436
+ − 1
/*
+ − 2
* AJAX-based intelligent login interface
+ − 3
*/
+ − 4
+ − 5
/*
+ − 6
* FRONTEND
+ − 7
*/
+ − 8
+ − 9
/**
+ − 10
* Performs a logon as a regular member.
+ − 11
*/
+ − 12
582
+ − 13
window.ajaxLogonToMember = function()
436
+ − 14
{
+ − 15
// IE <6 pseudo-compatibility
+ − 16
if ( KILL_SWITCH )
+ − 17
return true;
+ − 18
if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19
return true;
+ − 20
ajaxLoginInit(function(k)
+ − 21
{
741
+ − 22
if ( on_main_page )
+ − 23
{
+ − 24
window.location = makeUrl(main_page_members);
+ − 25
}
+ − 26
else
+ − 27
{
+ − 28
window.location.reload();
+ − 29
}
436
+ − 30
}, USER_LEVEL_MEMBER);
+ − 31
}
+ − 32
+ − 33
/**
+ − 34
* Authenticates to the highest level the current user is allowed to go to.
+ − 35
*/
+ − 36
582
+ − 37
window.ajaxLogonToElev = function()
436
+ − 38
{
+ − 39
if ( auth_level == user_level )
+ − 40
return true;
+ − 41
+ − 42
ajaxLoginInit(function(k)
+ − 43
{
+ − 44
ENANO_SID = k;
+ − 45
var url = String(' ' + window.location).substr(1);
+ − 46
url = append_sid(url);
+ − 47
window.location = url;
+ − 48
}, user_level);
+ − 49
}
+ − 50
+ − 51
/*
+ − 52
* BACKEND
+ − 53
*/
+ − 54
+ − 55
/**
+ − 56
* Holding object for various AJAX authentication information.
+ − 57
* @var object
+ − 58
*/
+ − 59
+ − 60
var logindata = {};
+ − 61
+ − 62
/**
+ − 63
* Path to the image used to indicate loading progress
+ − 64
* @var string
+ − 65
*/
+ − 66
+ − 67
if ( !ajax_login_loadimg_path )
+ − 68
var ajax_login_loadimg_path = false;
+ − 69
+ − 70
if ( !ajax_login_successimg_path )
+ − 71
var ajax_login_successimg_path = false;
+ − 72
+ − 73
/**
+ − 74
* Status variables
+ − 75
* @var int
+ − 76
*/
+ − 77
+ − 78
var AJAX_STATUS_LOADING_KEY = 1;
+ − 79
var AJAX_STATUS_GENERATING_KEY = 2;
+ − 80
var AJAX_STATUS_LOGGING_IN = 3;
+ − 81
var AJAX_STATUS_SUCCESS = 4;
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 82
var AJAX_STATUS_ERROR = 5;
436
+ − 83
var AJAX_STATUS_DESTROY = 65535;
+ − 84
+ − 85
/**
+ − 86
* State constants
+ − 87
* @var int
+ − 88
*/
+ − 89
+ − 90
var AJAX_STATE_EARLY_INIT = 1;
+ − 91
var AJAX_STATE_LOADING_KEY = 2;
+ − 92
+ − 93
/**
+ − 94
* Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 95
* @param function The function that will be called once authentication completes successfully.
+ − 96
* @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 97
*/
+ − 98
582
+ − 99
window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 100
{
779
609e35845ec3
load_component() now accepts an array, and most JS components are loaded all in one request now. Totally modular baby. And failsafe too.
Dan
diff
changeset
+ − 101
load_component(['messagebox', 'flyin', 'jquery', 'jquery-ui', 'l10n', 'crypto']);
582
+ − 102
436
+ − 103
logindata = {};
+ − 104
+ − 105
var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 106
logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 107
+ − 108
logindata.mb_object.onclick['Cancel'] = function()
+ − 109
{
+ − 110
// Hide the error message and captcha
+ − 111
if ( document.getElementById('ajax_login_error_box') )
+ − 112
{
+ − 113
document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 114
}
+ − 115
if ( document.getElementById('autoCaptcha') )
+ − 116
{
+ − 117
var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 118
setTimeout(function() {
+ − 119
var d = document.getElementById('autoCaptcha');
+ − 120
d.parentNode.removeChild(d);
+ − 121
}, to);
+ − 122
}
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 123
// Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 124
ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 125
mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 126
key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 127
key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 128
});
436
+ − 129
};
+ − 130
+ − 131
logindata.mb_object.onbeforeclick['OK'] = function()
+ − 132
{
+ − 133
ajaxLoginSubmitForm();
+ − 134
return true;
+ − 135
}
+ − 136
+ − 137
// Fetch the inner content area
+ − 138
logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 139
+ − 140
// Initialize state
+ − 141
logindata.showing_status = false;
+ − 142
logindata.user_level = user_level;
+ − 143
logindata.successfunc = call_on_finish;
+ − 144
+ − 145
// Build the "loading" window
+ − 146
ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 147
+ − 148
// Request the key
+ − 149
ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 150
}
+ − 151
+ − 152
/**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 153
* For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 154
*/
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 155
582
+ − 156
window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 157
{
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 158
return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 159
}
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 160
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 161
/**
436
+ − 162
* Sets the contents of the AJAX login window to the appropriate status message.
