436
+ − 1 /*
+ − 2 * AJAX-based intelligent login interface
+ − 3 */
+ − 4
+ − 5 /*
+ − 6 * FRONTEND
+ − 7 */
+ − 8
+ − 9 /**
+ − 10 * Performs a logon as a regular member.
+ − 11 */
+ − 12
582
+ − 13 window.ajaxLogonToMember = function()
436
+ − 14 {
+ − 15 // IE <6 pseudo-compatibility
+ − 16 if ( KILL_SWITCH )
+ − 17 return true;
+ − 18 if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19 return true;
+ − 20 ajaxLoginInit(function(k)
+ − 21 {
741
+ − 22 if ( on_main_page )
+ − 23 {
+ − 24 window.location = makeUrl(main_page_members);
+ − 25 }
+ − 26 else
+ − 27 {
+ − 28 window.location.reload();
+ − 29 }
436
+ − 30 }, USER_LEVEL_MEMBER);
+ − 31 }
+ − 32
+ − 33 /**
+ − 34 * Authenticates to the highest level the current user is allowed to go to.
+ − 35 */
+ − 36
582
+ − 37 window.ajaxLogonToElev = function()
436
+ − 38 {
+ − 39 if ( auth_level == user_level )
+ − 40 return true;
+ − 41
+ − 42 ajaxLoginInit(function(k)
+ − 43 {
+ − 44 ENANO_SID = k;
+ − 45 var url = String(' ' + window.location).substr(1);
+ − 46 url = append_sid(url);
+ − 47 window.location = url;
+ − 48 }, user_level);
+ − 49 }
+ − 50
+ − 51 /*
+ − 52 * BACKEND
+ − 53 */
+ − 54
+ − 55 /**
+ − 56 * Holding object for various AJAX authentication information.
+ − 57 * @var object
+ − 58 */
+ − 59
+ − 60 var logindata = {};
+ − 61
+ − 62 /**
+ − 63 * Path to the image used to indicate loading progress
+ − 64 * @var string
+ − 65 */
+ − 66
+ − 67 if ( !ajax_login_loadimg_path )
+ − 68 var ajax_login_loadimg_path = false;
+ − 69
+ − 70 if ( !ajax_login_successimg_path )
+ − 71 var ajax_login_successimg_path = false;
+ − 72
+ − 73 /**
+ − 74 * Status variables
+ − 75 * @var int
+ − 76 */
+ − 77
+ − 78 var AJAX_STATUS_LOADING_KEY = 1;
+ − 79 var AJAX_STATUS_GENERATING_KEY = 2;
+ − 80 var AJAX_STATUS_LOGGING_IN = 3;
+ − 81 var AJAX_STATUS_SUCCESS = 4;
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 82 var AJAX_STATUS_ERROR = 5;
436
+ − 83 var AJAX_STATUS_DESTROY = 65535;
+ − 84
+ − 85 /**
+ − 86 * State constants
+ − 87 * @var int
+ − 88 */
+ − 89
+ − 90 var AJAX_STATE_EARLY_INIT = 1;
+ − 91 var AJAX_STATE_LOADING_KEY = 2;
+ − 92
+ − 93 /**
+ − 94 * Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 95 * @param function The function that will be called once authentication completes successfully.
+ − 96 * @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 97 */
+ − 98
582
+ − 99 window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 100 {
779
609e35845ec3
load_component() now accepts an array, and most JS components are loaded all in one request now. Totally modular baby. And failsafe too.
Dan
diff
changeset
+ − 101 load_component(['messagebox', 'flyin', 'jquery', 'jquery-ui', 'l10n', 'crypto']);
582
+ − 102
436
+ − 103 logindata = {};
+ − 104
+ − 105 var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 106 logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 107
+ − 108 logindata.mb_object.onclick['Cancel'] = function()
+ − 109 {
+ − 110 // Hide the error message and captcha
+ − 111 if ( document.getElementById('ajax_login_error_box') )
+ − 112 {
+ − 113 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 114 }
+ − 115 if ( document.getElementById('autoCaptcha') )
+ − 116 {
+ − 117 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 118 setTimeout(function() {
+ − 119 var d = document.getElementById('autoCaptcha');
+ − 120 d.parentNode.removeChild(d);
+ − 121 }, to);
+ − 122 }
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 123 // Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 124 ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 125 mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 126 key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 127 key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 128 });
436
+ − 129 };
+ − 130
+ − 131 logindata.mb_object.onbeforeclick['OK'] = function()
+ − 132 {
+ − 133 ajaxLoginSubmitForm();
+ − 134 return true;
+ − 135 }
+ − 136
+ − 137 // Fetch the inner content area
+ − 138 logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 139
+ − 140 // Initialize state
+ − 141 logindata.showing_status = false;
+ − 142 logindata.user_level = user_level;
+ − 143 logindata.successfunc = call_on_finish;
+ − 144
+ − 145 // Build the "loading" window
+ − 146 ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 147
+ − 148 // Request the key
+ − 149 ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 150 }
+ − 151
+ − 152 /**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 153 * For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 154 */
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 155
582
+ − 156 window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 157 {
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 158 return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 159 }
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 160
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 161 /**
436
+ − 162 * Sets the contents of the AJAX login window to the appropriate status message.
