diff -r d8156d18ac58 -r 97ae8e9d5e29 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialUserFuncs.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -90,6 +90,14 @@
\'namespace\'=>\'Special\',
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
));
+
+ $paths->add_page(Array(
+ \'name\'=>\'Language exporter\',
+ \'urlname\'=>\'LangExportJSON\',
+ \'namespace\'=>\'Special\',
+ \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ ));
+
');
// function names are IMPORTANT!!! The name pattern is: page__
@@ -100,18 +108,65 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $__login_status;
+ global $lang;
$pubkey = $session->rijndael_genkey();
$challenge = $session->dss_rand();
+ $locked_out = false;
+ // are we locked out?
+ $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
+ $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
+ // convert to minutes
+ $duration = $duration * 60;
+ $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
+ if ( $policy != 'disable' )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ $timestamp_cutoff = time() - $duration;
+ $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
+ $fails = $db->numrows();
+ if ( $fails >= $threshold )
+ {
+ $row = $db->fetchrow();
+ $locked_out = true;
+ $lockdata = array(
+ 'locked_out' => true,
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy,
+ 'lockout_last_time' => $row['timestamp'],
+ 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'captcha' => ''
+ );
+ if ( $policy == 'captcha' )
+ {
+ $lockdata['captcha'] = $session->make_captcha();
+ }
+ }
+ $db->free_result();
+ }
+
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
{
$username = ( $session->user_logged_in ) ? $session->username : false;
$response = Array(
'username' => $username,
'key' => $pubkey,
- 'challenge' => $challenge
+ 'challenge' => $challenge,
+ 'locked_out' => false
);
+
+ if ( $locked_out )
+ {
+ foreach ( $lockdata as $x => $y )
+ {
+ $response[$x] = $y;
+ }
+ unset($x, $y);
+ }
+
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
$response = $json->encode($response);
echo $response;
@@ -135,10 +190,53 @@
$paths->main_page();
$template->header();
echo '
';
+ echo '' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '
';
}
else
{
- echo 'You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.
';
+ echo '' . $lang->get('user_login_body_elev') . '
';
}
?>
- Username:
+ get('user_login_field_username'); ?>:
/>
-
- Forgot your password? No problem.
- Maybe you need to create an account .
+
+ get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?>
+ get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?>
- Password:
+
+ get('user_login_field_password'); ?>:
+
-
+
+
+ get('user_login_field_captcha'); ?>:
+
+
+
+
+
+
+
- Important note regarding cryptography: Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should log in without using encryption .
- This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.
+ getAllParams() ) ? '/' . $return : '';
+ $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
+ echo '' . $lang->get('user_login_nocrypt_title') . ' ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '
';
+ echo '' . $lang->get('user_login_nocrypt_countrylist') . '
';
+ }
+ else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
+ {
+ $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
+ $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
+ echo '' . $lang->get('user_login_usecrypt_title') . ' ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '
';
+ echo '' . $lang->get('user_login_usecrypt_countrylist') . '
';
+ }
+ ?>
-
@@ -237,17 +364,18 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $__login_status;
+ global $lang;
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
{
$plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
$data = $json->decode($_POST['params']);
+ $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false;
+ $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false;
$level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
- $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code);
$session->start();
- //echo "$result\n$session->sid_super";
- //exit;
- if ( $result == 'success' )
+ if ( $result['success'] )
{
$response = Array(
'result' => 'success',
@@ -256,9 +384,16 @@
}
else
{
+ $captcha = '';
+ if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' )
+ {
+ $session->kill_captcha();
+ $captcha = $session->make_captcha();
+ }
$response = Array(
'result' => 'error',
- 'error' => $result
+ 'data' => $result,
+ 'captcha' => $captcha
);
}
$response = $json->encode($response);
@@ -267,27 +402,37 @@
exit;
}
if(isset($_POST['login'])) {
+ $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
+ $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
if($_POST['use_crypt'] == 'yes')
{
- $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code);
}
else
{
- $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
}
$session->start();
$paths->init();
- if($result == 'success')
+ if($result['success'])
{
$template->load_theme($session->theme, $session->style);
if(isset($_POST['return_to']))
{
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
- redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ $subst = array(
+ 'username' => $session->username,
+ 'redir_target' => $name
+ );
+ redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
}
else
{
- redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );
+ $subst = array(
+ 'username' => $session->username,
+ 'redir_target' => $lang->get('user_login_success_body_mainpage')
+ );
+ redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
}
}
else
@@ -317,22 +462,26 @@
function page_Special_Logout() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( !$session->user_logged_in )
$paths->main_page();
$l = $session->logout();
if ( $l == 'success' )
{
- redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
+
+ redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4);
}
$template->header();
- echo 'An error occurred during the logout process. '.$l.'
';
+ echo '' . $lang->get('user_logout_err_title') . ' ';
+ echo '' . $l . '
';
$template->footer();
}
function page_Special_Register()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
// form field trackers
$username = '';
@@ -341,8 +490,8 @@
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
{
- $s = ($session->user_level >= USER_LEVEL_ADMIN) ? 'Oops...it seems that you are the administrator...hehe...you can also force account registration to work .
' : '';
- die_friendly('Registration disabled', 'The administrator has disabled new user registration on this site.
' . $s);
+ $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '
' : '';
+ die_friendly($lang->get('user_reg_err_disabled_title'), '' . $lang->get('user_reg_err_disabled_body') . '
' . $s);
}
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
{
@@ -355,7 +504,7 @@
$captcharesult = $session->get_captcha($_POST['captchahash']);
if($captcharesult != $_POST['captchacode'])
{
- $s = 'The confirmation code you entered was incorrect.';
+ $s = $lang->get('user_reg_err_captcha');
}
else
{
@@ -379,7 +528,7 @@
$crypt_key = $session->fetch_public_key($_POST['crypt_key']);
if ( !$crypt_key )
{
- $s = 'Couldn\'t look up public encryption key';
+ $s = $lang->get('user_reg_err_missing_key');
}
else
{
@@ -406,28 +555,28 @@
{
case "none":
default:
- $str = 'You may now log in with the username and password that you created.';
+ $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
break;
case "user":
- $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ $str = $lang->get('user_reg_msg_success_activ_user');
break;
case "admin":
- $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ $str = $lang->get('user_reg_msg_success_activ_admin');
break;
}
- die_friendly('Registration successful', 'Thank you for registering, your user account has been created. '.$str.'
');
+ die_friendly($lang->get('user_reg_msg_success_title'), '' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '
');
}
else if ( $s == 'success' && $coppa )
{
- $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
- die_friendly('Registration successful', 'Thank you for registering, your user account has been created. '.$str.'
');
+ $str = $lang->get('user_reg_msg_success_activ_coppa');
+ die_friendly($lang->get('user_reg_msg_success_title'), '' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '
');
}
$username = htmlspecialchars($_POST['username']);
$email = htmlspecialchars($_POST['email']);
$realname = htmlspecialchars($_POST['real_name']);
}
$template->header();
- echo 'A user account enables you to have greater control over your browsing experience.';
+ echo $lang->get('user_reg_msg_greatercontrol');
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
{
@@ -439,22 +588,22 @@
$challenge = $session->dss_rand();
?>
- Create a user account
-