+ − 163
* @param int One of AJAX_STATUS_*
+ − 164
*/
+ − 165
582
+ − 166
window.ajaxLoginSetStatus = function(status)
436
+ − 167
{
+ − 168
if ( !logindata.mb_inner )
+ − 169
return false;
+ − 170
if ( logindata.showing_status )
+ − 171
{
+ − 172
var div = document.getElementById('ajax_login_status');
+ − 173
if ( div )
+ − 174
logindata.mb_inner.removeChild(div);
+ − 175
}
+ − 176
switch(status)
+ − 177
{
+ − 178
case AJAX_STATUS_LOADING_KEY:
+ − 179
+ − 180
// Create the status div
+ − 181
var div = document.createElement('div');
+ − 182
div.id = 'ajax_login_status';
+ − 183
div.style.marginTop = '10px';
+ − 184
div.style.textAlign = 'center';
+ − 185
+ − 186
// The circly ball ajaxy image + status message
+ − 187
var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 188
+ − 189
// Insert the status message
+ − 190
div.appendChild(document.createTextNode(status_msg));
+ − 191
+ − 192
// Append a br or two to space things properly
+ − 193
div.appendChild(document.createElement('br'));
+ − 194
div.appendChild(document.createElement('br'));
+ − 195
+ − 196
var img = document.createElement('img');
+ − 197
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 198
div.appendChild(img);
+ − 199
+ − 200
// Another coupla brs
+ − 201
div.appendChild(document.createElement('br'));
+ − 202
div.appendChild(document.createElement('br'));
+ − 203
+ − 204
// The link to the full login form
+ − 205
var small = document.createElement('small');
+ − 206
small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 207
div.appendChild(small);
+ − 208
+ − 209
// Insert the entire message into the login window
+ − 210
logindata.mb_inner.innerHTML = '';
+ − 211
logindata.mb_inner.appendChild(div);
+ − 212
+ − 213
break;
+ − 214
case AJAX_STATUS_GENERATING_KEY:
+ − 215
+ − 216
// Create the status div
+ − 217
var div = document.createElement('div');
+ − 218
div.id = 'ajax_login_status';
+ − 219
div.style.marginTop = '10px';
+ − 220
div.style.textAlign = 'center';
+ − 221
+ − 222
// The circly ball ajaxy image + status message
+ − 223
var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 224
+ − 225
// Insert the status message
+ − 226
div.appendChild(document.createTextNode(status_msg));
+ − 227
+ − 228
// Append a br or two to space things properly
+ − 229
div.appendChild(document.createElement('br'));
+ − 230
div.appendChild(document.createElement('br'));
+ − 231
+ − 232
var img = document.createElement('img');
+ − 233
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 234
div.appendChild(img);
+ − 235
+ − 236
// Another coupla brs
+ − 237
div.appendChild(document.createElement('br'));
+ − 238
div.appendChild(document.createElement('br'));
+ − 239
+ − 240
// The link to the full login form
+ − 241
var small = document.createElement('small');
+ − 242
small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 243
div.appendChild(small);
+ − 244
+ − 245
// Insert the entire message into the login window
+ − 246
logindata.mb_inner.innerHTML = '';
+ − 247
logindata.mb_inner.appendChild(div);
+ − 248
+ − 249
break;
+ − 250
case AJAX_STATUS_LOGGING_IN:
+ − 251
+ − 252
// Create the status div
+ − 253
var div = document.createElement('div');
+ − 254
div.id = 'ajax_login_status';
+ − 255
div.style.marginTop = '10px';
+ − 256
div.style.textAlign = 'center';
+ − 257
+ − 258
// The circly ball ajaxy image + status message
+ − 259
var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 260
+ − 261
// Insert the status message
+ − 262
div.appendChild(document.createTextNode(status_msg));
+ − 263
+ − 264
// Append a br or two to space things properly
+ − 265
div.appendChild(document.createElement('br'));
+ − 266
div.appendChild(document.createElement('br'));
+ − 267
+ − 268
var img = document.createElement('img');
+ − 269
img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 270
div.appendChild(img);
+ − 271
+ − 272
// Insert the entire message into the login window
+ − 273
logindata.mb_inner.innerHTML = '';
+ − 274
logindata.mb_inner.appendChild(div);
+ − 275
+ − 276
break;
+ − 277
case AJAX_STATUS_SUCCESS:
+ − 278
+ − 279
// Create the status div
+ − 280
var div = document.createElement('div');
+ − 281
div.id = 'ajax_login_status';
+ − 282
div.style.marginTop = '10px';
+ − 283
div.style.textAlign = 'center';
+ − 284
+ − 285
// The circly ball ajaxy image + status message
+ − 286
var status_msg = $lang.get('user_login_success_short');
+ − 287
+ − 288
// Insert the status message
+ − 289
div.appendChild(document.createTextNode(status_msg));
+ − 290
+ − 291
// Append a br or two to space things properly
+ − 292
div.appendChild(document.createElement('br'));
+ − 293
div.appendChild(document.createElement('br'));
+ − 294
+ − 295
var img = document.createElement('img');
+ − 296
img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 297
div.appendChild(img);
+ − 298
+ − 299
// Insert the entire message into the login window
+ − 300
logindata.mb_inner.innerHTML = '';
+ − 301
logindata.mb_inner.appendChild(div);
+ − 302
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 303
break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 304
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 305
case AJAX_STATUS_ERROR:
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 306
// Create the status div
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 307
var div = document.createElement('div');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 308
div.id = 'ajax_login_status';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 309
div.style.marginTop = '10px';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 310
div.style.textAlign = 'center';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 311
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 312
// The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 313
var status_msg = $lang.get('user_login_ajax_err_crypto');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 314
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 315
// Insert the status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 316
div.appendChild(document.createTextNode(status_msg));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 317
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 318
// Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 319
div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 320
div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 321
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 322
var img = document.createElement('img');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 323
img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 324
div.appendChild(img);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 325
