
+ − 323 var response = String(ajax.responseText + '');
+ − 324 if ( response.substr(0, 1) != '{' )
+ − 325 {
+ − 326 handle_invalid_json(response);
+ − 327 return false;
+ − 328 }
+ − 329 response = parseJSON(response);
+ − 330 ajaxLoginProcessResponse(response);
+ − 331 }
+ − 332 }, true);
+ − 333 }
+ − 334
+ − 335 /**
+ − 336 * Processes a response from the login server
+ − 337 * @param object JSON response
+ − 338 */
+ − 339
582
+ − 340 window.ajaxLoginProcessResponse = function(response)
436
+ − 341 {
+ − 342 // Did the server send a plaintext error?
+ − 343 if ( response.mode == 'error' )
+ − 344 {
+ − 345 logindata.mb_object.destroy();
478
+ − 346 var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 347 new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
436
+ − 348 return false;
+ − 349 }
+ − 350 // Main mode switch
+ − 351 switch ( response.mode )
+ − 352 {
+ − 353 case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 354 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 355 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 356 // The server wants us to build the login form, all the information is there
+ − 357 ajaxLoginBuildForm(response);
+ − 358 break;
+ − 359 case 'login_success':
+ − 360 ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
+ − 361 logindata.successfunc(response.key);
+ − 362 break;
+ − 363 case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 364 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 365 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 366 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 367 var mb_parent = document.getElementById('messageBox').parentNode;
+ − 368 new Spry.Effect.Shake(mb_parent, {duration: 1500}).start();
+ − 369 setTimeout(function()
+ − 370 {
+ − 371 document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 372 ajaxLoginBuildForm(response.respawn_info);
+ − 373 ajaxLoginShowFriendlyError(response);
+ − 374 }, 2500);
+ − 375 break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 376 case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 377 var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 378 if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 379 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 380 var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 381 window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 382 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 383 else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 384 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 385 // treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 386 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 387 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 388 var mb_parent = document.getElementById('messageBox').parentNode;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 389 new Spry.Effect.Shake(mb_parent, {duration: 1500}).start();
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 390 setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 391 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 392 document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 393 ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 394 // don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 395 }, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 396 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 397 break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 398 case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 399 break;
436
+ − 400 }
+ − 401 }
+ − 402
+ − 403 /*
+ − 404 * RESPONSE HANDLERS
+ − 405 */
+ − 406
+ − 407 /**
+ − 408 * Builds the login form.
+ − 409 * @param object Metadata to build off of
+ − 410 */
+ − 411
582
+ − 412 window.ajaxLoginBuildForm = function(data)
436
+ − 413 {
+ − 414 // let's hope this effectively preloads the image...
+ − 415 var _ = document.createElement('img');
+ − 416 _.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 417
+ − 418 var div = document.createElement('div');
+ − 419 div.id = 'ajax_login_form';
+ − 420
+ − 421 var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 422
+ − 423 // text displayed on re-auth
+ − 424 if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 425 {
+ − 426 div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 427 }
+ − 428
+ − 429 // Create the form
+ − 430 var form = document.createElement('form');
+ − 431 form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 432 form.onsubmit = function()
+ − 433 {
+ − 434 ajaxLoginSubmitForm();
+ − 435 return false;
+ − 436 }
460
+ − 437 if ( IE )
+ − 438 {
+ − 439 form.style.marginTop = '-20px';
+ − 440 }
436
+ − 441
+ − 442 // Using tables to wrap form elements because it results in a
+ − 443 // more visually appealing form. Yes, tables suck. I don't really
+ − 444 // care - they make forms look good.
