author | Dan |
Wed, 06 Jan 2010 02:02:51 -0500 | |
changeset 1206 | 50f6c144ec68 |
parent 1158 | e733f984c990 |
child 1222 | d1ded7b4c775 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
2 |
/**!info** |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
3 |
{ |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialuserfuncs_title", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
6 |
"Description" : "plugin_specialuserfuncs_desc", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
8 |
"Version" : "1.1.6", |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
10 |
} |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
517
diff
changeset
|
11 |
**!*/ |
0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
15 |
* Copyright (C) 2006-2009 Dan Fuhry |
0 | 16 |
* |
17 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
18 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
19 |
* |
|
20 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
21 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
22 |
*/ |
|
23 |
||
24 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
25 |
||
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
591
diff
changeset
|
26 |
// $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();'); |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
27 |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
28 |
function SpecialUserFuncs_paths_init() |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
29 |
{ |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
30 |
register_special_page('Login', 'specialpage_log_in'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
31 |
register_special_page('Logout', 'specialpage_log_out'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
32 |
register_special_page('Register', 'specialpage_register'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
33 |
register_special_page('Preferences', 'specialpage_preferences'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
34 |
register_special_page('Contributions', 'specialpage_contributions'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
35 |
register_special_page('ChangeStyle', 'specialpage_change_theme'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
36 |
register_special_page('ActivateAccount', 'specialpage_activate_account'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
37 |
register_special_page('Captcha', 'specialpage_captcha'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
38 |
register_special_page('PasswordReset', 'specialpage_password_reset'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
39 |
register_special_page('Memberlist', 'specialpage_member_list'); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
40 |
register_special_page('LangExportJSON', 'specialpage_language_export', false); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
41 |
register_special_page('Avatar', 'specialpage_avatar', false); |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
586
diff
changeset
|
42 |
} |
0 | 43 |
|
44 |
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
|
45 |
||
46 |
$__login_status = ''; |
|
47 |
||
48 |
function page_Special_Login() |
|
49 |
{ |
|
50 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
51 |
global $login_result; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
52 |
global $lang, $output; |
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
53 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
54 |
// Determine which level we're going up to |
0 | 55 |
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER; |
56 |
if ( isset($_POST['login']) ) |
|
57 |
{ |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
58 |
if ( in_array($_POST['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) |
0 | 59 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
60 |
$level = intval($_POST['level']); |
0 | 61 |
} |
62 |
} |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
63 |
// Don't allow going from guest straight to elevated |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
64 |
// FIXME do we want to allow this with a CSRF check? |
0 | 65 |
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) |
66 |
{ |
|
67 |
$level = USER_LEVEL_MEMBER; |
|
68 |
} |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
69 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
70 |
// If we're already at or above this level, redirect to the target page or, if no target |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
71 |
// specified, back to the main page. |
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
72 |
if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) |
1117
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
73 |
{ |
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
74 |
if ( $target = $paths->getAllParams() ) |
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
75 |
{ |
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
76 |
redirect(makeUrl($target), '', '', 0); |
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
77 |
} |
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
78 |
$paths->main_page(); |
1117
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
79 |
} |
4d8ffe107a0d
Login: if return-to specified and already logged in, jump to return-to instead of main page.
Dan
parents:
1109
diff
changeset
|
80 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
81 |
// Lockout aliasing |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
82 |
$lockout =& $login_result['lockout']; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
83 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
84 |
$output->header(); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
85 |
echo '<form action="' . makeUrl($paths->nslist['Special'].'Login') . '" method="post" name="loginform" onsubmit="try { return runEncryption(); } catch(e) { console.error(e); };">'; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
86 |
|
0 | 87 |
if ( $p = $paths->getAllParams() ) |
88 |
{ |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
89 |
echo '<input type="hidden" name="return_to" value="' . htmlspecialchars($p) . '" />'; |
0 | 90 |
} |
91 |
else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
|
92 |
{ |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
93 |
echo '<input type="hidden" name="return_to" value="' . htmlspecialchars($_POST['return_to']) . '" />'; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
94 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
95 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
96 |
// determine what the "remember me" checkbox should say |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
97 |
$session_time = intval(getConfig('session_remember_time', '30')); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
98 |
if ( $session_time === 0 ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
99 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
100 |
// sessions are infinite |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
101 |
$text_remember = $lang->get('user_login_check_remember_infinite'); |
0 | 102 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
103 |
else |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
104 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
105 |
// is the number of days evenly divisible by 7? if so, use weeks |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
106 |
if ( $session_time % 7 == 0 ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
107 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
108 |
$session_time = $session_time / 7; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
109 |
$unit = 'week'; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
110 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
111 |
else |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
112 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
113 |
$unit = 'day'; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
114 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
115 |
// if it's not equal to 1, pluralize it |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
116 |
if ( $session_time != 1 ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
117 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
118 |
$unit .= $lang->get('meta_plural'); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
119 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
120 |
$text_remember = $lang->get('user_login_check_remember', array( |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
121 |
'session_length' => $session_time, |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
122 |
'length_units' => $lang->get("etc_unit_$unit") |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
123 |
)); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
124 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
125 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
126 |
if ( $error_text = login_get_error($login_result) ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
127 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
128 |
echo '<div class="error-box-mini">' . htmlspecialchars($error_text) . '</div>'; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
129 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
130 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
131 |
// |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
132 |
// START FORM |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
133 |
// |
0 | 134 |
?> |
135 |
<div class="tblholder"> |
|
136 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
137 |
<tr> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
138 |
<th colspan="3"> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
139 |
<!-- Table header: "Please enter..." --> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
140 |
<?php echo ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short'); ?> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
141 |
</th> |
0 | 142 |
</tr> |
143 |
<tr> |
|
144 |
<td colspan="3" class="row1"> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
145 |
<!-- Introduction text --> |
0 | 146 |
<?php |
147 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
209 | 148 |
echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>'; |
0 | 149 |
else |
209 | 150 |
echo '<p>' . $lang->get('user_login_body_elev') . '</p>'; |
0 | 151 |
?> |
152 |
</td> |
|
153 |
</tr> |
|
154 |
<tr> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
155 |
<!-- Username field --> |
0 | 156 |
<td class="row2"> |
209 | 157 |
<?php echo $lang->get('user_login_field_username'); ?>: |
0 | 158 |
</td> |
159 |
<td class="row1"> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
160 |
<input name="username" size="25" type="text" value="<?php echo $session->user_logged_in ? htmlspecialchars($session->username) : ''; ?>" /> |
0 | 161 |
</td> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
162 |
<?php if ( $level <= USER_LEVEL_MEMBER ): ?> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
163 |
<!-- Forgot password / create account links --> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
164 |
<td rowspan="<?php echo ( ( $lockout['active'] && $lockout['policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3"> |
209 | 165 |
<small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br /> |
166 |
<?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small> |
|
0 | 167 |
</td> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
168 |
<?php endif; ?> |
0 | 169 |
</tr> |
170 |
<tr> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
171 |
<!-- Password field --> |
209 | 172 |
<td class="row2"> |
173 |
<?php echo $lang->get('user_login_field_password'); ?>: |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
174 |
</td><td class="row1"><input name="password" size="25" type="password" /></td> |
0 | 175 |
</tr> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
176 |
|
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
177 |
<?php |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
178 |
// CAPTCHA? |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
179 |
if ( $lockout['active'] && $lockout['policy'] == 'captcha' ) |
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
180 |
{ |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
181 |
?> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
182 |
<!-- CAPTCHA --> |
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
183 |
<tr> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
184 |
<td class="row2" rowspan="2"> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
185 |
<?php echo $lang->get('user_login_field_captcha'); ?>: |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
186 |
<br /> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
187 |
</td> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
188 |
<td class="row1"> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
189 |
<input type="hidden" name="captcha_hash" value="<?php echo $lockout['captcha']; ?>" /> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
190 |
<input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /> |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
191 |
</td> |
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
192 |
</tr> |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
193 |
<tr> |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
194 |
<td class="row3"> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
195 |
<img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockout['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" /> |
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
196 |
</td> |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
197 |
</tr> |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
198 |
<?php |
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents:
133
diff
changeset
|
199 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
200 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
201 |
// Run hooks |
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
202 |
$code = $plugins->setHook('login_form_html'); |
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
203 |
foreach ( $code as $cmd ) |
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
204 |
{ |
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
205 |
eval($cmd); |
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
206 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
207 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
208 |
// level-2 only: "Remember me" switch |
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
209 |
if ( $level <= USER_LEVEL_MEMBER ) |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
210 |
{ |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
211 |
?> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
212 |
<tr> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
213 |
<td class="row2"> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
214 |
<?php echo $lang->get('user_login_field_remember'); ?> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
215 |
</td> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
216 |
<td class="row1" colspan="2"> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
217 |
<label> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
218 |
<input type="checkbox" name="remember" tabindex="3" /> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
219 |
<?php echo $text_remember; ?> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
220 |
</label> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
221 |
</td> |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
222 |
</tr> |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
223 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
224 |
<!-- Crypto notice --> |
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
225 |
<?php |
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents:
685
diff
changeset
|
226 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
227 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
228 |
// lol DeMorgan'd |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
229 |
$crypto_disable = ( isset($_GET['use_crypt']) && $_GET['use_crypt'] == '0' ); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
230 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
231 |
// Crypto disable: crypto on, normal login |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
232 |
if ( $level <= USER_LEVEL_MEMBER && !$crypto_disable ) |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
233 |
{ |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
234 |
echo '<tr> |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
235 |
<td class="row3" colspan="3">'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
236 |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
237 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
238 |
$nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true); |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
239 |
echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
240 |
echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
241 |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
242 |
echo ' </td> |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
243 |
</tr>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
244 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
245 |
// Crypto disable: crypto OFF, normal login |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
246 |
else if ( $level <= USER_LEVEL_MEMBER && $crypto_disable ) |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
247 |
{ |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
248 |
echo '<tr> |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
249 |
<td class="row3" colspan="3">'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
250 |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
251 |
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
252 |
$usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true); |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
253 |
echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
254 |
echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
255 |
|
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
256 |
echo ' </td> |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
257 |
</tr>'; |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
258 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
259 |
// Crypto disable: crypto on, ELEV login |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
260 |
else if ( $level > USER_LEVEL_MEMBER && $GLOBALS['dh_supported'] ) |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
261 |
{ |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
262 |
echo '<tr>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
263 |
echo '<td class="row3" colspan="3">'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
264 |
