0
+ − 1 <?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2 /**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3 {
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4 "Plugin Name" : "plugin_specialuserfuncs_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5 "Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6 "Description" : "plugin_specialuserfuncs_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7 "Author" : "Dan Fuhry",
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 8 "Version" : "1.1.4",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9 "Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10 }
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11 **!*/
0
+ − 12
+ − 13 /*
+ − 14 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 15 * Version 1.1.4 (Caoineag alpha 4)
+ − 16 * Copyright (C) 2006-2008 Dan Fuhry
0
+ − 17 *
+ − 18 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 19 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 20 *
+ − 21 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 23 */
+ − 24
+ − 25 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 26
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 27 // $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 28
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 29 function SpecialUserFuncs_paths_init()
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 30 {
0
+ − 31 global $paths;
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 32 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 33 'name'=>'specialpage_log_in',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 34 'urlname'=>'Login',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 35 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 36 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 37 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 38 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 39 'name'=>'specialpage_log_out',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 40 'urlname'=>'Logout',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 41 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 42 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 43 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 44 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 45 'name'=>'specialpage_register',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 46 'urlname'=>'Register',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 47 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 48 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 49 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 50 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 51 'name'=>'specialpage_preferences',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 52 'urlname'=>'Preferences',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 53 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 54 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 55 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 56
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 57 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 58 'name'=>'specialpage_contributions',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 59 'urlname'=>'Contributions',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 60 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 61 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 62 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 63
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 64 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 65 'name'=>'specialpage_change_theme',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 66 'urlname'=>'ChangeStyle',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 67 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 68 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 69 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 70
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 71 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 72 'name'=>'specialpage_activate_account',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 73 'urlname'=>'ActivateAccount',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 74 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 75 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 76 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 77
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 78 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 79 'name'=>'specialpage_captcha',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 80 'urlname'=>'Captcha',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 81 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 82 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 83 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 84
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 85 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 86 'name'=>'specialpage_password_reset',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 87 'urlname'=>'PasswordReset',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 88 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 89 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 90 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 91
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 92 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 93 'name'=>'specialpage_member_list',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 94 'urlname'=>'Memberlist',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 95 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 96 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 97 ));
0
+ − 98
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 99 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 100 'name'=>'specialpage_language_export',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 101 'urlname'=>'LangExportJSON',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 102 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 103 'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 104 ));
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 105
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 106 $paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 107 'name'=>'specialpage_avatar',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 108 'urlname'=>'Avatar',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 109 'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 110 'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 111 ));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 112 }
0
+ − 113
+ − 114 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 115
+ − 116 $__login_status = '';
+ − 117
+ − 118 function page_Special_Login()
+ − 119 {
+ − 120 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 121 global $__login_status;
209
+ − 122 global $lang;
0
+ − 123
+ − 124 $pubkey = $session->rijndael_genkey();
+ − 125 $challenge = $session->dss_rand();
+ − 126
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 127 $locked_out = false;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 128 // are we locked out?
