436
+ − 1 /*
+ − 2 * AJAX-based intelligent login interface
+ − 3 */
+ − 4
+ − 5 /*
+ − 6 * FRONTEND
+ − 7 */
+ − 8
+ − 9 /**
+ − 10 * Performs a logon as a regular member.
+ − 11 */
+ − 12
582
+ − 13 window.ajaxLogonToMember = function()
436
+ − 14 {
+ − 15 // IE <6 pseudo-compatibility
+ − 16 if ( KILL_SWITCH )
+ − 17 return true;
+ − 18 if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19 return true;
+ − 20 ajaxLoginInit(function(k)
+ − 21 {
741
+ − 22 if ( on_main_page )
+ − 23 {
+ − 24 window.location = makeUrl(main_page_members);
+ − 25 }
+ − 26 else
+ − 27 {
+ − 28 window.location.reload();
+ − 29 }
436
+ − 30 }, USER_LEVEL_MEMBER);
+ − 31 }
+ − 32
+ − 33 /**
+ − 34 * Authenticates to the highest level the current user is allowed to go to.
+ − 35 */
+ − 36
582
+ − 37 window.ajaxLogonToElev = function()
436
+ − 38 {
+ − 39 if ( auth_level == user_level )
+ − 40 return true;
+ − 41
+ − 42 ajaxLoginInit(function(k)
+ − 43 {
+ − 44 ENANO_SID = k;
+ − 45 var url = String(' ' + window.location).substr(1);
+ − 46 url = append_sid(url);
+ − 47 window.location = url;
+ − 48 }, user_level);
+ − 49 }
+ − 50
+ − 51 /*
+ − 52 * BACKEND
+ − 53 */
+ − 54
+ − 55 /**
+ − 56 * Holding object for various AJAX authentication information.
+ − 57 * @var object
+ − 58 */
+ − 59
+ − 60 var logindata = {};
+ − 61
+ − 62 /**
+ − 63 * Path to the image used to indicate loading progress
+ − 64 * @var string
+ − 65 */
+ − 66
+ − 67 if ( !ajax_login_loadimg_path )
+ − 68 var ajax_login_loadimg_path = false;
+ − 69
+ − 70 if ( !ajax_login_successimg_path )
+ − 71 var ajax_login_successimg_path = false;
+ − 72
+ − 73 /**
+ − 74 * Status variables
+ − 75 * @var int
+ − 76 */
+ − 77
+ − 78 var AJAX_STATUS_LOADING_KEY = 1;
+ − 79 var AJAX_STATUS_GENERATING_KEY = 2;
+ − 80 var AJAX_STATUS_LOGGING_IN = 3;
+ − 81 var AJAX_STATUS_SUCCESS = 4;
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 82 var AJAX_STATUS_ERROR = 5;
436
+ − 83 var AJAX_STATUS_DESTROY = 65535;
+ − 84
+ − 85 /**
+ − 86 * State constants
+ − 87 * @var int
+ − 88 */
+ − 89
+ − 90 var AJAX_STATE_EARLY_INIT = 1;
+ − 91 var AJAX_STATE_LOADING_KEY = 2;
+ − 92
+ − 93 /**
+ − 94 * Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 95 * @param function The function that will be called once authentication completes successfully.
+ − 96 * @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 97 */
+ − 98
582
+ − 99 window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 100 {
780
f65e35566b63
A few fixes to the most recently added feature: more efficiency tweaks, tweaked l10n to have beetter fetch-on-demand support to ensure that stubs are never returned
Dan
diff
changeset
+ − 101 load_component(['messagebox', 'flyin', 'fadefilter', 'jquery', 'jquery-ui', 'l10n', 'crypto']);
582
+ − 102
436
+ − 103 logindata = {};
+ − 104
+ − 105 var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 106 logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 107
+ − 108 logindata.mb_object.onclick['Cancel'] = function()
+ − 109 {
+ − 110 // Hide the error message and captcha
+ − 111 if ( document.getElementById('ajax_login_error_box') )
+ − 112 {
+ − 113 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 114 }
+ − 115 if ( document.getElementById('autoCaptcha') )
+ − 116 {
+ − 117 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 118 setTimeout(function() {
+ − 119 var d = document.getElementById('autoCaptcha');
+ − 120 d.parentNode.removeChild(d);
+ − 121 }, to);
+ − 122 }
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 123 // Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 124 ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 125 mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 126 key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 127 key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 128 });
436
+ − 129 };
+ − 130
+ − 131 logindata.mb_object.onbeforeclick['OK'] = function()
+ − 132 {
+ − 133 ajaxLoginSubmitForm();
+ − 134 return true;
+ − 135 }
+ − 136
+ − 137 // Fetch the inner content area
+ − 138 logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 139
+ − 140 // Initialize state
+ − 141 logindata.showing_status = false;
+ − 142 logindata.user_level = user_level;
+ − 143 logindata.successfunc = call_on_finish;
+ − 144
+ − 145 // Build the "loading" window
+ − 146 ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 147
+ − 148 // Request the key
+ − 149 ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 150 }
+ − 151
+ − 152 /**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 153 * For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 154 */
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 155
582
+ − 156 window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 157 {
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 158 return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 159 }
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 160
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 161 /**
436
+ − 162 * Sets the contents of the AJAX login window to the appropriate status message.
