436
+ − 1
/*
+ − 2
* AJAX-based intelligent login interface
+ − 3
*/
+ − 4
+ − 5
/*
+ − 6
* FRONTEND
+ − 7
*/
+ − 8
+ − 9
/**
+ − 10
* Performs a logon as a regular member.
+ − 11
*/
+ − 12
582
+ − 13
window.ajaxLogonToMember = function()
436
+ − 14
{
+ − 15
// IE <6 pseudo-compatibility
+ − 16
if ( KILL_SWITCH )
+ − 17
return true;
+ − 18
if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19
return true;
+ − 20
ajaxLoginInit(function(k)
+ − 21
{
+ − 22
window.location.reload();
+ − 23
}, USER_LEVEL_MEMBER);
+ − 24
}
+ − 25
+ − 26
/**
+ − 27
* Authenticates to the highest level the current user is allowed to go to.
+ − 28
*/
+ − 29
582
+ − 30
window.ajaxLogonToElev = function()
436
+ − 31
{
+ − 32
if ( auth_level == user_level )
+ − 33
return true;
+ − 34
+ − 35
ajaxLoginInit(function(k)
+ − 36
{
+ − 37
ENANO_SID = k;
+ − 38
var url = String(' ' + window.location).substr(1);
+ − 39
url = append_sid(url);
+ − 40
window.location = url;
+ − 41
}, user_level);
+ − 42
}
+ − 43
+ − 44
/*
+ − 45
* BACKEND
+ − 46
*/
+ − 47
+ − 48
/**
+ − 49
* Holding object for various AJAX authentication information.
+ − 50
* @var object
+ − 51
*/
+ − 52
+ − 53
var logindata = {};
+ − 54
+ − 55
/**
+ − 56
* Path to the image used to indicate loading progress
+ − 57
* @var string
+ − 58
*/
+ − 59
+ − 60
if ( !ajax_login_loadimg_path )
+ − 61
var ajax_login_loadimg_path = false;
+ − 62
+ − 63
if ( !ajax_login_successimg_path )
+ − 64
var ajax_login_successimg_path = false;
+ − 65
+ − 66
/**
+ − 67
* Status variables
+ − 68
* @var int
+ − 69
*/
+ − 70
+ − 71
var AJAX_STATUS_LOADING_KEY = 1;
+ − 72
var AJAX_STATUS_GENERATING_KEY = 2;
+ − 73
var AJAX_STATUS_LOGGING_IN = 3;
+ − 74
var AJAX_STATUS_SUCCESS = 4;
+ − 75
var AJAX_STATUS_DESTROY = 65535;
+ − 76
+ − 77
/**
+ − 78
* State constants
+ − 79
* @var int
+ − 80
*/
+ − 81
+ − 82
var AJAX_STATE_EARLY_INIT = 1;
+ − 83
var AJAX_STATE_LOADING_KEY = 2;
+ − 84
+ − 85
/**
+ − 86
* Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 87
* @param function The function that will be called once authentication completes successfully.
+ − 88
* @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 89
*/
+ − 90
582
+ − 91
window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 92
{
582
+ − 93
load_component('messagebox');
+ − 94
load_component('flyin');
+ − 95
load_component('SpryEffects');
+ − 96
load_component('l10n');
+ − 97
load_component('crypto');
+ − 98
436
+ − 99
logindata = {};
+ − 100
+ − 101
var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 102
logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 103
+ − 104
logindata.mb_object.onclick['Cancel'] = function()
+ − 105
{
+ − 106
// Hide the error message and captcha
+ − 107
if ( document.getElementById('ajax_login_error_box') )
+ − 108
{
+ − 109
document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 110
}
+ − 111
if ( document.getElementById('autoCaptcha') )
+ − 112
{
+ − 113
var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 114
setTimeout(function() {
+ − 115
var d = document.getElementById('autoCaptcha');
+ − 116
d.parentNode.removeChild(d);
+ − 117
}, to);
+ − 118
}
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 119
// Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 120
ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 121
mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 122
key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 123
key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 124
});
436
+ − 125
};
+ − 126
+ − 127
logindata.mb_object.onbeforeclick['OK'] = function()
+ − 128
{
+ − 129
ajaxLoginSubmitForm();
+ − 130
return true;
+ − 131
}
+ − 132
+ − 133
// Fetch the inner content area
+ − 134
logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 135
+ − 136
// Initialize state
+ − 137
logindata.showing_status = false;
+ − 138
logindata.user_level = user_level;
+ − 139
logindata.successfunc = call_on_finish;
+ − 140
+ − 141
// Build the "loading" window
+ − 142
ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 143
+ − 144
// Request the key
+ − 145
ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 146
}
+ − 147
+ − 148
/**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 149
* For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 150
*/
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 151
582
+ − 152
window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 153
{
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 154
return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 155
}
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 156
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 157
/**
436
+ − 158
* Sets the contents of the AJAX login window to the appropriate status message.