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 129 $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 130 $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 131 // convert to minutes
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 132 $duration = $duration * 60;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 133 $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 134 if ( $policy != 'disable' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 135 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 136 $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 137 $timestamp_cutoff = time() - $duration;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 138 $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 139 $fails = $db->numrows();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 140 if ( $fails >= $threshold )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 141 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 142 $row = $db->fetchrow();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 143 $locked_out = true;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 144 $lockdata = array(
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 145 'locked_out' => true,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 146 'lockout_threshold' => $threshold,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 147 'lockout_duration' => ( $duration / 60 ),
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 148 'lockout_fails' => $fails,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 149 'lockout_policy' => $policy,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 150 'lockout_last_time' => $row['timestamp'],
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 151 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 152 'captcha' => ''
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 153 );
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 154 if ( $policy == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 155 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 156 $lockdata['captcha'] = $session->make_captcha();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 157 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 158 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 159 $db->free_result();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 160 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 161
0
+ − 162 if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 163 {
436
+ − 164 header('Content-type: text/javascript');
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 165 $username = ( $session->user_logged_in ) ? $session->username : false;
0
+ − 166 $response = Array(
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 167 'username' => $username,
0
+ − 168 'key' => $pubkey,
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 169 'challenge' => $challenge,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 170 'locked_out' => false
0
+ − 171 );
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 172
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 173 if ( $locked_out )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 174 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 175 foreach ( $lockdata as $x => $y )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 176 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 177 $response[$x] = $y;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 178 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 179 unset($x, $y);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 180 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 181
436
+ − 182 // 1.1.3: generate diffie hellman key
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 183 require_once( ENANO_ROOT . '/includes/diffiehellman.php' );
436
+ − 184 global $dh_supported, $_math;
+ − 185
+ − 186 $response['dh_supported'] = $dh_supported;
+ − 187 if ( $dh_supported )
+ − 188 {
+ − 189 $dh_key_priv = dh_gen_private();
+ − 190 $dh_key_pub = dh_gen_public($dh_key_priv);
+ − 191 $dh_key_priv = $_math->str($dh_key_priv);
+ − 192 $dh_key_pub = $_math->str($dh_key_pub);
+ − 193 $response['dh_public_key'] = $dh_key_pub;
+ − 194 // store the keys in the DB
+ − 195 $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
+ − 196 if ( !$q )
+ − 197 $db->die_json();
+ − 198 }
+ − 199
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 200 $response = enano_json_encode($response);
0
+ − 201 echo $response;
+ − 202 return null;
+ − 203 }
+ − 204
+ − 205 $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 206 if ( isset($_POST['login']) )
+ − 207 {
+ − 208 if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 209 {
+ − 210 $level = intval($_POST['auth_level']);
+ − 211 }
+ − 212 }
+ − 213
+ − 214 if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 215 {
+ − 216 $level = USER_LEVEL_MEMBER;
+ − 217 }
93
+ − 218 if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
+ − 219 $paths->main_page();
0
+ − 220 $template->header();
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 221 echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="try{runEncryption();}catch(e){};">';
209
+ − 222 $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
0
+ − 223 if ( isset($_POST['login']) )
+ − 224 {
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 225 $errstring = $__login_status['error'];
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 226 switch($__login_status['error'])
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 227 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 228 case 'key_not_found':
209
+ − 229 $errstring = $lang->get('user_err_key_not_found');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 230 break;
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 231 case 'ERR_DH_KEY_NOT_FOUND':
586
234ddd896555
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
diff
changeset
+ − 232 $errstring = $lang->get('user_err_dh_key_not_found'); // . " -- {$__login_status['debug']}";
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 233 break;
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 234 case 'ERR_DH_KEY_NOT_INTEGER':
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 235 $errstring = $lang->get('user_err_dh_key_not_numeric');
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 236 break;
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 237 case 'key_wrong_length':
209
+ − 238 $errstring = $lang->get('user_err_key_wrong_length');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 239 break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 240 case 'too_big_for_britches':
209
+ − 241 $errstring = $lang->get('user_err_too_big_for_britches');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 242 break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 243 case 'invalid_credentials':
209
+ − 244 $errstring = $lang->get('user_err_invalid_credentials');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 245 if ( $__login_status['lockout_policy'] == 'lockout' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 246 {
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 247 $errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 248 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 249 else if ( $__login_status['lockout_policy'] == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 250 {