+ − 163 * @param int One of AJAX_STATUS_*
+ − 164 */
+ − 165
582
+ − 166 window.ajaxLoginSetStatus = function(status)
436
+ − 167 {
+ − 168 if ( !logindata.mb_inner )
+ − 169 return false;
+ − 170 if ( logindata.showing_status )
+ − 171 {
+ − 172 var div = document.getElementById('ajax_login_status');
+ − 173 if ( div )
+ − 174 logindata.mb_inner.removeChild(div);
+ − 175 }
+ − 176 switch(status)
+ − 177 {
+ − 178 case AJAX_STATUS_LOADING_KEY:
+ − 179
+ − 180 // Create the status div
+ − 181 var div = document.createElement('div');
+ − 182 div.id = 'ajax_login_status';
+ − 183 div.style.marginTop = '10px';
+ − 184 div.style.textAlign = 'center';
+ − 185
+ − 186 // The circly ball ajaxy image + status message
+ − 187 var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 188
+ − 189 // Insert the status message
+ − 190 div.appendChild(document.createTextNode(status_msg));
+ − 191
+ − 192 // Append a br or two to space things properly
+ − 193 div.appendChild(document.createElement('br'));
+ − 194 div.appendChild(document.createElement('br'));
+ − 195
+ − 196 var img = document.createElement('img');
+ − 197 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 198 div.appendChild(img);
+ − 199
+ − 200 // Another coupla brs
+ − 201 div.appendChild(document.createElement('br'));
+ − 202 div.appendChild(document.createElement('br'));
+ − 203
+ − 204 // The link to the full login form
+ − 205 var small = document.createElement('small');
+ − 206 small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 207 div.appendChild(small);
+ − 208
+ − 209 // Insert the entire message into the login window
+ − 210 logindata.mb_inner.innerHTML = '';
+ − 211 logindata.mb_inner.appendChild(div);
+ − 212
+ − 213 break;
+ − 214 case AJAX_STATUS_GENERATING_KEY:
+ − 215
+ − 216 // Create the status div
+ − 217 var div = document.createElement('div');
+ − 218 div.id = 'ajax_login_status';
+ − 219 div.style.marginTop = '10px';
+ − 220 div.style.textAlign = 'center';
+ − 221
+ − 222 // The circly ball ajaxy image + status message
+ − 223 var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 224
+ − 225 // Insert the status message
+ − 226 div.appendChild(document.createTextNode(status_msg));
+ − 227
+ − 228 // Append a br or two to space things properly
+ − 229 div.appendChild(document.createElement('br'));
+ − 230 div.appendChild(document.createElement('br'));
+ − 231
+ − 232 var img = document.createElement('img');
+ − 233 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 234 div.appendChild(img);
+ − 235
+ − 236 // Another coupla brs
+ − 237 div.appendChild(document.createElement('br'));
+ − 238 div.appendChild(document.createElement('br'));
+ − 239
+ − 240 // The link to the full login form
+ − 241 var small = document.createElement('small');
+ − 242 small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 243 div.appendChild(small);
+ − 244
+ − 245 // Insert the entire message into the login window
+ − 246 logindata.mb_inner.innerHTML = '';
+ − 247 logindata.mb_inner.appendChild(div);
+ − 248
+ − 249 break;
+ − 250 case AJAX_STATUS_LOGGING_IN:
+ − 251
+ − 252 // Create the status div
+ − 253 var div = document.createElement('div');
+ − 254 div.id = 'ajax_login_status';
+ − 255 div.style.marginTop = '10px';
+ − 256 div.style.textAlign = 'center';
+ − 257
+ − 258 // The circly ball ajaxy image + status message
+ − 259 var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 260
+ − 261 // Insert the status message
+ − 262 div.appendChild(document.createTextNode(status_msg));
+ − 263
+ − 264 // Append a br or two to space things properly
+ − 265 div.appendChild(document.createElement('br'));
+ − 266 div.appendChild(document.createElement('br'));
+ − 267
+ − 268 var img = document.createElement('img');
+ − 269 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 270 div.appendChild(img);
+ − 271
+ − 272 // Insert the entire message into the login window
+ − 273 logindata.mb_inner.innerHTML = '';
+ − 274 logindata.mb_inner.appendChild(div);
+ − 275
+ − 276 break;
+ − 277 case AJAX_STATUS_SUCCESS:
+ − 278
+ − 279 // Create the status div
+ − 280 var div = document.createElement('div');
+ − 281 div.id = 'ajax_login_status';
+ − 282 div.style.marginTop = '10px';
+ − 283 div.style.textAlign = 'center';
+ − 284
+ − 285 // The circly ball ajaxy image + status message
+ − 286 var status_msg = $lang.get('user_login_success_short');
+ − 287
+ − 288 // Insert the status message
+ − 289 div.appendChild(document.createTextNode(status_msg));
+ − 290
+ − 291 // Append a br or two to space things properly
+ − 292 div.appendChild(document.createElement('br'));
+ − 293 div.appendChild(document.createElement('br'));
+ − 294
+ − 295 var img = document.createElement('img');
+ − 296 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 297 div.appendChild(img);
+ − 298
+ − 299 // Insert the entire message into the login window
+ − 300 logindata.mb_inner.innerHTML = '';
+ − 301 logindata.mb_inner.appendChild(div);
+ − 302
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 303 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 304
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 305 case AJAX_STATUS_ERROR:
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 306 // Create the status div
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 307 var div = document.createElement('div');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 308 div.id = 'ajax_login_status';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 309 div.style.marginTop = '10px';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 310 div.style.textAlign = 'center';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 311
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 312 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 313 var status_msg = $lang.get('user_login_ajax_err_crypto');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 314
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 315 // Insert the status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 316 div.appendChild(document.createTextNode(status_msg));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 317
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 318 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 319 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 320 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 321
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 322 var img = document.createElement('img');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 323 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 324 div.appendChild(img);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 325
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 326 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 327 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 328 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 329
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 330 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 331 var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 332 var full_link = $lang.get('user_login_ajax_err_crypto_link');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 333 var link = document.createElement('a');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 334 link.href = makeUrlNS('Special', 'Login/' + title);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 335 link.appendChild(document.createTextNode(full_link));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 336 var span = document.createElement('span');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 337 span.style.fontSize = 'smaller';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 338