+ − 159
* @param int One of AJAX_STATUS_*
+ − 160
*/
+ − 161
582
+ − 162
window.ajaxLoginSetStatus = function(status)
436
+ − 163
{
+ − 164
if ( !logindata.mb_inner )
+ − 165
return false;
+ − 166
if ( logindata.showing_status )
+ − 167
{
+ − 168
var div = document.getElementById('ajax_login_status');
+ − 169
if ( div )
+ − 170
logindata.mb_inner.removeChild(div);
+ − 171
}
+ − 172
switch(status)
+ − 173
{
+ − 174
case AJAX_STATUS_LOADING_KEY:
+ − 175
+ − 176
// Create the status div
+ − 177
var div = document.createElement('div');
+ − 178
div.id = 'ajax_login_status';
+ − 179
div.style.marginTop = '10px';
+ − 180
div.style.textAlign = 'center';
+ − 181
+ − 182
// The circly ball ajaxy image + status message
+ − 183
var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 184
+ − 185
// Insert the status message
+ − 186
div.appendChild(document.createTextNode(status_msg));
+ − 187
+ − 188
// Append a br or two to space things properly
+ − 189
div.appendChild(document.createElement('br'));
+ − 190
div.appendChild(document.createElement('br'));
+ − 191
+ − 192
var img = document.createElement('img');
+ − 193
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 194
div.appendChild(img);
+ − 195
+ − 196
// Another coupla brs
+ − 197
div.appendChild(document.createElement('br'));
+ − 198
div.appendChild(document.createElement('br'));
+ − 199
+ − 200
// The link to the full login form
+ − 201
var small = document.createElement('small');
+ − 202
small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 203
div.appendChild(small);
+ − 204
+ − 205
// Insert the entire message into the login window
+ − 206
logindata.mb_inner.innerHTML = '';
+ − 207
logindata.mb_inner.appendChild(div);
+ − 208
+ − 209
break;
+ − 210
case AJAX_STATUS_GENERATING_KEY:
+ − 211
+ − 212
// Create the status div
+ − 213
var div = document.createElement('div');
+ − 214
div.id = 'ajax_login_status';
+ − 215
div.style.marginTop = '10px';
+ − 216
div.style.textAlign = 'center';
+ − 217
+ − 218
// The circly ball ajaxy image + status message
+ − 219
var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 220
+ − 221
// Insert the status message
+ − 222
div.appendChild(document.createTextNode(status_msg));
+ − 223
+ − 224
// Append a br or two to space things properly
+ − 225
div.appendChild(document.createElement('br'));
+ − 226
div.appendChild(document.createElement('br'));
+ − 227
+ − 228
var img = document.createElement('img');
+ − 229
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 230
div.appendChild(img);
+ − 231
+ − 232
// Another coupla brs
+ − 233
div.appendChild(document.createElement('br'));
+ − 234
div.appendChild(document.createElement('br'));
+ − 235
+ − 236
// The link to the full login form
+ − 237
var small = document.createElement('small');
+ − 238
small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 239
div.appendChild(small);
+ − 240
+ − 241
// Insert the entire message into the login window
+ − 242
logindata.mb_inner.innerHTML = '';
+ − 243
logindata.mb_inner.appendChild(div);
+ − 244
+ − 245
break;
+ − 246
case AJAX_STATUS_LOGGING_IN:
+ − 247
+ − 248
// Create the status div
+ − 249
var div = document.createElement('div');
+ − 250
div.id = 'ajax_login_status';
+ − 251
div.style.marginTop = '10px';
+ − 252
div.style.textAlign = 'center';
+ − 253
+ − 254
// The circly ball ajaxy image + status message
+ − 255
var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 256
+ − 257
// Insert the status message
+ − 258
div.appendChild(document.createTextNode(status_msg));
+ − 259
+ − 260
// Append a br or two to space things properly
+ − 261
div.appendChild(document.createElement('br'));
+ − 262
div.appendChild(document.createElement('br'));
+ − 263
+ − 264
var img = document.createElement('img');
+ − 265
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 266
div.appendChild(img);
+ − 267
+ − 268
// Insert the entire message into the login window
+ − 269
logindata.mb_inner.innerHTML = '';
+ − 270
logindata.mb_inner.appendChild(div);
+ − 271
+ − 272
break;
+ − 273
case AJAX_STATUS_SUCCESS:
+ − 274
+ − 275
// Create the status div
+ − 276
var div = document.createElement('div');
+ − 277
div.id = 'ajax_login_status';
+ − 278
div.style.marginTop = '10px';
+ − 279
div.style.textAlign = 'center';
+ − 280
+ − 281
// The circly ball ajaxy image + status message
+ − 282
var status_msg = $lang.get('user_login_success_short');
+ − 283
+ − 284
// Insert the status message
+ − 285
div.appendChild(document.createTextNode(status_msg));
+ − 286
+ − 287
// Append a br or two to space things properly
+ − 288
div.appendChild(document.createElement('br'));
+ − 289
div.appendChild(document.createElement('br'));
+ − 290
+ − 291
var img = document.createElement('img');
+ − 292
img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 293