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 251 $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 252 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 253 break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 254 case 'backend_fail':
209
+ − 255 $errstring = $lang->get('user_err_backend_fail');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 256 break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 257 case 'locked_out':
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 258 $attempts = intval($__login_status['lockout_fails']);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 259 if ( $attempts > $__login_status['lockout_threshold'])
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 260 $attempts = $__login_status['lockout_threshold'];
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 261
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 262 $server_time = time();
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 263 $time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
209
+ − 264 if ( $time_rem < 1 )
+ − 265 $time_rem = $__login_status['lockout_duration'];
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 266
209
+ − 267 $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
+ − 268
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 269 $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('user_err_locked_out_captcha_blurb') : '';
209
+ − 270 $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
+ − 271
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 272 break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 273 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 274 echo '<div class="error-box-mini">'.$errstring.'</div>';
0
+ − 275 }
+ − 276 if ( $p = $paths->getAllParams() )
+ − 277 {
+ − 278 echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 279 }
+ − 280 else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 281 {
+ − 282 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 283 }
+ − 284 ?>
+ − 285 <div class="tblholder">
+ − 286 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 287 <tr>
+ − 288 <th colspan="3"><?php echo $header; ?></th>
+ − 289 </tr>
+ − 290 <tr>
+ − 291 <td colspan="3" class="row1">
+ − 292 <?php
+ − 293 if ( $level <= USER_LEVEL_MEMBER )
+ − 294 {
209
+ − 295 echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
0
+ − 296 }
+ − 297 else
+ − 298 {
209
+ − 299 echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
0
+ − 300 }
+ − 301 ?>
+ − 302 </td>
+ − 303 </tr>
+ − 304 <tr>
+ − 305 <td class="row2">
209
+ − 306 <?php echo $lang->get('user_login_field_username'); ?>:
0
+ − 307 </td>
+ − 308 <td class="row1">
+ − 309 <input name="username" size="25" type="text" <?php
+ − 310 if ( $level <= USER_LEVEL_MEMBER )
+ − 311 {
+ − 312 echo 'tabindex="1" ';
+ − 313 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 314 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 315 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 316 echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 317 }
0
+ − 318 if ( $session->user_logged_in )
+ − 319 {
+ − 320 echo 'value="' . $session->username . '"';
+ − 321 }
+ − 322 ?> />
+ − 323 </td>
+ − 324 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 325 <td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
209
+ − 326 <small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
+ − 327 <?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
0
+ − 328 </td>
+ − 329 <?php } ?>
+ − 330 </tr>
+ − 331 <tr>
209
+ − 332 <td class="row2">
+ − 333 <?php echo $lang->get('user_login_field_password'); ?>:
+ − 334 </td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
0
+ − 335 </tr>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 336 <?php
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 337 if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 338 {
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 339 ?>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 340 <tr>
209
+ − 341 <td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 342 </tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 343 <tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 344 <td class="row3">
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 345 <img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 346 </td>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 347 </tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 348 <?php
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 349 }
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 350 ?>
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 351 <?php
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 352 if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 353 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 354 echo '<tr>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 355 <td class="row3" colspan="3">';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 356
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 357 $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 358 $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 359 echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 360 echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 361
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 362 echo ' </td>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 363 </tr>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 364 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 365 else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 366 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 367 echo '<tr>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 368 <td class="row3" colspan="3">';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 369
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 370 $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 371 $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 372 echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 373 echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 374
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 375 echo ' </td>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 376 </tr>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 377 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 378 ?>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 379
0
+ − 380 <tr>
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 381 <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
+ − 382 </tr>
+ − 383 </table>
+ − 384 </div>
+ − 385 <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 386 <input type="hidden" name="use_crypt" value="no" />
+ − 387 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 388 <input type="hidden" name="crypt_data" value="" />
+ − 389 <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 390 <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 391 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 392 document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 393 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 394 <?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 395 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 396 document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 397 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 398 <?php endif; ?>
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 399 <?php
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 400 // 1.1.4