+ − 163 * @param int One of AJAX_STATUS_*
+ − 164 */
+ − 165
582
+ − 166 window.ajaxLoginSetStatus = function(status)
436
+ − 167 {
+ − 168 if ( !logindata.mb_inner )
+ − 169 return false;
+ − 170 if ( logindata.showing_status )
+ − 171 {
+ − 172 var div = document.getElementById('ajax_login_status');
+ − 173 if ( div )
+ − 174 logindata.mb_inner.removeChild(div);
+ − 175 }
+ − 176 switch(status)
+ − 177 {
+ − 178 case AJAX_STATUS_LOADING_KEY:
+ − 179
+ − 180 // Create the status div
+ − 181 var div = document.createElement('div');
+ − 182 div.id = 'ajax_login_status';
+ − 183 div.style.marginTop = '10px';
+ − 184 div.style.textAlign = 'center';
+ − 185
+ − 186 // The circly ball ajaxy image + status message
+ − 187 var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 188
+ − 189 // Insert the status message
+ − 190 div.appendChild(document.createTextNode(status_msg));
+ − 191
+ − 192 // Append a br or two to space things properly
+ − 193 div.appendChild(document.createElement('br'));
+ − 194 div.appendChild(document.createElement('br'));
+ − 195
+ − 196 var img = document.createElement('img');
+ − 197 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 198 div.appendChild(img);
+ − 199
+ − 200 // Another coupla brs
+ − 201 div.appendChild(document.createElement('br'));
+ − 202 div.appendChild(document.createElement('br'));
+ − 203
+ − 204 // The link to the full login form
+ − 205 var small = document.createElement('small');
+ − 206 small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 207 div.appendChild(small);
+ − 208
+ − 209 // Insert the entire message into the login window
+ − 210 logindata.mb_inner.innerHTML = '';
+ − 211 logindata.mb_inner.appendChild(div);
+ − 212
+ − 213 break;
+ − 214 case AJAX_STATUS_GENERATING_KEY:
+ − 215
+ − 216 // Create the status div
+ − 217 var div = document.createElement('div');
+ − 218 div.id = 'ajax_login_status';
+ − 219 div.style.marginTop = '10px';
+ − 220 div.style.textAlign = 'center';
+ − 221
+ − 222 // The circly ball ajaxy image + status message
+ − 223 var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 224
+ − 225 // Insert the status message
+ − 226 div.appendChild(document.createTextNode(status_msg));
+ − 227
+ − 228 // Append a br or two to space things properly
+ − 229 div.appendChild(document.createElement('br'));
+ − 230 div.appendChild(document.createElement('br'));
+ − 231
+ − 232 var img = document.createElement('img');
+ − 233 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 234 div.appendChild(img);
+ − 235
+ − 236 // Another coupla brs
+ − 237 div.appendChild(document.createElement('br'));
+ − 238 div.appendChild(document.createElement('br'));
+ − 239
+ − 240 // The link to the full login form
+ − 241 var small = document.createElement('small');
+ − 242 small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 243 div.appendChild(small);
+ − 244
+ − 245 // Insert the entire message into the login window
+ − 246 logindata.mb_inner.innerHTML = '';
+ − 247 logindata.mb_inner.appendChild(div);
+ − 248
+ − 249 break;
+ − 250 case AJAX_STATUS_LOGGING_IN:
+ − 251
+ − 252 // Create the status div
+ − 253 var div = document.createElement('div');
+ − 254 div.id = 'ajax_login_status';
+ − 255 div.style.marginTop = '10px';
+ − 256 div.style.textAlign = 'center';
+ − 257
+ − 258 // The circly ball ajaxy image + status message
+ − 259 var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 260
+ − 261 // Insert the status message
+ − 262 div.appendChild(document.createTextNode(status_msg));
+ − 263
+ − 264 // Append a br or two to space things properly
+ − 265 div.appendChild(document.createElement('br'));
+ − 266 div.appendChild(document.createElement('br'));
+ − 267
+ − 268 var img = document.createElement('img');
+ − 269 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 270 div.appendChild(img);
+ − 271
+ − 272 // Insert the entire message into the login window
+ − 273 logindata.mb_inner.innerHTML = '';
+ − 274 logindata.mb_inner.appendChild(div);
+ − 275
+ − 276 break;
+ − 277 case AJAX_STATUS_SUCCESS:
+ − 278
+ − 279 // Create the status div
+ − 280 var div = document.createElement('div');
+ − 281 div.id = 'ajax_login_status';
+ − 282 div.style.marginTop = '10px';
+ − 283 div.style.textAlign = 'center';
+ − 284
+ − 285 // The circly ball ajaxy image + status message
+ − 286 var status_msg = $lang.get('user_login_success_short');
+ − 287
+ − 288 // Insert the status message
+ − 289 div.appendChild(document.createTextNode(status_msg));
+ − 290
+ − 291 // Append a br or two to space things properly
+ − 292 div.appendChild(document.createElement('br'));
+ − 293 div.appendChild(document.createElement('br'));
+ − 294
+ − 295 var img = document.createElement('img');
+ − 296 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 297 div.appendChild(img);
+ − 298
+ − 299 // Insert the entire message into the login window
+ − 300 logindata.mb_inner.innerHTML = '';
+ − 301 logindata.mb_inner.appendChild(div);
+ − 302
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 303 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 304
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 305 case AJAX_STATUS_ERROR:
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 306 // Create the status div
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 307 var div = document.createElement('div');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 308 div.id = 'ajax_login_status';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 309 div.style.marginTop = '10px';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 310 div.style.textAlign = 'center';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 311
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 312 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 313 var status_msg = $lang.get('user_login_ajax_err_crypto');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 314
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 315 // Insert the status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 316 div.appendChild(document.createTextNode(status_msg));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 317
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 318 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 319 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 320 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 321
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 322 var img = document.createElement('img');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 323 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 324 div.appendChild(img);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 325