div.appendChild(img);
+ − 294
+ − 295
// Insert the entire message into the login window
+ − 296
logindata.mb_inner.innerHTML = '';
+ − 297
logindata.mb_inner.appendChild(div);
+ − 298
+ − 299
case AJAX_STATUS_DESTROY:
+ − 300
case null:
+ − 301
case undefined:
+ − 302
logindata.showing_status = false;
+ − 303
return null;
+ − 304
break;
+ − 305
}
+ − 306
logindata.showing_status = true;
+ − 307
}
+ − 308
+ − 309
/**
+ − 310
* Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 311
* @param object JSON packet to send
+ − 312
*/
+ − 313
582
+ − 314
window.ajaxLoginPerformRequest = function(json)
436
+ − 315
{
+ − 316
json = toJSONString(json);
+ − 317
json = ajaxEscape(json);
+ − 318
ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function()
+ − 319
{
+ − 320
if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 321
{
+ − 322
// parse response
+ − 323
var response = String(ajax.responseText + '');
+ − 324
if ( response.substr(0, 1) != '{' )
+ − 325
{
+ − 326
handle_invalid_json(response);
+ − 327
return false;
+ − 328
}
+ − 329
response = parseJSON(response);
+ − 330
ajaxLoginProcessResponse(response);
+ − 331
}
+ − 332
}, true);
+ − 333
}
+ − 334
+ − 335
/**
+ − 336
* Processes a response from the login server
+ − 337
* @param object JSON response
+ − 338
*/
+ − 339
582
+ − 340
window.ajaxLoginProcessResponse = function(response)
436
+ − 341
{
+ − 342
// Did the server send a plaintext error?
+ − 343
if ( response.mode == 'error' )
+ − 344
{
+ − 345
logindata.mb_object.destroy();
478
+ − 346
var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 347
new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
436
+ − 348
return false;
+ − 349
}
+ − 350
// Main mode switch
+ − 351
switch ( response.mode )
+ − 352
{
+ − 353
case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 354
// Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 355
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 356
// The server wants us to build the login form, all the information is there
+ − 357
ajaxLoginBuildForm(response);
+ − 358
break;
+ − 359
case 'login_success':
+ − 360
ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
+ − 361
logindata.successfunc(response.key);
+ − 362
break;
+ − 363
case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 364
// Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 365
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 366
document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 367
var mb_parent = document.getElementById('messageBox').parentNode;
+ − 368
new Spry.Effect.Shake(mb_parent, {duration: 1500}).start();
+ − 369
setTimeout(function()
+ − 370
{
+ − 371
document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 372
ajaxLoginBuildForm(response.respawn_info);
+ − 373
ajaxLoginShowFriendlyError(response);
+ − 374
}, 2500);
+ − 375
break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 376
case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 377
var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 378
if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 379
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 380
var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 381
window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 382
}
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 383
else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 384
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 385
// treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 386
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 387
document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 388
var mb_parent = document.getElementById('messageBox').parentNode;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 389
new Spry.Effect.Shake(mb_parent, {duration: 1500}).start();
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 390
setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 391
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 392
document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 393
ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 394
// don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 395
}, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 396
}
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 397
break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 398
case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 399
break;
436
+ − 400
}
+ − 401
}
+ − 402
+ − 403
/*
+ − 404
* RESPONSE HANDLERS
+ − 405
*/
+ − 406
+ − 407
/**
+ − 408
* Builds the login form.
+ − 409
* @param object Metadata to build off of
+ − 410
*/
+ − 411
582
+ − 412
window.ajaxLoginBuildForm = function(data)
436
+ − 413
{
+ − 414
// let's hope this effectively preloads the image...