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 401
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 402 require_once( ENANO_ROOT . '/includes/diffiehellman.php' );
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 403
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 404 global $dh_supported, $_math;
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 405 if ( $dh_supported )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 406 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 407 $dh_key_priv = dh_gen_private();
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 408 $dh_key_pub = dh_gen_public($dh_key_priv);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 409 $dh_key_priv = $_math->str($dh_key_priv);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 410 $dh_key_pub = $_math->str($dh_key_pub);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 411 // store the keys in the DB
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 412 $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 413 if ( !$q )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 414 $db->_die();
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 415
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 416 echo "<input type=\"hidden\" name=\"dh_supported\" value=\"true\" />
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 417 <input type=\"hidden\" name=\"dh_public_key\" value=\"$dh_key_pub\" />
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 418 <input type=\"hidden\" name=\"dh_client_public_key\" value=\"\" />";
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 419 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 420 else
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 421 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 422 echo "<input type=\"hidden\" name=\"dh_supported\" value=\"false\" />";
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 423 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 424 ?>
0
+ − 425 </form>
+ − 426 <?php
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 427 echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key');
0
+ − 428 ?>
+ − 429 <?php
+ − 430 $template->footer();
+ − 431 }
+ − 432
+ − 433 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 434 {
+ − 435 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 436 global $__login_status;
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 437 global $lang;
604
+ − 438 require_once( ENANO_ROOT . '/includes/math.php' );
+ − 439
436
+ − 440 if ( $paths->getParam(0) === 'action.json' )
+ − 441 {
+ − 442 if ( !isset($_POST['r']) )
+ − 443 die('No request.');
+ − 444
+ − 445 $request = $_POST['r'];
+ − 446 try
+ − 447 {
+ − 448 $request = enano_json_decode($request);
+ − 449 }
+ − 450 catch ( Exception $e )
+ − 451 {
+ − 452 die(enano_json_encode(array(
+ − 453 'mode' => 'error',
+ − 454 'error' => 'ERR_JSON_PARSE_FAILED'
+ − 455 )));
+ − 456 }
+ − 457
+ − 458 echo enano_json_encode($session->process_login_request($request));
+ − 459
+ − 460 $db->close();
+ − 461 exit;
+ − 462 }
0
+ − 463 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 464 {
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 465 echo 'This version of the Enano LoginAPI is deprecated. Please use the action.json method instead.';
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 466 return true;
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 467 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 468 if(isset($_POST['login']))
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 469 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 470 $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 471 $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 472 if ( $_POST['use_crypt'] == 'yes' )
436
+ − 473 {
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 474 $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 475 }
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 476 else if ( $_POST['use_crypt'] == 'yes_dh' )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 477 {
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 478 // retrieve and decrypt the password using DiffieHellman
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 479
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 480 require_once( ENANO_ROOT . '/includes/diffiehellman.php' );
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 481 global $dh_supported, $_math;
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 482
436
+ − 483 if ( !$dh_supported )
+ − 484 {
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 485 die_semicritical('DiffieHellman error', 'Server does not support DiffieHellman, denying logon request');
436
+ − 486 }
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 487
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 488 // Fetch private key
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 489 $dh_public = $_POST['dh_public_key'];
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 490 if ( !preg_match('/^[0-9]+$/', $dh_public) )
436
+ − 491 {
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 492 $__login_status = array(
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 493 'success' => false,
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 494 'error' => 'ERR_DH_KEY_NOT_INTEGER',
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 495 'debug' => "public key: $dh_public"
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 496 );
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 497 return false;
436
+ − 498 }
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 499 $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$dh_public';");
436
+ − 500 if ( !$q )
+ − 501 $db->die_json();
+ − 502
+ − 503 if ( $db->numrows() < 1 )
+ − 504 {
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 505 $__login_status = array(
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 506 'success' => false,
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 507 'error' => 'ERR_DH_KEY_NOT_FOUND',
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 508 'debug' => "public key: $dh_public"
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 509 );
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 510 return false;
436
+ − 511 }
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 512
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 513 list($dh_private, $dh_key_id) = $db->fetchrow_num();
436
+ − 514 $db->free_result();
+ − 515
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 516 // We have the private key, now delete the key pair, we no longer need it
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 517 $q = $db->sql_query('DELETE FROM ' . table_prefix . "diffiehellman WHERE key_id = $dh_key_id;");
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 518 if ( !$q )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 519 $db->die_json();
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 520
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 521 // Generate the shared secret
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 522 $dh_secret = dh_gen_shared_secret($dh_private, $_POST['dh_client_public_key']);
436
+ − 523 $dh_secret = $_math->str($dh_secret);
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 524
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 525 // Did we get all our math right?