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 339 // Insert the message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 340 span.appendChild(document.createTextNode(detail_msg + ' '));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 341 span.appendChild(link);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 342 div.appendChild(span);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 343
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 344 // Insert the entire message into the login window
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 345 logindata.mb_inner.innerHTML = '';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 346 logindata.mb_inner.appendChild(div);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 347
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 348 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 349
436
+ − 350 case AJAX_STATUS_DESTROY:
+ − 351 case null:
+ − 352 case undefined:
+ − 353 logindata.showing_status = false;
+ − 354 return null;
+ − 355 break;
+ − 356 }
+ − 357 logindata.showing_status = true;
+ − 358 }
+ − 359
+ − 360 /**
+ − 361 * Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 362 * @param object JSON packet to send
+ − 363 */
+ − 364
582
+ − 365 window.ajaxLoginPerformRequest = function(json)
436
+ − 366 {
+ − 367 json = toJSONString(json);
+ − 368 json = ajaxEscape(json);
+ − 369 ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function()
+ − 370 {
+ − 371 if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 372 {
+ − 373 // parse response
+ − 374 var response = String(ajax.responseText + '');
651
ce9d78d7251d
Improved JSON validation and error interface when validation fails; made rank manager support custom CSS
Dan
diff
changeset
+ − 375 if ( !check_json_response(response) )
436
+ − 376 {
+ − 377 handle_invalid_json(response);
+ − 378 return false;
+ − 379 }
+ − 380 response = parseJSON(response);
+ − 381 ajaxLoginProcessResponse(response);
+ − 382 }
+ − 383 }, true);
+ − 384 }
+ − 385
+ − 386 /**
+ − 387 * Processes a response from the login server
+ − 388 * @param object JSON response
+ − 389 */
+ − 390
582
+ − 391 window.ajaxLoginProcessResponse = function(response)
436
+ − 392 {
+ − 393 // Did the server send a plaintext error?
+ − 394 if ( response.mode == 'error' )
+ − 395 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 396 if ( logindata.mb_object )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 397 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 398 logindata.mb_object.destroy();
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 399 var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 400 new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 401 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 402 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 403 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 404 alert(response.error);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 405 }
436
+ − 406 return false;
+ − 407 }
+ − 408 // Main mode switch
+ − 409 switch ( response.mode )
+ − 410 {
+ − 411 case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 412 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 413 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 414 // The server wants us to build the login form, all the information is there
+ − 415 ajaxLoginBuildForm(response);
+ − 416 break;
+ − 417 case 'login_success':
+ − 418 ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
+ − 419 logindata.successfunc(response.key);
+ − 420 break;
+ − 421 case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 422 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 423 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 424 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 425 var mb_parent = document.getElementById('messageBox').parentNode;
728
+ − 426 $(mb_parent).effect("shake", {}, 200);
436
+ − 427 setTimeout(function()
+ − 428 {
+ − 429 document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 430 ajaxLoginBuildForm(response.respawn_info);
+ − 431 ajaxLoginShowFriendlyError(response);
+ − 432 }, 2500);
+ − 433 break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 434 case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 435 var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 436 if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 437 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 438 var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 439 window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 440 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 441 else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 442 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 443 // treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 444 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 445 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 446 var mb_parent = document.getElementById('messageBox').parentNode;
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 447 $(mb_parent).effect("shake", {}, 1500);
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 448 setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 449 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 450 document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 451 ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 452 // don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 453 }, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 454 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 455 break;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 456 case 'logout_success':
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 457 if ( ENANO_SID )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 458 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 459 ajaxLoginReplaceSIDInline(false, ENANO_SID, USER_LEVEL_MEMBER);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 460 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 461 break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 462 case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 463 break;
436
+ − 464 }
+ − 465 }
+ − 466
+ − 467 /*
+ − 468 * RESPONSE HANDLERS
+ − 469 */
+ − 470
+ − 471 /**
+ − 472 * Builds the login form.
+ − 473 * @param object Metadata to build off of
+ − 474 */
+ − 475
582
+ − 476 window.ajaxLoginBuildForm = function(data)
436
+ − 477 {
+ − 478 // let's hope this effectively preloads the image...
+ − 479 var _ = document.createElement('img');
+ − 480 _.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 481
+ − 482 var div = document.createElement('div');
+ − 483 div.id = 'ajax_login_form';
+ − 484
+ − 485 var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 486
+ − 487 // text displayed on re-auth
+ − 488 if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 489 {
+ − 490 div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 491 }
+ − 492
+ − 493 // Create the form
+ − 494 var form = document.createElement('form');
+ − 495 form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 496 form.onsubmit = function()
+ − 497 {
+ − 498 ajaxLoginSubmitForm();
+ − 499 return false;
+ − 500 }
460
+ − 501 if ( IE )
+ − 502 {
+ − 503 form.style.marginTop = '-20px';
+ − 504 }
436
+ − 505
+ − 506 // Using tables to wrap form elements because it results in a
+ − 507 // more visually appealing form. Yes, tables suck. I don't really
+ − 508 // care - they make forms look good.