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 326
// Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 327
div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 328
div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 329
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 330
// The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 331
var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 332
var full_link = $lang.get('user_login_ajax_err_crypto_link');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 333
var link = document.createElement('a');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 334
link.href = makeUrlNS('Special', 'Login/' + title);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 335
link.appendChild(document.createTextNode(full_link));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 336
var span = document.createElement('span');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 337
span.style.fontSize = 'smaller';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 338
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 339
// Insert the message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 340
span.appendChild(document.createTextNode(detail_msg + ' '));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 341
span.appendChild(link);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 342
div.appendChild(span);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 343
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 344
// Insert the entire message into the login window
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 345
logindata.mb_inner.innerHTML = '';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 346
logindata.mb_inner.appendChild(div);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 347
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 348
break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 349
436
+ − 350
case AJAX_STATUS_DESTROY:
+ − 351
case null:
+ − 352
case undefined:
+ − 353
logindata.showing_status = false;
+ − 354
return null;
+ − 355
break;
+ − 356
}
+ − 357
logindata.showing_status = true;
+ − 358
}
+ − 359
+ − 360
/**
+ − 361
* Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 362
* @param object JSON packet to send
+ − 363
*/
+ − 364
582
+ − 365
window.ajaxLoginPerformRequest = function(json)
436
+ − 366
{
+ − 367
json = toJSONString(json);
+ − 368
json = ajaxEscape(json);
+ − 369
ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function()
+ − 370
{
+ − 371
if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 372
{
+ − 373
// parse response
+ − 374
var response = String(ajax.responseText + '');
651
ce9d78d7251d
Improved JSON validation and error interface when validation fails; made rank manager support custom CSS
Dan
diff
changeset
+ − 375
if ( !check_json_response(response) )
436
+ − 376
{
+ − 377
handle_invalid_json(response);
+ − 378
return false;
+ − 379
}
+ − 380
response = parseJSON(response);
+ − 381
ajaxLoginProcessResponse(response);
+ − 382
}
+ − 383
}, true);
+ − 384
}
+ − 385
+ − 386
/**
+ − 387
* Processes a response from the login server
+ − 388
* @param object JSON response
+ − 389
*/
+ − 390
582
+ − 391
window.ajaxLoginProcessResponse = function(response)
436
+ − 392
{
+ − 393
// Did the server send a plaintext error?
+ − 394
if ( response.mode == 'error' )
+ − 395
{
+ − 396
logindata.mb_object.destroy();
478
+ − 397
var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 398
new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
436
+ − 399
return false;
+ − 400
}
+ − 401
// Main mode switch
+ − 402
switch ( response.mode )
+ − 403
{
+ − 404
case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 405
// Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 406
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 407
// The server wants us to build the login form, all the information is there
+ − 408
ajaxLoginBuildForm(response);
+ − 409
break;
+ − 410
case 'login_success':
+ − 411
ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
+ − 412
logindata.successfunc(response.key);
+ − 413
break;
+ − 414
case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 415
// Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 416
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 417
document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 418
var mb_parent = document.getElementById('messageBox').parentNode;
728
+ − 419
$(mb_parent).effect("shake", {}, 200);
436
+ − 420
setTimeout(function()
+ − 421
{
+ − 422
document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 423
ajaxLoginBuildForm(response.respawn_info);
+ − 424
ajaxLoginShowFriendlyError(response);
+ − 425
}, 2500);
+ − 426
break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 427
case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 428
var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 429
if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 430
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 431
var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 432
window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 433
}
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 434
else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 435
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 436
// treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 437
ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 438
document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 439
var mb_parent = document.getElementById('messageBox').parentNode;
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 440
$(mb_parent).effect("shake", {}, 1500);
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 441
setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 442
{
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 443
document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 444
ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 445
// don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 446
}, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 447
}
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 448
break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 449
case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 450
break;
436
+ − 451
}
+ − 452
}
+ − 453
+ − 454
/*
+ − 455
* RESPONSE HANDLERS
+ − 456
*/
+ − 457
+ − 458
/**
+ − 459
* Builds the login form.
+ − 460
* @param object Metadata to build off of
+ − 461
*/
+ − 462
582
+ − 463
window.ajaxLoginBuildForm = function(data)
436
+ − 464
{
+ − 465
// let's hope this effectively preloads the image...