+ − 445
+ − 446 var table = document.createElement('table');
+ − 447 table.style.margin = '0 auto';
+ − 448
+ − 449 // Field - username
+ − 450 var tr1 = document.createElement('tr');
+ − 451 var td1_1 = document.createElement('td');
+ − 452 td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 453 tr1.appendChild(td1_1);
+ − 454 var td1_2 = document.createElement('td');
+ − 455 var f_username = document.createElement('input');
+ − 456 f_username.id = 'ajax_login_field_username';
+ − 457 f_username.name = 'ajax_login_field_username';
+ − 458 f_username.type = 'text';
+ − 459 f_username.size = '25';
+ − 460 if ( data.username )
+ − 461 f_username.value = data.username;
+ − 462 td1_2.appendChild(f_username);
+ − 463 tr1.appendChild(td1_2);
+ − 464 table.appendChild(tr1);
+ − 465
+ − 466 // Field - password
+ − 467 var tr2 = document.createElement('tr');
+ − 468 var td2_1 = document.createElement('td');
+ − 469 td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 470 tr2.appendChild(td2_1);
+ − 471 var td2_2 = document.createElement('td');
+ − 472 var f_password = document.createElement('input');
+ − 473 f_password.id = 'ajax_login_field_password';
+ − 474 f_password.name = 'ajax_login_field_username';
+ − 475 f_password.type = 'password';
+ − 476 f_password.size = '25';
+ − 477 if ( !show_captcha )
+ − 478 {
+ − 479 f_password.onkeyup = function(e)
+ − 480 {
461
+ − 481 if ( !e )
436
+ − 482 e = window.event;
461
+ − 483 if ( !e && IE )
436
+ − 484 return true;
+ − 485 if ( e.keyCode == 13 )
+ − 486 {
+ − 487 ajaxLoginSubmitForm();
+ − 488 }
+ − 489 }
+ − 490 }
+ − 491 td2_2.appendChild(f_password);
+ − 492 tr2.appendChild(td2_2);
+ − 493 table.appendChild(tr2);
+ − 494
+ − 495 // Field - captcha
+ − 496 if ( show_captcha )
+ − 497 {
+ − 498 var tr3 = document.createElement('tr');
+ − 499 var td3_1 = document.createElement('td');
+ − 500 td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 501 tr3.appendChild(td3_1);
+ − 502 var td3_2 = document.createElement('td');
+ − 503 var f_captcha = document.createElement('input');
+ − 504 f_captcha.id = 'ajax_login_field_captcha';
+ − 505 f_captcha.name = 'ajax_login_field_username';
+ − 506 f_captcha.type = 'text';
+ − 507 f_captcha.size = '25';
+ − 508 f_captcha.onkeyup = function(e)
+ − 509 {
+ − 510 if ( !e )
+ − 511 e = window.event;
+ − 512 if ( !e.keyCode )
+ − 513 return true;
+ − 514 if ( e.keyCode == 13 )
+ − 515 {
+ − 516 ajaxLoginSubmitForm();
+ − 517 }
+ − 518 }
+ − 519 td3_2.appendChild(f_captcha);
+ − 520 tr3.appendChild(td3_2);
+ − 521 table.appendChild(tr3);
+ − 522 }
+ − 523
+ − 524 // Done building the main part of the form
+ − 525 form.appendChild(table);
+ − 526
+ − 527 // Field: enable Diffie Hellman
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 528 if ( IE || is_iPhone )
460
+ − 529 {
+ − 530 var lbl_dh = document.createElement('span');
+ − 531 lbl_dh.style.fontSize = 'smaller';
+ − 532 lbl_dh.style.display = 'block';
+ − 533 lbl_dh.style.textAlign = 'center';
+ − 534 lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 535 form.appendChild(lbl_dh);
+ − 536 }
+ − 537 else
+ − 538 {
+ − 539 var lbl_dh = document.createElement('label');
+ − 540 lbl_dh.style.fontSize = 'smaller';
+ − 541 lbl_dh.style.display = 'block';
+ − 542 lbl_dh.style.textAlign = 'center';
+ − 543 var check_dh = document.createElement('input');
+ − 544 check_dh.type = 'checkbox';
+ − 545 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 546 check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 547 if ( readCookie('diffiehellman_login') != 'disable' )
+ − 548 check_dh.setAttribute('checked', 'checked');
+ − 549 check_dh.id = 'ajax_login_field_dh';
+ − 550 lbl_dh.appendChild(check_dh);
+ − 551 lbl_dh.innerHTML += $lang.get('user_login_ajax_check_dh');
+ − 552 form.appendChild(lbl_dh);
+ − 553 }
436
+ − 554