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 526 $dh_secret_check = sha1($dh_secret);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 527 $dh_hash = $_POST['crypt_key'];
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 528 if ( $dh_secret_check !== $dh_hash )
436
+ − 529 {
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 530 $__login_status = array(
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 531 'success' => false,
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 532 'error' => 'ERR_DH_HASH_NO_MATCH',
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 533 'debug' => "dh_secret_check = $dh_secret_check\ndh_hash_input = $dh_hash"
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 534 );
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 535 return false;
436
+ − 536 }
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 537
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 538 // All good! Generate the AES key
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 539 $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 540
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 541 // decrypt user info
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 542 $aes_key = hexdecode($aes_key);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 543 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 544 $password = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 545
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 546 $result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
0
+ − 547 }
+ − 548 else
+ − 549 {
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 550 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
0
+ − 551 }
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 552
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 553 if($result['success'])
0
+ − 554 {
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 555 $session->start();
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 556
0
+ − 557 $template->load_theme($session->theme, $session->style);
+ − 558 if(isset($_POST['return_to']))
+ − 559 {
+ − 560 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 561 $subst = array(
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 562 'username' => $session->username,
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 563 'redir_target' => $name
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 564 );
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 565 redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
+ − 566 }
+ − 567 else
+ − 568 {
221
+ − 569 $subst = array(
+ − 570 'username' => $session->username,
+ − 571 'redir_target' => $lang->get('user_login_success_body_mainpage')
+ − 572 );
+ − 573 redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
+ − 574 }
+ − 575 }
+ − 576 else
+ − 577 {
521
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 578 if ( $result['error'] === 'valid_reset' )
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 579 {
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 580 header('HTTP/1.1 302 Temporary Redirect');
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 581 header('Location: ' . $result['redirect_url']);
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 582
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 583 $db->close();
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 584 exit();
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 585 }
0
+ − 586 $GLOBALS['__login_status'] = $result;
+ − 587 }
+ − 588 }
+ − 589 }
+ − 590
+ − 591 function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 592 {
+ − 593
+ − 594 $response = Array(
+ − 595 'result' => 'success_reset',
+ − 596 'user_id' => $user_id,
+ − 597 'temppass' => $passkey
+ − 598 );
+ − 599
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 600 $response = enano_json_encode($response);
0
+ − 601 echo $response;
+ − 602
+ − 603 $db->close();
+ − 604
+ − 605 exit;
+ − 606 }
+ − 607
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 608 function page_Special_Logout()
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 609 {
0
+ − 610 global $db, $session, $paths, $template, $plugins; // Common objects
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 611 global $lang;
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 612
93
+ − 613 if ( !$session->user_logged_in )
+ − 614 $paths->main_page();
+ − 615
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 616 $token = $paths->getParam(0);
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 617 if ( $token !== $session->csrf_token )
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 618 {
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 619 csrf_request_confirm();
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 620 }
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 621
0
+ − 622 $l = $session->logout();
93
+ − 623 if ( $l == 'success' )
+ − 624 {
436
+ − 625 $url = makeUrl(getConfig('main_page'), false, true);
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 626 if ( $paths->getParam(1) )
436
+ − 627 {
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 628 $pi = explode('/', $paths->getAllParams());
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 629 $pi = implode('/', array_values(array_slice($pi, 1)));
436
+ − 630 list($pid, $ns) = RenderMan::strToPageID($pi);
+ − 631 $perms = $session->fetch_page_acl($pid, $ns);
+ − 632 if ( $perms->get_permissions('read') )
+ − 633 {
+ − 634 $url = makeUrl($pi, false, true);
+ − 635 }
+ − 636 }
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 637 redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
93
+ − 638 }
0
+ − 639 $template->header();
221
+ − 640 echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
+ − 641 echo '<p>' . $l . '</p>';
0
+ − 642 $template->footer();
+ − 643 }
+ − 644
30
+ − 645 function page_Special_Register()
+ − 646 {
0
+ − 647 global $db, $session, $paths, $template, $plugins; // Common objects
221
+ − 648 global $lang;
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 649
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 650 // form field trackers
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 651 $username = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 652 $email = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 653 $realname = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 654
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 655 $terms = getConfig('register_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 656
0
+ − 657 if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 658 {
221
+ − 659 $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
+ − 660 die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
0
+ − 661 }
93