+ − 509
+ − 510 var table = document.createElement('table');
+ − 511 table.style.margin = '0 auto';
+ − 512
+ − 513 // Field - username
+ − 514 var tr1 = document.createElement('tr');
+ − 515 var td1_1 = document.createElement('td');
+ − 516 td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 517 tr1.appendChild(td1_1);
+ − 518 var td1_2 = document.createElement('td');
+ − 519 var f_username = document.createElement('input');
+ − 520 f_username.id = 'ajax_login_field_username';
+ − 521 f_username.name = 'ajax_login_field_username';
+ − 522 f_username.type = 'text';
+ − 523 f_username.size = '25';
+ − 524 if ( data.username )
+ − 525 f_username.value = data.username;
+ − 526 td1_2.appendChild(f_username);
+ − 527 tr1.appendChild(td1_2);
+ − 528 table.appendChild(tr1);
+ − 529
+ − 530 // Field - password
+ − 531 var tr2 = document.createElement('tr');
+ − 532 var td2_1 = document.createElement('td');
+ − 533 td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 534 tr2.appendChild(td2_1);
+ − 535 var td2_2 = document.createElement('td');
+ − 536 var f_password = document.createElement('input');
+ − 537 f_password.id = 'ajax_login_field_password';
+ − 538 f_password.name = 'ajax_login_field_username';
+ − 539 f_password.type = 'password';
+ − 540 f_password.size = '25';
+ − 541 if ( !show_captcha )
+ − 542 {
+ − 543 f_password.onkeyup = function(e)
+ − 544 {
461
+ − 545 if ( !e )
436
+ − 546 e = window.event;
461
+ − 547 if ( !e && IE )
436
+ − 548 return true;
+ − 549 if ( e.keyCode == 13 )
+ − 550 {
+ − 551 ajaxLoginSubmitForm();
+ − 552 }
+ − 553 }
+ − 554 }
+ − 555 td2_2.appendChild(f_password);
+ − 556 tr2.appendChild(td2_2);
+ − 557 table.appendChild(tr2);
+ − 558
+ − 559 // Field - captcha
+ − 560 if ( show_captcha )
+ − 561 {
+ − 562 var tr3 = document.createElement('tr');
+ − 563 var td3_1 = document.createElement('td');
+ − 564 td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 565 tr3.appendChild(td3_1);
+ − 566 var td3_2 = document.createElement('td');
+ − 567 var f_captcha = document.createElement('input');
+ − 568 f_captcha.id = 'ajax_login_field_captcha';
+ − 569 f_captcha.name = 'ajax_login_field_username';
+ − 570 f_captcha.type = 'text';
+ − 571 f_captcha.size = '25';
+ − 572 f_captcha.onkeyup = function(e)
+ − 573 {
+ − 574 if ( !e )
+ − 575 e = window.event;
+ − 576 if ( !e.keyCode )
+ − 577 return true;
+ − 578 if ( e.keyCode == 13 )
+ − 579 {
+ − 580 ajaxLoginSubmitForm();
+ − 581 }
+ − 582 }
+ − 583 td3_2.appendChild(f_captcha);
+ − 584 tr3.appendChild(td3_2);
+ − 585 table.appendChild(tr3);
+ − 586 }
+ − 587
+ − 588 // Done building the main part of the form
+ − 589 form.appendChild(table);
+ − 590
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 591 // Field: remember login
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 592 if ( logindata.user_level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 593 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 594 var lbl_remember = document.createElement('label');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 595 lbl_remember.style.fontSize = 'smaller';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 596 lbl_remember.style.display = 'block';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 597 lbl_remember.style.textAlign = 'center';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 598
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 599 // figure out what text to put in the "remember me" checkbox
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 600 // infinite session length?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 601 if ( data.extended_time == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 602 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 603 // yes, infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 604 var txt_remember = $lang.get('user_login_ajax_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 605 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 606 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 607 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 608 if ( data.extended_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 609 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 610 // number of days is a multiple of 7
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 611 // use weeks as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 612 var sess_time = data.extended_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 613 var unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 614 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 615 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 616 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 617 // use days as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 618 var sess_time = data.extended_time;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 619 var unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 620 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 621 // more than one week or day?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 622 if ( sess_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 623 unit += 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 624
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 625 // assemble the string
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 626 var txt_remember = $lang.get('user_login_ajax_check_remember', {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 627 session_length: sess_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 628 length_units: $lang.get('etc_unit_' + unit)
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 629 });
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 630 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 631 var check_remember = document.createElement('input');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 632 check_remember.type = 'checkbox';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 633 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 634 check_remember.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("login_remember", ck, 3650);');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 635 if ( readCookie('login_remember') != 'disable' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 636 check_remember.setAttribute('checked', 'checked');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 637 check_remember.id = 'ajax_login_field_remember';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 638 lbl_remember.appendChild(check_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 639 lbl_remember.innerHTML += ' ' + txt_remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 640
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 641 form.appendChild(lbl_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 642 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 643
436