460
+ − 555 if ( IE )
+ − 556 {
+ − 557 div.innerHTML += form.outerHTML;
+ − 558 }
+ − 559 else
+ − 560 {
+ − 561 div.appendChild(form);
+ − 562 }
436
+ − 563
+ − 564 // Diagnostic / help links
+ − 565 // (only displayed in login, not in re-auth)
+ − 566 if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 567 {
+ − 568 form.style.marginBottom = '10px';
+ − 569 var links = document.createElement('small');
+ − 570 links.style.display = 'block';
+ − 571 links.style.textAlign = 'center';
+ − 572 links.innerHTML = '';
+ − 573 if ( !show_captcha )
+ − 574 links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 575 // Always shown
+ − 576 links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 577 if ( !show_captcha )
+ − 578 links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 579 div.appendChild(links);
+ − 580 }
+ − 581
+ − 582 // Insert the entire form into the login window
+ − 583 logindata.mb_inner.innerHTML = '';
+ − 584 logindata.mb_inner.appendChild(div);
+ − 585
+ − 586 // Post operations: field focus
460
+ − 587 if ( IE )
+ − 588 {
+ − 589 setTimeout(
+ − 590 function()
+ − 591 {
+ − 592 if ( logindata.loggedin_username )
+ − 593 document.getElementById('ajax_login_field_password').focus();
+ − 594 else
+ − 595 document.getElementById('ajax_login_field_username').focus();
+ − 596 }, 200);
+ − 597 }
436
+ − 598 else
460
+ − 599 {
+ − 600 if ( data.username )
+ − 601 f_password.focus();
+ − 602 else
+ − 603 f_username.focus();
+ − 604 }
436
+ − 605
+ − 606 // Post operations: show captcha window
+ − 607 if ( show_captcha )
+ − 608 ajaxShowCaptcha(show_captcha);
+ − 609
+ − 610 // Post operations: stash encryption keys and All That Jazz(TM)
+ − 611 logindata.key_aes = data.aes_key;
+ − 612 logindata.key_dh = data.dh_public_key;
+ − 613 logindata.captcha_hash = show_captcha;
460
+ − 614 logindata.loggedin_username = data.username
436
+ − 615
+ − 616 // Are we locked out? If so simulate an error and disable the controls
+ − 617 if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 618 {
+ − 619 f_username.setAttribute('disabled', 'disabled');
+ − 620 f_password.setAttribute('disabled', 'disabled');
+ − 621 var fake_packet = {
+ − 622 error_code: 'locked_out',
+ − 623 respawn_info: data
+ − 624 };
+ − 625 ajaxLoginShowFriendlyError(fake_packet);
+ − 626 }
+ − 627 }
+ − 628
582
+ − 629 window.ajaxLoginSubmitForm = function(real, username, password, captcha)
436
+ − 630 {
+ − 631 // Perform AES test to make sure it's all working
+ − 632 if ( !aes_self_test() )
+ − 633 {
+ − 634 alert('BUG: AES self-test failed');
+ − 635 login_cache.mb_object.destroy();
+ − 636 return false;
+ − 637 }
+ − 638 // Hide the error message and captcha
+ − 639 if ( document.getElementById('ajax_login_error_box') )
+ − 640 {
+ − 641 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 642 }
+ − 643 if ( document.getElementById('autoCaptcha') )
+ − 644 {
+ − 645 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 646 setTimeout(function() {
+ − 647 var d = document.getElementById('autoCaptcha');
+ − 648 d.parentNode.removeChild(d);
+ − 649 }, to);
+ − 650 }
+ − 651 // Encryption: preprocessor
+ − 652 if ( real )
+ − 653 {
+ − 654 var do_dh = true;
+ − 655 }
+ − 656 else if ( document.getElementById('ajax_login_field_dh') )
+ − 657 {
+ − 658 var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 659 }
+ − 660 else
+ − 661 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 662 if ( IE || is_iPhone )
460
+ − 663 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 664 // IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 665 // of the login form is there
+ − 666 if ( !document.getElementById('ajax_login_field_username') )
+ − 667 {
+ − 668 return false;
+ − 669 }
+ − 670 }
+ − 671 else
+ − 672 {
+ − 673 // The user probably clicked ok when the form wasn't in there.