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 326 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 327 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 328 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 329
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 330 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 331 var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 332 var full_link = $lang.get('user_login_ajax_err_crypto_link');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 333 var link = document.createElement('a');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 334 link.href = makeUrlNS('Special', 'Login/' + title);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 335 link.appendChild(document.createTextNode(full_link));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 336 var span = document.createElement('span');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 337 span.style.fontSize = 'smaller';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 338
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 339 // Insert the message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 340 span.appendChild(document.createTextNode(detail_msg + ' '));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 341 span.appendChild(link);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 342 div.appendChild(span);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 343
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 344 // Insert the entire message into the login window
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 345 logindata.mb_inner.innerHTML = '';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 346 logindata.mb_inner.appendChild(div);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 347
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 348 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 349
436
+ − 350 case AJAX_STATUS_DESTROY:
+ − 351 case null:
+ − 352 case undefined:
+ − 353 logindata.showing_status = false;
+ − 354 return null;
+ − 355 break;
+ − 356 }
+ − 357 logindata.showing_status = true;
+ − 358 }
+ − 359
+ − 360 /**
+ − 361 * Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 362 * @param object JSON packet to send
+ − 363 */
+ − 364
582
+ − 365 window.ajaxLoginPerformRequest = function(json)
436
+ − 366 {
+ − 367 json = toJSONString(json);
+ − 368 json = ajaxEscape(json);
+ − 369 ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function()
+ − 370 {
+ − 371 if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 372 {
+ − 373 // parse response
+ − 374 var response = String(ajax.responseText + '');
651
ce9d78d7251d
Improved JSON validation and error interface when validation fails; made rank manager support custom CSS
Dan
diff
changeset
+ − 375 if ( !check_json_response(response) )
436
+ − 376 {
+ − 377 handle_invalid_json(response);
+ − 378 return false;
+ − 379 }
+ − 380 response = parseJSON(response);
+ − 381 ajaxLoginProcessResponse(response);
+ − 382 }
+ − 383 }, true);
+ − 384 }
+ − 385
+ − 386 /**
+ − 387 * Processes a response from the login server
+ − 388 * @param object JSON response
+ − 389 */
+ − 390
582
+ − 391 window.ajaxLoginProcessResponse = function(response)
436
+ − 392 {
+ − 393 // Did the server send a plaintext error?
+ − 394 if ( response.mode == 'error' )
+ − 395 {
+ − 396 logindata.mb_object.destroy();
478
+ − 397 var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 398 new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
436
+ − 399 return false;
+ − 400 }
+ − 401 // Main mode switch
+ − 402 switch ( response.mode )
+ − 403 {
+ − 404 case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 405 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 406 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 407 // The server wants us to build the login form, all the information is there
+ − 408 ajaxLoginBuildForm(response);
+ − 409 break;
+ − 410 case 'login_success':
+ − 411 ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
+ − 412 logindata.successfunc(response.key);
+ − 413 break;
+ − 414 case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 415 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 416 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 417 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 418 var mb_parent = document.getElementById('messageBox').parentNode;
728
+ − 419 $(mb_parent).effect("shake", {}, 200);
436
+ − 420 setTimeout(function()
+ − 421 {
+ − 422 document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 423 ajaxLoginBuildForm(response.respawn_info);
+ − 424 ajaxLoginShowFriendlyError(response);
+ − 425 }, 2500);
+ − 426 break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 427 case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 428 var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 429 if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 430 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 431 var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 432 window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 433 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 434 else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 435 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 436 // treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 437 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 438 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 439 var mb_parent = document.getElementById('messageBox').parentNode;
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 440 $(mb_parent).effect("shake", {}, 1500);
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 441 setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 442 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 443 document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 444 ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 445 // don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 446 }, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 447 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 448 break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 449 case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 450 break;
436
+ − 451 }
+ − 452 }
+ − 453
+ − 454 /*
+ − 455 * RESPONSE HANDLERS
+ − 456 */
+ − 457
+ − 458 /**
+ − 459 * Builds the login form.
+ − 460 * @param object Metadata to build off of
+ − 461 */
+ − 462
582
+ − 463 window.ajaxLoginBuildForm = function(data)
436
+ − 464 {
+ − 465 // let's hope this effectively preloads the image...