+ − 662 if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
+ − 663 {
+ − 664 $paths->main_page();
+ − 665 }
30
+ − 666 if(isset($_POST['submit']))
+ − 667 {
+ − 668 $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 669
0
+ − 670 $captcharesult = $session->get_captcha($_POST['captchahash']);
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 671 $session->kill_captcha();
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 672 if ( strtolower($captcharesult) != strtolower($_POST['captchacode']) )
30
+ − 673 {
221
+ − 674 $s = $lang->get('user_reg_err_captcha');
30
+ − 675 }
0
+ − 676 else
30
+ − 677 {
+ − 678 if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 679 {
+ − 680 $s = 'Invalid COPPA input';
+ − 681 }
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 682 else if ( !empty($terms) && !isset($_POST['tou_agreed']) )
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 683 {
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 684 $s = $lang->get('user_reg_err_accept_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 685 }
30
+ − 686 else
+ − 687 {
+ − 688 $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 689 $s = false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 690
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 691 // decrypt password
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 692 // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 693 // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 694 // forgot his password, that's his problem.
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 695
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 696 if ( $_POST['use_crypt'] == 'yes' )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 697 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 698 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 699 $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 700 if ( !$crypt_key )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 701 {
221
+ − 702 $s = $lang->get('user_reg_err_missing_key');
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 703 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 704 else
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 705 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 706 $data = $_POST['crypt_data'];
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 707 $bin_key = hexdecode($crypt_key);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 708 //die("Decrypting with params: key $crypt_key, data $data");
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 709 $password = $aes->decrypt($data, $bin_key, ENC_HEX);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 710 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 711 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 712 else
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 713 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 714 $password = $_POST['password'];
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 715 }
30
+ − 716
+ − 717 // CAPTCHA code was correct, create the account
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 718 // ... and check for errors returned from the crypto API
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 719 if ( !$s )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 720 $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa);
30
+ − 721 }
+ − 722 }
125
+ − 723 if($s == 'success' && !$coppa)
0
+ − 724 {
+ − 725 switch(getConfig('account_activation'))
+ − 726 {
+ − 727 case "none":
+ − 728 default:
221
+ − 729 $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
0
+ − 730 break;
+ − 731 case "user":
221
+ − 732 $str = $lang->get('user_reg_msg_success_activ_user');
0
+ − 733 break;
+ − 734 case "admin":
221
+ − 735 $str = $lang->get('user_reg_msg_success_activ_admin');
0
+ − 736 break;
+ − 737 }
221
+ − 738 die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
0
+ − 739 }
30
+ − 740 else if ( $s == 'success' && $coppa )
+ − 741 {
221
+ − 742 $str = $lang->get('user_reg_msg_success_activ_coppa');
+ − 743 die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
30
+ − 744 }
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 745 $username = htmlspecialchars($_POST['username']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 746 $email = htmlspecialchars($_POST['email']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 747 $realname = htmlspecialchars($_POST['real_name']);
0
+ − 748 }
+ − 749 $template->header();
221
+ − 750 echo $lang->get('user_reg_msg_greatercontrol');
30
+ − 751
+ − 752 if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 753 {
+ − 754 $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 755 $session->kill_captcha();
+ − 756 $captchacode = $session->make_captcha();
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 757
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 758 $pubkey = $session->rijndael_genkey();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 759 $challenge = $session->dss_rand();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 760
30
+ − 761 ?>
221
+ − 762 <h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
+ − 763 <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
30
+ − 764 <div class="tblholder">
+ − 765 <table border="0" width="100%" cellspacing="1" cellpadding="4">
221
+ − 766 <tr><th class="subhead" colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 767
30
+ − 768 <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 769
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 770 <!-- FIELD: Username -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 771 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 772 <td class="row1" style="width: 50%;">
221
+ − 773 <?php echo $lang->get('user_reg_lbl_field_username'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 774 <span id="e_username"></span>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 775 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 776 <td class="row1" style="width: 50%;">
221
+ − 777 <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 778 </td>
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 779 <td class="row1" style="width: 1px;">
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 780 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 781 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 782 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 783
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 784 <!-- FIELD: Password -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 785 <tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 786 <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
221
+ − 787 <?php echo $lang->get('user_reg_lbl_field_password'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 788 <span id="e_password"></span>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 789 <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