+ − 674 return false;
+ − 675 }
436
+ − 676 }
+ − 677 if ( !username )
+ − 678 {
+ − 679 var username = document.getElementById('ajax_login_field_username').value;
+ − 680 }
+ − 681 if ( !password )
+ − 682 {
+ − 683 var password = document.getElementById('ajax_login_field_password').value;
+ − 684 }
+ − 685 if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 686 {
+ − 687 var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 688 }
+ − 689
+ − 690 if ( do_dh )
+ − 691 {
+ − 692 ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 693 if ( !real )
+ − 694 {
+ − 695 // Wait while the browser updates the login window
+ − 696 setTimeout(function()
+ − 697 {
+ − 698 ajaxLoginSubmitForm(true, username, password, captcha);
+ − 699 }, 200);
+ − 700 return true;
+ − 701 }
+ − 702 // Perform Diffie Hellman stuff
+ − 703 var dh_priv = dh_gen_private();
+ − 704 var dh_pub = dh_gen_public(dh_priv);
+ − 705 var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 706 // secret_hash is used to verify that the server guesses the correct secret
+ − 707 var secret_hash = hex_sha1(secret);
+ − 708 // crypt_key is the actual AES key
+ − 709 var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
+ − 710 }
+ − 711 else
+ − 712 {
+ − 713 var crypt_key = logindata.key_aes;
+ − 714 }
+ − 715
+ − 716 ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 717
+ − 718 // Encrypt the password and username
+ − 719 var userinfo = toJSONString({
+ − 720 username: username,
+ − 721 password: password
+ − 722 });
+ − 723 var crypt_key_ba = hexToByteArray(crypt_key);
+ − 724 userinfo = stringToByteArray(userinfo);
+ − 725
+ − 726 userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 727 userinfo = byteArrayToHex(userinfo);
+ − 728 // Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 729
+ − 730 // Collect other needed information
+ − 731 if ( logindata.captcha_hash )
+ − 732 {
+ − 733 var captcha_hash = logindata.captcha_hash;
+ − 734 var captcha_code = captcha;
+ − 735 }
+ − 736 else
+ − 737 {
+ − 738 var captcha_hash = false;
+ − 739 var captcha_code = false;
+ − 740 }
+ − 741
+ − 742 // Ship it across the 'net
+ − 743 if ( do_dh )
+ − 744 {
+ − 745 var json_packet = {
+ − 746 mode: 'login_dh',
+ − 747 userinfo: userinfo,
+ − 748 captcha_code: captcha_code,
+ − 749 captcha_hash: captcha_hash,
+ − 750 dh_public_key: logindata.key_dh,
+ − 751 dh_client_key: dh_pub,
+ − 752 dh_secret_hash: secret_hash,
+ − 753 level: logindata.user_level
+ − 754 }
+ − 755 }
+ − 756 else
+ − 757 {
+ − 758 var json_packet = {
+ − 759 mode: 'login_aes',
+ − 760 userinfo: userinfo,
+ − 761 captcha_code: captcha_code,
+ − 762 captcha_hash: captcha_hash,
+ − 763 key_aes: hex_md5(crypt_key),
+ − 764 level: logindata.user_level
+ − 765 }
+ − 766 }
+ − 767 ajaxLoginPerformRequest(json_packet);
+ − 768 }
+ − 769
582
+ − 770 window.ajaxLoginShowFriendlyError = function(response)
436
+ − 771 {
+ − 772 if ( !response.respawn_info )
+ − 773 return false;
+ − 774 if ( !response.error_code )
+ − 775 return false;
+ − 776 var text = ajaxLoginGetErrorText(response);
+ − 777 if ( document.getElementById('ajax_login_error_box') )
+ − 778 {
+ − 779 // console.info('Reusing existing error-box');
+ − 780 document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 781 return true;
+ − 782 }
+ − 783
+ − 784 // console.info('Drawing new error-box');
+ − 785
+ − 786 // calculate position for the top of the box
+ − 787 var mb_bottom = $('messageBoxButtons').Top() + $('messageBoxButtons').Height();
+ − 788 // if the box isn't done flying in yet, just estimate
+ − 789 if ( mb_bottom < ( getHeight() / 2 ) )
+ − 790 {
+ − 791 mb_bottom = ( getHeight() / 2 ) + 120;
+ − 792 }