+ − 466 var _ = document.createElement('img');
+ − 467 _.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 468
+ − 469 var div = document.createElement('div');
+ − 470 div.id = 'ajax_login_form';
+ − 471
+ − 472 var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 473
+ − 474 // text displayed on re-auth
+ − 475 if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 476 {
+ − 477 div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 478 }
+ − 479
+ − 480 // Create the form
+ − 481 var form = document.createElement('form');
+ − 482 form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 483 form.onsubmit = function()
+ − 484 {
+ − 485 ajaxLoginSubmitForm();
+ − 486 return false;
+ − 487 }
460
+ − 488 if ( IE )
+ − 489 {
+ − 490 form.style.marginTop = '-20px';
+ − 491 }
436
+ − 492
+ − 493 // Using tables to wrap form elements because it results in a
+ − 494 // more visually appealing form. Yes, tables suck. I don't really
+ − 495 // care - they make forms look good.
+ − 496
+ − 497 var table = document.createElement('table');
+ − 498 table.style.margin = '0 auto';
+ − 499
+ − 500 // Field - username
+ − 501 var tr1 = document.createElement('tr');
+ − 502 var td1_1 = document.createElement('td');
+ − 503 td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 504 tr1.appendChild(td1_1);
+ − 505 var td1_2 = document.createElement('td');
+ − 506 var f_username = document.createElement('input');
+ − 507 f_username.id = 'ajax_login_field_username';
+ − 508 f_username.name = 'ajax_login_field_username';
+ − 509 f_username.type = 'text';
+ − 510 f_username.size = '25';
+ − 511 if ( data.username )
+ − 512 f_username.value = data.username;
+ − 513 td1_2.appendChild(f_username);
+ − 514 tr1.appendChild(td1_2);
+ − 515 table.appendChild(tr1);
+ − 516
+ − 517 // Field - password
+ − 518 var tr2 = document.createElement('tr');
+ − 519 var td2_1 = document.createElement('td');
+ − 520 td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 521 tr2.appendChild(td2_1);
+ − 522 var td2_2 = document.createElement('td');
+ − 523 var f_password = document.createElement('input');
+ − 524 f_password.id = 'ajax_login_field_password';
+ − 525 f_password.name = 'ajax_login_field_username';
+ − 526 f_password.type = 'password';
+ − 527 f_password.size = '25';
+ − 528 if ( !show_captcha )
+ − 529 {
+ − 530 f_password.onkeyup = function(e)
+ − 531 {
461
+ − 532 if ( !e )
436
+ − 533 e = window.event;
461
+ − 534 if ( !e && IE )
436
+ − 535 return true;
+ − 536 if ( e.keyCode == 13 )
+ − 537 {
+ − 538 ajaxLoginSubmitForm();
+ − 539 }
+ − 540 }
+ − 541 }
+ − 542 td2_2.appendChild(f_password);
+ − 543 tr2.appendChild(td2_2);
+ − 544 table.appendChild(tr2);
+ − 545
+ − 546 // Field - captcha
+ − 547 if ( show_captcha )
+ − 548 {
+ − 549 var tr3 = document.createElement('tr');
+ − 550 var td3_1 = document.createElement('td');
+ − 551 td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 552 tr3.appendChild(td3_1);
+ − 553 var td3_2 = document.createElement('td');
+ − 554 var f_captcha = document.createElement('input');
+ − 555 f_captcha.id = 'ajax_login_field_captcha';
+ − 556 f_captcha.name = 'ajax_login_field_username';
+ − 557 f_captcha.type = 'text';
+ − 558 f_captcha.size = '25';
+ − 559 f_captcha.onkeyup = function(e)
+ − 560 {
+ − 561 if ( !e )
+ − 562 e = window.event;
+ − 563 if ( !e.keyCode )
+ − 564 return true;
+ − 565 if ( e.keyCode == 13 )
+ − 566 {
+ − 567 ajaxLoginSubmitForm();
+ − 568 }
+ − 569 }
+ − 570 td3_2.appendChild(f_captcha);
+ − 571 tr3.appendChild(td3_2);
+ − 572 table.appendChild(tr3);
+ − 573 }
+ − 574
+ − 575 // Done building the main part of the form
+ − 576 form.appendChild(table);
+ − 577
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 578 // Field: remember login
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 579 if ( logindata.user_level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 580 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 581 var lbl_remember = document.createElement('label');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 582 lbl_remember.style.fontSize = 'smaller';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 583 lbl_remember.style.display = 'block';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 584 lbl_remember.style.textAlign = 'center';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 585
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 586 // figure out what text to put in the "remember me" checkbox
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 587 // infinite session length?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 588 if ( data.extended_time == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 589 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 590 // yes, infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 591 var txt_remember = $lang.get('user_login_ajax_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 592 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 593 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 594 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 595 if ( data.extended_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 596 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 597 // number of days is a multiple of 7
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 598 // use weeks as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 599 var sess_time = data.extended_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 600 var unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 601 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 602 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 603 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 604 // use days as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 605 var sess_time = data.extended_time;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 606 var unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 607 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 608 // more than one week or day?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 609 if ( sess_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 610 unit += 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 611