221
+ − 790 <small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 791 <?php endif; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 792 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 793 <td class="row3" style="width: 50%;">
221
+ − 794 <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 795 </td>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 796 <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 797 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 798 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 799 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 800
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 801 <!-- FIELD: Password confirmation -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 802 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 803 <td class="row3" style="width: 50%;">
221
+ − 804 <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 805 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 806 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 807
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 808 <!-- FIELD: Password strength meter -->
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 809
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 810 <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 811 <tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 812 <td class="row3" style="width: 50%;">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 813 <div id="pwmeter"></div>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 814 </td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 815 </tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 816 <?php endif; ?>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 817
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 818 <!-- FIELD: E-mail address -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 819 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 820 <td class="row1" style="width: 50%;">
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 821 <?php
221
+ − 822 if ( $coppa )
+ − 823 {
+ − 824 echo $lang->get('user_reg_lbl_field_email_coppa');
+ − 825 }
+ − 826 else
+ − 827 {
+ − 828 echo $lang->get('user_reg_lbl_field_email');
+ − 829 }
+ − 830 ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 831 <?php
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 832 if ( ( $x = getConfig('account_activation') ) == 'user' )
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 833 {
221
+ − 834 echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 835 }
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 836 ?>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 837 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 838 <td class="row1" style="width: 50%;">
221
+ − 839 <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 840 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 841 <td class="row1" style="max-width: 24px;">
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 842 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 843 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 844 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 845
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 846 <!-- FIELD: Real name -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 847 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 848 <td class="row3" style="width: 50%;">
221
+ − 849 <?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
+ − 850 <small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 851 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 852 <td class="row3" style="width: 50%;">
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 853 <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 854 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 855 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 856
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 857 <!-- FIELD: CAPTCHA image -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 858 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 859 <td class="row1" style="width: 50%;" rowspan="2">
221
+ − 860 <?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 861 <small>
221
+ − 862 <?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 863 <br />
221
+ − 864 <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 865 </small>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 866 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 867 <td colspan="2" class="row1">
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 868 <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 869 <span id="b_username"></span>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 870 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 871 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 872
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 873 <!-- FIELD: CAPTCHA input field -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 874 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 875 <td class="row1" colspan="2">
221
+ − 876 <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 877 <input tabindex="6" name="captchacode" type="text" size="10" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 878 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 879 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 880 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 881
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 882 <!-- FIELD: TOU -->
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 883
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 884 <?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 885 if ( !empty($terms) ):
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 886 ?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 887
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 888 <tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 889 <td class="row1" colspan="3">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 890 <?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 891 echo $lang->get('user_reg_msg_please_read_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 892 ?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 893 </td>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 894 </tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 895
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 896 <tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 897 <td class="row3" colspan="3">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 898 <div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 899 <?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 900 echo RenderMan::render($terms);