echo '<p>' . $lang->get('user_login_dh_notice') . '</p>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
265 |
echo '</td>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
266 |
echo '</tr>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
267 |
} |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
268 |
?> |
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
269 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
270 |
<!-- Submit button --> |
0 | 271 |
<tr> |
1119 | 272 |
<th colspan="3" style="text-align: center" class="subhead"> |
273 |
<input type="hidden" name="login" value="true" /> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
274 |
<input type="submit" value="<?php echo $lang->get('user_login_btn_log_in'); ?>" /> |
1119 | 275 |
</th> |
0 | 276 |
</tr> |
277 |
</table> |
|
278 |
</div> |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
279 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
280 |
<input type="hidden" name="level" value="<?php echo (string)$level; ?>" /> |
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
281 |
<?php if ( $level <= USER_LEVEL_MEMBER ): ?> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
282 |
<script type="text/javascript"> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
283 |
document.forms.loginform.username.focus(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
284 |
</script> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
285 |
<?php else: ?> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
286 |
<script type="text/javascript"> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
287 |
document.forms.loginform.pass.focus(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
288 |
</script> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
289 |
<?php endif; ?> |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
290 |
<?php |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
291 |
echo $session->generate_aes_form(); |
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
292 |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
293 |
// Any additional parameters that need to be passed back? |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
294 |
if ( $p = $paths->getAllParams() ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
295 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
296 |
// ... only if we have a return_to destination. |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
297 |
$get_fwd = $_GET; |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
298 |
unset($get_fwd['do']); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
299 |
if ( isset($get_fwd['target_do']) ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
300 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
301 |
$get_fwd['do'] = $get_fwd['target_do']; |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
302 |
unset($get_fwd['target_do']); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
303 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
304 |
if ( isset($get_fwd['level']) ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
305 |
unset($get_fwd['level']); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
306 |
if ( isset($get_fwd['title']) ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
307 |
unset($get_fwd['title']); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
308 |
|
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
309 |
if ( !empty($get_fwd) ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
310 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
311 |
$get_string = htmlspecialchars(enano_json_encode($get_fwd)); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
312 |
echo '<input type="hidden" name="get_fwd" value="' . $get_string . '" />'; |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
313 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
314 |
} |
1101
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
315 |
else if ( isset($_POST['get_fwd']) ) |
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
316 |
{ |
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
317 |
echo '<input type="hidden" name="get_fwd" value="' . htmlspecialchars($_POST['get_fwd']) . '" />'; |
30d8bb88572d
Sessions: Improved inactive account UX; shuffled around a bit of code so that whitelist checks are shared; fixed a bunch of bugs related to ban code and IPv6 addresses
Dan
parents:
1081
diff
changeset
|
318 |
} |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
319 |
?> |
0 | 320 |
</form> |
321 |
<?php |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
322 |
if ( !$crypto_disable ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
323 |
echo $session->aes_javascript('loginform', 'password'); |
0 | 324 |
?> |
325 |
<?php |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
326 |
$output->footer(); |
0 | 327 |
} |
328 |
||
329 |
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called |
|
330 |
{ |
|
331 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
332 |
global $login_result; |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
333 |
global $lang; |
604
6a90893622f0
Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents:
593
diff
changeset
|
334 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
335 |
// Are we calling the JSON interface? |
1109
c424a15a1656
Common: renamed global $title to $urlname (it broke the API from non-plugin Enano scripts)
Dan
parents:
1101
diff
changeset
|
336 |
$paths->fullpage = $GLOBALS['urlname']; |
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
337 |
if ( $paths->getParam(0) === 'action.json' ) |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
338 |
{ |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
339 |
if ( !isset($_POST['r']) ) |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
340 |
die('No request.'); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
341 |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
342 |
$request = $_POST['r']; |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
343 |
try |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
344 |
{ |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
345 |
$request = enano_json_decode($request); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
346 |
} |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
347 |
catch ( Exception $e ) |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
348 |
{ |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
349 |
die(enano_json_encode(array( |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
350 |
'mode' => 'error', |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
351 |
'error' => 'ERR_JSON_PARSE_FAILED' |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
352 |
))); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
353 |
} |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
354 |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
355 |
echo enano_json_encode($session->process_login_request($request)); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
356 |
|
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
357 |
$db->close(); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
358 |
exit; |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
359 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
360 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
361 |
// No. Process incoming results from the HTML version. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
362 |
if ( isset($_POST['login']) ) |
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents:
504
diff
changeset
|
363 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
364 |
$_POST['password'] = $session->get_aes_post(); |
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
365 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
366 |
$result = $session->process_login_request(array( |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
367 |
'mode' => 'login_pt', |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
368 |
'userinfo' => $_POST, |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
369 |
'level' => $_POST['level'], |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
370 |
'captcha_hash' => isset($_POST['captcha_hash']) ? $_POST['captcha_hash'] : false, |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
371 |
'captcha_code' => isset($_POST['captcha_code']) ? $_POST['captcha_code'] : false |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
372 |
)); |
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
373 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
374 |
if ( $result['mode'] === 'login_success' ) |
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents:
832
diff
changeset
|
375 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
376 |
// |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
377 |
// LOGIN SUCCESS. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
378 |
// Redirect as necessary. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
379 |
// |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
380 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
381 |
// Load our preferences |
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
382 |
$session->start(); |
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
383 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
384 |
// Decode get_add |
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
385 |
$get_add = false; |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
386 |
if ( isset($_POST['get_fwd']) ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
387 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
388 |
try |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
389 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
390 |
$get_fwd = enano_json_decode($_POST['get_fwd']); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
391 |
$get_add = ''; |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
392 |
foreach ( $get_fwd as $key => $value ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
393 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
394 |
$get_add .= "&{$key}=" . urlencode($value); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
395 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
396 |
$get_add = ltrim($get_add, '&'); |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
397 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
398 |
catch ( Exception $e ) |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
399 |
{ |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
400 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
401 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
402 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
403 |
// Going to a user-specified page? |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
404 |
if ( isset($_POST['return_to']) ) |
0 | 405 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
406 |
// yea |
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
912
diff
changeset
|
407 |
$name = get_page_title($_POST['return_to']); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
408 |
$subst = array( |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
409 |
'username' => $session->username, |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
410 |
'redir_target' => $name |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
411 |
); |
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
412 |
redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); |
0 | 413 |
} |
414 |
else |
|
415 |
{ |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
416 |
// No, redirect them to the main page |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
417 |
$subst = array( |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
418 |
'username' => $session->username, |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
419 |
'redir_target' => $lang->get('user_login_success_body_mainpage') |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
420 |
); |
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
845
diff
changeset
|
421 |
redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); |
0 | 422 |
} |
423 |
} |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
424 |
else if ( $result['mode'] === 'login_success_reset' ) |
0 | 425 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
426 |
// They logged in with a temporary password; send them to the reset form |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
427 |
redirect($result['redirect_url'], '', '', 0); |
0 | 428 |
} |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
429 |
// Otherwise, the result is likely an error. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
430 |
$login_result = $result; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
431 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
432 |
else |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
433 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
434 |
$login_result = $session->process_login_request(array( |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
435 |
'mode' => 'getkey' |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
436 |
)); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
437 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
438 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
439 |
// This is a bit of a hack. The login form generates AES and DiffieHellman keys on its |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
440 |
// own, so we need to clean up the ones from the login request API. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
441 |
if ( !empty($login_result['crypto']) ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
442 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
443 |
$session->process_login_request(array( |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
444 |
'mode' => 'clean_key', |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
445 |
'key_aes' => $login_result['crypto']['aes_key'], |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
446 |
'key_dh' => $login_result['crypto']['dh_public_key'], |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
447 |
)); |
0 | 448 |
} |
449 |
} |
|
450 |
||
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
451 |
/** |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
452 |
* Given a Login API response, find the appropriate error text, if any. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
453 |
* @param array LoginAPI response |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
454 |
* @return mixed Error string, or bool(false) if no error. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
455 |
*/ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
456 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
457 |
function login_get_error($response) |
0 | 458 |
{ |
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
459 |
global $lang; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
460 |
|
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
461 |
if ( !empty($response['lockout']) ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
462 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
463 |
// set this pluralality thing |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
464 |
$response['lockout']['plural'] = $response['lockout']['time_rem'] == 1 ? '' : $lang->get('meta_plural'); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
465 |
} |
0 | 466 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
467 |
if ( $response['mode'] == 'initial' ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
468 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
469 |
// Just showing the box for the first time. If there's an error now, it's based on a preexisting lockout. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
470 |
if ( $response['lockout']['active'] ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
471 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
472 |
return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
473 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
474 |
return false; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
475 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
476 |
else |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
477 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
478 |
// An attempt was made. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
479 |
switch($response['mode']) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
480 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
481 |
case 'login_failure': |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
482 |
// Generic login user error. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
483 |
$error = ''; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
484 |
if ( ($x = $lang->get($response['error'])) != $response['error'] ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
485 |
$error = $x; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
486 |
else |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
487 |
$error = $lang->get('user_err_' . $response['error']); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
488 |
if ( $response['lockout']['active'] && $response['lockout']['policy'] == 'lockout' ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
489 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
490 |
// Lockout enforcement was just activated. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
491 |
return $lang->get('user_err_locked_out_initial_' . $response['lockout']['policy'], $response['lockout']); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
492 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
493 |
else if ( $response['lockout']['policy'] != 'disable' && !$response['lockout']['active'] && $response['lockout']['fails'] > 0 ) |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
494 |
{ |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
495 |
// Lockout is in a warning state. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
496 |
$error .= ' ' . $lang->get('user_err_invalid_credentials_' . $response['lockout']['policy'], $response['lockout']); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
497 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
498 |
return $error; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
499 |
break; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
500 |
case 'api_error': |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
501 |
// Error in the API. |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
502 |
return $lang->get('user_err_login_generic_title') + ': ' + $lang->get('user_' . strtolower($response['error'])); |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
503 |
break; |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
504 |
} |
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
505 |
} |
0 | 506 |
|
1132
05fe0039d952
Logins: reorganized data structures a bit. WiP - needs test routine done.