+ − 644 // Field: enable Diffie Hellman
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 645 if ( IE || is_iPhone )
460
+ − 646 {
+ − 647 var lbl_dh = document.createElement('span');
+ − 648 lbl_dh.style.fontSize = 'smaller';
+ − 649 lbl_dh.style.display = 'block';
+ − 650 lbl_dh.style.textAlign = 'center';
+ − 651 lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 652 form.appendChild(lbl_dh);
+ − 653 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 654 else if ( !data.allow_diffiehellman )
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 655 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 656 // create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 657 var check_dh = document.createElement('input');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 658 check_dh.type = 'hidden';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 659 check_dh.id = 'ajax_login_field_dh';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 660 form.appendChild(check_dh);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 661 }
460
+ − 662 else
+ − 663 {
+ − 664 var lbl_dh = document.createElement('label');
+ − 665 lbl_dh.style.fontSize = 'smaller';
+ − 666 lbl_dh.style.display = 'block';
+ − 667 lbl_dh.style.textAlign = 'center';
+ − 668 var check_dh = document.createElement('input');
+ − 669 check_dh.type = 'checkbox';
+ − 670 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 671 check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 672 if ( readCookie('diffiehellman_login') != 'disable' )
+ − 673 check_dh.setAttribute('checked', 'checked');
+ − 674 check_dh.id = 'ajax_login_field_dh';
+ − 675 lbl_dh.appendChild(check_dh);
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 676 lbl_dh.innerHTML += ' ' + $lang.get('user_login_ajax_check_dh');
460
+ − 677 form.appendChild(lbl_dh);
+ − 678 }
436
+ − 679
460
+ − 680 if ( IE )
+ − 681 {
+ − 682 div.innerHTML += form.outerHTML;
+ − 683 }
+ − 684 else
+ − 685 {
+ − 686 div.appendChild(form);
+ − 687 }
436
+ − 688
+ − 689 // Diagnostic / help links
+ − 690 // (only displayed in login, not in re-auth)
+ − 691 if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 692 {
+ − 693 form.style.marginBottom = '10px';
+ − 694 var links = document.createElement('small');
+ − 695 links.style.display = 'block';
+ − 696 links.style.textAlign = 'center';
+ − 697 links.innerHTML = '';
+ − 698 if ( !show_captcha )
+ − 699 links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 700 // Always shown
+ − 701 links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 702 if ( !show_captcha )
+ − 703 links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 704 div.appendChild(links);
+ − 705 }
+ − 706
+ − 707 // Insert the entire form into the login window
+ − 708 logindata.mb_inner.innerHTML = '';
+ − 709 logindata.mb_inner.appendChild(div);
+ − 710
+ − 711 // Post operations: field focus
460
+ − 712 if ( IE )
+ − 713 {
+ − 714 setTimeout(
+ − 715 function()
+ − 716 {
+ − 717 if ( logindata.loggedin_username )
+ − 718 document.getElementById('ajax_login_field_password').focus();
+ − 719 else
+ − 720 document.getElementById('ajax_login_field_username').focus();
+ − 721 }, 200);
+ − 722 }
436
+ − 723 else
460
+ − 724 {
+ − 725 if ( data.username )
+ − 726 f_password.focus();
+ − 727 else
+ − 728 f_username.focus();
+ − 729 }
436
+ − 730
+ − 731 // Post operations: show captcha window
+ − 732 if ( show_captcha )
+ − 733 ajaxShowCaptcha(show_captcha);
+ − 734
+ − 735 // Post operations: stash encryption keys and All That Jazz(TM)
+ − 736 logindata.key_aes = data.aes_key;
+ − 737 logindata.key_dh = data.dh_public_key;
+ − 738 logindata.captcha_hash = show_captcha;
460
+ − 739 logindata.loggedin_username = data.username
436
+ − 740
+ − 741 // Are we locked out? If so simulate an error and disable the controls
+ − 742 if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 743 {
+ − 744 f_username.setAttribute('disabled', 'disabled');
+ − 745 f_password.setAttribute('disabled', 'disabled');
+ − 746 var fake_packet = {
+ − 747 error_code: 'locked_out',
+ − 748 respawn_info: data
+ − 749 };
+ − 750 ajaxLoginShowFriendlyError(fake_packet);
+ − 751 }
+ − 752 }
+ − 753
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 754 window.ajaxLoginSubmitForm = function(real, username, password, captcha, remember)
436
+ − 755 {
+ − 756 // Perform AES test to make sure it's all working
+ − 757 if ( !aes_self_test() )
+ − 758 {
+ − 759 alert('BUG: AES self-test failed');
+ − 760 login_cache.mb_object.destroy();
+ − 761 return false;
+ − 762 }
+ − 763 // Hide the error message and captcha
+ − 764 if ( document.getElementById('ajax_login_error_box') )
+ − 765 {
+ − 766 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 767 }
+ − 768 if ( document.getElementById('autoCaptcha') )
+ − 769 {
+ − 770 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 771 setTimeout(function() {
+ − 772 var d = document.getElementById('autoCaptcha');
+ − 773 d.parentNode.removeChild(d);
+ − 774 }, to);
+ − 775 }
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 776 // "Remember session" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 777 if ( typeof(remember) == 'boolean' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 778 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 779 var remember_session = remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 780 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 781 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 782 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 783 if ( document.getElementById('ajax_login_field_remember') )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 784 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 785 var remember_session = ( document.getElementById('ajax_login_field_remember').checked ) ? true : false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 786 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 787 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 788 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 789 var remember_session = false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 790 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 791 }
436
+ − 792 // Encryption: preprocessor
+ − 793 if ( real )
+ − 794 {
+ − 795 var do_dh = true;
+ − 796 }
+ − 797 else if ( document.getElementById('ajax_login_field_dh') )
+ − 798 {
+ − 799 var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 800 }
+ − 801 else
+ − 802 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 803 if ( IE || is_iPhone )
460
+ − 804 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 805 // IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 806 // of the login form is there
+ − 807 if ( !document.getElementById('ajax_login_field_username') )
+ − 808 {
+ − 809 return false;
+ − 810 }
+ − 811 }
+ − 812 else
+ − 813 {
+ − 814 // The user probably clicked ok when the form wasn't in there.
