diff -r d8156d18ac58 -r 97ae8e9d5e29 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Thu Sep 27 15:55:37 2007 -0400 +++ b/plugins/SpecialUserFuncs.php Sat Nov 03 07:43:35 2007 -0400 @@ -4,13 +4,13 @@ Plugin URI: http://enanocms.org/ Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences. Author: Dan Fuhry -Version: 1.0.1 +Version: 1.0.2 Author URI: http://enanocms.org/ */ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0 release candidate 2 + * Version 1.0.2 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -90,6 +90,14 @@ \'namespace\'=>\'Special\', \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', )); + + $paths->add_page(Array( + \'name\'=>\'Language exporter\', + \'urlname\'=>\'LangExportJSON\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + '); // function names are IMPORTANT!!! The name pattern is: page__ @@ -100,18 +108,65 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $__login_status; + global $lang; $pubkey = $session->rijndael_genkey(); $challenge = $session->dss_rand(); + $locked_out = false; + // are we locked out? + $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5; + $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; + // convert to minutes + $duration = $duration * 60; + $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; + if ( $policy != 'disable' ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + $timestamp_cutoff = time() - $duration; + $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); + $fails = $db->numrows(); + if ( $fails >= $threshold ) + { + $row = $db->fetchrow(); + $locked_out = true; + $lockdata = array( + 'locked_out' => true, + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy, + 'lockout_last_time' => $row['timestamp'], + 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), + 'captcha' => '' + ); + if ( $policy == 'captcha' ) + { + $lockdata['captcha'] = $session->make_captcha(); + } + } + $db->free_result(); + } + if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) { $username = ( $session->user_logged_in ) ? $session->username : false; $response = Array( 'username' => $username, 'key' => $pubkey, - 'challenge' => $challenge + 'challenge' => $challenge, + 'locked_out' => false ); + + if ( $locked_out ) + { + foreach ( $lockdata as $x => $y ) + { + $response[$x] = $y; + } + unset($x, $y); + } + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); $response = $json->encode($response); echo $response; @@ -135,10 +190,53 @@ $paths->main_page(); $template->header(); echo '
'; - $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.'; + $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short'); if ( isset($_POST['login']) ) { - echo '

'.$__login_status.'

'; + $errstring = $__login_status['error']; + switch($__login_status['error']) + { + case 'key_not_found': + $errstring = $lang->get('user_err_key_not_found'); + break; + case 'key_wrong_length': + $errstring = $lang->get('user_err_key_wrong_length'); + break; + case 'too_big_for_britches': + $errstring = $lang->get('user_err_too_big_for_britches'); + break; + case 'invalid_credentials': + $errstring = $lang->get('user_err_invalid_credentials'); + if ( $__login_status['lockout_policy'] == 'lockout' ) + { + $errstring .= $lang->get('err_invalid_credentials_lockout', array('lockout_fails' => $__login_status['lockout_fails'])); + } + else if ( $__login_status['lockout_policy'] == 'captcha' ) + { + $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('lockout_fails' => $__login_status['lockout_fails'])); + } + break; + case 'backend_fail': + $errstring = $lang->get('user_err_backend_fail'); + break; + case 'locked_out': + $attempts = intval($__login_status['lockout_fails']); + if ( $attempts > $__login_status['lockout_threshold']) + $attempts = $__login_status['lockout_threshold']; + + $server_time = time(); + $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); + if ( $time_rem < 1 ) + $time_rem = $__login_status['lockout_duration']; + + $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural'); + + $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('err_locked_out_captcha_blurb') : ''; + $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem)); + + break; + } + echo '
'.$errstring.'
'; } if ( $p = $paths->getAllParams() ) { @@ -159,18 +257,18 @@ Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can create an account.

'; + echo '

' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '

'; } else { - echo '

You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.

'; + echo '

' . $lang->get('user_login_body_elev') . '

'; } ?> - Username: + get('user_login_field_username'); ?>: /> - - Forgot your password? No problem.
- Maybe you need to create an account.
+ + get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?>
+ get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?>
- Password:
+ + get('user_login_field_password'); ?>: + - + + + get('user_login_field_captcha'); ?>:
+ + + + + + + -

Important note regarding cryptography: Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should log in without using encryption.

-

This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.

+ getAllParams() ) ? '/' . $return : ''; + $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true); + echo '

' . $lang->get('user_login_nocrypt_title') . ' ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '

'; + echo '

' . $lang->get('user_login_nocrypt_countrylist') . '

'; + } + else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) ) + { + $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; + $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true); + echo '

' . $lang->get('user_login_usecrypt_title') . ' ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '

'; + echo '

' . $lang->get('user_login_usecrypt_countrylist') . '

'; + } + ?> - @@ -237,17 +364,18 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $__login_status; + global $lang; if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) { $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);'); $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); $data = $json->decode($_POST['params']); + $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false; + $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false; $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; - $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level); + $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code); $session->start(); - //echo "$result\n$session->sid_super"; - //exit; - if ( $result == 'success' ) + if ( $result['success'] ) { $response = Array( 'result' => 'success', @@ -256,9 +384,16 @@ } else { + $captcha = ''; + if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' ) + { + $session->kill_captcha(); + $captcha = $session->make_captcha(); + } $response = Array( 'result' => 'error', - 'error' => $result + 'data' => $result, + 'captcha' => $captcha ); } $response = $json->encode($response); @@ -267,27 +402,37 @@ exit; } if(isset($_POST['login'])) { + $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; + $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; if($_POST['use_crypt'] == 'yes') { - $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level'])); + $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code); } else { - $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level'])); + $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); } $session->start(); $paths->init(); - if($result == 'success') + if($result['success']) { $template->load_theme($session->theme, $session->style); if(isset($_POST['return_to'])) { $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; - redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); + $subst = array( + 'username' => $session->username, + 'redir_target' => $name + ); + redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); } else { - redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' ); + $subst = array( + 'username' => $session->username, + 'redir_target' => $lang->get('user_login_success_body_mainpage') + ); + redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); } } else @@ -317,22 +462,26 @@ function page_Special_Logout() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( !$session->user_logged_in ) $paths->main_page(); $l = $session->logout(); if ( $l == 'success' ) { - redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); + + redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); } $template->header(); - echo '

An error occurred during the logout process.