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 612 // assemble the string
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 613 var txt_remember = $lang.get('user_login_ajax_check_remember', {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 614 session_length: sess_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 615 length_units: $lang.get('etc_unit_' + unit)
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 616 });
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 617 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 618 var check_remember = document.createElement('input');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 619 check_remember.type = 'checkbox';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 620 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 621 check_remember.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("login_remember", ck, 3650);');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 622 if ( readCookie('login_remember') != 'disable' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 623 check_remember.setAttribute('checked', 'checked');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 624 check_remember.id = 'ajax_login_field_remember';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 625 lbl_remember.appendChild(check_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 626 lbl_remember.innerHTML += ' ' + txt_remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 627
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 628 form.appendChild(lbl_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 629 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 630
436
+ − 631 // Field: enable Diffie Hellman
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 632 if ( IE || is_iPhone )
460
+ − 633 {
+ − 634 var lbl_dh = document.createElement('span');
+ − 635 lbl_dh.style.fontSize = 'smaller';
+ − 636 lbl_dh.style.display = 'block';
+ − 637 lbl_dh.style.textAlign = 'center';
+ − 638 lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 639 form.appendChild(lbl_dh);
+ − 640 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 641 else if ( !data.allow_diffiehellman )
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 642 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 643 // create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 644 var check_dh = document.createElement('input');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 645 check_dh.type = 'hidden';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 646 check_dh.id = 'ajax_login_field_dh';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 647 form.appendChild(check_dh);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 648 }
460
+ − 649 else
+ − 650 {
+ − 651 var lbl_dh = document.createElement('label');
+ − 652 lbl_dh.style.fontSize = 'smaller';
+ − 653 lbl_dh.style.display = 'block';
+ − 654 lbl_dh.style.textAlign = 'center';
+ − 655 var check_dh = document.createElement('input');
+ − 656 check_dh.type = 'checkbox';
+ − 657 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 658 check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 659 if ( readCookie('diffiehellman_login') != 'disable' )
+ − 660 check_dh.setAttribute('checked', 'checked');
+ − 661 check_dh.id = 'ajax_login_field_dh';
+ − 662 lbl_dh.appendChild(check_dh);
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 663 lbl_dh.innerHTML += ' ' + $lang.get('user_login_ajax_check_dh');
460
+ − 664 form.appendChild(lbl_dh);
+ − 665 }
436
+ − 666
460
+ − 667 if ( IE )
+ − 668 {
+ − 669 div.innerHTML += form.outerHTML;
+ − 670 }
+ − 671 else
+ − 672 {
+ − 673 div.appendChild(form);
+ − 674 }
436
+ − 675
+ − 676 // Diagnostic / help links
+ − 677 // (only displayed in login, not in re-auth)
+ − 678 if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 679 {
+ − 680 form.style.marginBottom = '10px';
+ − 681 var links = document.createElement('small');
+ − 682 links.style.display = 'block';
+ − 683 links.style.textAlign = 'center';
+ − 684 links.innerHTML = '';
+ − 685 if ( !show_captcha )
+ − 686 links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 687 // Always shown
+ − 688 links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 689 if ( !show_captcha )
+ − 690 links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 691 div.appendChild(links);
+ − 692 }
+ − 693
+ − 694 // Insert the entire form into the login window
+ − 695 logindata.mb_inner.innerHTML = '';
+ − 696 logindata.mb_inner.appendChild(div);
+ − 697
+ − 698 // Post operations: field focus
460
+ − 699 if ( IE )
+ − 700 {
+ − 701 setTimeout(
+ − 702 function()
+ − 703 {
+ − 704 if ( logindata.loggedin_username )
+ − 705 document.getElementById('ajax_login_field_password').focus();
+ − 706 else
+ − 707 document.getElementById('ajax_login_field_username').focus();
+ − 708 }, 200);
+ − 709 }
436
+ − 710 else
460
+ − 711 {
+ − 712 if ( data.username )
+ − 713 f_password.focus();
+ − 714 else
+ − 715 f_username.focus();
+ − 716 }
436
+ − 717
+ − 718 // Post operations: show captcha window
+ − 719 if ( show_captcha )
+ − 720 ajaxShowCaptcha(show_captcha);
+ − 721
+ − 722 // Post operations: stash encryption keys and All That Jazz(TM)
+ − 723 logindata.key_aes = data.aes_key;
+ − 724 logindata.key_dh = data.dh_public_key;
+ − 725 logindata.captcha_hash = show_captcha;
460
+ − 726 logindata.loggedin_username = data.username
436
+ − 727
+ − 728 // Are we locked out? If so simulate an error and disable the controls
+ − 729 if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 730 {
+ − 731 f_username.setAttribute('disabled', 'disabled');
+ − 732 f_password.setAttribute('disabled', 'disabled');
+ − 733 var fake_packet = {
+ − 734 error_code: 'locked_out',
+ − 735 respawn_info: data
+ − 736 };
+ − 737 ajaxLoginShowFriendlyError(fake_packet);