+ − 466
var _ = document.createElement('img');
+ − 467
_.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 468
+ − 469
var div = document.createElement('div');
+ − 470
div.id = 'ajax_login_form';
+ − 471
+ − 472
var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 473
+ − 474
// text displayed on re-auth
+ − 475
if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 476
{
+ − 477
div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 478
}
+ − 479
+ − 480
// Create the form
+ − 481
var form = document.createElement('form');
+ − 482
form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 483
form.onsubmit = function()
+ − 484
{
+ − 485
ajaxLoginSubmitForm();
+ − 486
return false;
+ − 487
}
460
+ − 488
if ( IE )
+ − 489
{
+ − 490
form.style.marginTop = '-20px';
+ − 491
}
436
+ − 492
+ − 493
// Using tables to wrap form elements because it results in a
+ − 494
// more visually appealing form. Yes, tables suck. I don't really
+ − 495
// care - they make forms look good.
+ − 496
+ − 497
var table = document.createElement('table');
+ − 498
table.style.margin = '0 auto';
+ − 499
+ − 500
// Field - username
+ − 501
var tr1 = document.createElement('tr');
+ − 502
var td1_1 = document.createElement('td');
+ − 503
td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 504
tr1.appendChild(td1_1);
+ − 505
var td1_2 = document.createElement('td');
+ − 506
var f_username = document.createElement('input');
+ − 507
f_username.id = 'ajax_login_field_username';
+ − 508
f_username.name = 'ajax_login_field_username';
+ − 509
f_username.type = 'text';
+ − 510
f_username.size = '25';
+ − 511
if ( data.username )
+ − 512
f_username.value = data.username;
+ − 513
td1_2.appendChild(f_username);
+ − 514
tr1.appendChild(td1_2);
+ − 515
table.appendChild(tr1);
+ − 516
+ − 517
// Field - password
+ − 518
var tr2 = document.createElement('tr');
+ − 519
var td2_1 = document.createElement('td');
+ − 520
td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 521
tr2.appendChild(td2_1);
+ − 522
var td2_2 = document.createElement('td');
+ − 523
var f_password = document.createElement('input');
+ − 524
f_password.id = 'ajax_login_field_password';
+ − 525
f_password.name = 'ajax_login_field_username';
+ − 526
f_password.type = 'password';
+ − 527
f_password.size = '25';
+ − 528
if ( !show_captcha )
+ − 529
{
+ − 530
f_password.onkeyup = function(e)
+ − 531
{
461
+ − 532
if ( !e )
436
+ − 533
e = window.event;
461
+ − 534
if ( !e && IE )
436
+ − 535
return true;
+ − 536
if ( e.keyCode == 13 )
+ − 537
{
+ − 538
ajaxLoginSubmitForm();
+ − 539
}
+ − 540
}
+ − 541
}
+ − 542
td2_2.appendChild(f_password);
+ − 543
tr2.appendChild(td2_2);
+ − 544
table.appendChild(tr2);
+ − 545
+ − 546
// Field - captcha
+ − 547
if ( show_captcha )
+ − 548
{
+ − 549
var tr3 = document.createElement('tr');
+ − 550
var td3_1 = document.createElement('td');
+ − 551
td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 552
tr3.appendChild(td3_1);
+ − 553
var td3_2 = document.createElement('td');
+ − 554
var f_captcha = document.createElement('input');
+ − 555
f_captcha.id = 'ajax_login_field_captcha';
+ − 556
f_captcha.name = 'ajax_login_field_username';
+ − 557
f_captcha.type = 'text';
+ − 558
f_captcha.size = '25';
+ − 559
f_captcha.onkeyup = function(e)
+ − 560
{
+ − 561
if ( !e )
+ − 562
e = window.event;
+ − 563
if ( !e.keyCode )
+ − 564
return true;
+ − 565
if ( e.keyCode == 13 )
+ − 566
{
+ − 567
ajaxLoginSubmitForm();
+ − 568
}
+ − 569
}
+ − 570
td3_2.appendChild(f_captcha);
+ − 571
tr3.appendChild(td3_2);
+ − 572
table.appendChild(tr3);
+ − 573
}
+ − 574
+ − 575
// Done building the main part of the form
+ − 576
form.appendChild(table);
+ − 577
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 578
// Field: remember login
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 579
if ( logindata.user_level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 580
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 581
var lbl_remember = document.createElement('label');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 582
lbl_remember.style.fontSize = 'smaller';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 583
lbl_remember.style.display = 'block';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 584
lbl_remember.style.textAlign = 'center';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 585
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 586
// figure out what text to put in the "remember me" checkbox
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 587
// infinite session length?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 588
if ( data.extended_time == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 589
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 590
// yes, infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 591
var txt_remember = $lang.get('user_login_ajax_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 592
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 593
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 594
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 595
if ( data.extended_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 596
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 597
// number of days is a multiple of 7
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 598
// use weeks as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 599
var sess_time = data.extended_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 600
var unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 601
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 602
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 603
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 604
// use days as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 605
var sess_time = data.extended_time;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 606
var unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 607
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 608
// more than one week or day?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 609
