436
+ − 1 /*
+ − 2 * AJAX-based intelligent login interface
+ − 3 */
+ − 4
+ − 5 /*
+ − 6 * FRONTEND
+ − 7 */
+ − 8
+ − 9 /**
+ − 10 * Performs a logon as a regular member.
+ − 11 */
+ − 12
582
+ − 13 window.ajaxLogonToMember = function()
436
+ − 14 {
+ − 15 // IE <6 pseudo-compatibility
+ − 16 if ( KILL_SWITCH )
+ − 17 return true;
+ − 18 if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19 return true;
+ − 20 ajaxLoginInit(function(k)
+ − 21 {
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 22 if ( on_main_page && main_page_members != physical_title )
741
+ − 23 {
+ − 24 window.location = makeUrl(main_page_members);
+ − 25 }
+ − 26 else
+ − 27 {
+ − 28 window.location.reload();
+ − 29 }
436
+ − 30 }, USER_LEVEL_MEMBER);
+ − 31 }
+ − 32
+ − 33 /**
+ − 34 * Authenticates to the highest level the current user is allowed to go to.
+ − 35 */
+ − 36
582
+ − 37 window.ajaxLogonToElev = function()
436
+ − 38 {
+ − 39 if ( auth_level == user_level )
+ − 40 return true;
+ − 41
+ − 42 ajaxLoginInit(function(k)
+ − 43 {
+ − 44 ENANO_SID = k;
+ − 45 var url = String(' ' + window.location).substr(1);
+ − 46 url = append_sid(url);
+ − 47 window.location = url;
+ − 48 }, user_level);
+ − 49 }
+ − 50
+ − 51 /*
+ − 52 * BACKEND
+ − 53 */
+ − 54
+ − 55 /**
+ − 56 * Holding object for various AJAX authentication information.
+ − 57 * @var object
+ − 58 */
+ − 59
+ − 60 var logindata = {};
+ − 61
+ − 62 /**
+ − 63 * Path to the image used to indicate loading progress
+ − 64 * @var string
+ − 65 */
+ − 66
+ − 67 if ( !ajax_login_loadimg_path )
+ − 68 var ajax_login_loadimg_path = false;
+ − 69
+ − 70 if ( !ajax_login_successimg_path )
+ − 71 var ajax_login_successimg_path = false;
+ − 72
887
+ − 73 if ( !ajax_login_lockimg_path )
+ − 74 var ajax_login_lockimg_path = false;
+ − 75
436
+ − 76 /**
+ − 77 * Status variables
+ − 78 * @var int
+ − 79 */
+ − 80
+ − 81 var AJAX_STATUS_LOADING_KEY = 1;
+ − 82 var AJAX_STATUS_GENERATING_KEY = 2;
+ − 83 var AJAX_STATUS_LOGGING_IN = 3;
+ − 84 var AJAX_STATUS_SUCCESS = 4;
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 85 var AJAX_STATUS_ERROR = 5;
436
+ − 86 var AJAX_STATUS_DESTROY = 65535;
+ − 87
+ − 88 /**
+ − 89 * State constants
+ − 90 * @var int
+ − 91 */
+ − 92
+ − 93 var AJAX_STATE_EARLY_INIT = 1;
+ − 94 var AJAX_STATE_LOADING_KEY = 2;
+ − 95
+ − 96 /**
887
+ − 97 * Switch to decide if DiffieHellman shows a "browser incompatible" error
+ − 98 * @var bool
+ − 99 */
+ − 100
1077
+ − 101 var ajax_login_prevent_dh = ( IE && !IE_8 ) || ( is_iPhone && !is_iPhone_3 );
887
+ − 102
+ − 103 /**
436
+ − 104 * Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 105 * @param function The function that will be called once authentication completes successfully.
+ − 106 * @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 107 */
+ − 108
582
+ − 109 window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 110 {
780
f65e35566b63
A few fixes to the most recently added feature: more efficiency tweaks, tweaked l10n to have beetter fetch-on-demand support to ensure that stubs are never returned
Dan
diff
changeset
+ − 111 load_component(['messagebox', 'flyin', 'fadefilter', 'jquery', 'jquery-ui', 'l10n', 'crypto']);
582
+ − 112
436
+ − 113 logindata = {};
+ − 114
+ − 115 var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 116 logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 117
1132
+ − 118 //
+ − 119 // Cancel function: called when the "Cancel" button is clicked
+ − 120 //
436
+ − 121 logindata.mb_object.onclick['Cancel'] = function()
+ − 122 {
1132
+ − 123 // Hide the error message, if any
+ − 124 $('ajax_login_error_box').remove();
+ − 125 // Hide the captcha, if any
436
+ − 126 if ( document.getElementById('autoCaptcha') )
+ − 127 {
+ − 128 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 129 setTimeout(function() {
+ − 130 var d = document.getElementById('autoCaptcha');
+ − 131 d.parentNode.removeChild(d);
+ − 132 }, to);
+ − 133 }
1132
+ − 134 // Ask the server to delete the encryption key we're using
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 135 ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 136 mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 137 key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 138 key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 139 });
436
+ − 140 };
+ − 141
1132
+ − 142 // Clicking OK will not cause the box to destroy, as this function returns true.
436
+ − 143 logindata.mb_object.onbeforeclick['OK'] = function()
+ − 144 {
1132
+ − 145 // Just call the submitter and let it take care of everything
436
+ − 146 ajaxLoginSubmitForm();
+ − 147 return true;
+ − 148 }
+ − 149
+ − 150 // Fetch the inner content area
+ − 151 logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 152
+ − 153 // Initialize state
+ − 154 logindata.showing_status = false;
+ − 155 logindata.user_level = user_level;
+ − 156 logindata.successfunc = call_on_finish;
+ − 157
+ − 158 // Build the "loading" window
+ − 159 ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 160
+ − 161 // Request the key
+ − 162 ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 163 }
+ − 164
+ − 165 /**
1132
+ − 166 * For compatibility only. Really, folks, it's ajaxLoginInit. If you need a
+ − 167 * mnemonic device, use "two 'in's."
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 168 */
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 169
582
+ − 170 window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 171 {
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 172 return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 173 }
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 174
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 175 /**
436
+ − 176 * Sets the contents of the AJAX login window to the appropriate status message.
