Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
--- a/includes/clientside/static/login.js Wed Oct 22 10:49:15 2008 -0400
+++ b/includes/clientside/static/login.js Sun Nov 02 01:42:17 2008 -0400
@@ -72,6 +72,7 @@
var AJAX_STATUS_GENERATING_KEY = 2;
var AJAX_STATUS_LOGGING_IN = 3;
var AJAX_STATUS_SUCCESS = 4;
+var AJAX_STATUS_ERROR = 5;
var AJAX_STATUS_DESTROY = 65535;
/**
@@ -297,6 +298,53 @@
logindata.mb_inner.innerHTML = '';
logindata.mb_inner.appendChild(div);
+ break;
+
+ case AJAX_STATUS_ERROR:
+ // Create the status div
+ var div = document.createElement('div');
+ div.id = 'ajax_login_status';
+ div.style.marginTop = '10px';
+ div.style.textAlign = 'center';
+
+ // The circly ball ajaxy image + status message
+ var status_msg = $lang.get('user_login_ajax_err_crypto');
+
+ // Insert the status message
+ div.appendChild(document.createTextNode(status_msg));
+
+ // Append a br or two to space things properly
+ div.appendChild(document.createElement('br'));
+ div.appendChild(document.createElement('br'));
+
+ var img = document.createElement('img');
+ img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
+ div.appendChild(img);
+
+ // Append a br or two to space things properly
+ div.appendChild(document.createElement('br'));
+ div.appendChild(document.createElement('br'));
+
+ // The circly ball ajaxy image + status message
+ var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
+ var full_link = $lang.get('user_login_ajax_err_crypto_link');
+ var link = document.createElement('a');
+ link.href = makeUrlNS('Special', 'Login/' + title);
+ link.appendChild(document.createTextNode(full_link));
+ var span = document.createElement('span');
+ span.style.fontSize = 'smaller';
+
+ // Insert the message
+ span.appendChild(document.createTextNode(detail_msg + ' '));
+ span.appendChild(link);
+ div.appendChild(span);
+
+ // Insert the entire message into the login window
+ logindata.mb_inner.innerHTML = '';
+ logindata.mb_inner.appendChild(div);
+
+ break;
+
case AJAX_STATUS_DESTROY:
case null:
case undefined:
@@ -588,6 +636,14 @@
lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
form.appendChild(lbl_dh);
}
+ else if ( !data.allow_diffiehellman )
+ {
+ // create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
+ var check_dh = document.createElement('input');
+ check_dh.type = 'hidden';
+ check_dh.id = 'ajax_login_field_dh';
+ form.appendChild(check_dh);
+ }
else
{
var lbl_dh = document.createElement('label');
@@ -744,6 +800,7 @@
return false;
}
}
+
if ( !username )
{
var username = document.getElementById('ajax_login_field_username').value;
@@ -757,6 +814,9 @@
var captcha = document.getElementById('ajax_login_field_captcha').value;
}
+ try
+ {
+
if ( do_dh )
{
ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
@@ -836,6 +896,14 @@
remember: remember_session
}
}
+ }
+ catch(e)
+ {
+ ajaxLoginSetStatus(AJAX_STATUS_ERROR);
+ console.error('Exception caught in login process; backtrace follows');
+ console.debug(e);
+ return false;
+ }
ajaxLoginPerformRequest(json_packet);
}
--- a/language/english/user.json Wed Oct 22 10:49:15 2008 -0400
+++ b/language/english/user.json Sun Nov 02 01:42:17 2008 -0400
@@ -75,6 +75,9 @@
login_ajax_check_dh_ie: 'Use a standards-compliant browser to help protect your password. <a href="http://docs.enanocms.org/Help:Appendix_B#dh" onclick="window.open(this.href); return false;">Learn more</a>',
login_ajax_check_remember: 'Keep me logged in on this computer for %session_length% %length_units% unless I log out',
login_ajax_check_remember_infinite: 'Keep me logged in on this computer until I log out',
+ login_ajax_err_crypto: 'Encryption failed.',
+ login_ajax_err_crypto_details: 'Details available on console.',
+ login_ajax_err_crypto_link: 'Use full login form',
err_login_generic_title: 'There was an error in the login process',
err_key_not_found: 'Enano couldn\'t look up the encryption key used to encrypt your password. This most often happens if a cache rotation occurred during your login attempt, or if you refreshed the login page.',