if ( sess_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 610
unit += 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 611
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 612
// assemble the string
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 613
var txt_remember = $lang.get('user_login_ajax_check_remember', {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 614
session_length: sess_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 615
length_units: $lang.get('etc_unit_' + unit)
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 616
});
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 617
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 618
var check_remember = document.createElement('input');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 619
check_remember.type = 'checkbox';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 620
// this onclick attribute changes the cookie whenever the checkbox or label is clicked
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 621
check_remember.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("login_remember", ck, 3650);');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 622
if ( readCookie('login_remember') != 'disable' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 623
check_remember.setAttribute('checked', 'checked');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 624
check_remember.id = 'ajax_login_field_remember';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 625
lbl_remember.appendChild(check_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 626
lbl_remember.innerHTML += ' ' + txt_remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 627
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 628
form.appendChild(lbl_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 629
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 630
436
+ − 631
// Field: enable Diffie Hellman
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 632
if ( IE || is_iPhone )
460
+ − 633
{
+ − 634
var lbl_dh = document.createElement('span');
+ − 635
lbl_dh.style.fontSize = 'smaller';
+ − 636
lbl_dh.style.display = 'block';
+ − 637
lbl_dh.style.textAlign = 'center';
+ − 638
lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 639
form.appendChild(lbl_dh);
+ − 640
}
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 641
else if ( !data.allow_diffiehellman )
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 642
{
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 643
// create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 644
var check_dh = document.createElement('input');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 645
check_dh.type = 'hidden';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 646
check_dh.id = 'ajax_login_field_dh';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 647
form.appendChild(check_dh);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 648
}
460
+ − 649
else
+ − 650
{
+ − 651
var lbl_dh = document.createElement('label');
+ − 652
lbl_dh.style.fontSize = 'smaller';
+ − 653
lbl_dh.style.display = 'block';
+ − 654
lbl_dh.style.textAlign = 'center';
+ − 655
var check_dh = document.createElement('input');
+ − 656
check_dh.type = 'checkbox';
+ − 657
// this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 658
check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 659
if ( readCookie('diffiehellman_login') != 'disable' )
+ − 660
check_dh.setAttribute('checked', 'checked');
+ − 661
check_dh.id = 'ajax_login_field_dh';
+ − 662
lbl_dh.appendChild(check_dh);
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 663
lbl_dh.innerHTML += ' ' + $lang.get('user_login_ajax_check_dh');
460
+ − 664
form.appendChild(lbl_dh);
+ − 665
}
436
+ − 666
460
+ − 667
if ( IE )
+ − 668
{
+ − 669
div.innerHTML += form.outerHTML;
+ − 670
}
+ − 671
else
+ − 672
{
+ − 673
div.appendChild(form);
+ − 674
}
436
+ − 675
+ − 676
// Diagnostic / help links
+ − 677
// (only displayed in login, not in re-auth)
+ − 678
if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 679
{
+ − 680
form.style.marginBottom = '10px';
+ − 681
var links = document.createElement('small');
+ − 682
links.style.display = 'block';
+ − 683
links.style.textAlign = 'center';
+ − 684
links.innerHTML = '';
+ − 685
if ( !show_captcha )
+ − 686
links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 687
// Always shown
+ − 688
links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 689
if ( !show_captcha )
+ − 690
links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 691
div.appendChild(links);
+ − 692
}
+ − 693
+ − 694
// Insert the entire form into the login window
+ − 695
logindata.mb_inner.innerHTML = '';
+ − 696
logindata.mb_inner.appendChild(div);
+ − 697
+ − 698
// Post operations: field focus
460
+ − 699
if ( IE )
+ − 700
{
+ − 701
setTimeout(
+ − 702
function()
+ − 703
{
+ − 704
if ( logindata.loggedin_username )
+ − 705
document.getElementById('ajax_login_field_password').focus();
+ − 706
else
+ − 707
document.getElementById('ajax_login_field_username').focus();
+ − 708
}, 200);
+ − 709
}
436
+ − 710
else
460
+ − 711
{
+ − 712
if ( data.username )
+ − 713
f_password.focus();
+ − 714
else
+ − 715
f_username.focus();
+ − 716
}
436
+ − 717
+ − 718
// Post operations: show captcha window
+ − 719
if ( show_captcha )
+ − 720
ajaxShowCaptcha(show_captcha);
+ − 721
+ − 722
// Post operations: stash encryption keys and All That Jazz(TM)
+ − 723
logindata.key_aes = data.aes_key;
+ − 724
logindata.key_dh = data.dh_public_key;
+ − 725
logindata.captcha_hash = show_captcha;
460
+ − 726
logindata.loggedin_username = data.username
436
+ − 727
+ − 728
// Are we locked out? If so simulate an error and disable the controls
+ − 729
if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 730
{
+ − 731
f_username.setAttribute('disabled', 'disabled');
+ − 732
f_password.setAttribute('disabled', 'disabled');
+ − 733
var fake_packet = {
+ − 734
error_code: 'locked_out',
+ − 735
respawn_info: data
+ − 736
};
+ − 737