1132
+ − 177 * @param int One of AJAX_STATUS_* constants
436
+ − 178 */
+ − 179
582
+ − 180 window.ajaxLoginSetStatus = function(status)
436
+ − 181 {
+ − 182 if ( !logindata.mb_inner )
+ − 183 return false;
+ − 184 if ( logindata.showing_status )
+ − 185 {
+ − 186 var div = document.getElementById('ajax_login_status');
+ − 187 if ( div )
+ − 188 logindata.mb_inner.removeChild(div);
+ − 189 }
+ − 190 switch(status)
+ − 191 {
+ − 192 case AJAX_STATUS_LOADING_KEY:
+ − 193
+ − 194 // Create the status div
+ − 195 var div = document.createElement('div');
+ − 196 div.id = 'ajax_login_status';
+ − 197 div.style.marginTop = '10px';
+ − 198 div.style.textAlign = 'center';
+ − 199
+ − 200 // The circly ball ajaxy image + status message
+ − 201 var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 202
+ − 203 // Insert the status message
+ − 204 div.appendChild(document.createTextNode(status_msg));
+ − 205
+ − 206 // Append a br or two to space things properly
+ − 207 div.appendChild(document.createElement('br'));
+ − 208 div.appendChild(document.createElement('br'));
+ − 209
+ − 210 var img = document.createElement('img');
+ − 211 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 212 div.appendChild(img);
+ − 213
+ − 214 // Another coupla brs
+ − 215 div.appendChild(document.createElement('br'));
+ − 216 div.appendChild(document.createElement('br'));
+ − 217
+ − 218 // The link to the full login form
+ − 219 var small = document.createElement('small');
+ − 220 small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 221 div.appendChild(small);
+ − 222
+ − 223 // Insert the entire message into the login window
+ − 224 logindata.mb_inner.innerHTML = '';
+ − 225 logindata.mb_inner.appendChild(div);
+ − 226
+ − 227 break;
+ − 228 case AJAX_STATUS_GENERATING_KEY:
+ − 229
+ − 230 // Create the status div
+ − 231 var div = document.createElement('div');
+ − 232 div.id = 'ajax_login_status';
+ − 233 div.style.marginTop = '10px';
+ − 234 div.style.textAlign = 'center';
+ − 235
+ − 236 // The circly ball ajaxy image + status message
+ − 237 var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 238
+ − 239 // Insert the status message
+ − 240 div.appendChild(document.createTextNode(status_msg));
+ − 241
+ − 242 // Append a br or two to space things properly
+ − 243 div.appendChild(document.createElement('br'));
+ − 244 div.appendChild(document.createElement('br'));
+ − 245
+ − 246 var img = document.createElement('img');
887
+ − 247 img.src = ( ajax_login_lockimg_path ) ? ajax_login_lockimg_path : scriptPath + '/images/lock48.png';
436
+ − 248 div.appendChild(img);
+ − 249
+ − 250 // Another coupla brs
+ − 251 div.appendChild(document.createElement('br'));
+ − 252 div.appendChild(document.createElement('br'));
+ − 253
+ − 254 // The link to the full login form
+ − 255 var small = document.createElement('small');
+ − 256 small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 257 div.appendChild(small);
+ − 258
+ − 259 // Insert the entire message into the login window
+ − 260 logindata.mb_inner.innerHTML = '';
+ − 261 logindata.mb_inner.appendChild(div);
+ − 262
+ − 263 break;
+ − 264 case AJAX_STATUS_LOGGING_IN:
+ − 265
+ − 266 // Create the status div
+ − 267 var div = document.createElement('div');
+ − 268 div.id = 'ajax_login_status';
+ − 269 div.style.marginTop = '10px';
+ − 270 div.style.textAlign = 'center';
+ − 271
+ − 272 // The circly ball ajaxy image + status message
+ − 273 var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 274
+ − 275 // Insert the status message
+ − 276 div.appendChild(document.createTextNode(status_msg));
+ − 277
+ − 278 // Append a br or two to space things properly
+ − 279 div.appendChild(document.createElement('br'));
+ − 280 div.appendChild(document.createElement('br'));
+ − 281
+ − 282 var img = document.createElement('img');
+ − 283 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 284 div.appendChild(img);
+ − 285
+ − 286 // Insert the entire message into the login window
+ − 287 logindata.mb_inner.innerHTML = '';
+ − 288 logindata.mb_inner.appendChild(div);
+ − 289
+ − 290 break;
+ − 291 case AJAX_STATUS_SUCCESS:
+ − 292
+ − 293 // Create the status div
+ − 294 var div = document.createElement('div');
+ − 295 div.id = 'ajax_login_status';
+ − 296 div.style.marginTop = '10px';
+ − 297 div.style.textAlign = 'center';
+ − 298
+ − 299 // The circly ball ajaxy image + status message
+ − 300 var status_msg = $lang.get('user_login_success_short');
+ − 301
+ − 302 // Insert the status message
+ − 303 div.appendChild(document.createTextNode(status_msg));
+ − 304
+ − 305 // Append a br or two to space things properly
+ − 306 div.appendChild(document.createElement('br'));
+ − 307 div.appendChild(document.createElement('br'));
+ − 308
+ − 309 var img = document.createElement('img');
+ − 310 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 311 div.appendChild(img);
+ − 312
+ − 313 // Insert the entire message into the login window
+ − 314 logindata.mb_inner.innerHTML = '';
+ − 315 logindata.mb_inner.appendChild(div);
+ − 316
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 317 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 318
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 319 case AJAX_STATUS_ERROR:
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 320 // Create the status div
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 321 var div = document.createElement('div');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 322 div.id = 'ajax_login_status';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 323 div.style.marginTop = '10px';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 324 div.style.textAlign = 'center';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 325
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 326 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 327 var status_msg = $lang.get('user_login_ajax_err_crypto');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 328
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 329 // Insert the status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 330 div.appendChild(document.createTextNode(status_msg));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 331
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 332 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 333 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 334 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 335
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 336 var img = document.createElement('img');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 337 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 338 div.appendChild(img);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 339
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 340 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 341 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 342 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 343
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 344 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 345 var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 346 var full_link = $lang.get('user_login_ajax_err_crypto_link');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 347 var link = document.createElement('a');
1077
+ − 348 link.href = makeUrlNS('Special', 'Login/' + title, 'level=' + logindata.user_level, true);
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 349 link.appendChild(document.createTextNode(full_link));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 350 var span = document.createElement('span');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 351 span.style.fontSize = 'smaller';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 352
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 353 // Insert the message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 354 span.appendChild(document.createTextNode(detail_msg + ' '));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 355 span.appendChild(link);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 356 div.appendChild(span);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 357
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 358 // Insert the entire message into the login window
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 359 logindata.mb_inner.innerHTML = '';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 360 logindata.mb_inner.appendChild(div);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 361
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 362 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 363
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 364 default:
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 365 eval(setHook('login_set_status'));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 366 break;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 367
436
+ − 368 case AJAX_STATUS_DESTROY:
+ − 369 case null:
+ − 370 case undefined:
+ − 371 logindata.showing_status = false;
1132
+ − 372 return;
436
+ − 373 break;
+ − 374 }
+ − 375 logindata.showing_status = true;
+ − 376 }
+ − 377
+ − 378 /**
+ − 379 * Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 380 * @param object JSON packet to send
1132
+ − 381 * @param function Optional function to call on the response as well.