Dan
parents:
1119
diff
changeset
|
507 |
return is_string($response['error']) ? $response['error'] : false; |
0 | 508 |
} |
509 |
||
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
510 |
function page_Special_Logout() |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
511 |
{ |
0 | 512 |
global $db, $session, $paths, $template, $plugins; // Common objects |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
513 |
global $lang; |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
514 |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
515 |
if ( !$session->user_logged_in ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
516 |
$paths->main_page(); |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
517 |
|
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
518 |
$token = $paths->getParam(0); |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
519 |
if ( $token !== $session->csrf_token ) |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
520 |
{ |
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents:
562
diff
changeset
|
521 |
csrf_request_confirm(); |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
522 |
} |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
523 |
|
0 | 524 |
$l = $session->logout(); |
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
525 |
if ( $l == 'success' ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
526 |
{ |
741 | 527 |
$url = makeUrl(get_main_page(), false, true); |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
528 |
if ( $paths->getParam(1) ) |
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
529 |
{ |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
530 |
$pi = explode('/', $paths->getAllParams()); |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
531 |
$pi = implode('/', array_values(array_slice($pi, 1))); |
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
532 |
list($pid, $ns) = RenderMan::strToPageID($pi); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
533 |
$perms = $session->fetch_page_acl($pid, $ns); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
534 |
if ( $perms->get_permissions('read') ) |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
535 |
{ |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
536 |
$url = makeUrl($pi, false, true); |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
537 |
} |
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
430
diff
changeset
|
538 |
} |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
539 |
redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3); |
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
540 |
} |
0 | 541 |
$template->header(); |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
542 |
echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>'; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
543 |
echo '<p>' . $l . '</p>'; |
0 | 544 |
$template->footer(); |
545 |
} |
|
546 |
||
30 | 547 |
function page_Special_Register() |
548 |
{ |
|
0 | 549 |
global $db, $session, $paths, $template, $plugins; // Common objects |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
550 |
global $lang; |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
551 |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
552 |
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) |
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
553 |
{ |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
554 |
$paths->main_page(); |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
555 |
} |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
556 |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
557 |
// form field trackers |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
558 |
$username = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
559 |
$email = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
560 |
$realname = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
561 |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
562 |
$terms = getConfig('register_tou'); |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
563 |
|
0 | 564 |
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) |
565 |
{ |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
566 |
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : ''; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
567 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s); |
0 | 568 |
} |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
569 |
// are we locked out from logging in? if so, also lock out registration |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
570 |
if ( getConfig('lockout_policy') === 'lockout' ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
571 |
{ |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
572 |
$ip = $db->escape($_SERVER['REMOTE_ADDR']); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
573 |
$threshold = time() - ( 60 * intval(getConfig('lockout_duration')) ); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
574 |
$limit = intval(getConfig('lockout_threshold')); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
575 |
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;"); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
576 |
if ( !$q ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
577 |
$db->_die(); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
578 |
if ( $db->numrows() >= $limit ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
579 |
{ |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
580 |
$row = $db->fetchrow(); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
581 |
$db->free_result(); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
582 |
$time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
583 |
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '</p>'); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
584 |
} |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
585 |
$db->free_result(); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
586 |
} |
30 | 587 |
if(isset($_POST['submit'])) |
588 |
{ |
|
589 |
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; |
|
590 |
||
0 | 591 |
$captcharesult = $session->get_captcha($_POST['captchahash']); |
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
592 |
$session->kill_captcha(); |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
593 |
// bypass captcha if logged in (at this point, if logged in, we're admin) |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
594 |
if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) ) |
30 | 595 |
{ |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
596 |
$s = $lang->get('user_reg_err_captcha'); |
30 | 597 |
} |
0 | 598 |
else |
30 | 599 |
{ |
600 |
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) ) |
|
601 |
{ |
|
602 |
$s = 'Invalid COPPA input'; |
|
603 |
} |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
604 |
else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) ) |
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
605 |
{ |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
606 |
$s = $lang->get('user_reg_err_accept_tou'); |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
607 |
} |
30 | 608 |
else |
609 |
{ |
|
610 |
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
611 |
$s = false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
612 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
613 |
// decrypt password |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
614 |
// as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
615 |
// and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
616 |
// forgot his password, that's his problem. |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
617 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
618 |
if ( $_POST['use_crypt'] == 'yes' ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
619 |
{ |
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
270
diff
changeset
|
620 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
621 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
622 |
if ( !$crypt_key ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
623 |
{ |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
624 |
$s = $lang->get('user_reg_err_missing_key'); |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
625 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
626 |
else |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
627 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
628 |
$data = $_POST['crypt_data']; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
629 |
$bin_key = hexdecode($crypt_key); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
630 |
//die("Decrypting with params: key $crypt_key, data $data"); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
631 |
$password = $aes->decrypt($data, $bin_key, ENC_HEX); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
632 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
633 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
634 |
else |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
635 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
636 |
$password = $_POST['password']; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
637 |
} |
30 | 638 |
|
799 | 639 |
$error =& $s; |
640 |
||
641 |
/** |
|
642 |
* Validation of POST data coming from registration. Put an error message in the variable $error to stop registration. |
|
643 |
* @hook ucp_register_validate |
|
644 |
*/ |
|
645 |
||
646 |
$code = $plugins->setHook('ucp_register_validate'); |
|
647 |
foreach ( $code as $cmd ) |
|
648 |
{ |
|
649 |
eval($cmd); |
|
650 |
} |
|
651 |
||
652 |
// All things verified, create account |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
653 |
if ( !$s ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
654 |
$s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); |
30 | 655 |
} |
656 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
657 |
if($s == 'success' && !$coppa) |
0 | 658 |
{ |
659 |
switch(getConfig('account_activation')) |
|
660 |
{ |
|
661 |
case "none": |
|
662 |
default: |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
663 |
$str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true))); |
0 | 664 |
break; |
665 |
case "user": |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
666 |
$str = $lang->get('user_reg_msg_success_activ_user'); |
0 | 667 |
break; |
668 |
case "admin": |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
669 |
$str = $lang->get('user_reg_msg_success_activ_admin'); |
0 | 670 |
break; |
671 |
} |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
672 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>'); |
0 | 673 |
} |
30 | 674 |
else if ( $s == 'success' && $coppa ) |
675 |
{ |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
676 |
$str = $lang->get('user_reg_msg_success_activ_coppa'); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
677 |
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>'); |
30 | 678 |
} |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
679 |
$username = htmlspecialchars($_POST['username']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
680 |
$email = htmlspecialchars($_POST['email']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
681 |
$realname = htmlspecialchars($_POST['real_name']); |
0 | 682 |
} |
683 |
$template->header(); |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
684 |
echo $lang->get('user_reg_msg_greatercontrol'); |
30 | 685 |
|
686 |
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) |
|
687 |
{ |
|
688 |
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); |
|
689 |
$session->kill_captcha(); |
|
690 |
$captchacode = $session->make_captcha(); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
691 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
692 |
$pubkey = $session->rijndael_genkey(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
693 |
$challenge = $session->dss_rand(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
694 |
|
30 | 695 |
?> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
696 |
<h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3> |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
697 |
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();"> |
30 | 698 |
<div class="tblholder"> |
699 |
<table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
700 |
<tr><th colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
701 |
|
30 | 702 |
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
703 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
704 |
<!-- FIELD: Username --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
705 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
706 |
<td class="row1" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
707 |
<?php echo $lang->get('user_reg_lbl_field_username'); ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
708 |
<span id="e_username"></span> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
709 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
710 |
<td class="row1" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
711 |
<input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
712 |
</td> |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
713 |
<td class="row1" style="width: 1px;"> |
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
714 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
715 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
716 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
717 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
718 |
<!-- FIELD: Password --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
719 |
<tr> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
720 |
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
721 |
<?php echo $lang->get('user_reg_lbl_field_password'); ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
722 |
<span id="e_password"></span> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
723 |
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
724 |
<small><?php echo $lang->get('user_reg_msg_password_score'); ?></small> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
725 |
<?php endif; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
726 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
727 |
<td class="row3" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
728 |
<input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
729 |
</td> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
730 |
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;"> |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
731 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
732 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
733 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
734 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
735 |
<!-- FIELD: Password confirmation --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
736 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
737 |
<td class="row3" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
738 |
<input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
739 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
740 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
741 |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
742 |
<!-- FIELD: Password strength meter --> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
743 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
744 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
745 |
<tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
746 |
<td class="row3" style="width: 50%;"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
747 |
<div id="pwmeter"></div> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
748 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
749 |
</tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
750 |
<?php endif; ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
751 |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
752 |
<!-- FIELD: E-mail address --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
753 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
754 |
<td class="row1" style="width: 50%;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
755 |
<?php |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
756 |
if ( $coppa ) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
757 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
758 |
echo $lang->get('user_reg_lbl_field_email_coppa'); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
759 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
760 |
else |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
761 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
762 |
echo $lang->get('user_reg_lbl_field_email'); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
763 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
764 |
?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
765 |
<?php |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
766 |
if ( ( $x = getConfig('account_activation') ) == 'user' ) |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
767 |
{ |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
768 |
echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>'; |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
769 |