'.$l.'

'; + echo '

' . $lang->get('user_logout_err_title') . '

'; + echo '

' . $l . '

'; $template->footer(); } function page_Special_Register() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; // form field trackers $username = ''; @@ -341,8 +490,8 @@ if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) { - $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

Oops...it seems that you are the administrator...hehe...you can also force account registration to work.

' : ''; - die_friendly('Registration disabled', '

The administrator has disabled new user registration on this site.

' . $s); + $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '

' : ''; + die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_disabled_body') . '

' . $s); } if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) { @@ -355,7 +504,7 @@ $captcharesult = $session->get_captcha($_POST['captchahash']); if($captcharesult != $_POST['captchacode']) { - $s = 'The confirmation code you entered was incorrect.'; + $s = $lang->get('user_reg_err_captcha'); } else { @@ -379,7 +528,7 @@ $crypt_key = $session->fetch_public_key($_POST['crypt_key']); if ( !$crypt_key ) { - $s = 'Couldn\'t look up public encryption key'; + $s = $lang->get('user_reg_err_missing_key'); } else { @@ -406,28 +555,28 @@ { case "none": default: - $str = 'You may now log in with the username and password that you created.'; + $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true))); break; case "user": - $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.'; + $str = $lang->get('user_reg_msg_success_activ_user'); break; case "admin": - $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.'; + $str = $lang->get('user_reg_msg_success_activ_admin'); break; } - die_friendly('Registration successful', '

Thank you for registering, your user account has been created. '.$str.'

'); + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); } else if ( $s == 'success' && $coppa ) { - $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.'; - die_friendly('Registration successful', '

Thank you for registering, your user account has been created. '.$str.'

'); + $str = $lang->get('user_reg_msg_success_activ_coppa'); + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); } $username = htmlspecialchars($_POST['username']); $email = htmlspecialchars($_POST['email']); $realname = htmlspecialchars($_POST['real_name']); } $template->header(); - echo 'A user account enables you to have greater control over your browsing experience.'; + echo $lang->get('user_reg_msg_greatercontrol'); if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) { @@ -439,22 +588,22 @@ $challenge = $session->dss_rand(); ?> -

Create a user account

- +

get('user_reg_msg_table_title'); ?>

+
- + '; ?> @@ -499,18 +648,24 @@ @@ -597,6 +752,18 @@ var frm = document.forms.regform; if ( frm.password.value.length < 1 ) return true; + pass1 = frm.password.value; + pass2 = frm.password_confirm.value; + if ( pass1 != pass2 ) + { + alert($lang.get('user_reg_err_alert_password_nomatch')); + return false; + } + if ( pass1.length < 6 && pass1.length > 0 ) + { + alert($lang.get('user_reg_err_alert_password_tooshort')); + return false; + } if(aes_testpassed) { frm.use_crypt.value = 'yes'; @@ -609,21 +776,6 @@ len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; alert('The key is messed up\nType: '+typeof(cryptkey)+len); } - } - pass1 = frm.password.value; - pass2 = frm.password_confirm.value; - if ( pass1 != pass2 ) - { - alert('The passwords you entered do not match.'); - return false; - } - if ( pass1.length < 6 && pass1.length > 0 ) - { - alert('The new password must be 6 characters or greater in length.'); - return false; - } - if(aes_testpassed) - { pass = frm.password.value; pass = stringToByteArray(pass); cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); @@ -645,24 +797,37 @@
Please tell us a little bit about yourself.
get('user_reg_msg_table_subtitle'); ?>
'.$s.'
- Preferred username: + get('user_reg_lbl_field_username'); ?> - + Good/bad icon @@ -464,14 +613,14 @@
- Password: + get('user_reg_lbl_field_password'); ?> -10 ): ?> - It needs to score at least for your registration to be accepted. + get('user_reg_msg_password_score'); ?> - Loading... + Loading... Good/bad icon @@ -481,7 +630,7 @@
- Enter your password again to confirm. + get('user_reg_lbl_field_password_confirm'); ?>
-mail address: + if ( $coppa ) + { + echo $lang->get('user_reg_lbl_field_email_coppa'); + } + else + { + echo $lang->get('user_reg_lbl_field_email'); + } + ?> An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.'; + echo '
' . $lang->get('user_reg_msg_email_activuser') . ''; } ?>
- + Good/bad icon @@ -520,8 +675,8 @@
- Real name:
- Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site. + get('user_reg_lbl_field_realname'); ?>
+ get('user_reg_msg_realname_optional'); ?>
@@ -531,11 +686,11 @@
- Visual confirmation
+ get('user_reg_lbl_field_captcha'); ?>
- Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can generate a new image.
+ get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?>

- If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you. + get('user_reg_msg_captcha_blind'); ?>
@@ -547,7 +702,7 @@
- Code: + get('user_reg_lbl_field_captcha_code'); ?>