+ − 738 }
+ − 739 }
+ − 740
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 741 window.ajaxLoginSubmitForm = function(real, username, password, captcha, remember)
436
+ − 742 {
+ − 743 // Perform AES test to make sure it's all working
+ − 744 if ( !aes_self_test() )
+ − 745 {
+ − 746 alert('BUG: AES self-test failed');
+ − 747 login_cache.mb_object.destroy();
+ − 748 return false;
+ − 749 }
+ − 750 // Hide the error message and captcha
+ − 751 if ( document.getElementById('ajax_login_error_box') )
+ − 752 {
+ − 753 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 754 }
+ − 755 if ( document.getElementById('autoCaptcha') )
+ − 756 {
+ − 757 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 758 setTimeout(function() {
+ − 759 var d = document.getElementById('autoCaptcha');
+ − 760 d.parentNode.removeChild(d);
+ − 761 }, to);
+ − 762 }
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 763 // "Remember session" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 764 if ( typeof(remember) == 'boolean' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 765 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 766 var remember_session = remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 767 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 768 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 769 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 770 if ( document.getElementById('ajax_login_field_remember') )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 771 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 772 var remember_session = ( document.getElementById('ajax_login_field_remember').checked ) ? true : false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 773 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 774 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 775 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 776 var remember_session = false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 777 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 778 }
436
+ − 779 // Encryption: preprocessor
+ − 780 if ( real )
+ − 781 {
+ − 782 var do_dh = true;
+ − 783 }
+ − 784 else if ( document.getElementById('ajax_login_field_dh') )
+ − 785 {
+ − 786 var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 787 }
+ − 788 else
+ − 789 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 790 if ( IE || is_iPhone )
460
+ − 791 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 792 // IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 793 // of the login form is there
+ − 794 if ( !document.getElementById('ajax_login_field_username') )
+ − 795 {
+ − 796 return false;
+ − 797 }
+ − 798 }
+ − 799 else
+ − 800 {
+ − 801 // The user probably clicked ok when the form wasn't in there.
+ − 802 return false;
+ − 803 }
436
+ − 804 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 805
436
+ − 806 if ( !username )
+ − 807 {
+ − 808 var username = document.getElementById('ajax_login_field_username').value;
+ − 809 }
+ − 810 if ( !password )
+ − 811 {
+ − 812 var password = document.getElementById('ajax_login_field_password').value;
+ − 813 }
+ − 814 if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 815 {
+ − 816 var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 817 }
+ − 818
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 819 try
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 820 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 821
436
+ − 822 if ( do_dh )
+ − 823 {
+ − 824 ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 825 if ( !real )
+ − 826 {
+ − 827 // Wait while the browser updates the login window
+ − 828 setTimeout(function()
+ − 829 {
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 830 ajaxLoginSubmitForm(true, username, password, captcha, remember_session);
436
+ − 831 }, 200);
+ − 832 return true;
+ − 833 }
+ − 834 // Perform Diffie Hellman stuff
+ − 835 var dh_priv = dh_gen_private();
+ − 836 var dh_pub = dh_gen_public(dh_priv);
+ − 837 var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 838 // secret_hash is used to verify that the server guesses the correct secret
+ − 839 var secret_hash = hex_sha1(secret);
+ − 840 // crypt_key is the actual AES key
+ − 841 var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
+ − 842 }
+ − 843 else
+ − 844 {
+ − 845 var crypt_key = logindata.key_aes;
+ − 846 }
+ − 847
+ − 848 ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 849
+ − 850 // Encrypt the password and username
+ − 851 var userinfo = toJSONString({
+ − 852 username: username,
+ − 853 password: password
+ − 854 });
+ − 855 var crypt_key_ba = hexToByteArray(crypt_key);
+ − 856 userinfo = stringToByteArray(userinfo);
+ − 857
+ − 858 userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 859 userinfo = byteArrayToHex(userinfo);
+ − 860 // Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 861
+ − 862 // Collect other needed information
+ − 863 if ( logindata.captcha_hash )
+ − 864 {
+ − 865 var captcha_hash = logindata.captcha_hash;
+ − 866 var captcha_code = captcha;
+ − 867 }
+ − 868 else
+ − 869 {
+ − 870 var captcha_hash = false;
+ − 871 var captcha_code = false;
+ − 872 }
+ − 873
+ − 874 // Ship it across the 'net
+ − 875 if ( do_dh )
+ − 876 {
+ − 877 var json_packet = {
+ − 878 mode: 'login_dh',
+ − 879 userinfo: userinfo,
+ − 880 captcha_code: captcha_code,
+ − 881 captcha_hash: captcha_hash,
+ − 882 dh_public_key: logindata.key_dh,
+ − 883 dh_client_key: dh_pub,
+ − 884 dh_secret_hash: secret_hash,
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 885 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 886 remember: remember_session
436
+ − 887 }
+ − 888 }
+ − 889 else
+ − 890 {
+ − 891 var json_packet = {
+ − 892 mode: 'login_aes',
+ − 893 userinfo: userinfo,
+ − 894 captcha_code: captcha_code,
+ − 895 captcha_hash: captcha_hash,
+ − 896 key_aes: hex_md5(crypt_key),
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 897 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 898 remember: remember_session