} |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
770 |
?> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
771 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
772 |
<td class="row1" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
773 |
<input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
774 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
775 |
<td class="row1" style="max-width: 24px;"> |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
776 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
777 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
778 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
779 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
780 |
<!-- FIELD: Real name --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
781 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
782 |
<td class="row3" style="width: 50%;"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
783 |
<?php echo $lang->get('user_reg_lbl_field_realname'); ?><br /> |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
784 |
<small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
785 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
786 |
<td class="row3" style="width: 50%;"> |
799 | 787 |
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /> |
788 |
</td> |
|
789 |
<td class="row3" style="max-width: 24px;"> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
790 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
791 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
792 |
|
799 | 793 |
<?php |
794 |
/** |
|
795 |
* Allows adding fields to the user registration form. Form is built with Enano tables, 3 columns. (Rightmost can be left empty or if you're using Javascript validation an image you can update with your own Javascript code) |
|
796 |
* @hook ucp_register_form |
|
797 |
*/ |
|
798 |
||
799 |
$code = $plugins->setHook('ucp_register_form'); |
|
800 |
foreach ( $code as $cmd ) |
|
801 |
{ |
|
802 |
eval($cmd); |
|
803 |
} |
|
804 |
?> |
|
805 |
||
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
806 |
<!-- FIELD: CAPTCHA image --> |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
807 |
<?php |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
808 |
if ( !$session->user_logged_in ): |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
809 |
?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
810 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
811 |
<td class="row1" style="width: 50%;" rowspan="2"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
812 |
<?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
813 |
<small> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
814 |
<?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
815 |
<br /> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
816 |
<?php echo $lang->get('user_reg_msg_captcha_blind'); ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
817 |
</small> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
818 |
</td> |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
819 |
<td class="row1"> |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
820 |
<img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" style="cursor: pointer;" onclick="regenCaptcha(); return false;" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
821 |
</td> |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
822 |
<td class="row1"> |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
823 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_captcha" /> |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
824 |
</td> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
825 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
826 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
827 |
<!-- FIELD: CAPTCHA input field --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
828 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
829 |
<td class="row1" colspan="2"> |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
830 |
<?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?> |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
831 |
<input tabindex="6" name="captchacode" type="text" size="10" onkeyup="validateCaptcha(this);" /> |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
832 |
<img id="captchaajax" width="16" height="16" src="<?php echo cdnPath; ?>/images/spacer.gif" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
833 |
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
834 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
835 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
836 |
|
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
837 |
<!-- FIELD: TOU --> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
838 |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
839 |
<?php |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
840 |
if ( !empty($terms) ): |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
841 |
?> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
842 |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
843 |
<tr> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
844 |
<td class="row1" colspan="3"> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
845 |
<?php |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
846 |
echo $lang->get('user_reg_msg_please_read_tou'); |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
847 |
?> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
848 |
</td> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
849 |
</tr> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
850 |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
851 |
<tr> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
852 |
<td class="row3" colspan="3"> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
853 |
<div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;"> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
854 |
<?php |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
855 |
echo RenderMan::render($terms); |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
856 |
?> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
857 |
</div> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
858 |
<p style="text-align: center;"> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
859 |
<label> |
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
860 |
<input tabindex="7" type="checkbox" name="tou_agreed" /> |
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
861 |
<b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
862 |
</label> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
863 |
</p> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
864 |
</td> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
865 |
</tr> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
866 |
|
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
867 |
<?php |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
868 |
endif; // !empty($terms) |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
869 |
endif; // $session->user_logged_in |
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
870 |
?> |
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents:
345
diff
changeset
|
871 |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
872 |
<!-- FIELD: submit button --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
873 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
874 |
<th class="subhead" colspan="3" style="text-align: center;"> |
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
359
diff
changeset
|
875 |
<input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
876 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
877 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
878 |
|
30 | 879 |
</table> |
880 |
</div> |
|
881 |
<?php |
|
882 |
$val = ( $coppa ) ? 'yes' : 'no'; |
|
883 |
echo '<input type="hidden" name="coppa" value="' . $val . '" />'; |
|
884 |
?> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
885 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
886 |
<input type="hidden" name="use_crypt" value="no" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
887 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
888 |
<input type="hidden" name="crypt_data" value="" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
889 |
<script type="text/javascript"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
890 |
// ENCRYPTION CODE |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
891 |
function runEncryption() |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
892 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
893 |
var frm = document.forms.regform; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
894 |
if ( frm.password.value.length < 1 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
895 |
return true; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
896 |
pass1 = frm.password.value; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
897 |
pass2 = frm.password_confirm.value; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
898 |
if ( pass1 != pass2 ) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
899 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
900 |
alert($lang.get('user_reg_err_alert_password_nomatch')); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
901 |
return false; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
902 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
903 |
if ( pass1.length < 6 && pass1.length > 0 ) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
904 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
905 |
alert($lang.get('user_reg_err_alert_password_tooshort')); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
906 |
return false; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
907 |
} |
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
908 |
if(aes_self_test()) |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
909 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
910 |
frm.use_crypt.value = 'yes'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
911 |
var cryptkey = frm.crypt_key.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
912 |
frm.crypt_key.value = hex_md5(cryptkey); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
913 |
cryptkey = hexToByteArray(cryptkey); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
914 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
915 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
916 |
frm.submit.disabled = true; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
917 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
918 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
919 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
920 |
pass = frm.password.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
921 |
pass = stringToByteArray(pass); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
922 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
923 |
if(!cryptstring) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
924 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
925 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
926 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
927 |
cryptstring = byteArrayToHex(cryptstring); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
928 |
frm.crypt_data.value = cryptstring; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
929 |
frm.password.value = ""; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
930 |
frm.password_confirm.value = ""; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
931 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
932 |
return true; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
933 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
934 |
</script> |
30 | 935 |
</form> |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
936 |
<!-- Don't optimize this script, it fails when compressed --> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
937 |
<enano:no-opt> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
938 |
<script type="text/javascript"> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
939 |
// <![CDATA[ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
940 |
var namegood = false; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
941 |
function validateForm(field) |
0 | 942 |
{ |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
943 |
if ( typeof(field) != 'object' ) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
944 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
945 |
field = { |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
946 |
name: '_nil', |
459
31c23016ab62
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
parents:
458
diff
changeset
|
947 |
value: '_nil' |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
948 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
949 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
950 |
// wait until $lang is initted |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
951 |
if ( typeof($lang) != 'object' ) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
952 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
953 |
setTimeout('validateForm();', 200); |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
954 |
return false; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
955 |
} |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
956 |
var frm = document.forms.regform; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
957 |
failed = false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
958 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
959 |
// Username |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
960 |
if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) |
30 | 961 |
{ |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
962 |
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig)) |
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
963 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig'); |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
964 |
if ( frm.username.value.match(regex) ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
965 |
{ |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
966 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
967 |
document.getElementById('e_username').innerHTML = ' '; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
968 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
969 |
failed = true; |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
970 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
971 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
972 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
973 |
} |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
974 |
if ( document.getElementById('b_username') ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
975 |
{ |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
976 |
document.getElementById('b_username').innerHTML = ''; |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
977 |
if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1') |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
978 |
{ |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
979 |
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />'; |
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
980 |
} |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
981 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
982 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
983 |
// Password |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
984 |
if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
985 |
{ |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
986 |
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
987 |
{ |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
988 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
989 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>'; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
990 |
} else { |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
991 |
failed = true; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
992 |
if(frm.password.value.length < 6) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
993 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
994 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>'; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
995 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
996 |
else if(frm.password.value != frm.password_confirm.value) |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
997 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
998 |
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>'; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
999 |
} |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1000 |
else |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1001 |
{ |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1002 |
document.getElementById('e_password').innerHTML = ''; |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1003 |
} |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1004 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1005 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1006 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1007 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1008 |