436
+ − 382 */
+ − 383
1001
+ − 384 window.ajaxLoginPerformRequest = function(json, _hookfunc)
436
+ − 385 {
+ − 386 json = toJSONString(json);
+ − 387 json = ajaxEscape(json);
1001
+ − 388 var hookfunc = typeof(_hookfunc) == 'function' ? _hookfunc : false;
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 389 ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function(ajax)
436
+ − 390 {
+ − 391 if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 392 {
+ − 393 // parse response
+ − 394 var response = String(ajax.responseText + '');
651
ce9d78d7251d
Improved JSON validation and error interface when validation fails; made rank manager support custom CSS
Dan
diff
changeset
+ − 395 if ( !check_json_response(response) )
436
+ − 396 {
+ − 397 handle_invalid_json(response);
+ − 398 return false;
+ − 399 }
+ − 400 response = parseJSON(response);
1001
+ − 401 ajaxLoginProcessResponse(response, hookfunc);
436
+ − 402 }
+ − 403 }, true);
+ − 404 }
+ − 405
+ − 406 /**
+ − 407 * Processes a response from the login server
+ − 408 * @param object JSON response
+ − 409 */
+ − 410
1001
+ − 411 window.ajaxLoginProcessResponse = function(response, hookfunc)
436
+ − 412 {
+ − 413 // Did the server send a plaintext error?
+ − 414 if ( response.mode == 'error' )
+ − 415 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 416 if ( logindata.mb_object )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 417 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 418 logindata.mb_object.destroy();
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 419 var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 420 new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 421 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 422 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 423 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 424 alert(response.error);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 425 }
436
+ − 426 return false;
+ − 427 }
1132
+ − 428
436
+ − 429 // Main mode switch
+ − 430 switch ( response.mode )
+ − 431 {
1132
+ − 432 case 'initial':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 433 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 434 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
1132
+ − 435 // show any errors
+ − 436 ajaxLoginShowFriendlyError(response);
436
+ − 437 // The server wants us to build the login form, all the information is there
+ − 438 ajaxLoginBuildForm(response);
+ − 439 break;
+ − 440 case 'login_success':
+ − 441 ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
1001
+ − 442 logindata.successfunc(response.key, response);
436
+ − 443 break;
1132
+ − 444 case 'reset_pass_used':
+ − 445 // We logged in with a temporary password. Prompt the user to go to the temp password page and
+ − 446 // reset their real password. If they click no, treat it as a login failure, as no session key
+ − 447 // is actually issued when this type of login is performed.
+ − 448
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 449 var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 450 if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 451 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 452 var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 453 window.location = url;
1132
+ − 454 break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 455 }
1132
+ − 456 // else, treat as a failure
+ − 457 default:
+ − 458 // Rid ourselves of any loading windows
+ − 459 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
+ − 460 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 461 var mb_parent = document.getElementById('messageBox').parentNode;
+ − 462 $(mb_parent).effect("shake", {}, 200);
+ − 463 setTimeout(function()
+ − 464 {
+ − 465 document.getElementById('messageBox').style.backgroundColor = '#FFF';
+ − 466 console.debug(response);
+ − 467 ajaxLoginShowFriendlyError(response);
+ − 468 ajaxLoginBuildForm(response);
+ − 469 }, 2500);
+ − 470
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 471 break;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 472 case 'logout_success':
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 473 if ( ENANO_SID )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 474 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 475 ajaxLoginReplaceSIDInline(false, ENANO_SID, USER_LEVEL_MEMBER);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 476 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 477 break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 478 case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 479 break;
436
+ − 480 }
1001
+ − 481 if ( hookfunc )
+ − 482 {
+ − 483 hookfunc(response);
+ − 484 }
436
+ − 485 }
+ − 486
+ − 487 /*
+ − 488 * RESPONSE HANDLERS
+ − 489 */
+ − 490
+ − 491 /**
+ − 492 * Builds the login form.
+ − 493 * @param object Metadata to build off of
+ − 494 */
+ − 495
582
+ − 496 window.ajaxLoginBuildForm = function(data)
436
+ − 497 {
+ − 498 // let's hope this effectively preloads the image...
887
+ − 499 var _1 = document.createElement('img');
+ − 500 _1.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 501 var _2 = document.createElement('img');
+ − 502 _2.src = ( ajax_login_lockimg_path ) ? ajax_login_lockimg_path : scriptPath + '/images/lock48.png';
436
+ − 503
+ − 504 var div = document.createElement('div');
+ − 505 div.id = 'ajax_login_form';
+ − 506
1132
+ − 507 var show_captcha = ( data.lockout.active && data.lockout.policy == 'captcha' ) ? data.lockout.captcha : false;
436
+ − 508
+ − 509 // text displayed on re-auth
+ − 510 if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 511 {
+ − 512 div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 513 }
+ − 514
+ − 515 // Create the form
+ − 516 var form = document.createElement('form');
+ − 517 form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 518 form.onsubmit = function()
+ − 519 {
+ − 520 ajaxLoginSubmitForm();
+ − 521 return false;
+ − 522 }
460
+ − 523 if ( IE )
+ − 524 {
+ − 525 form.style.marginTop = '-20px';
+ − 526 }
436
+ − 527
+ − 528 // Using tables to wrap form elements because it results in a
+ − 529 // more visually appealing form. Yes, tables suck. I don't really
+ − 530 // care - they make forms look good.