+ − 415
var _ = document.createElement('img');
+ − 416
_.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 417
+ − 418
var div = document.createElement('div');
+ − 419
div.id = 'ajax_login_form';
+ − 420
+ − 421
var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 422
+ − 423
// text displayed on re-auth
+ − 424
if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 425
{
+ − 426
div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 427
}
+ − 428
+ − 429
// Create the form
+ − 430
var form = document.createElement('form');
+ − 431
form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 432
form.onsubmit = function()
+ − 433
{
+ − 434
ajaxLoginSubmitForm();
+ − 435
return false;
+ − 436
}
460
+ − 437
if ( IE )
+ − 438
{
+ − 439
form.style.marginTop = '-20px';
+ − 440
}
436
+ − 441
+ − 442
// Using tables to wrap form elements because it results in a
+ − 443
// more visually appealing form. Yes, tables suck. I don't really
+ − 444
// care - they make forms look good.
+ − 445
+ − 446
var table = document.createElement('table');
+ − 447
table.style.margin = '0 auto';
+ − 448
+ − 449
// Field - username
+ − 450
var tr1 = document.createElement('tr');
+ − 451
var td1_1 = document.createElement('td');
+ − 452
td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 453
tr1.appendChild(td1_1);
+ − 454
var td1_2 = document.createElement('td');
+ − 455
var f_username = document.createElement('input');
+ − 456
f_username.id = 'ajax_login_field_username';
+ − 457
f_username.name = 'ajax_login_field_username';
+ − 458
f_username.type = 'text';
+ − 459
f_username.size = '25';
+ − 460
if ( data.username )
+ − 461
f_username.value = data.username;
+ − 462
td1_2.appendChild(f_username);
+ − 463
tr1.appendChild(td1_2);
+ − 464
table.appendChild(tr1);
+ − 465
+ − 466
// Field - password
+ − 467
var tr2 = document.createElement('tr');
+ − 468
var td2_1 = document.createElement('td');
+ − 469
td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 470
tr2.appendChild(td2_1);
+ − 471
var td2_2 = document.createElement('td');
+ − 472
var f_password = document.createElement('input');
+ − 473
f_password.id = 'ajax_login_field_password';
+ − 474
f_password.name = 'ajax_login_field_username';
+ − 475
f_password.type = 'password';
+ − 476
f_password.size = '25';
+ − 477
if ( !show_captcha )
+ − 478
{
+ − 479
f_password.onkeyup = function(e)
+ − 480
{
461
+ − 481
if ( !e )
436
+ − 482
e = window.event;
461
+ − 483
if ( !e && IE )
436
+ − 484
return true;
+ − 485
if ( e.keyCode == 13 )
+ − 486
{
+ − 487
ajaxLoginSubmitForm();
+ − 488
}
+ − 489
}
+ − 490
}
+ − 491
td2_2.appendChild(f_password);
+ − 492
tr2.appendChild(td2_2);
+ − 493
table.appendChild(tr2);
+ − 494
+ − 495
// Field - captcha
+ − 496
if ( show_captcha )
+ − 497
{
+ − 498
var tr3 = document.createElement('tr');
+ − 499
var td3_1 = document.createElement('td');
+ − 500
td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 501
tr3.appendChild(td3_1);
+ − 502
var td3_2 = document.createElement('td');
+ − 503
var f_captcha = document.createElement('input');
+ − 504
f_captcha.id = 'ajax_login_field_captcha';
+ − 505
f_captcha.name = 'ajax_login_field_username';
+ − 506
f_captcha.type = 'text';
+ − 507
f_captcha.size = '25';
+ − 508
f_captcha.onkeyup = function(e)
+ − 509
{
+ − 510
if ( !e )
+ − 511
e = window.event;
+ − 512
if ( !e.keyCode )
+ − 513
return true;
+ − 514
if ( e.keyCode == 13 )
+ − 515
{
+ − 516
ajaxLoginSubmitForm();
+ − 517
}
+ − 518
}
+ − 519
td3_2.appendChild(f_captcha);
+ − 520
tr3.appendChild(td3_2);
+ − 521
table.appendChild(tr3);
+ − 522
}
+ − 523
+ − 524
// Done building the main part of the form
+ − 525
form.appendChild(table);
+ − 526
+ − 527
// Field: enable Diffie Hellman
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 528
if ( IE || is_iPhone )
460
+ − 529
{
+ − 530
var lbl_dh = document.createElement('span');
+ − 531
lbl_dh.style.fontSize = 'smaller';
+ − 532
lbl_dh.style.display = 'block';
+ − 533
lbl_dh.style.textAlign = 'center';
+ − 534
lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 535
form.appendChild(lbl_dh);
+ − 536
}
+ − 537
else
+ − 538
{
+ − 539
var lbl_dh = document.createElement('label');
+ − 540
lbl_dh.style.fontSize = 'smaller';
+ − 541
lbl_dh.style.display = 'block';
+ − 542
lbl_dh.style.textAlign = 'center';
+ − 543
var check_dh = document.createElement('input');