// E-mail address |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1009 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1010 |
// workaround for idiot jEdit bug |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1011 |
if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1012 |
{ |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1013 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1014 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1015 |
failed = true; |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1016 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1017 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1018 |
if(failed) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1019 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1020 |
frm.submit.disabled = 'disabled'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1021 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1022 |
frm.submit.disabled = false; |
30 | 1023 |
} |
1024 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1025 |
function checkUsername() |
30 | 1026 |
{ |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1027 |
var frm = document.forms.regform; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1028 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1029 |
if(!namegood) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1030 |
{ |
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1031 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig'); |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
263
diff
changeset
|
1032 |
if ( frm.username.value.match(regex) ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1033 |
{ |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1034 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1035 |
document.getElementById('e_username').innerHTML = ' '; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1036 |
} else { |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1037 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1038 |
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1039 |
return false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1040 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1041 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1042 |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1043 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1044 |
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() { |
407
35d94240a197
Mass-fixed all AJAX functions to also check the HTTP status code before parsing the response
Dan
parents:
404
diff
changeset
|
1045 |
if ( ajax.readyState == 4 && ajax.status == 200 ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1046 |
if(ajax.responseText == 'good') |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1047 |
{ |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1048 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1049 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1050 |
namegood = true; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1051 |
} else if(ajax.responseText == 'bad') { |
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents:
402
diff
changeset
|
1052 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png'; |
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1053 |
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>'; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1054 |
namegood = false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1055 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1056 |
document.getElementById('e_username').innerHTML = ajax.responseText; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1057 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1058 |
}); |
0 | 1059 |
} |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1060 |
function regenCaptcha() |
30 | 1061 |
{ |
448 | 1062 |
var frm = document.forms.regform; |
517 | 1063 |
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000); |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1064 |
frm.captchacode.value = ''; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1065 |
return false; |
30 | 1066 |
} |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1067 |
function validateCaptcha(input) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1068 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1069 |
var frm = document.forms.regform; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1070 |
if ( input.value.length < 7 ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1071 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1072 |
return false; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1073 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1074 |
var valid_field = document.getElementById('s_captcha'); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1075 |
var loader_img = document.getElementById('captchaajax'); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1076 |
loader_img.src = cdnPath + '/images/loading.gif'; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1077 |
ajaxGet(makeUrlNS('Special', 'Captcha/' + frm.captchahash.value + '/validate=' + input.value), function(ajax) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1078 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1079 |
if ( ajax.readyState == 4 && ajax.status == 200 ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1080 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1081 |
var response = String(ajax.responseText + ''); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1082 |
if ( !check_json_response(response) ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1083 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1084 |
handle_invalid_json(response); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1085 |
return false; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1086 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1087 |
response = parseJSON(response); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1088 |
if ( response.valid ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1089 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1090 |
loader_img.src = cdnPath + '/images/spacer.gif'; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1091 |
valid_field.src = cdnPath + '/images/check.png'; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1092 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1093 |
else |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1094 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1095 |
valid_field.src = cdnPath + '/images/checkbad.png'; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1096 |
regenCaptcha(); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1097 |
document.getElementById('captchaimg').onload = function() |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1098 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1099 |
document.getElementById('captchaajax').src = cdnPath + '/images/spacer.gif'; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1100 |
input.focus(); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1101 |
}; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1102 |
input.value = ''; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1103 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1104 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1105 |
}); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1106 |
} |
614
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1107 |
addOnloadHook(function() |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1108 |
{ |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1109 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1110 |
var frm = document.forms.regform; |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1111 |
load_component('pwstrength'); |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1112 |
password_score_field(frm.password); |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1113 |
<?php endif; ?> |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1114 |
load_component('crypto'); |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1115 |
validateForm(); |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1116 |
setTimeout('checkUsername();', 1000); |
78d1e71dc720
Got user registration working with the new componentized JS framework
Dan
parents:
604
diff
changeset
|
1117 |
}); |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1118 |
// ]]> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1119 |
</script> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
1120 |
</enano:no-opt> |
30 | 1121 |
<?php |
1122 |
} |
|
1123 |
else |
|
1124 |
{ |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1125 |
$year = intval( enano_date('Y') ); |
30 | 1126 |
$year = $year - 13; |
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1127 |
$month = enano_date('F'); |
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1128 |
$day = enano_date('d'); |
30 | 1129 |
|
1130 |
$yo13_date = "$month $day, $year"; |
|
1131 |
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true); |
|
1132 |
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true); |
|
1133 |
||
1134 |
// COPPA enabled, ask age |
|
1135 |
echo '<div class="tblholder">'; |
|
1136 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
1137 |
echo '<tr> |
|
1138 |
<td class="row1"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1139 |
' . $lang->get('user_reg_coppa_title') . ' |
30 | 1140 |
</td> |
1141 |
</tr> |
|
1142 |
<tr> |
|
1143 |
<td class="row3"> |
|
221
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1144 |
<a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br /> |
e5302cb1945c
Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents:
210
diff
changeset
|
1145 |
<a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a> |
30 | 1146 |
</td> |
1147 |
</tr>'; |
|
1148 |
echo '</table>'; |
|
1149 |
echo '</div>'; |
|
1150 |
} |
|
0 | 1151 |
$template->footer(); |
1152 |
} |
|
1153 |
||
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1154 |
function page_Special_Contributions() |
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1155 |
{ |
0 | 1156 |
global $db, $session, $paths, $template, $plugins; // Common objects |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1157 |
global $lang; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1158 |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1159 |
// This is a vast improvement over the old Special:Contributions in 1.0.x. |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1160 |
|
0 | 1161 |
$template->header(); |
1162 |
$user = $paths->getParam(); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1163 |
if ( !$user && isset($_GET['user']) ) |
0 | 1164 |
{ |
1165 |
$user = $_GET['user']; |
|
1166 |
} |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1167 |
else if ( !$user && !isset($_GET['user']) ) |
0 | 1168 |
{ |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1169 |
echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>'; |
0 | 1170 |
$template->footer(); |
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1171 |
return; |
0 | 1172 |
} |
1173 |
||
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1174 |
$url = makeUrlNS("Special", "Log/user={$user}"); |
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents:
908
diff
changeset
|
1175 |
redirect($url, '', '', 0); |
0 | 1176 |
} |
1177 |
||
1178 |
function page_Special_ChangeStyle() |
|
1179 |
{ |
|
1180 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1181 |
global $lang; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1182 |
|
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1183 |
if ( !$session->user_logged_in ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1184 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1185 |
die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1186 |
} |
0 | 1187 |
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
1188 |
{ |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1189 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1190 |
die('Hacking attempt'); |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1191 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
1192 |
die('Hacking attempt'); |
0 | 1193 |
$d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
1194 |
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1195 |
if ( !file_exists($d) || !is_dir($d) ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1196 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1197 |
die('The directory "'.$d.'" does not exist.'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1198 |
} |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1199 |
if ( !file_exists($f) ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1200 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1201 |
die('The file "'.$f.'" does not exist.'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1202 |
} |
0 | 1203 |
$d = $db->escape($_POST['theme']); |
1204 |
$f = $db->escape($_POST['style']); |
|
1205 |
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1206 |
if ( !$db->sql_query($q) ) |
0 | 1207 |
{ |
1208 |
$db->_die('Your theme/style preferences were not updated.'); |
|
1209 |
} |
|
1210 |
else |
|
1211 |
{ |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1212 |
redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3); |
0 | 1213 |
} |
1214 |
} |
|
1215 |
else |
|
1216 |
{ |
|
1217 |
$template->header(); |
|
1218 |
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1219 |
if ( !$ret ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1220 |
{ |
741 | 1221 |
$ret = get_main_page(); |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1222 |
} |
0 | 1223 |
?> |
1224 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1225 |
<?php if ( !isset($_POST['themeselected']) ) { ?> |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1226 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3> |
0 | 1227 |
<p> |
1228 |
<select name="theme"> |
|
1229 |
<?php |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1230 |
foreach ( $template->theme_list as $t ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1231 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1232 |
if ( $t['enabled'] ) |
0 | 1233 |
{ |
1234 |
echo '<option value="'.$t['theme_id'].'"'; |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1235 |
if ( $t['theme_id'] == $session->theme ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1236 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1237 |
echo ' selected="selected"'; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1238 |
} |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1239 |
echo '>' . $t['theme_name'] . '</option>'; |
0 | 1240 |
} |
1241 |
} |
|
1242 |
?> |
|
1243 |
</select> |
|
1244 |
</p> |
|
1245 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1246 |
<input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p> |
0 | 1247 |
<?php } else { |
1248 |
$theme = $_POST['theme']; |
|
1249 |
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) ) |
|
1250 |
die('Hacking attempt'); |
|
1251 |
?> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1252 |
<h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3> |
0 | 1253 |
<p> |
1254 |
<select name="style"> |
|
1255 |
<?php |
|
1256 |
$dir = './themes/'.$theme.'/css/'; |
|
1257 |
$list = Array(); |
|
1258 |
// Open a known directory, and proceed to read its contents |
|
1259 |
if (is_dir($dir)) { |
|
1260 |
if ($dh = opendir($dir)) { |
|
1261 |
while (($file = readdir($dh)) !== false) { |
|
1262 |
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { |
|
1263 |
$list[] = substr($file, 0, strlen($file)-4); |
|
1264 |
} |
|
1265 |
} |
|
1266 |
closedir($dh); |
|
1267 |
} |
|
1268 |
} else die($dir.' is not a dir'); |
|
1269 |
foreach ( $list as $l ) |
|
1270 |
{ |
|
1271 |
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>'; |
|
1272 |
} |
|
1273 |
?> |
|
1274 |
</select> |
|
1275 |
</p> |
|
1276 |
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" /> |
|
1277 |
<input type="hidden" name="theme" value="<?php echo $theme; ?>" /> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1278 |
<input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p> |
0 | 1279 |
<?php } ?> |
1280 |
</form> |
|
1281 |
<?php |
|
1282 |
$template->footer(); |
|
1283 |
} |
|
1284 |
} |
|
1285 |
||
1286 |
function page_Special_ActivateAccount() |
|
1287 |
{ |
|
1288 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1289 |
global $lang; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1290 |
|
0 | 1291 |
$user = $paths->getParam(0); |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1292 |
if ( !$user ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1293 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1294 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1295 |
} |
0 | 1296 |
$key = $paths->getParam(1); |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1297 |
if ( !$key ) |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1298 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1299 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1300 |
} |
0 | 1301 |
$s = $session->activate_account(str_replace('_', ' ', $user), $key); |
1206
50f6c144ec68
Fixed some bugs with account activation, especially if you're a half-logged-in vegetable.