ajaxLoginShowFriendlyError(fake_packet);
+ − 738
}
+ − 739
}
+ − 740
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 741
window.ajaxLoginSubmitForm = function(real, username, password, captcha, remember)
436
+ − 742
{
+ − 743
// Perform AES test to make sure it's all working
+ − 744
if ( !aes_self_test() )
+ − 745
{
+ − 746
alert('BUG: AES self-test failed');
+ − 747
login_cache.mb_object.destroy();
+ − 748
return false;
+ − 749
}
+ − 750
// Hide the error message and captcha
+ − 751
if ( document.getElementById('ajax_login_error_box') )
+ − 752
{
+ − 753
document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 754
}
+ − 755
if ( document.getElementById('autoCaptcha') )
+ − 756
{
+ − 757
var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 758
setTimeout(function() {
+ − 759
var d = document.getElementById('autoCaptcha');
+ − 760
d.parentNode.removeChild(d);
+ − 761
}, to);
+ − 762
}
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 763
// "Remember session" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 764
if ( typeof(remember) == 'boolean' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 765
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 766
var remember_session = remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 767
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 768
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 769
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 770
if ( document.getElementById('ajax_login_field_remember') )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 771
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 772
var remember_session = ( document.getElementById('ajax_login_field_remember').checked ) ? true : false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 773
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 774
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 775
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 776
var remember_session = false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 777
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 778
}
436
+ − 779
// Encryption: preprocessor
+ − 780
if ( real )
+ − 781
{
+ − 782
var do_dh = true;
+ − 783
}
+ − 784
else if ( document.getElementById('ajax_login_field_dh') )
+ − 785
{
+ − 786
var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 787
}
+ − 788
else
+ − 789
{
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 790
if ( IE || is_iPhone )
460
+ − 791
{
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 792
// IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 793
// of the login form is there
+ − 794
if ( !document.getElementById('ajax_login_field_username') )
+ − 795
{
+ − 796
return false;
+ − 797
}
+ − 798
}
+ − 799
else
+ − 800
{
+ − 801
// The user probably clicked ok when the form wasn't in there.
+ − 802
return false;
+ − 803
}
436
+ − 804
}
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 805
436
+ − 806
if ( !username )
+ − 807
{
+ − 808
var username = document.getElementById('ajax_login_field_username').value;
+ − 809
}
+ − 810
if ( !password )
+ − 811
{
+ − 812
var password = document.getElementById('ajax_login_field_password').value;
+ − 813
}
+ − 814
if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 815
{
+ − 816
var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 817
}
+ − 818
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 819
try
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 820
{
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 821
436
+ − 822
if ( do_dh )
+ − 823
{
+ − 824
ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 825
if ( !real )
+ − 826
{
+ − 827
// Wait while the browser updates the login window
+ − 828
setTimeout(function()
+ − 829
{
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 830
ajaxLoginSubmitForm(true, username, password, captcha, remember_session);
436
+ − 831
}, 200);
+ − 832
return true;
+ − 833
}
+ − 834
// Perform Diffie Hellman stuff
+ − 835
var dh_priv = dh_gen_private();
+ − 836
var dh_pub = dh_gen_public(dh_priv);
+ − 837
var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 838
// secret_hash is used to verify that the server guesses the correct secret
+ − 839
var secret_hash = hex_sha1(secret);
+ − 840
// crypt_key is the actual AES key
+ − 841
var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
+ − 842
}
+ − 843
else
+ − 844
{
+ − 845
var crypt_key = logindata.key_aes;
+ − 846
}
+ − 847
+ − 848
ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 849
+ − 850
// Encrypt the password and username
+ − 851
var userinfo = toJSONString({
+ − 852
username: username,
+ − 853
password: password
+ − 854
});
+ − 855
var crypt_key_ba = hexToByteArray(crypt_key);
+ − 856
userinfo = stringToByteArray(userinfo);
+ − 857
+ − 858
userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 859
userinfo = byteArrayToHex(userinfo);
+ − 860
// Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 861
+ − 862
// Collect other needed information
+ − 863
if ( logindata.captcha_hash )
+ − 864
{
+ − 865
var captcha_hash = logindata.captcha_hash;
+ − 866
var captcha_code = captcha;
+ − 867
}
+ − 868
else
+ − 869
{
+ − 870
var captcha_hash = false;
+ − 871
var captcha_code = false;
+ − 872
}
+ − 873
+ − 874
// Ship it across the 'net
+ − 875
if ( do_dh )
+ − 876
{
+ − 877
var json_packet = {
+ − 878
mode: 'login_dh',
+ − 879
userinfo: userinfo,
+ − 880
captcha_code: captcha_code,
+ − 881
captcha_hash: captcha_hash,
+ − 882
dh_public_key: logindata.key_dh,
+ − 883
dh_client_key: dh_pub,
+ − 884
dh_secret_hash: secret_hash,
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 885
level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 886
remember: remember_session
436
+ − 887
}
+ − 888
}
+ − 889
else
+ − 890
{
+ − 891
var json_packet = {
+ − 892
mode: 'login_aes',
+ − 893
userinfo: userinfo,
+ − 894
captcha_code: captcha_code,
+ − 895
captcha_hash: captcha_hash,
+ − 896
key_aes: hex_md5(crypt_key),
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 897
level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 898