+ − 544
check_dh.type = 'checkbox';
+ − 545
// this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 546
check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 547
if ( readCookie('diffiehellman_login') != 'disable' )
+ − 548
check_dh.setAttribute('checked', 'checked');
+ − 549
check_dh.id = 'ajax_login_field_dh';
+ − 550
lbl_dh.appendChild(check_dh);
+ − 551
lbl_dh.innerHTML += $lang.get('user_login_ajax_check_dh');
+ − 552
form.appendChild(lbl_dh);
+ − 553
}
436
+ − 554
460
+ − 555
if ( IE )
+ − 556
{
+ − 557
div.innerHTML += form.outerHTML;
+ − 558
}
+ − 559
else
+ − 560
{
+ − 561
div.appendChild(form);
+ − 562
}
436
+ − 563
+ − 564
// Diagnostic / help links
+ − 565
// (only displayed in login, not in re-auth)
+ − 566
if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 567
{
+ − 568
form.style.marginBottom = '10px';
+ − 569
var links = document.createElement('small');
+ − 570
links.style.display = 'block';
+ − 571
links.style.textAlign = 'center';
+ − 572
links.innerHTML = '';
+ − 573
if ( !show_captcha )
+ − 574
links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 575
// Always shown
+ − 576
links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 577
if ( !show_captcha )
+ − 578
links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 579
div.appendChild(links);
+ − 580
}
+ − 581
+ − 582
// Insert the entire form into the login window
+ − 583
logindata.mb_inner.innerHTML = '';
+ − 584
logindata.mb_inner.appendChild(div);
+ − 585
+ − 586
// Post operations: field focus
460
+ − 587
if ( IE )
+ − 588
{
+ − 589
setTimeout(
+ − 590
function()
+ − 591
{
+ − 592
if ( logindata.loggedin_username )
+ − 593
document.getElementById('ajax_login_field_password').focus();
+ − 594
else
+ − 595
document.getElementById('ajax_login_field_username').focus();
+ − 596
}, 200);
+ − 597
}
436
+ − 598
else
460
+ − 599
{
+ − 600
if ( data.username )
+ − 601
f_password.focus();
+ − 602
else
+ − 603
f_username.focus();
+ − 604
}
436
+ − 605
+ − 606
// Post operations: show captcha window
+ − 607
if ( show_captcha )
+ − 608
ajaxShowCaptcha(show_captcha);
+ − 609
+ − 610
// Post operations: stash encryption keys and All That Jazz(TM)
+ − 611
logindata.key_aes = data.aes_key;
+ − 612
logindata.key_dh = data.dh_public_key;
+ − 613
logindata.captcha_hash = show_captcha;
460
+ − 614
logindata.loggedin_username = data.username
436
+ − 615
+ − 616
// Are we locked out? If so simulate an error and disable the controls
+ − 617
if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 618
{
+ − 619
f_username.setAttribute('disabled', 'disabled');
+ − 620
f_password.setAttribute('disabled', 'disabled');
+ − 621
var fake_packet = {
+ − 622
error_code: 'locked_out',
+ − 623
respawn_info: data
+ − 624
};
+ − 625
ajaxLoginShowFriendlyError(fake_packet);
+ − 626
}
+ − 627
}
+ − 628
582
+ − 629
window.ajaxLoginSubmitForm = function(real, username, password, captcha)
436
+ − 630
{
+ − 631
// Perform AES test to make sure it's all working
+ − 632
if ( !aes_self_test() )
+ − 633
{
+ − 634
alert('BUG: AES self-test failed');
+ − 635
login_cache.mb_object.destroy();
+ − 636
return false;
+ − 637
}
+ − 638
// Hide the error message and captcha
+ − 639
if ( document.getElementById('ajax_login_error_box') )
+ − 640
{
+ − 641
document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 642
}
+ − 643
if ( document.getElementById('autoCaptcha') )
+ − 644
{
+ − 645
var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 646
setTimeout(function() {
+ − 647
var d = document.getElementById('autoCaptcha');
+ − 648
d.parentNode.removeChild(d);
+ − 649
}, to);
+ − 650
}
+ − 651
// Encryption: preprocessor
+ − 652
if ( real )
+ − 653
{
+ − 654
var do_dh = true;
+ − 655
}
+ − 656
else if ( document.getElementById('ajax_login_field_dh') )
+ − 657
{
+ − 658
var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 659
}
+ − 660
else
+ − 661
{
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 662
if ( IE || is_iPhone )
460
+ − 663
{
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 664
// IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 665
// of the login form is there
+ − 666
if ( !document.getElementById('ajax_login_field_username') )
+ − 667
{
+ − 668
return false;
+ − 669
}
+ − 670
}
+ − 671
else
+ − 672
{
+ − 673
// The user probably clicked ok when the form wasn't in there.