Dan
parents:
1158
diff
changeset
|
1302 |
if ( $s ) |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1303 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1304 |
die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1305 |
} |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1306 |
else |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1307 |
{ |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1308 |
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>'); |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1309 |
} |
0 | 1310 |
} |
1311 |
||
1312 |
function page_Special_Captcha() |
|
1313 |
{ |
|
1314 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1315 |
if ( $paths->getParam(0) == 'make' ) |
0 | 1316 |
{ |
1317 |
$session->kill_captcha(); |
|
1318 |
echo $session->make_captcha(); |
|
1319 |
return; |
|
1320 |
} |
|
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1321 |
|
0 | 1322 |
$hash = $paths->getParam(0); |
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1323 |
if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) ) |
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1324 |
{ |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1325 |
$paths->main_page(); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1326 |
} |
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1327 |
|
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1328 |
if ( $validate_code = $paths->getParam(1) ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1329 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1330 |
if ( preg_match('/^validate=(.+)$/', $validate_code, $match) ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1331 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1332 |
header('Content-type: text/javascript'); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1333 |
$code = $session->get_captcha($hash, true); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1334 |
$valid = strtolower($code) === strtolower($match[1]); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1335 |
if ( !$valid ) |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1336 |
{ |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1337 |
$session->make_captcha(7, $hash); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1338 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1339 |
echo enano_json_encode(array( |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1340 |
'valid' => $valid |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1341 |
)); |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1342 |
exit; |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1343 |
} |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1344 |
} |
402
d907601ccad2
Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents:
401
diff
changeset
|
1345 |
|
987 | 1346 |
$session->make_captcha(7, $hash); |
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1347 |
$code = $session->generate_captcha_code(); |
987 | 1348 |
// Avoid letting our captchas end up on failblog.org |
1349 |
// BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png |
|
989
79d558a94798
Added another word to the CAPTCHA blacklist (thanks Neal).
Dan
parents:
987
diff
changeset
|
1350 |
foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word ) |
987 | 1351 |
{ |
1352 |
if ( stristr($code, $word) ) |
|
1353 |
{ |
|
1354 |
// but don't put too much effort into this (will only correct this once) |
|
1158
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1355 |
// I mean, face it. If it generates one of those words twice in a row, either the local root has had |
e733f984c990
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.
Dan
parents:
1132
diff
changeset
|
1356 |
// way too much fun with his /dev/random, or this server is just plain gutter-minded. |
987 | 1357 |
$code = $session->generate_captcha_code(); |
1358 |
break; |
|
1359 |
} |
|
1360 |
} |
|
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1361 |
$q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';"); |
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1362 |
if ( !$q ) |
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1363 |
$db->_die(); |
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1364 |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
192
diff
changeset
|
1365 |
require ( ENANO_ROOT.'/includes/captcha.php' ); |
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1366 |
$captcha = captcha_object($hash, 'freecap'); |
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
459
diff
changeset
|
1367 |
// $captcha->debug = true; |
0 | 1368 |
$captcha->make_image(); |
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents:
387
diff
changeset
|
1369 |
|
0 | 1370 |
exit; |
1371 |
} |
|
1372 |
||
1373 |
function page_Special_PasswordReset() |
|
1374 |
{ |
|
1375 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1376 |
global $lang; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1377 |
|
0 | 1378 |
$template->header(); |
1379 |
if($paths->getParam(0) == 'stage2') |
|
1380 |
{ |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1381 |
require_once(ENANO_ROOT . '/includes/math.php'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1382 |
require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1383 |
|
0 | 1384 |
$user_id = intval($paths->getParam(1)); |
1385 |
$encpass = $paths->getParam(2); |
|
1386 |
if ( $user_id < 2 ) |
|
1387 |
{ |
|
1388 |
echo '<p>Hacking attempt</p>'; |
|
1389 |
$template->footer(); |
|
1390 |
return false; |
|
1391 |
} |
|
1392 |
if(!preg_match('#^([a-f0-9]+)$#i', $encpass)) |
|
1393 |
{ |
|
1394 |
echo '<p>Hacking attempt</p>'; |
|
1395 |
$template->footer(); |
|
1396 |
return false; |
|
1397 |
} |
|
1398 |
||
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1399 |
$q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';'); |
0 | 1400 |
if($db->numrows() < 1) |
1401 |
{ |
|
1402 |
echo '<p>Invalid credentials</p>'; |
|
1403 |
$template->footer(); |
|
1404 |
return false; |
|
1405 |
} |
|
1406 |
$row = $db->fetchrow(); |
|
1407 |
$db->free_result(); |
|
1408 |
||
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1409 |
$temp_pass = $session->pk_decrypt($encpass); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1410 |
$temp_hmac = hmac_sha1($temp_pass, $row['password_salt']); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1411 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1412 |
if ( $temp_hmac !== $row['temp_password'] ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1413 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1414 |
echo '<p>Invalid credentials</p>'; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1415 |
$template->footer(); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1416 |
return false; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1417 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1418 |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1419 |
if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
0 | 1420 |
{ |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1421 |
echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>'; |
0 | 1422 |
$template->footer(); |
1423 |
return false; |
|
1424 |
} |
|
1425 |
||
1426 |
if ( isset($_POST['do_stage2']) ) |
|
1427 |
{ |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1428 |
$data = $session->get_aes_post('pass'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1429 |
|
0 | 1430 |
if(empty($data)) |
1431 |
{ |
|
1432 |
echo 'ERROR: Sanity check failed!'; |
|
1433 |
$template->footer(); |
|
1434 |
return false; |
|
1435 |
} |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1436 |
if ( strlen($data) < 6 ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1437 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1438 |
echo '<p>' . $lang->get('userfuncs_passreset_err_too_short') . '</p>'; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1439 |
$template->footer(); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1440 |
return false; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1441 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1442 |
if ( $_POST['use_crypt'] == 'no' ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1443 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1444 |
if ( $_POST['pass'] !== $_POST['pass_confirm'] ) |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1445 |
{ |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1446 |
echo '<p>' . $lang->get('userfuncs_passreset_err_no_match') . '</p>'; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1447 |
$template->footer(); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1448 |
return false; |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1449 |
} |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1450 |
} |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1451 |
if ( getConfig('pw_strength_enable') == '1' ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1452 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1453 |
$min_score = intval(getConfig('pw_strength_minimum')); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1454 |
$inp_score = password_score($data); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1455 |
if ( $inp_score < $min_score ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1456 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1457 |
$url = makeUrl($paths->fullpage); |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1458 |
echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>"; |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1459 |
$template->footer(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1460 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1461 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1462 |
} |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1463 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1464 |
$session->set_password($user_id, $data); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1465 |
|
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1466 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';'); |
0 | 1467 |
|
1468 |
if($q) |
|
1469 |
{ |
|
1470 |
$session->login_without_crypto($row['username'], $data); |
|
741 | 1471 |
echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '</p>'; |
0 | 1472 |
} |
1473 |
else |
|
1474 |
{ |
|
1475 |
echo $db->get_error(); |
|
1476 |
} |
|
1477 |
||
1478 |
$template->footer(); |
|
1479 |
return false; |
|
1480 |
} |
|
1481 |
||
1482 |
// Password reset form |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1483 |
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1484 |
$pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div></td></tr>' : ''; |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1485 |
$pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : ''; |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1486 |
|
0 | 1487 |
?> |
1488 |
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
|
1489 |
<br /> |
|
1490 |
<div class="tblholder"> |
|
1491 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1492 |
<tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr> |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1493 |
<tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr> |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1494 |
<tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1495 |
<?php echo $pw_meter; ?> |
0 | 1496 |
<tr> |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1497 |
<td colspan="2" class="row3" style="text-align: center;"> |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1498 |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1499 |
<input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" /> |
0 | 1500 |
</td> |
1501 |
</tr> |
|
1502 |
</table> |
|
1503 |
</div> |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1504 |
<?php echo $session->generate_aes_form(); ?> |
0 | 1505 |
</form> |
1506 |
<script type="text/javascript"> |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1507 |
addOnloadHook(function() |
0 | 1508 |
{ |
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1509 |
load_component('pwstrength'); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1510 |
password_score_field(document.forms.resetform.pass); |
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1511 |
}); |
0 | 1512 |
</script> |
1513 |
<?php |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
799
diff
changeset
|
1514 |
echo $session->aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key'); |
0 | 1515 |
$template->footer(); |
1516 |
return true; |
|
1517 |
} |
|
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1518 |
if ( $session->user_logged_in ) |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1519 |
{ |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1520 |
$paths->main_page(); |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1521 |
} |
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents:
688
diff
changeset
|
1522 |
|
0 | 1523 |
if(isset($_POST['do_reset'])) |
1524 |
{ |
|
1525 |
if($session->mail_password_reset($_POST['username'])) |
|
1526 |
{ |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1527 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>'; |
0 | 1528 |
} |
1529 |
else |
|
1530 |
{ |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1531 |
echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>'; |
0 | 1532 |
} |
1533 |
$template->footer(); |
|
1534 |
return true; |
|
1535 |
} |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1536 |
echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p> |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1537 |
<p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p> |
0 | 1538 |
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1539 |
<p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p> |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1540 |
<p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p> |
0 | 1541 |
</form>'; |
1542 |
$template->footer(); |
|
1543 |
} |
|
1544 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1545 |
function page_Special_Memberlist() |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1546 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1547 |
global $db, $session, $paths, $template, $plugins; // Common objects |
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1548 |
global $lang; |
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
334
diff
changeset
|
1549 |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1550 |
$template->header(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1551 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1552 |
$startletters = 'abcdefghijklmnopqrstuvwxyz'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1553 |
$startletters = enano_str_split($startletters); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1554 |
$startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1555 |
if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1556 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1557 |
$startletter = ''; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1558 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1559 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1560 |
$startletter_sql = $startletter; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1561 |
if ( $startletter == 'chr' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1562 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1563 |
$startletter_sql = '([^a-z])'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1564 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1565 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1566 |
// offset |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1567 |
$perpage = 25; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1568 |
$page = (( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 1) - 1; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1569 |
$offset = $page * $perpage; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1570 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1571 |
// sort order |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1572 |
$sortkeys = array( |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1573 |
'uid' => 'u.user_id', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1574 |
