Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
--- a/includes/clientside/static/login.js Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/clientside/static/login.js Mon Dec 22 21:26:19 2008 -0500
@@ -1158,3 +1158,25 @@
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
window.location = loc;
}
+
+window.ajaxDynamicReauth = function(adminpage)
+{
+ var old_sid = ENANO_SID;
+ var targetpage = adminpage;
+ ajaxLogonInit(function(k)
+ {
+ var body = document.getElementsByTagName('body')[0];
+ var replace = new RegExp(old_sid, 'g');
+ body.innerHTML = body.innerHTML.replace(replace, k);
+ ENANO_SID = k;
+ if ( targetpage )
+ {
+ mb_current_obj.destroy();
+ ajaxPage(targetpage);
+ }
+ }, USER_LEVEL_ADMIN);
+ ajaxLoginShowFriendlyError({
+ error_code: 'admin_session_timed_out',
+ respawn_info: {}
+ });
+}
--- a/includes/pageprocess.php Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/pageprocess.php Mon Dec 22 21:26:19 2008 -0500
@@ -202,6 +202,7 @@
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
$strict_no_headers = false;
+ $admin_fail = false;
if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
{
if ( $this->send_headers )
@@ -238,6 +239,32 @@
}
}
}
+ if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] )
+ {
+ if ( $session->auth_level < USER_LEVEL_ADMIN )
+ {
+ $admin_fail = true;
+ }
+ }
+ }
+ else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
+ {
+ if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
+ {
+ if ( $session->auth_level < USER_LEVEL_ADMIN )
+ {
+ $admin_fail = true;
+ }
+ }
+ }
+ if ( $admin_fail )
+ {
+ header('Content-type: text/javascript');
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'need_auth_to_admin'
+ ));
+ return true;
}
if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
{
--- a/includes/paths.php Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/paths.php Mon Dec 22 21:26:19 2008 -0500
@@ -379,6 +379,8 @@
// This is used in the admin panel to keep track of form submission targets
$this->cpage['module'] = $this->cpage['urlname'];
+ $this->cpage['require_admin'] = ( $this->cpage['namespace'] === 'Admin' );
+
// Page is set up, call any hooks
$code = $plugins->setHook('page_set');
foreach ( $code as $cmd )
@@ -402,6 +404,8 @@
$flags['name'] = $lang->get($flags['name']);
}
+ $flags['require_admin'] = ( $flags['namespace'] === 'Admin' );
+
$pages_len = sizeof($this->pages) / 2;
$this->pages[$pages_len] = $flags;
$this->pages[$flags['urlname']] =& $this->pages[$pages_len];
--- a/includes/plugins.php Mon Dec 22 21:25:14 2008 -0500
+++ b/includes/plugins.php Mon Dec 22 21:26:19 2008 -0500
@@ -623,6 +623,8 @@
endswitch;
$cache->purge('plugins');
+ $cache->purge('page_meta');
+ $cache->purge('anon_sidebar');
return $return;
}
@@ -742,6 +744,8 @@
endswitch;
$cache->purge('plugins');
+ $cache->purge('page_meta');
+ $cache->purge('anon_sidebar');
return $return;
}
@@ -967,6 +971,8 @@
endswitch;
$cache->purge('plugins');
+ $cache->purge('page_meta');
+ $cache->purge('anon_sidebar');
return $return;
}
--- a/language/english/user.json Mon Dec 22 21:25:14 2008 -0500
+++ b/language/english/user.json Mon Dec 22 21:26:19 2008 -0500
@@ -93,6 +93,7 @@
err_backend_fail: 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.',
err_locked_out: 'You have used up all %config.lockout_threshold% allowed login attempts. Please wait %time_rem% minute%plural% before attempting to log in again%captcha_blurb%.',
err_locked_out_captcha_blurb: ', or enter the visual confirmation code shown above in the appropriate box',
+ err_admin_session_timed_out: 'Your session has timed out; please log in again using the form above.',
logout_success_title: 'Logged out',
logout_success_body: 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.',