+ − 815 return false;
+ − 816 }
436
+ − 817 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 818
436
+ − 819 if ( !username )
+ − 820 {
+ − 821 var username = document.getElementById('ajax_login_field_username').value;
+ − 822 }
+ − 823 if ( !password )
+ − 824 {
+ − 825 var password = document.getElementById('ajax_login_field_password').value;
+ − 826 }
+ − 827 if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 828 {
+ − 829 var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 830 }
+ − 831
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 832 try
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 833 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 834
436
+ − 835 if ( do_dh )
+ − 836 {
+ − 837 ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 838 if ( !real )
+ − 839 {
+ − 840 // Wait while the browser updates the login window
+ − 841 setTimeout(function()
+ − 842 {
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 843 ajaxLoginSubmitForm(true, username, password, captcha, remember_session);
436
+ − 844 }, 200);
+ − 845 return true;
+ − 846 }
+ − 847 // Perform Diffie Hellman stuff
+ − 848 var dh_priv = dh_gen_private();
+ − 849 var dh_pub = dh_gen_public(dh_priv);
+ − 850 var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 851 // secret_hash is used to verify that the server guesses the correct secret
+ − 852 var secret_hash = hex_sha1(secret);
+ − 853 // crypt_key is the actual AES key
+ − 854 var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
+ − 855 }
+ − 856 else
+ − 857 {
+ − 858 var crypt_key = logindata.key_aes;
+ − 859 }
+ − 860
+ − 861 ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 862
+ − 863 // Encrypt the password and username
+ − 864 var userinfo = toJSONString({
+ − 865 username: username,
+ − 866 password: password
+ − 867 });
+ − 868 var crypt_key_ba = hexToByteArray(crypt_key);
+ − 869 userinfo = stringToByteArray(userinfo);
+ − 870
+ − 871 userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 872 userinfo = byteArrayToHex(userinfo);
+ − 873 // Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 874
+ − 875 // Collect other needed information
+ − 876 if ( logindata.captcha_hash )
+ − 877 {
+ − 878 var captcha_hash = logindata.captcha_hash;
+ − 879 var captcha_code = captcha;
+ − 880 }
+ − 881 else
+ − 882 {
+ − 883 var captcha_hash = false;
+ − 884 var captcha_code = false;
+ − 885 }
+ − 886
+ − 887 // Ship it across the 'net
+ − 888 if ( do_dh )
+ − 889 {
+ − 890 var json_packet = {
+ − 891 mode: 'login_dh',
+ − 892 userinfo: userinfo,
+ − 893 captcha_code: captcha_code,
+ − 894 captcha_hash: captcha_hash,
+ − 895 dh_public_key: logindata.key_dh,
+ − 896 dh_client_key: dh_pub,
+ − 897 dh_secret_hash: secret_hash,
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 898 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 899 remember: remember_session
436
+ − 900 }
+ − 901 }
+ − 902 else
+ − 903 {
+ − 904 var json_packet = {
+ − 905 mode: 'login_aes',
+ − 906 userinfo: userinfo,
+ − 907 captcha_code: captcha_code,
+ − 908 captcha_hash: captcha_hash,
+ − 909 key_aes: hex_md5(crypt_key),
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 910 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 911 remember: remember_session
436
+ − 912 }
+ − 913 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 914 }
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 915 catch(e)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 916 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 917 ajaxLoginSetStatus(AJAX_STATUS_ERROR);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 918 console.error('Exception caught in login process; backtrace follows');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 919 console.debug(e);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 920 return false;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 921 }
436
+ − 922 ajaxLoginPerformRequest(json_packet);
+ − 923 }
+ − 924
582
+ − 925 window.ajaxLoginShowFriendlyError = function(response)
436
+ − 926 {
+ − 927 if ( !response.respawn_info )
+ − 928 return false;
+ − 929 if ( !response.error_code )
+ − 930 return false;
+ − 931 var text = ajaxLoginGetErrorText(response);
+ − 932 if ( document.getElementById('ajax_login_error_box') )
+ − 933 {
+ − 934 // console.info('Reusing existing error-box');
+ − 935 document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 936 return true;
+ − 937 }
+ − 938
+ − 939 // console.info('Drawing new error-box');
+ − 940
+ − 941 // calculate position for the top of the box
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 942 var mb_bottom = $dynano('messageBoxButtons').Top() + $dynano('messageBoxButtons').Height();
436
+ − 943 // if the box isn't done flying in yet, just estimate
+ − 944 if ( mb_bottom < ( getHeight() / 2 ) )
+ − 945 {
+ − 946 mb_bottom = ( getHeight() / 2 ) + 120;
+ − 947 }
+ − 948 var win_bottom = getHeight() + getScrollOffset();
+ − 949 var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 950 // left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 951 var left = getWidth() * 0.2;
+ − 952
+ − 953 // create the div
+ − 954 var errbox = document.createElement('div');
+ − 955 errbox.className = 'error-box-mini';
+ − 956 errbox.style.position = 'absolute';
+ − 957 errbox.style.width = '60%';
+ − 958 errbox.style.top = top + 'px';
+ − 959 errbox.style.left = left + 'px';
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 960 errbox.style.zIndex = getHighestZ();
436
+ − 961 errbox.innerHTML = text;
+ − 962 errbox.id = 'ajax_login_error_box';
+ − 963
+ − 964 var body = document.getElementsByTagName('body')[0];
+ − 965 body.appendChild(errbox);
+ − 966 }
+ − 967
582
+ − 968 window.ajaxLoginGetErrorText = function(response)
436
+ − 969 {
+ − 970 switch ( response.error_code )
+ − 971 {
+ − 972 default:
+ − 973 return $lang.get('user_err_' + response.error_code);
+ − 974 break;
+ − 975 case 'locked_out':
+ − 976 if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 977 {
+ − 978 return $lang.get('user_err_locked_out', {
+ − 979 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 980 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 981 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 982 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 983 captcha_blurb: ''
+ − 984 });
+ − 985 break;
+ − 986 }
+ − 987 case 'invalid_credentials':
+ − 988 var base = $lang.get('user_err_invalid_credentials');
+ − 989 if ( response.respawn_info.locked_out )
+ − 990 {
+ − 991 base += ' ';
+ − 992 var captcha_blurb = '';
+ − 993 switch(response.respawn_info.lockout_info.lockout_policy)
+ − 994 {
+ − 995 case 'captcha':
+ − 996 captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 997 break;
+ − 998 case 'lockout':
+ − 999 break;
+ − 1000 default:
+ − 1001 base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 1002 break;
+ − 1003 }
+ − 1004 base += $lang.get('user_err_locked_out', {
+ − 1005 captcha_blurb: captcha_blurb,
+ − 1006 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1007 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 1008 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 1009 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 1010 });
+ − 1011 }
+ − 1012 else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 1013 {
+ − 1014 // if we have a lockout policy of captcha or lockout, then warn the user
+ − 1015 switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 1016 {
+ − 1017 case 'captcha':
+ − 1018 base += $lang.get('user_err_invalid_credentials_lockout', {
+ − 1019 fails: response.respawn_info.lockout_info.lockout_fails,
+ − 1020 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1021 lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 1022 });
+ − 1023 break;
+ − 1024 case 'lockout':
+ − 1025 break;
+ − 1026 }
+ − 1027 }
+ − 1028 return base;
+ − 1029 break;
+ − 1030 }
+ − 1031 }
+ − 1032
585
+ − 1033 window.ajaxShowCaptcha = function(code)
+ − 1034 {
+ − 1035 var mydiv = document.createElement('div');