remember: remember_session
436
+ − 899
}
+ − 900
}
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 901
}
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 902
catch(e)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 903
{
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 904
ajaxLoginSetStatus(AJAX_STATUS_ERROR);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 905
console.error('Exception caught in login process; backtrace follows');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 906
console.debug(e);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 907
return false;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 908
}
436
+ − 909
ajaxLoginPerformRequest(json_packet);
+ − 910
}
+ − 911
582
+ − 912
window.ajaxLoginShowFriendlyError = function(response)
436
+ − 913
{
+ − 914
if ( !response.respawn_info )
+ − 915
return false;
+ − 916
if ( !response.error_code )
+ − 917
return false;
+ − 918
var text = ajaxLoginGetErrorText(response);
+ − 919
if ( document.getElementById('ajax_login_error_box') )
+ − 920
{
+ − 921
// console.info('Reusing existing error-box');
+ − 922
document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 923
return true;
+ − 924
}
+ − 925
+ − 926
// console.info('Drawing new error-box');
+ − 927
+ − 928
// calculate position for the top of the box
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 929
var mb_bottom = $dynano('messageBoxButtons').Top() + $dynano('messageBoxButtons').Height();
436
+ − 930
// if the box isn't done flying in yet, just estimate
+ − 931
if ( mb_bottom < ( getHeight() / 2 ) )
+ − 932
{
+ − 933
mb_bottom = ( getHeight() / 2 ) + 120;
+ − 934
}
+ − 935
var win_bottom = getHeight() + getScrollOffset();
+ − 936
var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 937
// left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 938
var left = getWidth() * 0.2;
+ − 939
+ − 940
// create the div
+ − 941
var errbox = document.createElement('div');
+ − 942
errbox.className = 'error-box-mini';
+ − 943
errbox.style.position = 'absolute';
+ − 944
errbox.style.width = '60%';
+ − 945
errbox.style.top = top + 'px';
+ − 946
errbox.style.left = left + 'px';
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 947
errbox.style.zIndex = getHighestZ();
436
+ − 948
errbox.innerHTML = text;
+ − 949
errbox.id = 'ajax_login_error_box';
+ − 950
+ − 951
var body = document.getElementsByTagName('body')[0];
+ − 952
body.appendChild(errbox);
+ − 953
}
+ − 954
582
+ − 955
window.ajaxLoginGetErrorText = function(response)
436
+ − 956
{
+ − 957
switch ( response.error_code )
+ − 958
{
+ − 959
default:
+ − 960
return $lang.get('user_err_' + response.error_code);
+ − 961
break;
+ − 962
case 'locked_out':
+ − 963
if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 964
{
+ − 965
return $lang.get('user_err_locked_out', {
+ − 966
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 967
lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 968
time_rem: response.respawn_info.lockout_info.time_rem,
+ − 969
plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 970
captcha_blurb: ''
+ − 971
});
+ − 972
break;
+ − 973
}
+ − 974
case 'invalid_credentials':
+ − 975
var base = $lang.get('user_err_invalid_credentials');
+ − 976
if ( response.respawn_info.locked_out )
+ − 977
{
+ − 978
base += ' ';
+ − 979
var captcha_blurb = '';
+ − 980
switch(response.respawn_info.lockout_info.lockout_policy)
+ − 981
{
+ − 982
case 'captcha':
+ − 983
captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 984
break;
+ − 985
case 'lockout':
+ − 986
break;
+ − 987
default:
+ − 988
base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 989
break;
+ − 990
}
+ − 991
base += $lang.get('user_err_locked_out', {
+ − 992
captcha_blurb: captcha_blurb,
+ − 993
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 994
lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 995
time_rem: response.respawn_info.lockout_info.time_rem,
+ − 996
plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 997
});
+ − 998
}
+ − 999
else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 1000
{
+ − 1001
// if we have a lockout policy of captcha or lockout, then warn the user
+ − 1002
switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 1003
{
+ − 1004
case 'captcha':
+ − 1005
base += $lang.get('user_err_invalid_credentials_lockout', {
+ − 1006
fails: response.respawn_info.lockout_info.lockout_fails,
+ − 1007
lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1008
lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 1009
});
+ − 1010
break;
+ − 1011
case 'lockout':
+ − 1012
break;
+ − 1013
}
+ − 1014
}
+ − 1015
return base;
+ − 1016
break;
+ − 1017
}
+ − 1018
}
+ − 1019
585
+ − 1020
window.ajaxShowCaptcha = function(code)
+ − 1021
{
+ − 1022
var mydiv = document.createElement('div');
+ − 1023
mydiv.style.backgroundColor = '#FFFFFF';
+ − 1024
mydiv.style.padding = '10px';
+ − 1025
mydiv.style.position = 'absolute';
+ − 1026
mydiv.style.top = '0px';
+ − 1027
mydiv.id = 'autoCaptcha';
+ − 1028
mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 1029
var img = document.createElement('img');
+ − 1030
img.onload = function()
+ − 1031
{
+ − 1032
if ( this.loaded )
+ − 1033
return true;
+ − 1034
var mydiv = document.getElementById('autoCaptcha');
+ − 1035
var width = getWidth();
+ − 1036
var divw = $dynano(mydiv).Width();
+ − 1037
var left = ( width / 2 ) - ( divw / 2 );
+ − 1038
mydiv.style.left = left + 'px';
+ − 1039
fly_in_top(mydiv, false, true);
+ − 1040
this.loaded = true;
+ − 1041
};
+ − 1042
img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 1043
img.onclick = function() { this.src = this.src + '/a'; };
+ − 1044
img.style.cursor = 'pointer';
+ − 1045
mydiv.appendChild(img);
+ − 1046
domObjChangeOpac(0, mydiv);
+ − 1047
var body = document.getElementsByTagName('body')[0];
+ − 1048
body.appendChild(mydiv);
+ − 1049
}
+ − 1050
582
+ − 1051
window.ajaxInitLogout = function()
+ − 1052
{
779
609e35845ec3
load_component() now accepts an array, and most JS components are loaded all in one request now. Totally modular baby. And failsafe too.
