Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses
--- a/includes/clientside/static/login.js Sat May 16 02:06:30 2009 +0000
+++ b/includes/clientside/static/login.js Fri May 22 13:49:02 2009 -0400
@@ -376,10 +376,11 @@
* @param object JSON packet to send
*/
-window.ajaxLoginPerformRequest = function(json)
+window.ajaxLoginPerformRequest = function(json, _hookfunc)
{
json = toJSONString(json);
json = ajaxEscape(json);
+ var hookfunc = typeof(_hookfunc) == 'function' ? _hookfunc : false;
ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function(ajax)
{
if ( ajax.readyState == 4 && ajax.status == 200 )
@@ -392,7 +393,7 @@
return false;
}
response = parseJSON(response);
- ajaxLoginProcessResponse(response);
+ ajaxLoginProcessResponse(response, hookfunc);
}
}, true);
}
@@ -402,7 +403,7 @@
* @param object JSON response
*/
-window.ajaxLoginProcessResponse = function(response)
+window.ajaxLoginProcessResponse = function(response, hookfunc)
{
// Did the server send a plaintext error?
if ( response.mode == 'error' )
@@ -430,7 +431,7 @@
break;
case 'login_success':
ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
- logindata.successfunc(response.key);
+ logindata.successfunc(response.key, response);
break;
case 'login_failure':
// Rid ourselves of any loading windows
@@ -476,6 +477,10 @@
case 'noop':
break;
}
+ if ( hookfunc )
+ {
+ hookfunc(response);
+ }
}
/*
@@ -1125,20 +1130,19 @@
{
var mp = miniPromptGetParent(this);
var whitey = whiteOutMiniPrompt(mp);
- setTimeout(function()
- {
- whiteOutReportSuccess(whitey);
- setTimeout(function()
- {
- miniPromptDestroy(mp);
- }, 1250);
- }, 1000);
ajaxLoginPerformRequest({
mode: 'logout',
level: auth_level,
csrf_token: csrf_token
- });
+ }, function(response)
+ {
+ whiteOutReportSuccess(whitey);
+ setTimeout(function()
+ {
+ miniPromptDestroy(mp);
+ }, 1250);
+ });
return false;
}
});
@@ -1262,17 +1266,24 @@
window.ajaxDynamicReauth = function(adminpage, level)
{
+ if ( auth_level < USER_LEVEL_ADMIN )
+ {
+ ajaxStartLogin();
+ return false;
+ }
+
var old_sid = ENANO_SID;
var targetpage = adminpage;
if ( !level )
{
level = USER_LEVEL_ADMIN;
}
- ajaxLogonInit(function(k)
+ ajaxLogonInit(function(k, response)
{
ajaxLoginReplaceSIDInline(k, old_sid, level);
+ window.user_id = response.user_id;
+ window.user_level = response.user_level;
mb_current_obj.destroy();
- console.debug(targetpage);
if ( typeof(targetpage) == 'string' )
{
ajaxPage(targetpage);
--- a/includes/sessions.php Sat May 16 02:06:30 2009 +0000
+++ b/includes/sessions.php Fri May 22 13:49:02 2009 -0400
@@ -927,6 +927,9 @@
$session_key = hmac_sha1($password_hmac, $salt);
}
+ // Minimum level
+ $level = max(array($level, USER_LEVEL_MEMBER));
+
// Type of key
$key_type = ( $level > USER_LEVEL_MEMBER ) ? SK_ELEV : ( $remember ? SK_LONG : SK_SHORT );
@@ -958,6 +961,10 @@
if(!is_int($level))
die('Somehow an SQL injection attempt crawled into our session registrar! (2)');
+ // Update RAM
+ $this->user_id = $user_id;
+ $this->user_level = max(array($this->user_level, $level));
+
// All done!
$query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$db->escape($salt).'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');');
if ( !$query && defined('IN_ENANO_UPGRADE') )
@@ -3999,7 +4006,7 @@
* login_build_userinfo, that will be in the $userinfo array here. Expected return values are: true if your plugin has
* not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array
* with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other
- * than these will be ignored.
+ * than these will be treated as a pass-through, and the user's password will be validated through Enano's standard process.
* @hook login_process_userdata_json
*/
@@ -4011,7 +4018,9 @@
{
return array(
'mode' => 'login_success',
- 'key' => ( $this->sid_super ) ? $this->sid_super : false
+ 'key' => ( $this->sid_super ) ? $this->sid_super : false,
+ 'user_id' => $this->user_id,
+ 'user_level' => $this->user_level
);
}
else if ( is_array($result) )
@@ -4047,7 +4056,9 @@
{
return array(
'mode' => 'login_success',
- 'key' => ( $this->sid_super ) ? $this->sid_super : false
+ 'key' => ( $this->sid_super ) ? $this->sid_super : false,
+ 'user_id' => $this->user_id,
+ 'user_level' => $this->user_level
);
}
else