+ − 531
+ − 532 var table = document.createElement('table');
+ − 533 table.style.margin = '0 auto';
+ − 534
+ − 535 // Field - username
+ − 536 var tr1 = document.createElement('tr');
+ − 537 var td1_1 = document.createElement('td');
+ − 538 td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 539 tr1.appendChild(td1_1);
+ − 540 var td1_2 = document.createElement('td');
+ − 541 var f_username = document.createElement('input');
+ − 542 f_username.id = 'ajax_login_field_username';
+ − 543 f_username.name = 'ajax_login_field_username';
+ − 544 f_username.type = 'text';
+ − 545 f_username.size = '25';
+ − 546 if ( data.username )
+ − 547 f_username.value = data.username;
+ − 548 td1_2.appendChild(f_username);
+ − 549 tr1.appendChild(td1_2);
+ − 550 table.appendChild(tr1);
+ − 551
+ − 552 // Field - password
+ − 553 var tr2 = document.createElement('tr');
+ − 554 var td2_1 = document.createElement('td');
+ − 555 td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 556 tr2.appendChild(td2_1);
+ − 557 var td2_2 = document.createElement('td');
+ − 558 var f_password = document.createElement('input');
+ − 559 f_password.id = 'ajax_login_field_password';
+ − 560 f_password.name = 'ajax_login_field_username';
+ − 561 f_password.type = 'password';
+ − 562 f_password.size = '25';
+ − 563 if ( !show_captcha )
+ − 564 {
+ − 565 f_password.onkeyup = function(e)
+ − 566 {
461
+ − 567 if ( !e )
436
+ − 568 e = window.event;
461
+ − 569 if ( !e && IE )
436
+ − 570 return true;
+ − 571 if ( e.keyCode == 13 )
+ − 572 {
+ − 573 ajaxLoginSubmitForm();
+ − 574 }
+ − 575 }
+ − 576 }
+ − 577 td2_2.appendChild(f_password);
+ − 578 tr2.appendChild(td2_2);
+ − 579 table.appendChild(tr2);
+ − 580
+ − 581 // Field - captcha
+ − 582 if ( show_captcha )
+ − 583 {
+ − 584 var tr3 = document.createElement('tr');
+ − 585 var td3_1 = document.createElement('td');
+ − 586 td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 587 tr3.appendChild(td3_1);
+ − 588 var td3_2 = document.createElement('td');
+ − 589 var f_captcha = document.createElement('input');
+ − 590 f_captcha.id = 'ajax_login_field_captcha';
+ − 591 f_captcha.name = 'ajax_login_field_username';
+ − 592 f_captcha.type = 'text';
+ − 593 f_captcha.size = '25';
+ − 594 f_captcha.onkeyup = function(e)
+ − 595 {
+ − 596 if ( !e )
+ − 597 e = window.event;
+ − 598 if ( !e.keyCode )
+ − 599 return true;
+ − 600 if ( e.keyCode == 13 )
+ − 601 {
+ − 602 ajaxLoginSubmitForm();
+ − 603 }
+ − 604 }
+ − 605 td3_2.appendChild(f_captcha);
+ − 606 tr3.appendChild(td3_2);
+ − 607 table.appendChild(tr3);
+ − 608 }
+ − 609
1132
+ − 610 // ok, this is a compatibility hack
+ − 611 data.locked_out = { locked_out: data.lockout.active };
+ − 612
+ − 613 // hook for the login form
+ − 614 eval(setHook('login_build_form'));
+ − 615
+ − 616 delete(data.locked_out);
+ − 617
436
+ − 618 // Done building the main part of the form
+ − 619 form.appendChild(table);
+ − 620
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 621 // Checkbox container
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 622 var boxen = document.createElement('div');
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 623 boxen.style.textAlign = 'center';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 624 boxen.style.padding = '7px 0';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 625
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 626 // Field: remember login
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 627 if ( logindata.user_level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 628 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 629 var lbl_remember = document.createElement('label');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 630 lbl_remember.style.fontSize = 'smaller';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 631 lbl_remember.style.textAlign = 'center';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 632
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 633 // figure out what text to put in the "remember me" checkbox
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 634 // infinite session length?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 635 if ( data.extended_time == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 636 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 637 // yes, infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 638 var txt_remember = $lang.get('user_login_ajax_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 639 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 640 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 641 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 642 if ( data.extended_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 643 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 644 // number of days is a multiple of 7
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 645 // use weeks as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 646 var sess_time = data.extended_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 647 var unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 648 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 649 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 650 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 651 // use days as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 652 var sess_time = data.extended_time;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 653 var unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 654 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 655 // more than one week or day?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 656 if ( sess_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 657 unit += 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 658
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 659 // assemble the string
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 660 var txt_remember = $lang.get('user_login_ajax_check_remember', {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 661 session_length: sess_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 662 length_units: $lang.get('etc_unit_' + unit)
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 663 });
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 664 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 665 var check_remember = document.createElement('input');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 666 check_remember.type = 'checkbox';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 667 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 668 check_remember.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("login_remember", ck, 3650);');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 669 if ( readCookie('login_remember') != 'disable' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 670 check_remember.setAttribute('checked', 'checked');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 671 check_remember.id = 'ajax_login_field_remember';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 672 lbl_remember.appendChild(check_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 673 lbl_remember.innerHTML += ' ' + txt_remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 674
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 675 boxen.appendChild(lbl_remember);
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 676 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 677
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 678 var bullet = document.createElement('span');
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 679 bullet.innerHTML = ' ';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 680 bullet.style.fontSize = '12pt';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 681 bullet.style.borderRight = '1px solid #aaa';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 682 bullet.style.margin = '0 6px 0 4px';
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 683
436
+ − 684 // Field: enable Diffie Hellman
887
+ − 685 if ( ajax_login_prevent_dh )
460
+ − 686 {
1076
+ − 687 if ( logindata.user_level <= USER_LEVEL_MEMBER )
+ − 688 // only show this if both checkboxes are visible
+ − 689 boxen.appendChild(bullet);
+ − 690
460
+ − 691 var lbl_dh = document.createElement('span');
+ − 692 lbl_dh.style.fontSize = 'smaller';
+ − 693 lbl_dh.style.textAlign = 'center';
+ − 694 lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 695 boxen.appendChild(lbl_dh);
460
+ − 696 }
1132
+ − 697 else if ( !data.crypto.dh_enable )
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 698 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 699 // create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 700 var check_dh = document.createElement('input');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 701 check_dh.type = 'hidden';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 702 check_dh.id = 'ajax_login_field_dh';
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 703 boxen.appendChild(check_dh);
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 704 }
460
+ − 705 else
+ − 706 {
1076
+ − 707 if ( logindata.user_level <= USER_LEVEL_MEMBER )
+ − 708 // only show this if both checkboxes are visible
+ − 709 boxen.appendChild(bullet);
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 710
460
+ − 711 var lbl_dh = document.createElement('label');
+ − 712 lbl_dh.style.fontSize = 'smaller';
+ − 713 lbl_dh.style.textAlign = 'center';
+ − 714 var check_dh = document.createElement('input');
+ − 715 check_dh.type = 'checkbox';
+ − 716 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 717 check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 718 if ( readCookie('diffiehellman_login') != 'disable' )
+ − 719 check_dh.setAttribute('checked', 'checked');
+ − 720 check_dh.id = 'ajax_login_field_dh';
+ − 721 lbl_dh.appendChild(check_dh);
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 722 lbl_dh.innerHTML += ' ' + $lang.get('user_login_ajax_check_dh');
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 723 boxen.appendChild(lbl_dh);
460
+ − 724 }
436
+ − 725
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 726 form.appendChild(boxen);
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 727
460
+ − 728 if ( IE )
+ − 729 {
+ − 730 div.innerHTML += form.outerHTML;
+ − 731 }
+ − 732 else
+ − 733 {
+ − 734 div.appendChild(form);
+ − 735 }
436
+ − 736
+ − 737 // Diagnostic / help links
+ − 738 // (only displayed in login, not in re-auth)
+ − 739 if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 740 {
+ − 741 var links = document.createElement('small');
+ − 742 links.style.display = 'block';
+ − 743 links.style.textAlign = 'center';
+ − 744 links.innerHTML = '';
+ − 745 if ( !show_captcha )
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 746 links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + ' • ';
436
+ − 747 // Always shown
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 748 links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + ' • ';
436
+ − 749 if ( !show_captcha )
1075
f4b89aa4226d
Some changes to AJAX login interface, made it a bit more compact with less language, with some Enanium specific modifications to the same.