+ − 793 var win_bottom = getHeight() + getScrollOffset();
+ − 794 var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 795 // left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 796 var left = getWidth() * 0.2;
+ − 797
+ − 798 // create the div
+ − 799 var errbox = document.createElement('div');
+ − 800 errbox.className = 'error-box-mini';
+ − 801 errbox.style.position = 'absolute';
+ − 802 errbox.style.width = '60%';
+ − 803 errbox.style.top = top + 'px';
+ − 804 errbox.style.left = left + 'px';
+ − 805 errbox.innerHTML = text;
+ − 806 errbox.id = 'ajax_login_error_box';
+ − 807
+ − 808 var body = document.getElementsByTagName('body')[0];
+ − 809 body.appendChild(errbox);
+ − 810 }
+ − 811
582
+ − 812 window.ajaxLoginGetErrorText = function(response)
436
+ − 813 {
+ − 814 switch ( response.error_code )
+ − 815 {
+ − 816 default:
+ − 817 return $lang.get('user_err_' + response.error_code);
+ − 818 break;
+ − 819 case 'locked_out':
+ − 820 if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 821 {
+ − 822 return $lang.get('user_err_locked_out', {
+ − 823 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 824 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 825 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 826 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 827 captcha_blurb: ''
+ − 828 });
+ − 829 break;
+ − 830 }
+ − 831 case 'invalid_credentials':
+ − 832 var base = $lang.get('user_err_invalid_credentials');
+ − 833 if ( response.respawn_info.locked_out )
+ − 834 {
+ − 835 base += ' ';
+ − 836 var captcha_blurb = '';
+ − 837 switch(response.respawn_info.lockout_info.lockout_policy)
+ − 838 {
+ − 839 case 'captcha':
+ − 840 captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 841 break;
+ − 842 case 'lockout':
+ − 843 break;
+ − 844 default:
+ − 845 base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 846 break;
+ − 847 }
+ − 848 base += $lang.get('user_err_locked_out', {
+ − 849 captcha_blurb: captcha_blurb,
+ − 850 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 851 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 852 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 853 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 854 });
+ − 855 }
+ − 856 else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 857 {
+ − 858 // if we have a lockout policy of captcha or lockout, then warn the user
+ − 859 switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 860 {
+ − 861 case 'captcha':
+ − 862 base += $lang.get('user_err_invalid_credentials_lockout', {
+ − 863 fails: response.respawn_info.lockout_info.lockout_fails,
+ − 864 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 865 lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 866 });
+ − 867 break;
+ − 868 case 'lockout':
+ − 869 break;
+ − 870 }
+ − 871 }
+ − 872 return base;
+ − 873 break;
+ − 874 }
+ − 875 }
+ − 876
585
+ − 877 window.ajaxShowCaptcha = function(code)
+ − 878 {
+ − 879 var mydiv = document.createElement('div');
+ − 880 mydiv.style.backgroundColor = '#FFFFFF';
+ − 881 mydiv.style.padding = '10px';
+ − 882 mydiv.style.position = 'absolute';
+ − 883 mydiv.style.top = '0px';
+ − 884 mydiv.id = 'autoCaptcha';
+ − 885 mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 886 var img = document.createElement('img');
+ − 887 img.onload = function()
+ − 888 {
+ − 889 if ( this.loaded )
+ − 890 return true;
+ − 891 var mydiv = document.getElementById('autoCaptcha');
+ − 892 var width = getWidth();
+ − 893 var divw = $dynano(mydiv).Width();
+ − 894 var left = ( width / 2 ) - ( divw / 2 );
+ − 895 mydiv.style.left = left + 'px';
+ − 896 fly_in_top(mydiv, false, true);