+ − 1036 mydiv.style.backgroundColor = '#FFFFFF';
+ − 1037 mydiv.style.padding = '10px';
+ − 1038 mydiv.style.position = 'absolute';
+ − 1039 mydiv.style.top = '0px';
+ − 1040 mydiv.id = 'autoCaptcha';
+ − 1041 mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 1042 var img = document.createElement('img');
+ − 1043 img.onload = function()
+ − 1044 {
+ − 1045 if ( this.loaded )
+ − 1046 return true;
+ − 1047 var mydiv = document.getElementById('autoCaptcha');
+ − 1048 var width = getWidth();
+ − 1049 var divw = $dynano(mydiv).Width();
+ − 1050 var left = ( width / 2 ) - ( divw / 2 );
+ − 1051 mydiv.style.left = left + 'px';
+ − 1052 fly_in_top(mydiv, false, true);
+ − 1053 this.loaded = true;
+ − 1054 };
+ − 1055 img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 1056 img.onclick = function() { this.src = this.src + '/a'; };
+ − 1057 img.style.cursor = 'pointer';
+ − 1058 mydiv.appendChild(img);
+ − 1059 domObjChangeOpac(0, mydiv);
+ − 1060 var body = document.getElementsByTagName('body')[0];
+ − 1061 body.appendChild(mydiv);
+ − 1062 }
+ − 1063
582
+ − 1064 window.ajaxInitLogout = function()
+ − 1065 {
779
609e35845ec3
load_component() now accepts an array, and most JS components are loaded all in one request now. Totally modular baby. And failsafe too.
Dan
diff
changeset
+ − 1066 load_component(['messagebox', 'l10n', 'flyin', 'fadefilter']);
582
+ − 1067 var mb = new MessageBox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
+ − 1068 mb.onclick['Yes'] = function()
+ − 1069 {
+ − 1070 window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + title);
+ − 1071 }
+ − 1072 }
+ − 1073
+ − 1074 window.mb_logout = function()
+ − 1075 {
+ − 1076 ajaxInitLogout();
+ − 1077 }
+ − 1078
+ − 1079 window.ajaxStartLogin = function()
+ − 1080 {
+ − 1081 ajaxLogonToMember();
+ − 1082 }
+ − 1083
+ − 1084 window.ajaxStartAdminLogin = function()
+ − 1085 {
+ − 1086 // IE <6 pseudo-compatibility
+ − 1087 if ( KILL_SWITCH )
+ − 1088 return true;
+ − 1089 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1090 {
+ − 1091 ajaxLoginInit(function(k) {
+ − 1092 ENANO_SID = k;
+ − 1093 auth_level = USER_LEVEL_ADMIN;
+ − 1094 var loc = makeUrlNS('Special', 'Administration');
+ − 1095 if ( (ENANO_SID + ' ').length > 1 )
+ − 1096 window.location = loc;
+ − 1097 }, USER_LEVEL_ADMIN);
+ − 1098 return false;
+ − 1099 }
+ − 1100 var loc = makeUrlNS('Special', 'Administration');
+ − 1101 window.location = loc;
+ − 1102 }
+ − 1103
+ − 1104 window.ajaxAdminPage = function()
+ − 1105 {
+ − 1106 // IE <6 pseudo-compatibility
+ − 1107 if ( KILL_SWITCH )
+ − 1108 return true;
+ − 1109 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1110 {
+ − 1111 ajaxPromptAdminAuth(function(k) {
+ − 1112 ENANO_SID = k;
+ − 1113 auth_level = USER_LEVEL_ADMIN;
+ − 1114 var loc = String(window.location + '');
+ − 1115 window.location = append_sid(loc);
+ − 1116 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1117 if ( (ENANO_SID + ' ').length > 1 )
+ − 1118 window.location = loc;
+ − 1119 }, 9);
+ − 1120 return false;
+ − 1121 }
+ − 1122 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1123 window.location = loc;
+ − 1124 }
+ − 1125
+ − 1126 var navto_ns;
+ − 1127 var navto_pg;
+ − 1128 var navto_ul;
+ − 1129
+ − 1130 window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 1131 {
+ − 1132 // IE <6 pseudo-compatibility
+ − 1133 if ( KILL_SWITCH )
+ − 1134 return true;
+ − 1135 navto_pg = page_id;
+ − 1136 navto_ns = namespace;
+ − 1137 navto_ul = min_level;
+ − 1138 if ( auth_level < min_level )
+ − 1139 {
+ − 1140 ajaxPromptAdminAuth(function(k) {
+ − 1141 ENANO_SID = k;
+ − 1142 auth_level = navto_ul;
+ − 1143 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1144 if ( (ENANO_SID + ' ').length > 1 )
+ − 1145 window.location = loc;
+ − 1146 }, min_level);
+ − 1147 return false;
+ − 1148 }
+ − 1149 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1150 window.location = loc;
+ − 1151 }
+ − 1152
+ − 1153 window.ajaxAdminUser = function(username)
+ − 1154 {
+ − 1155 // IE <6 pseudo-compatibility
+ − 1156 if ( KILL_SWITCH )
+ − 1157 return true;
+ − 1158 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1159 {
+ − 1160 ajaxPromptAdminAuth(function(k) {
+ − 1161 ENANO_SID = k;
+ − 1162 auth_level = USER_LEVEL_ADMIN;
+ − 1163 var loc = String(window.location + '');
+ − 1164 window.location = append_sid(loc);
+ − 1165 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1166 if ( (ENANO_SID + ' ').length > 1 )
+ − 1167 window.location = loc;
+ − 1168 }, 9);
+ − 1169 return false;
+ − 1170 }
+ − 1171 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1172 window.location = loc;
+ − 1173 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1174
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1175 window.ajaxDynamicReauth = function(adminpage, level)
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1176 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1177 var old_sid = ENANO_SID;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1178 var targetpage = adminpage;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1179 if ( !level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1180 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1181 level = USER_LEVEL_ADMIN;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1182 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1183 ajaxLogonInit(function(k)
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1184 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1185 ajaxLoginReplaceSIDInline(k, old_sid, level);
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1186 mb_current_obj.destroy();
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1187 console.debug(targetpage);
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1188 if ( typeof(targetpage) == 'string' )
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1189 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1190 ajaxPage(targetpage);
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1191 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1192 else if ( typeof(targetpage) == 'function' )
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1193 {
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1194 targetpage();
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1195 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1196 }, level);
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1197 ajaxLoginShowFriendlyError({
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1198 error_code: 'admin_session_timed_out',
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1199 respawn_info: {}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1200 });
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1201 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1202
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1203 window.ajaxRenewSession = function()
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1204 {
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1205 ajaxDynamicReauth(false);
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1206 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1207
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1208 window.ajaxTrashElevSession = function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1209 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1210 load_component(['messagebox', 'fadefilter', 'l10n', 'flyin', 'jquery', 'jquery-ui']);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1211 miniPromptMessage({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1212 title: $lang.get('user_logout_confirm_title_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1213 message: $lang.get('user_logout_confirm_body_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1214 buttons: [