Dan
diff
changeset
+ − 750 links.innerHTML += $lang.get('user_login_ajax_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
436
+ − 751 div.appendChild(links);
+ − 752 }
+ − 753
+ − 754 // Insert the entire form into the login window
+ − 755 logindata.mb_inner.innerHTML = '';
+ − 756 logindata.mb_inner.appendChild(div);
+ − 757
+ − 758 // Post operations: field focus
816
+ − 759 setTimeout(
+ − 760 function()
+ − 761 {
+ − 762 if ( logindata.loggedin_username )
+ − 763 document.getElementById('ajax_login_field_password').focus();
+ − 764 else
+ − 765 document.getElementById('ajax_login_field_username').focus();
+ − 766 }, 750);
436
+ − 767
+ − 768 // Post operations: show captcha window
+ − 769 if ( show_captcha )
1132
+ − 770 {
436
+ − 771 ajaxShowCaptcha(show_captcha);
1132
+ − 772 }
436
+ − 773
+ − 774 // Post operations: stash encryption keys and All That Jazz(TM)
1136
+ − 775 logindata.key_aes = data.crypto.aes_key;
1132
+ − 776 logindata.key_dh = data.crypto.dh_public_key;
436
+ − 777 logindata.captcha_hash = show_captcha;
1132
+ − 778 logindata.loggedin_username = data.username;
436
+ − 779
1132
+ − 780 // If policy is lockout, also disable controls
+ − 781 if ( data.lockout.policy == 'lockout' && data.lockout.active )
436
+ − 782 {
+ − 783 f_username.setAttribute('disabled', 'disabled');
+ − 784 f_password.setAttribute('disabled', 'disabled');
+ − 785 }
+ − 786 }
+ − 787
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 788 window.ajaxLoginSubmitForm = function(real, username, password, captcha, remember)
436
+ − 789 {
+ − 790 // Perform AES test to make sure it's all working
+ − 791 if ( !aes_self_test() )
+ − 792 {
+ − 793 alert('BUG: AES self-test failed');
+ − 794 login_cache.mb_object.destroy();
+ − 795 return false;
+ − 796 }
+ − 797 // Hide the error message and captcha
+ − 798 if ( document.getElementById('ajax_login_error_box') )
+ − 799 {
+ − 800 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 801 }
+ − 802 if ( document.getElementById('autoCaptcha') )
+ − 803 {
+ − 804 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 805 setTimeout(function() {
+ − 806 var d = document.getElementById('autoCaptcha');
+ − 807 d.parentNode.removeChild(d);
+ − 808 }, to);
+ − 809 }
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 810 // "Remember session" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 811 if ( typeof(remember) == 'boolean' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 812 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 813 var remember_session = remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 814 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 815 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 816 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 817 if ( document.getElementById('ajax_login_field_remember') )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 818 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 819 var remember_session = ( document.getElementById('ajax_login_field_remember').checked ) ? true : false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 820 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 821 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 822 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 823 var remember_session = false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 824 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 825 }
436
+ − 826 // Encryption: preprocessor
+ − 827 if ( real )
+ − 828 {
+ − 829 var do_dh = true;
+ − 830 }
+ − 831 else if ( document.getElementById('ajax_login_field_dh') )
+ − 832 {
+ − 833 var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 834 }
+ − 835 else
+ − 836 {
887
+ − 837 if ( ajax_login_prevent_dh )
460
+ − 838 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 839 // IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 840 // of the login form is there
+ − 841 if ( !document.getElementById('ajax_login_field_username') )
+ − 842 {
+ − 843 return false;
+ − 844 }
+ − 845 }
+ − 846 else
+ − 847 {
+ − 848 // The user probably clicked ok when the form wasn't in there.