+ − 674
return false;
+ − 675
}
436
+ − 676
}
+ − 677
if ( !username )
+ − 678
{
+ − 679
var username = document.getElementById('ajax_login_field_username').value;
+ − 680
}
+ − 681
if ( !password )
+ − 682
{
+ − 683
var password = document.getElementById('ajax_login_field_password').value;
+ − 684
}
+ − 685
if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 686
{
+ − 687
var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 688
}
+ − 689
+ − 690
if ( do_dh )
+ − 691
{
+ − 692
ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 693
if ( !real )
+ − 694
{
+ − 695
// Wait while the browser updates the login window
+ − 696
setTimeout(function()
+ − 697
{
+ − 698
ajaxLoginSubmitForm(true, username, password, captcha);
+ − 699
}, 200);
+ − 700
return true;
+ − 701
}
+ − 702
// Perform Diffie Hellman stuff
+ − 703
var dh_priv = dh_gen_private();
+ − 704
var dh_pub = dh_gen_public(dh_priv);
+ − 705
var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 706
// secret_hash is used to verify that the server guesses the correct secret
+ − 707
var secret_hash = hex_sha1(secret);
+ − 708
// crypt_key is the actual AES key
+ − 709
var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
+ − 710
}
+ − 711
else
+ − 712
{
+ − 713
var crypt_key = logindata.key_aes;
+ − 714
}
+ − 715
+ − 716
ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 717
+ − 718
// Encrypt the password and username
+ − 719
var userinfo = toJSONString({
+ − 720
username: username,
+ − 721
password: password
+ − 722
});
+ − 723
var crypt_key_ba = hexToByteArray(crypt_key);
+ − 724
userinfo = stringToByteArray(userinfo);
+ − 725
+ − 726
userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 727
userinfo = byteArrayToHex(userinfo);
+ − 728
// Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 729
+ − 730
// Collect other needed information
+ − 731
if ( logindata.captcha_hash )
+ − 732
{
+ − 733
var captcha_hash = logindata.captcha_hash;
+ − 734
var captcha_code = captcha;
+ − 735
}
+ − 736
else
+ − 737
{
+ − 738
var captcha_hash = false;
+ − 739
var captcha_code = false;
+ − 740
}
+ − 741
+ − 742
// Ship it across the 'net
+ − 743
if ( do_dh )
+ − 744
{
+ − 745
var json_packet = {
+ − 746
mode: 'login_dh',
+ − 747
userinfo: userinfo,
+ − 748
captcha_code: captcha_code,
+ − 749
captcha_hash: captcha_hash,
+ − 750
dh_public_key: logindata.key_dh,
+ − 751
dh_client_key: dh_pub,
+ − 752
dh_secret_hash: secret_hash,
+ − 753
level: logindata.user_level
+ − 754
}
+ − 755
}
+ − 756
else
+ − 757
{
+ − 758
var json_packet = {
+ − 759
mode: 'login_aes',
+ − 760
userinfo: userinfo,
+ − 761
captcha_code: captcha_code,
+ − 762
captcha_hash: captcha_hash,
+ − 763
key_aes: hex_md5(crypt_key),
+ − 764
level: logindata.user_level
+ − 765
}
+ − 766
}
+ − 767
ajaxLoginPerformRequest(json_packet);
+ − 768
}
+ − 769
582
+ − 770
window.ajaxLoginShowFriendlyError = function(response)
436
+ − 771
{
+ − 772
if ( !response.respawn_info )
+ − 773
return false;
+ − 774
if ( !response.error_code )
+ − 775
return false;
+ − 776
var text = ajaxLoginGetErrorText(response);
+ − 777
if ( document.getElementById('ajax_login_error_box') )
+ − 778
{
+ − 779
// console.info('Reusing existing error-box');
+ − 780
document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 781
return true;
+ − 782
}
+ − 783
+ − 784
// console.info('Drawing new error-box');
+ − 785
+ − 786
// calculate position for the top of the box
+ − 787
var mb_bottom = $('messageBoxButtons').Top() + $('messageBoxButtons').Height();
+ − 788
// if the box isn't done flying in yet, just estimate
+ − 789
if ( mb_bottom < ( getHeight() / 2 ) )
+ − 790
{
+ − 791
mb_bottom = ( getHeight() / 2 ) + 120;