Dan
diff
changeset
+ − 1053
load_component(['messagebox', 'l10n', 'flyin', 'fadefilter']);
582
+ − 1054
var mb = new MessageBox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
+ − 1055
mb.onclick['Yes'] = function()
+ − 1056
{
+ − 1057
window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + title);
+ − 1058
}
+ − 1059
}
+ − 1060
+ − 1061
window.mb_logout = function()
+ − 1062
{
+ − 1063
ajaxInitLogout();
+ − 1064
}
+ − 1065
+ − 1066
window.ajaxStartLogin = function()
+ − 1067
{
+ − 1068
ajaxLogonToMember();
+ − 1069
}
+ − 1070
+ − 1071
window.ajaxStartAdminLogin = function()
+ − 1072
{
+ − 1073
// IE <6 pseudo-compatibility
+ − 1074
if ( KILL_SWITCH )
+ − 1075
return true;
+ − 1076
if ( auth_level < USER_LEVEL_ADMIN )
+ − 1077
{
+ − 1078
ajaxLoginInit(function(k) {
+ − 1079
ENANO_SID = k;
+ − 1080
auth_level = USER_LEVEL_ADMIN;
+ − 1081
var loc = makeUrlNS('Special', 'Administration');
+ − 1082
if ( (ENANO_SID + ' ').length > 1 )
+ − 1083
window.location = loc;
+ − 1084
}, USER_LEVEL_ADMIN);
+ − 1085
return false;
+ − 1086
}
+ − 1087
var loc = makeUrlNS('Special', 'Administration');
+ − 1088
window.location = loc;
+ − 1089
}
+ − 1090
+ − 1091
window.ajaxAdminPage = function()
+ − 1092
{
+ − 1093
// IE <6 pseudo-compatibility
+ − 1094
if ( KILL_SWITCH )
+ − 1095
return true;
+ − 1096
if ( auth_level < USER_LEVEL_ADMIN )
+ − 1097
{
+ − 1098
ajaxPromptAdminAuth(function(k) {
+ − 1099
ENANO_SID = k;
+ − 1100
auth_level = USER_LEVEL_ADMIN;
+ − 1101
var loc = String(window.location + '');
+ − 1102
window.location = append_sid(loc);
+ − 1103
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1104
if ( (ENANO_SID + ' ').length > 1 )
+ − 1105
window.location = loc;
+ − 1106
}, 9);
+ − 1107
return false;
+ − 1108
}
+ − 1109
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1110
window.location = loc;
+ − 1111
}
+ − 1112
+ − 1113
var navto_ns;
+ − 1114
var navto_pg;
+ − 1115
var navto_ul;
+ − 1116
+ − 1117
window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 1118
{
+ − 1119
// IE <6 pseudo-compatibility
+ − 1120
if ( KILL_SWITCH )
+ − 1121
return true;
+ − 1122
navto_pg = page_id;
+ − 1123
navto_ns = namespace;
+ − 1124
navto_ul = min_level;
+ − 1125
if ( auth_level < min_level )
+ − 1126
{
+ − 1127
ajaxPromptAdminAuth(function(k) {
+ − 1128
ENANO_SID = k;
+ − 1129
auth_level = navto_ul;
+ − 1130
var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1131
if ( (ENANO_SID + ' ').length > 1 )
+ − 1132
window.location = loc;
+ − 1133
}, min_level);
+ − 1134
return false;
+ − 1135
}
+ − 1136
var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1137
window.location = loc;
+ − 1138
}
+ − 1139
+ − 1140
window.ajaxAdminUser = function(username)
+ − 1141
{
+ − 1142
// IE <6 pseudo-compatibility
+ − 1143
if ( KILL_SWITCH )
+ − 1144
return true;
+ − 1145
if ( auth_level < USER_LEVEL_ADMIN )
+ − 1146
{
+ − 1147
ajaxPromptAdminAuth(function(k) {
+ − 1148
ENANO_SID = k;
+ − 1149
auth_level = USER_LEVEL_ADMIN;
+ − 1150
var loc = String(window.location + '');
+ − 1151
window.location = append_sid(loc);
+ − 1152
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1153
if ( (ENANO_SID + ' ').length > 1 )
+ − 1154
window.location = loc;
+ − 1155
}, 9);
+ − 1156
return false;
+ − 1157
}
+ − 1158
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1159
window.location = loc;
+ − 1160
}