+ − 897 this.loaded = true;
+ − 898 };
+ − 899 img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 900 img.onclick = function() { this.src = this.src + '/a'; };
+ − 901 img.style.cursor = 'pointer';
+ − 902 mydiv.appendChild(img);
+ − 903 domObjChangeOpac(0, mydiv);
+ − 904 var body = document.getElementsByTagName('body')[0];
+ − 905 body.appendChild(mydiv);
+ − 906 }
+ − 907
582
+ − 908 window.ajaxInitLogout = function()
+ − 909 {
+ − 910 load_component('messagebox');
+ − 911 load_component('l10n');
+ − 912 var mb = new MessageBox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
+ − 913 mb.onclick['Yes'] = function()
+ − 914 {
+ − 915 window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + title);
+ − 916 }
+ − 917 }
+ − 918
+ − 919 window.mb_logout = function()
+ − 920 {
+ − 921 ajaxInitLogout();
+ − 922 }
+ − 923
+ − 924 window.ajaxStartLogin = function()
+ − 925 {
+ − 926 ajaxLogonToMember();
+ − 927 }
+ − 928
+ − 929 window.ajaxStartAdminLogin = function()
+ − 930 {
+ − 931 // IE <6 pseudo-compatibility
+ − 932 if ( KILL_SWITCH )
+ − 933 return true;
+ − 934 if ( auth_level < USER_LEVEL_ADMIN )
+ − 935 {
+ − 936 ajaxLoginInit(function(k) {
+ − 937 ENANO_SID = k;
+ − 938 auth_level = USER_LEVEL_ADMIN;
+ − 939 var loc = makeUrlNS('Special', 'Administration');
+ − 940 if ( (ENANO_SID + ' ').length > 1 )
+ − 941 window.location = loc;
+ − 942 }, USER_LEVEL_ADMIN);
+ − 943 return false;
+ − 944 }
+ − 945 var loc = makeUrlNS('Special', 'Administration');
+ − 946 window.location = loc;
+ − 947 }
+ − 948
+ − 949 window.ajaxAdminPage = function()
+ − 950 {
+ − 951 // IE <6 pseudo-compatibility
+ − 952 if ( KILL_SWITCH )
+ − 953 return true;
+ − 954 if ( auth_level < USER_LEVEL_ADMIN )
+ − 955 {
+ − 956 ajaxPromptAdminAuth(function(k) {
+ − 957 ENANO_SID = k;
+ − 958 auth_level = USER_LEVEL_ADMIN;
+ − 959 var loc = String(window.location + '');
+ − 960 window.location = append_sid(loc);
+ − 961 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 962 if ( (ENANO_SID + ' ').length > 1 )
+ − 963 window.location = loc;
+ − 964 }, 9);
+ − 965 return false;
+ − 966 }
+ − 967 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 968 window.location = loc;
+ − 969 }
+ − 970
+ − 971 var navto_ns;
+ − 972 var navto_pg;
+ − 973 var navto_ul;
+ − 974
+ − 975 window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 976 {
+ − 977 // IE <6 pseudo-compatibility
+ − 978 if ( KILL_SWITCH )
+ − 979 return true;
+ − 980 navto_pg = page_id;
+ − 981 navto_ns = namespace;
+ − 982 navto_ul = min_level;
+ − 983 if ( auth_level < min_level )
+ − 984 {
+ − 985 ajaxPromptAdminAuth(function(k) {
+ − 986 ENANO_SID = k;
+ − 987 auth_level = navto_ul;
+ − 988 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 989 if ( (ENANO_SID + ' ').length > 1 )
+ − 990 window.location = loc;
+ − 991 }, min_level);
+ − 992 return false;
+ − 993 }
+ − 994 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 995 window.location = loc;
+ − 996 }
+ − 997
+ − 998 window.ajaxAdminUser = function(username)
+ − 999 {
+ − 1000 // IE <6 pseudo-compatibility
+ − 1001 if ( KILL_SWITCH )
+ − 1002 return true;
+ − 1003 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1004 {
+ − 1005 ajaxPromptAdminAuth(function(k) {
+ − 1006 ENANO_SID = k;
+ − 1007 auth_level = USER_LEVEL_ADMIN;
+ − 1008 var loc = String(window.location + '');
+ − 1009 window.location = append_sid(loc);
+ − 1010 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1011 if ( (ENANO_SID + ' ').length > 1 )
+ − 1012 window.location = loc;
+ − 1013 }, 9);
+ − 1014 return false;
+ − 1015 }
+ − 1016 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1017 window.location = loc;
+ − 1018 }