+ − 849 return false;
+ − 850 }
436
+ − 851 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 852
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 853 if ( typeof(username) != 'string' )
436
+ − 854 {
+ − 855 var username = document.getElementById('ajax_login_field_username').value;
+ − 856 }
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 857 if ( typeof(password) != 'string' )
436
+ − 858 {
+ − 859 var password = document.getElementById('ajax_login_field_password').value;
+ − 860 }
+ − 861 if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 862 {
+ − 863 var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 864 }
+ − 865
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 866 // Only run early submit hook once
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 867 if ( !window.logindata.early_submit_run )
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 868 eval(setHook('login_submit_early'));
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 869
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 870 window.logindata.early_submit_run = true;
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 871
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 872 try
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 873 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 874
436
+ − 875 if ( do_dh )
+ − 876 {
+ − 877 ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 878 if ( !real )
+ − 879 {
+ − 880 // Wait while the browser updates the login window
+ − 881 setTimeout(function()
+ − 882 {
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 883 ajaxLoginSubmitForm(true, username, password, captcha, remember_session);
887
+ − 884 }, 20);
436
+ − 885 return true;
+ − 886 }
887
+ − 887 var dh_start = (new Date()).getTime();
436
+ − 888 // Perform Diffie Hellman stuff
+ − 889 var dh_priv = dh_gen_private();
+ − 890 var dh_pub = dh_gen_public(dh_priv);
+ − 891 var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 892 // secret_hash is used to verify that the server guesses the correct secret
+ − 893 var secret_hash = hex_sha1(secret);
+ − 894 // crypt_key is the actual AES key
+ − 895 var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
887
+ − 896 var dh_time = (new Date()).getTime() - dh_start;
+ − 897 console.debug("DH: complete, time = %dms", dh_time);
436
+ − 898 }
+ − 899 else
+ − 900 {
+ − 901 var crypt_key = logindata.key_aes;
+ − 902 }
+ − 903
+ − 904 ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 905
+ − 906 // Encrypt the password and username
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 907 var userinfo = {
436
+ − 908 username: username,
+ − 909 password: password
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 910 };
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 911
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 912 eval(setHook('login_build_userinfo'));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 913
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 914 userinfo = toJSONString(userinfo);
436
+ − 915 var crypt_key_ba = hexToByteArray(crypt_key);
+ − 916 userinfo = stringToByteArray(userinfo);
+ − 917
+ − 918 userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 919 userinfo = byteArrayToHex(userinfo);
+ − 920 // Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 921
+ − 922 // Collect other needed information
+ − 923 if ( logindata.captcha_hash )
+ − 924 {
+ − 925 var captcha_hash = logindata.captcha_hash;
+ − 926 var captcha_code = captcha;
+ − 927 }
+ − 928 else
+ − 929 {
+ − 930 var captcha_hash = false;
+ − 931 var captcha_code = false;
+ − 932 }
+ − 933
+ − 934 // Ship it across the 'net
+ − 935 if ( do_dh )
+ − 936 {
+ − 937 var json_packet = {
+ − 938 mode: 'login_dh',
+ − 939 userinfo: userinfo,
+ − 940 captcha_code: captcha_code,
+ − 941 captcha_hash: captcha_hash,
+ − 942 dh_public_key: logindata.key_dh,
+ − 943 dh_client_key: dh_pub,
+ − 944 dh_secret_hash: secret_hash,
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 945 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 946 remember: remember_session
436
+ − 947 }
+ − 948 }
+ − 949 else
+ − 950 {
+ − 951 var json_packet = {
+ − 952 mode: 'login_aes',
+ − 953 userinfo: userinfo,
+ − 954 captcha_code: captcha_code,
+ − 955 captcha_hash: captcha_hash,
+ − 956 key_aes: hex_md5(crypt_key),
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 957 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 958 remember: remember_session
436
+ − 959 }
+ − 960 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 961 }
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 962 catch(e)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 963 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 964 ajaxLoginSetStatus(AJAX_STATUS_ERROR);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 965 console.error('Exception caught in login process; backtrace follows');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 966 console.debug(e);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 967 return false;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 968 }
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 969 // reset this...
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 970 window.logindata.early_submit_run = false;
436
+ − 971 ajaxLoginPerformRequest(json_packet);
+ − 972 }
+ − 973
582
+ − 974 window.ajaxLoginShowFriendlyError = function(response)
436
+ − 975 {
+ − 976 var text = ajaxLoginGetErrorText(response);
1132
+ − 977 if ( text == false )
+ − 978 return true;
+ − 979
436
+ − 980 if ( document.getElementById('ajax_login_error_box') )
+ − 981 {
+ − 982 // console.info('Reusing existing error-box');
+ − 983 document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 984 return true;
+ − 985 }
+ − 986
+ − 987 // console.info('Drawing new error-box');
+ − 988
+ − 989 // calculate position for the top of the box
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 990 var mb_bottom = $dynano('messageBoxButtons').Top() + $dynano('messageBoxButtons').Height();
436
+ − 991 // if the box isn't done flying in yet, just estimate
+ − 992 if ( mb_bottom < ( getHeight() / 2 ) )
+ − 993 {
+ − 994 mb_bottom = ( getHeight() / 2 ) + 120;
+ − 995 }
+ − 996 var win_bottom = getHeight() + getScrollOffset();
+ − 997 var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 998 // left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 999 var left = getWidth() * 0.2;
+ − 1000
+ − 1001 // create the div
+ − 1002 var errbox = document.createElement('div');
+ − 1003 errbox.className = 'error-box-mini';
+ − 1004 errbox.style.position = 'absolute';
+ − 1005 errbox.style.width = '60%';
+ − 1006 errbox.style.top = top + 'px';
+ − 1007 errbox.style.left = left + 'px';
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 1008 errbox.style.zIndex = getHighestZ();
436
+ − 1009 errbox.innerHTML = text;
+ − 1010 errbox.id = 'ajax_login_error_box';
+ − 1011
+ − 1012 var body = document.getElementsByTagName('body')[0];
+ − 1013 body.appendChild(errbox);
+ − 1014 }
+ − 1015
582
+ − 1016 window.ajaxLoginGetErrorText = function(response)
436
+ − 1017 {
1132
+ − 1018 if ( response.lockout )
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1019 {
1132
+ − 1020 // set this pluralality thing
+ − 1021 response.lockout.plural = response.lockout.time_rem == 1 ? '' : $lang.get('meta_plural');
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1022 }
1132
+ − 1023
+ − 1024 if ( response.mode == 'initial' )
436
+ − 1025 {
1132
+ − 1026 // Just showing the box for the first time. If there's an error now, it's based on a preexisting lockout.
+ − 1027 if ( response.lockout.active )
+ − 1028 {
+ − 1029 return $lang.get('user_err_locked_out_initial_' + response.lockout.policy, response.lockout);
+ − 1030 }
+ − 1031 return false;
+ − 1032 }
+ − 1033 else
+ − 1034 {
+ − 1035 // An attempt was made.
+ − 1036 switch(response.mode)
+ − 1037 {
+ − 1038 case 'login_failure':
+ − 1039 // Generic login user error.
+ − 1040 var error = '', x;
+ − 1041 if ( (x = $lang.get(response.error)) != response.error )
+ − 1042 error = x;
+ − 1043 else
+ − 1044 error = $lang.get('user_err_' + response.error);
+ − 1045 if ( response.lockout.active && response.lockout.policy == 'lockout' )
436
+ − 1046 {
1132
+ − 1047 // Lockout enforcement was just activated.
+ − 1048 return $lang.get('user_err_locked_out_initial_' + response.lockout.policy, response.lockout);
+ − 1049 }
+ − 1050 else if ( response.lockout.policy != 'disable' && !response.lockout.active && response.lockout.fails > 0 )
+ − 1051 {
+ − 1052 // Lockout is in a warning state.
+ − 1053 error += ' ' + $lang.get('user_err_invalid_credentials_' + response.lockout.policy, response.lockout);
436
+ − 1054 }
1132
+ − 1055 return error;
+ − 1056 break;
+ − 1057 case 'api_error':
+ − 1058 // Error in the API.