436
+ − 899 }
+ − 900 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 901 }
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 902 catch(e)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 903 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 904 ajaxLoginSetStatus(AJAX_STATUS_ERROR);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 905 console.error('Exception caught in login process; backtrace follows');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 906 console.debug(e);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 907 return false;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 908 }
436
+ − 909 ajaxLoginPerformRequest(json_packet);
+ − 910 }
+ − 911
582
+ − 912 window.ajaxLoginShowFriendlyError = function(response)
436
+ − 913 {
+ − 914 if ( !response.respawn_info )
+ − 915 return false;
+ − 916 if ( !response.error_code )
+ − 917 return false;
+ − 918 var text = ajaxLoginGetErrorText(response);
+ − 919 if ( document.getElementById('ajax_login_error_box') )
+ − 920 {
+ − 921 // console.info('Reusing existing error-box');
+ − 922 document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 923 return true;
+ − 924 }
+ − 925
+ − 926 // console.info('Drawing new error-box');
+ − 927
+ − 928 // calculate position for the top of the box
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 929 var mb_bottom = $dynano('messageBoxButtons').Top() + $dynano('messageBoxButtons').Height();
436
+ − 930 // if the box isn't done flying in yet, just estimate
+ − 931 if ( mb_bottom < ( getHeight() / 2 ) )
+ − 932 {
+ − 933 mb_bottom = ( getHeight() / 2 ) + 120;
+ − 934 }
+ − 935 var win_bottom = getHeight() + getScrollOffset();
+ − 936 var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 937 // left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 938 var left = getWidth() * 0.2;
+ − 939
+ − 940 // create the div
+ − 941 var errbox = document.createElement('div');
+ − 942 errbox.className = 'error-box-mini';
+ − 943 errbox.style.position = 'absolute';
+ − 944 errbox.style.width = '60%';
+ − 945 errbox.style.top = top + 'px';
+ − 946 errbox.style.left = left + 'px';
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 947 errbox.style.zIndex = getHighestZ();
436
+ − 948 errbox.innerHTML = text;
+ − 949 errbox.id = 'ajax_login_error_box';
+ − 950
+ − 951 var body = document.getElementsByTagName('body')[0];
+ − 952 body.appendChild(errbox);
+ − 953 }
+ − 954
582
+ − 955 window.ajaxLoginGetErrorText = function(response)
436
+ − 956 {
+ − 957 switch ( response.error_code )
+ − 958 {
+ − 959 default:
+ − 960 return $lang.get('user_err_' + response.error_code);
+ − 961 break;
+ − 962 case 'locked_out':
+ − 963 if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 964 {
+ − 965 return $lang.get('user_err_locked_out', {
+ − 966 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 967 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 968 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 969 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 970 captcha_blurb: ''
+ − 971 });
+ − 972 break;
+ − 973 }
+ − 974 case 'invalid_credentials':
+ − 975 var base = $lang.get('user_err_invalid_credentials');
+ − 976 if ( response.respawn_info.locked_out )
+ − 977 {
+ − 978 base += ' ';
+ − 979 var captcha_blurb = '';
+ − 980 switch(response.respawn_info.lockout_info.lockout_policy)
+ − 981 {
+ − 982 case 'captcha':
+ − 983 captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 984 break;
+ − 985 case 'lockout':
+ − 986 break;
+ − 987 default:
+ − 988 base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 989 break;
+ − 990 }
+ − 991 base += $lang.get('user_err_locked_out', {
+ − 992 captcha_blurb: captcha_blurb,
+ − 993 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 994 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 995 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 996 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 997 });
+ − 998 }
+ − 999 else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 1000 {
+ − 1001 // if we have a lockout policy of captcha or lockout, then warn the user
+ − 1002 switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 1003 {
+ − 1004 case 'captcha':
+ − 1005 base += $lang.get('user_err_invalid_credentials_lockout', {
+ − 1006 fails: response.respawn_info.lockout_info.lockout_fails,
+ − 1007 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1008 lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 1009 });
+ − 1010 break;
+ − 1011 case 'lockout':
+ − 1012 break;
+ − 1013 }
+ − 1014 }
+ − 1015 return base;
+ − 1016 break;
+ − 1017 }
+ − 1018 }
+ − 1019
585
+ − 1020 window.ajaxShowCaptcha = function(code)
+ − 1021 {
+ − 1022 var mydiv = document.createElement('div');
+ − 1023 mydiv.style.backgroundColor = '#FFFFFF';
+ − 1024 mydiv.style.padding = '10px';
+ − 1025 mydiv.style.position = 'absolute';
+ − 1026 mydiv.style.top = '0px';
+ − 1027 mydiv.id = 'autoCaptcha';
+ − 1028 mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 1029 var img = document.createElement('img');
+ − 1030 img.onload = function()
+ − 1031 {
+ − 1032 if ( this.loaded )
+ − 1033 return true;
+ − 1034 var mydiv = document.getElementById('autoCaptcha');
+ − 1035 var width = getWidth();
+ − 1036 var divw = $dynano(mydiv).Width();
+ − 1037 var left = ( width / 2 ) - ( divw / 2 );
+ − 1038 mydiv.style.left = left + 'px';
+ − 1039 fly_in_top(mydiv, false, true);
+ − 1040 this.loaded = true;
+ − 1041 };
+ − 1042 img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 1043 img.onclick = function() { this.src = this.src + '/a'; };
+ − 1044 img.style.cursor = 'pointer';
+ − 1045 mydiv.appendChild(img);
+ − 1046 domObjChangeOpac(0, mydiv);
+ − 1047 var body = document.getElementsByTagName('body')[0];
+ − 1048 body.appendChild(mydiv);
+ − 1049 }
+ − 1050
582
+ − 1051 window.ajaxInitLogout = function()
+ − 1052 {
779
609e35845ec3
load_component() now accepts an array, and most JS components are loaded all in one request now. Totally modular baby. And failsafe too.