'username' => 'u.username', |
111 | 1575 |
'email' => 'u.email', |
1576 |
'regist' => 'u.reg_time' |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1577 |
); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1578 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1579 |
$sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1580 |
$sort_sqllet = $sortkeys[$sortby]; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1581 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1582 |
$target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1583 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1584 |
$sortorders = array(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1585 |
foreach ( $sortkeys as $k => $_unused ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1586 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1587 |
$sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1588 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1589 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1590 |
// Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1591 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1592 |
echo '<div class="tblholder"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1593 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1594 |
<tr>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1595 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1596 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1597 |
foreach ( $startletters as $letter ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1598 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1599 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1600 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1601 |
echo ' </tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1602 |
</table> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1603 |
</div>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1604 |
|
105 | 1605 |
// User search |
1606 |
if ( isset($_GET['finduser']) ) |
|
1607 |
{ |
|
1608 |
$finduser = str_replace(array( '%', '_'), |
|
1609 |
array('\\%', '\\_'), |
|
1610 |
$_GET['finduser']); |
|
1611 |
$finduser = str_replace(array('*', '?'), |
|
1612 |
array('%', '_'), |
|
1613 |
$finduser); |
|
1614 |
$finduser = $db->escape($finduser); |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1615 |
$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; |
105 | 1616 |
$finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; |
1617 |
} |
|
1618 |
else |
|
1619 |
{ |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1620 |
if ( ENANO_DBLAYER == 'MYSQL' ) |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1621 |
$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")'; |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1622 |
else if ( ENANO_DBLAYER == 'PGSQL' ) |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1623 |
$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; |
105 | 1624 |
$finduser_url = ''; |
1625 |
} |
|
1626 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1627 |
// Column markers |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1628 |
$headings = '<tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1629 |
<th style="max-width: 50px;"> |
105 | 1630 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a> |
1631 |
</th> |
|
1632 |
<th> |
|
342 | 1633 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a> |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1634 |
</th> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1635 |
<th> |
342 | 1636 |
' . $lang->get('userfuncs_ml_column_userlevel') . ' |
111 | 1637 |
</th> |
1638 |
<th> |
|
342 | 1639 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a> |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1640 |
</th> |
111 | 1641 |
<th> |
342 | 1642 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a> |
111 | 1643 |
</th> |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1644 |
</tr>'; |
105 | 1645 |
|
1646 |
// determine number of rows |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1647 |
$q = $db->sql_query('SELECT COUNT(u.user_id) FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';'); |
105 | 1648 |
if ( !$q ) |
1649 |
$db->_die(); |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1650 |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1651 |
list($num_rows) = $db->fetchrow_num(); |
105 | 1652 |
$db->free_result(); |
1653 |
||
1654 |
if ( !empty($finduser_url) ) |
|
1655 |
{ |
|
342 | 1656 |
switch ( $num_rows ) |
1657 |
{ |
|
1658 |
case 0: |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1659 |
$str = ''; /* $lang->get('userfuncs_ml_msg_matches_zero'); */ break; |
342 | 1660 |
case 1: |
1661 |
$str = $lang->get('userfuncs_ml_msg_matches_one'); break; |
|
1662 |
default: |
|
1663 |
$str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break; |
|
1664 |
} |
|
1665 |
echo "<h3>$str</h3>"; |
|
105 | 1666 |
} |
1667 |
||
1668 |
// main selector |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1669 |
$pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : ''; |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1670 |
$q = $db->sql_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1671 |
LEFT JOIN '.table_prefix.'users_extra AS x |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1672 |
ON ( u.user_id = x.user_id ) |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1673 |
LEFT JOIN ' . table_prefix . 'comments AS c |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1674 |
ON ( u.user_id = c.user_id ) |
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
1675 |
WHERE ' . $username_where . ' AND u.username != \'Anonymous\' |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1676 |
GROUP BY u.user_id' . $pgsql_additional_group_by . ' |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1677 |
ORDER BY ' . $sort_sqllet . ' ' . $target_order . ' |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1678 |
LIMIT ' . $perpage . ' OFFSET ' . $offset . ';'); |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1679 |
if ( !$q ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1680 |
$db->_die(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1681 |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1682 |
// formatter parameters |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1683 |
$formatter = new MemberlistFormatter(); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1684 |
$formatters = array( |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1685 |
'username' => array($formatter, 'username'), |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1686 |
'user_level' => array($formatter, 'user_level'), |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1687 |
'email' => array($formatter, 'email'), |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1688 |
'reg_time' => array($formatter, 'reg_time'), |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1689 |
'infobit' => array($formatter, 'infobit') |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1690 |
); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1691 |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1692 |
$result_url = makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1693 |
$paginator = generate_paginator($page, ceil($num_rows / $perpage), $result_url); |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1694 |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1695 |
if ( $num_rows > 0 ) |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1696 |
{ |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1697 |
if ( $num_rows > $perpage ) |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1698 |
echo $paginator; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1699 |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1700 |
echo '<div class="tblholder"> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1701 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1702 |
' . $headings; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1703 |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1704 |
$i = 0; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1705 |
while ( $row = $db->fetchrow($q) ) |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1706 |
{ |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1707 |
$i++; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1708 |
$cls = ( $i % 2 == 0 ) ? 'row2' : 'row1'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1709 |
echo '<tr>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1710 |
echo '<td class="' . $cls . '">' . $row['user_id'] . '</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1711 |
echo '<td class="' . $cls . '" style="text-align: left;">' . $formatter->username($row['username'], $row) . '</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1712 |
echo '<td class="' . $cls . '">' . $formatter->user_level($row['user_level'], $row) . '</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1713 |
echo '<td class="' . $cls . '">' . $formatter->email($row['email'], $row) . '</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1714 |
echo '<td class="' . $cls . '">' . $formatter->reg_time($row['reg_time'], $row) . '</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1715 |
echo '</tr>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1716 |
echo '<tr>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1717 |
echo '<td colspan="5" class="row3" style="text-align: left;"> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1718 |
<div id="ml_moreinfo_' . $row['user_id'] . '" style="display: none;"> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1719 |
' . $formatter->infobit(true, $row) . ' |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1720 |
</div> |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1721 |
</td>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1722 |
echo '</tr>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1723 |
} |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1724 |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1725 |
echo ' ' . $headings . ' |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1726 |
</table> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1727 |
</div> |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1728 |
'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1729 |
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1730 |
if ( $num_rows > $perpage ) |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1731 |
echo $paginator; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1732 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1733 |
else |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1734 |
{ |
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1735 |
echo '<h2 class="emptymessage">' . $lang->get('log_msg_no_results') . '</h2>'; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1736 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1737 |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1738 |
echo '<div style="float: left;"> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1739 |
<form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">' |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1740 |
. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' ) |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1741 |
. ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1742 |
. '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br /> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1743 |
<small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>' |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1744 |
. '</form> |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1745 |
</div>'; |
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
1746 |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1747 |
$template->footer(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1748 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1749 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1750 |
/** |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1751 |
* Class for formatting results for the memberlist. |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1752 |
* @access private |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1753 |
*/ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1754 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1755 |
class MemberlistFormatter |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1756 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1757 |
function username($username, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1758 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1759 |
global $db, $session, $paths, $template, $plugins; // Common objects |
342 | 1760 |
global $lang; |
1761 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1762 |
$userpage = $paths->nslist['User'] . sanitize_page_id($username); |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1763 |
$class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"'; |
743 | 1764 |
$anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . ' onclick="load_component(\'jquery\'); load_component(\'jquery-ui\'); var el = document.getElementById(\'ml_moreinfo_' . $row['user_id'] . '\'); $(el).toggle(\'blind\'); return false;">' . htmlspecialchars($username) . '</a>'; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1765 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1766 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1767 |
$anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '" |
342 | 1768 |
onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>'; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1769 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1770 |
return $anchor; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1771 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1772 |
function user_level($level, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1773 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1774 |
global $db, $session, $paths, $template, $plugins; // Common objects |
342 | 1775 |
global $lang; |
908
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1776 |
/* |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1777 |
switch ( $level ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1778 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1779 |
case USER_LEVEL_GUEST: |
342 | 1780 |
$s_level = $lang->get('userfuncs_ml_level_guest'); break; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1781 |
case USER_LEVEL_MEMBER: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1782 |
case USER_LEVEL_CHPREF: |
342 | 1783 |
$s_level = $lang->get('userfuncs_ml_level_member'); break; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1784 |
case USER_LEVEL_MOD: |
342 | 1785 |
$s_level = $lang->get('userfuncs_ml_level_mod'); break; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1786 |
case USER_LEVEL_ADMIN: |
342 | 1787 |
$s_level = $lang->get('userfuncs_ml_level_admin'); break; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1788 |
default: |
342 | 1789 |
$s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level )); |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1790 |
} |
908
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1791 |
*/ |
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1792 |
|
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1793 |
// TODO: Requested by mm3. Is this too CPU-intensive? Optimize? |
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1794 |
// Performance yield =/= about the same (but only 4 users under testing conditions) |
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1795 |
$rankdata = $session->get_user_rank($row['user_id']); |
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1796 |
$s_level = '<span style="' . $rankdata['rank_style'] . '">' . $lang->get($rankdata['rank_title']) . '</span>'; |
44302dd20d62
Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents:
907
diff
changeset
|
1797 |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1798 |
return $s_level; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1799 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1800 |
function email($addy, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1801 |