+ − 1059 return $lang.get('user_err_login_generic_title') + ': ' + $lang.get('user_' + response.error.toLowerCase());
+ − 1060 break;
+ − 1061 }
436
+ − 1062 }
1132
+ − 1063
+ − 1064 return typeof(response.error) == 'string' ? response.error : false;
436
+ − 1065 }
+ − 1066
585
+ − 1067 window.ajaxShowCaptcha = function(code)
+ − 1068 {
+ − 1069 var mydiv = document.createElement('div');
+ − 1070 mydiv.style.backgroundColor = '#FFFFFF';
+ − 1071 mydiv.style.padding = '10px';
+ − 1072 mydiv.style.position = 'absolute';
+ − 1073 mydiv.style.top = '0px';
+ − 1074 mydiv.id = 'autoCaptcha';
+ − 1075 mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 1076 var img = document.createElement('img');
+ − 1077 img.onload = function()
+ − 1078 {
+ − 1079 if ( this.loaded )
+ − 1080 return true;
+ − 1081 var mydiv = document.getElementById('autoCaptcha');
+ − 1082 var width = getWidth();
+ − 1083 var divw = $dynano(mydiv).Width();
+ − 1084 var left = ( width / 2 ) - ( divw / 2 );
+ − 1085 mydiv.style.left = left + 'px';
+ − 1086 fly_in_top(mydiv, false, true);
+ − 1087 this.loaded = true;
+ − 1088 };
+ − 1089 img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 1090 img.onclick = function() { this.src = this.src + '/a'; };
+ − 1091 img.style.cursor = 'pointer';
+ − 1092 mydiv.appendChild(img);
+ − 1093 domObjChangeOpac(0, mydiv);
+ − 1094 var body = document.getElementsByTagName('body')[0];
+ − 1095 body.appendChild(mydiv);
+ − 1096 }
+ − 1097
582
+ − 1098 window.ajaxInitLogout = function()
+ − 1099 {
887
+ − 1100 load_component(['messagebox', 'l10n', 'flyin', 'fadefilter', 'jquery', 'jquery-ui']);
+ − 1101
+ − 1102 var title = $lang.get('user_logout_confirm_title');
+ − 1103 var message = ( auth_level > USER_LEVEL_MEMBER ) ? $lang.get('user_logout_confirm_body_nelev') : $lang.get('user_logout_confirm_body_normal');
+ − 1104 var buttons = [];
+ − 1105 buttons.push({
+ − 1106 text: $lang.get('user_logout_confirm_btn_logout'),
+ − 1107 color: 'red',
+ − 1108 style: {
+ − 1109 fontWeight: 'bold'
+ − 1110 },
+ − 1111 onclick: function()
+ − 1112 {
+ − 1113 miniPromptDestroy(this);
+ − 1114 window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + window.title);
+ − 1115 return false;
+ − 1116 }
+ − 1117 });
+ − 1118 if ( auth_level > USER_LEVEL_MEMBER )
+ − 1119 {
+ − 1120 buttons.push({
+ − 1121 text: $lang.get('user_logout_confirm_btn_deauth'),
+ − 1122 color: 'blue',
+ − 1123 onclick: function()
+ − 1124 {
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1125 var mp = miniPromptGetParent(this);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1126 var whitey = whiteOutMiniPrompt(mp);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1127
887
+ − 1128 ajaxLoginPerformRequest({
+ − 1129 mode: 'logout',
+ − 1130 level: auth_level,
+ − 1131 csrf_token: csrf_token
1001
+ − 1132 }, function(response)
+ − 1133 {
+ − 1134 whiteOutReportSuccess(whitey);
+ − 1135 });
887
+ − 1136 return false;
+ − 1137 }
+ − 1138 });
+ − 1139 }
+ − 1140 buttons.push({
+ − 1141 text: $lang.get('etc_cancel'),
+ − 1142 onclick: function()
+ − 1143 {
+ − 1144 miniPromptDestroy(this);
+ − 1145 return false;
+ − 1146 }
+ − 1147 });
+ − 1148
+ − 1149 miniPromptMessage({
+ − 1150 title: title,
+ − 1151 message: message,
+ − 1152 buttons: buttons
+ − 1153 });
582
+ − 1154 }
+ − 1155
+ − 1156 window.mb_logout = function()
+ − 1157 {
+ − 1158 ajaxInitLogout();
+ − 1159 }
+ − 1160
+ − 1161 window.ajaxStartLogin = function()
+ − 1162 {
+ − 1163 ajaxLogonToMember();
+ − 1164 }
+ − 1165
+ − 1166 window.ajaxStartAdminLogin = function()
+ − 1167 {
+ − 1168 // IE <6 pseudo-compatibility
+ − 1169 if ( KILL_SWITCH )
+ − 1170 return true;
+ − 1171 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1172 {
+ − 1173 ajaxLoginInit(function(k) {
+ − 1174 ENANO_SID = k;
+ − 1175 auth_level = USER_LEVEL_ADMIN;
+ − 1176 var loc = makeUrlNS('Special', 'Administration');
+ − 1177 if ( (ENANO_SID + ' ').length > 1 )
+ − 1178 window.location = loc;
+ − 1179 }, USER_LEVEL_ADMIN);
+ − 1180 return false;
+ − 1181 }
+ − 1182 var loc = makeUrlNS('Special', 'Administration');
+ − 1183 window.location = loc;
+ − 1184 }
+ − 1185
+ − 1186 window.ajaxAdminPage = function()
+ − 1187 {
+ − 1188 // IE <6 pseudo-compatibility
+ − 1189 if ( KILL_SWITCH )
+ − 1190 return true;
+ − 1191 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1192 {
+ − 1193 ajaxPromptAdminAuth(function(k) {
+ − 1194 ENANO_SID = k;
+ − 1195 auth_level = USER_LEVEL_ADMIN;
+ − 1196 var loc = String(window.location + '');
+ − 1197 window.location = append_sid(loc);
+ − 1198 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1199 if ( (ENANO_SID + ' ').length > 1 )
+ − 1200 window.location = loc;
+ − 1201 }, 9);
+ − 1202 return false;
+ − 1203 }
+ − 1204 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1205 window.location = loc;
+ − 1206 }
+ − 1207
1098
+ − 1208 window.ajaxLoginNavTo = function(namespace, page_id, min_level, get)
582
+ − 1209 {
+ − 1210 // IE <6 pseudo-compatibility
+ − 1211 if ( KILL_SWITCH )
+ − 1212 return true;
1098
+ − 1213 void(namespace);
+ − 1214 void(page_id);
+ − 1215 get = get || false;
582
+ − 1216 if ( auth_level < min_level )
+ − 1217 {
+ − 1218 ajaxPromptAdminAuth(function(k) {
+ − 1219 ENANO_SID = k;
1098
+ − 1220 auth_level = min_level;
+ − 1221 var loc = makeUrlNS(namespace, page_id, get);
582
+ − 1222 if ( (ENANO_SID + ' ').length > 1 )
+ − 1223 window.location = loc;
+ − 1224 }, min_level);
+ − 1225 return false;
+ − 1226 }
1098
+ − 1227 var loc = makeUrlNS(namespace, page_id, get);
582
+ − 1228 window.location = loc;
+ − 1229 }
+ − 1230
+ − 1231 window.ajaxAdminUser = function(username)
+ − 1232 {
+ − 1233 // IE <6 pseudo-compatibility
+ − 1234 if ( KILL_SWITCH )
+ − 1235 return true;
+ − 1236 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1237 {
+ − 1238 ajaxPromptAdminAuth(function(k) {
+ − 1239 ENANO_SID = k;
+ − 1240 auth_level = USER_LEVEL_ADMIN;
+ − 1241 var loc = String(window.location + '');
+ − 1242 window.location = append_sid(loc);
+ − 1243 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1244 if ( (ENANO_SID + ' ').length > 1 )
+ − 1245 window.location = loc;
+ − 1246 }, 9);
+ − 1247 return false;
+ − 1248 }
+ − 1249 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1250 window.location = loc;
+ − 1251 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1252
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1253 window.ajaxDynamicReauth = function(adminpage, level)
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1254 {
1002
+ − 1255 if ( auth_level < USER_LEVEL_MEMBER )
1001
+ − 1256 {
+ − 1257 ajaxStartLogin();
+ − 1258 return false;
+ − 1259 }
+ − 1260
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1261 var old_sid = ENANO_SID;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1262 var targetpage = adminpage;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1263 if ( !level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1264 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1265 level = USER_LEVEL_ADMIN;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1266 }
1132
+ − 1267
1001
+ − 1268 ajaxLogonInit(function(k, response)
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1269 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1270 ajaxLoginReplaceSIDInline(k, old_sid, level);
1001
+ − 1271 window.user_id = response.user_id;
+ − 1272 window.user_level = response.user_level;
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1273 mb_current_obj.destroy();
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1274 if ( typeof(targetpage) == 'string' )
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1275 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1276 ajaxPage(targetpage);
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1277 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1278 else if ( typeof(targetpage) == 'function' )
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1279 {
887
+ − 1280 targetpage(k);
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1281 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1282 }, level);
883
+ − 1283 if ( typeof(adminpage) == 'string' )
+ − 1284 {
+ − 1285 ajaxLoginShowFriendlyError({
+ − 1286 error_code: 'admin_session_timed_out',
+ − 1287 respawn_info: {}
+ − 1288 });
+ − 1289 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1290 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1291
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1292 window.ajaxRenewSession = function()
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1293 {
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1294 ajaxDynamicReauth(false);
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1295 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1296