Dan
diff
changeset
+ − 1053 load_component(['messagebox', 'l10n', 'flyin', 'fadefilter']);
582
+ − 1054 var mb = new MessageBox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
+ − 1055 mb.onclick['Yes'] = function()
+ − 1056 {
+ − 1057 window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + title);
+ − 1058 }
+ − 1059 }
+ − 1060
+ − 1061 window.mb_logout = function()
+ − 1062 {
+ − 1063 ajaxInitLogout();
+ − 1064 }
+ − 1065
+ − 1066 window.ajaxStartLogin = function()
+ − 1067 {
+ − 1068 ajaxLogonToMember();
+ − 1069 }
+ − 1070
+ − 1071 window.ajaxStartAdminLogin = function()
+ − 1072 {
+ − 1073 // IE <6 pseudo-compatibility
+ − 1074 if ( KILL_SWITCH )
+ − 1075 return true;
+ − 1076 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1077 {
+ − 1078 ajaxLoginInit(function(k) {
+ − 1079 ENANO_SID = k;
+ − 1080 auth_level = USER_LEVEL_ADMIN;
+ − 1081 var loc = makeUrlNS('Special', 'Administration');
+ − 1082 if ( (ENANO_SID + ' ').length > 1 )
+ − 1083 window.location = loc;
+ − 1084 }, USER_LEVEL_ADMIN);
+ − 1085 return false;
+ − 1086 }
+ − 1087 var loc = makeUrlNS('Special', 'Administration');
+ − 1088 window.location = loc;
+ − 1089 }
+ − 1090
+ − 1091 window.ajaxAdminPage = function()
+ − 1092 {
+ − 1093 // IE <6 pseudo-compatibility
+ − 1094 if ( KILL_SWITCH )
+ − 1095 return true;
+ − 1096 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1097 {
+ − 1098 ajaxPromptAdminAuth(function(k) {
+ − 1099 ENANO_SID = k;
+ − 1100 auth_level = USER_LEVEL_ADMIN;
+ − 1101 var loc = String(window.location + '');
+ − 1102 window.location = append_sid(loc);
+ − 1103 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1104 if ( (ENANO_SID + ' ').length > 1 )
+ − 1105 window.location = loc;
+ − 1106 }, 9);
+ − 1107 return false;
+ − 1108 }
+ − 1109 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1110 window.location = loc;
+ − 1111 }
+ − 1112
+ − 1113 var navto_ns;
+ − 1114 var navto_pg;
+ − 1115 var navto_ul;
+ − 1116
+ − 1117 window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 1118 {
+ − 1119 // IE <6 pseudo-compatibility
+ − 1120 if ( KILL_SWITCH )
+ − 1121 return true;
+ − 1122 navto_pg = page_id;
+ − 1123 navto_ns = namespace;
+ − 1124 navto_ul = min_level;
+ − 1125 if ( auth_level < min_level )
+ − 1126 {
+ − 1127 ajaxPromptAdminAuth(function(k) {
+ − 1128 ENANO_SID = k;
+ − 1129 auth_level = navto_ul;
+ − 1130 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1131 if ( (ENANO_SID + ' ').length > 1 )
+ − 1132 window.location = loc;
+ − 1133 }, min_level);
+ − 1134 return false;
+ − 1135 }
+ − 1136 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1137 window.location = loc;
+ − 1138 }
+ − 1139
+ − 1140 window.ajaxAdminUser = function(username)
+ − 1141 {
+ − 1142 // IE <6 pseudo-compatibility
+ − 1143 if ( KILL_SWITCH )
+ − 1144 return true;
+ − 1145 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1146 {
+ − 1147 ajaxPromptAdminAuth(function(k) {
+ − 1148 ENANO_SID = k;
+ − 1149 auth_level = USER_LEVEL_ADMIN;
+ − 1150 var loc = String(window.location + '');
+ − 1151 window.location = append_sid(loc);
+ − 1152 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1153 if ( (ENANO_SID + ' ').length > 1 )
+ − 1154 window.location = loc;
+ − 1155 }, 9);
+ − 1156 return false;
+ − 1157 }
+ − 1158 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1159 window.location = loc;
+ − 1160 }