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1215 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1216 text: $lang.get('user_logout_confirm_btn_logout'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1217 color: 'red',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1218 style: {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1219 fontWeight: 'bold'
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1220 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1221 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1222 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1223 ajaxLoginPerformRequest({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1224 mode: 'logout',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1225 level: auth_level,
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1226 csrf_token: csrf_token
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1227 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1228 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1229 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1230 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1231 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1232 text: $lang.get('etc_cancel'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1233 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1234 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1235 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1236 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1237 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1238 ]
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1239 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1240 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1241
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1242 /**
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1243 * Take an SID and patch all internal links on the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1244 * @param string New key. If false, removes keys from the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1245 * @param string Old key. If false, only appends the new SID (more work as it uses DOM, use when dynamically going up to elevated)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1246 * @param int New level, not a huge deal but sets auth_level. Try to specify it as some functions depend on it.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1247 */
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1248
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1249 window.ajaxLoginReplaceSIDInline = function(key, oldkey, level)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1250 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1251 var host = String(window.location.hostname);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1252 var exp = new RegExp('^https?://' + host.replace('.', '\.') + contentPath.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1253 var rexp = new RegExp('^https?://' + host.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1254
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1255 if ( key )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1256 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1257 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1258 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1259 var body = document.getElementsByTagName('body')[0];
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1260 var replace = new RegExp(oldkey, 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1261 body.innerHTML = body.innerHTML.replace(replace, key);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1262 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1263 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1264 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1265 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1266 // append SID to all internal links
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1267 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1268
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1269 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1270 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1271 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1272 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1273 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1274 var newurl = (String(append_sid(links[i].href))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1275 links[i].href = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1276 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1277 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1278
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1279 var forms = document.getElementsByTagName('form');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1280 for ( var i = 0; i < forms.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1281 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1282 if ( forms[i].method.toLowerCase() == 'post' )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1283 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1284 if ( forms[i].action.match(exp, links[i]) )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1285 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1286 var newurl = (String(append_sid(forms[i].action))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1287 forms[i].action = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1288 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1289 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1290 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1291 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1292 if ( !forms[i].auth )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1293 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1294 var auth = document.createElement('input');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1295 auth.type = 'hidden';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1296 auth.name = 'auth';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1297 auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1298 forms[i].appendChild(auth);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1299 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1300 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1301 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1302 forms[i].auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1303 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1304 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1305 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1306 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1307 if ( level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1308 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1309 auth_level = level;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1310 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1311 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1312 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1313 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1314 auth_level = USER_LEVEL_MEMBER;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1315 ENANO_SID = false;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1316 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1317 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1318 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1319 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1320 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1321 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1322 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1323 links[i].href = links[i].href.replace(/\?auth=([a-f0-9]+)(&|#|$)/, '$2').replace(/&auth=([a-f0-9]+)/, '').replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1324 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1325 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1326 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1327 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1328 }