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1297 window.ajaxTrashElevSession = function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1298 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1299 load_component(['messagebox', 'fadefilter', 'l10n', 'flyin', 'jquery', 'jquery-ui']);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1300 miniPromptMessage({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1301 title: $lang.get('user_logout_confirm_title_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1302 message: $lang.get('user_logout_confirm_body_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1303 buttons: [
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1304 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1305 text: $lang.get('user_logout_confirm_btn_logout'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1306 color: 'red',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1307 style: {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1308 fontWeight: 'bold'
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1309 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1310 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1311 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1312 ajaxLoginPerformRequest({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1313 mode: 'logout',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1314 level: auth_level,
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1315 csrf_token: csrf_token
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1316 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1317 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1318 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1319 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1320 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1321 text: $lang.get('etc_cancel'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1322 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1323 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1324 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1325 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1326 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1327 ]
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1328 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1329 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1330
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1331 /**
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1332 * Take an SID and patch all internal links on the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1333 * @param string New key. If false, removes keys from the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1334 * @param string Old key. If false, only appends the new SID (more work as it uses DOM, use when dynamically going up to elevated)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1335 * @param int New level, not a huge deal but sets auth_level. Try to specify it as some functions depend on it.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1336 */
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1337
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1338 window.ajaxLoginReplaceSIDInline = function(key, oldkey, level)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1339 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1340 var host = String(window.location.hostname);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1341 var exp = new RegExp('^https?://' + host.replace('.', '\.') + contentPath.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1342 var rexp = new RegExp('^https?://' + host.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1343
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1344 if ( key )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1345 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1346 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1347 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1348 var body = document.getElementsByTagName('body')[0];
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1349 var replace = new RegExp(oldkey, 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1350 body.innerHTML = body.innerHTML.replace(replace, key);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1351 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1352 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1353 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1354 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1355 // append SID to all internal links
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1356 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1357
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1358 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1359 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1360 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1361 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1362 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1363 var newurl = (String(append_sid(links[i].href))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1364 links[i].href = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1365 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1366 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1367
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1368 var forms = document.getElementsByTagName('form');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1369 for ( var i = 0; i < forms.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1370 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1371 if ( forms[i].method.toLowerCase() == 'post' )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1372 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1373 if ( forms[i].action.match(exp, links[i]) )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1374 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1375 var newurl = (String(append_sid(forms[i].action))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1376 forms[i].action = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1377 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1378 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1379 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1380 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1381 if ( !forms[i].auth )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1382 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1383 var auth = document.createElement('input');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1384 auth.type = 'hidden';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1385 auth.name = 'auth';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1386 auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1387 forms[i].appendChild(auth);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1388 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1389 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1390 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1391 forms[i].auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1392 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1393 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1394 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1395 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1396 if ( level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1397 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1398 auth_level = level;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1399 }
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 1400 window.location.hash = '#auth:' + key;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1401 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1402 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1403 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1404 auth_level = USER_LEVEL_MEMBER;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1405 ENANO_SID = false;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1406 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1407 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1408 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1409 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1410 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1411 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1412 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1413 links[i].href = links[i].href.replace(/\?auth=([a-f0-9]+)(&|#|$)/, '$2').replace(/&auth=([a-f0-9]+)/, '').replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1414 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1415 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1416 }
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 1417 window.location.hash = '#auth:false';
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1418 }
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1419 window.stdAjaxPrefix = append_sid(scriptPath + '/ajax.php?title=' + title);
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1420 }