+ − 792
}
+ − 793
var win_bottom = getHeight() + getScrollOffset();
+ − 794
var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 795
// left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 796
var left = getWidth() * 0.2;
+ − 797
+ − 798
// create the div
+ − 799
var errbox = document.createElement('div');
+ − 800
errbox.className = 'error-box-mini';
+ − 801
errbox.style.position = 'absolute';
+ − 802
errbox.style.width = '60%';
+ − 803
errbox.style.top = top + 'px';
+ − 804
errbox.style.left = left + 'px';
+ − 805
errbox.innerHTML = text;
+ − 806
errbox.id = 'ajax_login_error_box';
+ − 807
+ − 808
var body = document.getElementsByTagName('body')[0];
+ − 809
body.appendChild(errbox);
+ − 810
}
+ − 811
582
+ − 812
window.ajaxLoginGetErrorText = function(response)
436
+ − 813
{
+ − 814
switch ( response.error_code )
+ − 815
{
+ − 816
default:
+ − 817
return $lang.get('user_err_' + response.error_code);
+ − 818
break;
+ − 819
case 'locked_out':
+ − 820
if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 821
{
+ − 822
return $lang.get('user_err_locked_out', {
+ − 823
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 824
lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 825
time_rem: response.respawn_info.lockout_info.time_rem,
+ − 826
plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 827
captcha_blurb: ''
+ − 828
});
+ − 829
break;
+ − 830
}
+ − 831
case 'invalid_credentials':
+ − 832
var base = $lang.get('user_err_invalid_credentials');
+ − 833
if ( response.respawn_info.locked_out )
+ − 834
{
+ − 835
base += ' ';
+ − 836
var captcha_blurb = '';
+ − 837
switch(response.respawn_info.lockout_info.lockout_policy)
+ − 838
{
+ − 839
case 'captcha':
+ − 840
captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 841
break;
+ − 842
case 'lockout':
+ − 843
break;
+ − 844
default:
+ − 845
base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 846
break;
+ − 847
}
+ − 848
base += $lang.get('user_err_locked_out', {
+ − 849
captcha_blurb: captcha_blurb,
+ − 850
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 851
lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 852
time_rem: response.respawn_info.lockout_info.time_rem,
+ − 853
plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 854
});
+ − 855
}
+ − 856
else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 857
{
+ − 858
// if we have a lockout policy of captcha or lockout, then warn the user
+ − 859
switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 860
{
+ − 861
case 'captcha':
+ − 862
base += $lang.get('user_err_invalid_credentials_lockout', {
+ − 863
fails: response.respawn_info.lockout_info.lockout_fails,
+ − 864
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 865
lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 866
});
+ − 867
break;
+ − 868
case 'lockout':
+ − 869
break;
+ − 870
}
+ − 871
}
+ − 872
return base;
+ − 873
break;
+ − 874
}
+ − 875
}
+ − 876
585
+ − 877
window.ajaxShowCaptcha = function(code)
+ − 878
{
+ − 879
var mydiv = document.createElement('div');
+ − 880
mydiv.style.backgroundColor = '#FFFFFF';
+ − 881
mydiv.style.padding = '10px';
+ − 882
mydiv.style.position = 'absolute';
+ − 883
mydiv.style.top = '0px';
+ − 884
mydiv.id = 'autoCaptcha';
+ − 885
mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 886
var img = document.createElement('img');
+ − 887
img.onload = function()
+ − 888
{
+ − 889
if ( this.loaded )
+ − 890
return true;
+ − 891
var mydiv = document.getElementById('autoCaptcha');
+ − 892
var width = getWidth();
+ − 893
var divw = $dynano(mydiv).Width();
+ − 894
var left = ( width / 2 ) - ( divw / 2 );
+ − 895
mydiv.style.left = left + 'px';
+ − 896