{ |
342 | 1802 |
global $lang; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1803 |
if ( $row['email_public'] == '1' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1804 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1805 |
global $email; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1806 |
$addy = $email->encryptEmail($addy); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1807 |
return $addy; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1808 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1809 |
else |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1810 |
{ |
342 | 1811 |
return '<small><' . $lang->get('userfuncs_ml_email_nonpublic') . '></small>'; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1812 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1813 |
} |
111 | 1814 |
/** |
1815 |
* Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. |
|
1816 |
* @param int UNIX timestamp |
|
1817 |
* @return string |
|
1818 |
*/ |
|
1819 |
||
912 | 1820 |
public static function format_date($time) |
111 | 1821 |
{ |
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
1822 |
// merged into enano_date() :) |
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1032
diff
changeset
|
1823 |
return enano_date(ED_DATE, $time); |
111 | 1824 |
} |
1825 |
function reg_time($time, $row) |
|
1826 |
{ |
|
1827 |
return $this->format_date($time); |
|
1828 |
} |
|
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1829 |
function infobit($_, $row) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1830 |
{ |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1831 |
global $db, $session, $paths, $template, $plugins; // Common objects |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1832 |
global $lang; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1833 |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1834 |
$bit = ''; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1835 |
if ( $row['user_has_avatar'] == 1 ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1836 |
{ |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1837 |
$bit .= '<div style="float: left; margin-right: 10px;"> |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1838 |
<img alt=" " src="' . make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']) . '" /> |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1839 |
</div>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1840 |
} |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1841 |
$rank_data = $session->get_user_rank(intval($row['user_id'])); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1842 |
$userpage = $paths->nslist['User'] . sanitize_page_id($row['username']); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1843 |
$title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1844 |
$bit .= '<a' . $title . ' href="' . makeUrlNS('User', $row['username'], false, true) . '" style="font-size: x-large; ' . $rank_data['rank_style'] . '">' . htmlspecialchars($row['username']) . '</a><br />'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1845 |
if ( $rank_data['user_title'] ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1846 |
$bit .= htmlspecialchars($rank_data['user_title']) . '<br />'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1847 |
if ( $rank_data['rank_title'] ) |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1848 |
$bit .= '<small>' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '</small><br />'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1849 |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1850 |
$bit .= '<div style="text-align: right;"> |
969
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
parents:
960
diff
changeset
|
1851 |
<a href="' . makeUrlNS('Special', "PrivateMessages/Compose/To/{$row['username']}", false, true) . '" class="abutton icon abutton_blue" style="background-image: url(' . cdnPath . '/images/icons/send_pm.png);">' . $lang->get('comment_btn_send_privmsg') . '</a> |
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
parents:
960
diff
changeset
|
1852 |
<a href="' . makeUrlNS('Special', "PrivateMessages/FriendList/Add/{$row['username']}", false, true) . '" class="abutton icon abutton_green" style="background-image: url(' . cdnPath . '/images/icons/add_buddy.png);">' . $lang->get('comment_btn_add_buddy') . '</a> |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1853 |
</div>'; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1854 |
|
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1855 |
return $bit; |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1856 |
} |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1857 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1858 |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1859 |
function page_Special_LangExportJSON() |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1860 |
{ |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1861 |
global $db, $session, $paths, $template, $plugins; // Common objects |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1862 |
global $lang; |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1863 |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1864 |
$lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id; |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1865 |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1866 |
if ( $lang->lang_id == $lang_id ) |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1867 |
$lang_local =& $lang; |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1868 |
else |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1869 |
$lang_local = new Language($lang_id); |
782
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1870 |
|
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1871 |
$lang_local->get('meta_meta'); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1872 |
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1873 |
$lang_strings = enano_json_encode($lang_local->strings); |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1874 |
$etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp); |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1875 |
|
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1876 |
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1877 |
{ |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1878 |
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1879 |
{ |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1880 |
header('HTTP/1.1 304 Not Modified'); |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1881 |
exit(); |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1882 |
} |
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1883 |
} |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1884 |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
1885 |
$timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp); |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1886 |
// generate expires header |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1887 |
$expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1)); |
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1888 |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1889 |
header("Last-Modified: $timestamp"); |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1890 |
header("Date: $timestamp"); |
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1891 |
header("ETag: \"$etag\""); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1892 |
header('Content-type: text/javascript'); |
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents:
555
diff
changeset
|
1893 |
header("Expires: $expires"); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1894 |
|
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1895 |
$lang_local->fetch(); |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1896 |
echo "if ( typeof(enano_lang) != 'object' ) |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1897 |
var enano_lang = new Object(); |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1898 |
|
782
96848f04bbba
Corrected a few issues with languages and client-side code
Dan
parents:
743
diff
changeset
|
1899 |
enano_lang[{$lang_local->lang_id}] = " . $lang_strings . ";"; |
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
1900 |
|
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents:
542
diff
changeset
|
1901 |
gzip_output(); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1902 |
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
541
diff
changeset
|
1903 |
exit(0); |
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1904 |
} |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
209
diff
changeset
|
1905 |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1906 |
/** |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1907 |
* Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4. |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1908 |
*/ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1909 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1910 |
function page_Special_Avatar() |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1911 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1912 |
global $db, $session, $paths, $template, $plugins; // Common objects |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1913 |
global $aggressive_optimize_html; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1914 |
$aggressive_optimize_html = false; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1915 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1916 |
$img_types = array( |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1917 |
IMAGE_TYPE_PNG => 'png', |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1918 |
IMAGE_TYPE_GIF => 'gif', |
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1919 |
IMAGE_TYPE_JPG => 'jpg', |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1920 |
IMAGE_TYPE_GRV => 'grv' |
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1921 |
); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1922 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1923 |
$avi_id = $paths->getParam(0); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1924 |
if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1925 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1926 |
echo 'Doesn\'t match the regexp'; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1927 |
return true; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1928 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1929 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1930 |
$avi_id_dec = hexdecode($avi_id); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1931 |
$avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1932 |
if ( !$avi_id_dec ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1933 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1934 |
echo 'Bad unpack'; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1935 |
return true; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1936 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1937 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1938 |
// check parameters |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1939 |
if ( !isset($img_types[$avi_id_dec['img_type']]) ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1940 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1941 |
echo 'Invalid image type'; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1942 |
return true; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1943 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1944 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1945 |
// build file path |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1946 |
$avi_type = $img_types[$avi_id_dec['img_type']]; |
621
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1947 |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1948 |
// is this a gravatar? |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1949 |
if ( $avi_type == 'grv' ) |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1950 |
{ |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1951 |
// yes, we'll have to redirect |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1952 |
// sanitize UID |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1953 |
$uid = intval($avi_id_dec['uid']); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1954 |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1955 |
// fetch email |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1956 |
$q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;"); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1957 |
if ( !$q ) |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1958 |
$db->_die(); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1959 |
if ( $db->numrows() < 1 ) |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1960 |
return false; |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1961 |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1962 |
list($email) = $db->fetchrow_num(); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1963 |
$db->free_result(); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1964 |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1965 |
$url = make_gravatar_url($url); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1966 |
|
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1967 |
// ship out the redirect |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1968 |
header('HTTP/1.1 302 Permanent Redirect'); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1969 |
header("Location: $url"); |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1970 |
} |
68f8a9cc0a18
Added Gravatar support! And it's really configurable too.
Dan
parents:
614
diff
changeset
|
1971 |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1972 |
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1973 |
if ( file_exists($avi_path) ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1974 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1975 |
$avi_mod_time = @filemtime($avi_path); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1976 |
$avi_mod_time = date('r', $avi_mod_time); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1977 |
$avi_size = @filesize($avi_path); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1978 |
header("Last-Modified: $avi_mod_time"); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1979 |
header("Content-Length: $avi_size"); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1980 |
header("Content-Type: image/$avi_type"); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1981 |
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1982 |
header("Cache-Control: public"); |
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1983 |
// expire it 30 days from now |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1984 |
$expiry_time = time() + ( 86400 * 30 ); |
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents:
621
diff
changeset
|
1985 |
header("Expires: " . date('r', $expiry_time)); |
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1986 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1987 |
$fh = @fopen($avi_path, 'r'); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1988 |
if ( !$fh ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1989 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1990 |
echo 'Could not open file'; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1991 |
return true; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1992 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1993 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1994 |
while ( $fd = @fread($fh, 1024) ) |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1995 |
{ |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1996 |
echo $fd; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1997 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1998 |
fclose($fh); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
1999 |
|
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2000 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2001 |
return true; |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2002 |
} |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
2003 |
|
0 | 2004 |
?> |