fly_in_top(mydiv, false, true);
+ − 897
this.loaded = true;
+ − 898
};
+ − 899
img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 900
img.onclick = function() { this.src = this.src + '/a'; };
+ − 901
img.style.cursor = 'pointer';
+ − 902
mydiv.appendChild(img);
+ − 903
domObjChangeOpac(0, mydiv);
+ − 904
var body = document.getElementsByTagName('body')[0];
+ − 905
body.appendChild(mydiv);
+ − 906
}
+ − 907
582
+ − 908
window.ajaxInitLogout = function()
+ − 909
{
+ − 910
load_component('messagebox');
+ − 911
load_component('l10n');
+ − 912
var mb = new MessageBox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
+ − 913
mb.onclick['Yes'] = function()
+ − 914
{
+ − 915
window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + title);
+ − 916
}
+ − 917
}
+ − 918
+ − 919
window.mb_logout = function()
+ − 920
{
+ − 921
ajaxInitLogout();
+ − 922
}
+ − 923
+ − 924
window.ajaxStartLogin = function()
+ − 925
{
+ − 926
ajaxLogonToMember();
+ − 927
}
+ − 928
+ − 929
window.ajaxStartAdminLogin = function()
+ − 930
{
+ − 931
// IE <6 pseudo-compatibility
+ − 932
if ( KILL_SWITCH )
+ − 933
return true;
+ − 934
if ( auth_level < USER_LEVEL_ADMIN )
+ − 935
{
+ − 936
ajaxLoginInit(function(k) {
+ − 937
ENANO_SID = k;
+ − 938
auth_level = USER_LEVEL_ADMIN;
+ − 939
var loc = makeUrlNS('Special', 'Administration');
+ − 940
if ( (ENANO_SID + ' ').length > 1 )
+ − 941
window.location = loc;
+ − 942
}, USER_LEVEL_ADMIN);
+ − 943
return false;
+ − 944
}
+ − 945
var loc = makeUrlNS('Special', 'Administration');
+ − 946
window.location = loc;
+ − 947
}
+ − 948
+ − 949
window.ajaxAdminPage = function()
+ − 950
{
+ − 951
// IE <6 pseudo-compatibility
+ − 952
if ( KILL_SWITCH )
+ − 953
return true;
+ − 954
if ( auth_level < USER_LEVEL_ADMIN )
+ − 955
{
+ − 956
ajaxPromptAdminAuth(function(k) {
+ − 957
ENANO_SID = k;
+ − 958
auth_level = USER_LEVEL_ADMIN;
+ − 959
var loc = String(window.location + '');
+ − 960
window.location = append_sid(loc);
+ − 961
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 962
if ( (ENANO_SID + ' ').length > 1 )
+ − 963
window.location = loc;
+ − 964
}, 9);
+ − 965
return false;
+ − 966
}
+ − 967
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 968
window.location = loc;
+ − 969
}
+ − 970
+ − 971
var navto_ns;
+ − 972
var navto_pg;
+ − 973
var navto_ul;
+ − 974
+ − 975
window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 976
{
+ − 977
// IE <6 pseudo-compatibility
+ − 978
if ( KILL_SWITCH )
+ − 979
return true;
+ − 980
navto_pg = page_id;
+ − 981
navto_ns = namespace;
+ − 982
navto_ul = min_level;
+ − 983
if ( auth_level < min_level )
+ − 984
{
+ − 985
ajaxPromptAdminAuth(function(k) {
+ − 986
ENANO_SID = k;
+ − 987
auth_level = navto_ul;
+ − 988
var loc = makeUrlNS(navto_ns, navto_pg);
+ − 989
if ( (ENANO_SID + ' ').length > 1 )
+ − 990
window.location = loc;
+ − 991
}, min_level);
+ − 992
return false;
+ − 993
}
+ − 994
var loc = makeUrlNS(navto_ns, navto_pg);
+ − 995
window.location = loc;
+ − 996
}
+ − 997
+ − 998
window.ajaxAdminUser = function(username)
+ − 999
{
+ − 1000
// IE <6 pseudo-compatibility
+ − 1001
if ( KILL_SWITCH )
+ − 1002
return true;
+ − 1003
if ( auth_level < USER_LEVEL_ADMIN )
+ − 1004
{
+ − 1005
ajaxPromptAdminAuth(function(k) {
+ − 1006
ENANO_SID = k;
+ − 1007
auth_level = USER_LEVEL_ADMIN;
+ − 1008
var loc = String(window.location + '');
+ − 1009
window.location = append_sid(loc);
+ − 1010
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1011
if ( (ENANO_SID + ' ').length > 1 )
+ − 1012
window.location = loc;
+ − 1013
}, 9);
+ − 1014
return false;
+ − 1015
}
+ − 1016
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1017
window.location = loc;
+ − 1018
}