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 901 ?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 902 </div>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 903 <p style="text-align: center;">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 904 <label>
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
diff
changeset
+ − 905 <input tabindex="7" type="checkbox" name="tou_agreed" />
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 906 <b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 907 </label>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 908 </p>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 909 </td>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 910 </tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 911
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 912 <?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 913 endif;
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 914 ?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 915
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 916 <!-- FIELD: submit button -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 917 <tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 918 <th class="subhead" colspan="3" style="text-align: center;">
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
diff
changeset
+ − 919 <input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 920 </td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 921 </tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 922
30
+ − 923 </table>
+ − 924 </div>
+ − 925 <?php
+ − 926 $val = ( $coppa ) ? 'yes' : 'no';
+ − 927 echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 928 ?>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 929 <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 930 <input type="hidden" name="use_crypt" value="no" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 931 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 932 <input type="hidden" name="crypt_data" value="" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 933 <script type="text/javascript">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 934 // ENCRYPTION CODE
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 935 function runEncryption()
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 936 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 937 var frm = document.forms.regform;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 938 if ( frm.password.value.length < 1 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 939 return true;
221
+ − 940 pass1 = frm.password.value;
+ − 941 pass2 = frm.password_confirm.value;
+ − 942 if ( pass1 != pass2 )
+ − 943 {
+ − 944 alert($lang.get('user_reg_err_alert_password_nomatch'));
+ − 945 return false;
+ − 946 }
+ − 947 if ( pass1.length < 6 && pass1.length > 0 )
+ − 948 {
+ − 949 alert($lang.get('user_reg_err_alert_password_tooshort'));
+ − 950 return false;
+ − 951 }
614
+ − 952 if(aes_self_test())
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 953 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 954 frm.use_crypt.value = 'yes';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 955 var cryptkey = frm.crypt_key.value;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 956 frm.crypt_key.value = hex_md5(cryptkey);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 957 cryptkey = hexToByteArray(cryptkey);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 958 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 959 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 960 frm.submit.disabled = true;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 961 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 962 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 963 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 964 pass = frm.password.value;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 965 pass = stringToByteArray(pass);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 966 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 967 if(!cryptstring)
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 968 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 969 return false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 970 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 971 cryptstring = byteArrayToHex(cryptstring);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 972 frm.crypt_data.value = cryptstring;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 973 frm.password.value = "";
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 974 frm.password_confirm.value = "";
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 975 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 976 return true;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 977 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 978 </script>
30
+ − 979 </form>
125
+ − 980 <!-- Don't optimize this script, it fails when compressed -->
+ − 981 <enano:no-opt>
+ − 982 <script type="text/javascript">
+ − 983 // <![CDATA[
+ − 984 var namegood = false;
221
+ − 985 function validateForm(field)
0
+ − 986 {
221
+ − 987 if ( typeof(field) != 'object' )
+ − 988 {
+ − 989 field = {
+ − 990 name: '_nil',
459
31c23016ab62
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
diff
changeset
+ − 991 value: '_nil'
221
+ − 992 }
+ − 993 }
+ − 994 // wait until $lang is initted
+ − 995 if ( typeof($lang) != 'object' )
+ − 996 {
+ − 997 setTimeout('validateForm();', 200);
+ − 998 return false;
+ − 999 }
125
+ − 1000 var frm = document.forms.regform;
+ − 1001 failed = false;
+ − 1002
+ − 1003 // Username
221
+ − 1004 if(!namegood && ( field.name == 'username' || field.name == '_nil' ) )
30
+ − 1005 {
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1006 //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1007 var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1008 if ( frm.username.value.match(regex) )
125
+ − 1009 {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1010 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
+ − 1011 document.getElementById('e_username').innerHTML = ' ';
125
+ − 1012 } else {
+ − 1013 failed = true;
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1014 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1015 document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
+ − 1016 }
+ − 1017 }
+ − 1018 document.getElementById('b_username').innerHTML = '';
+ − 1019 if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
+ − 1020 {
+ − 1021 document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 1022 }
+ − 1023
+ − 1024 // Password
221
+ − 1025 if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
125
+ − 1026 {
221
+ − 1027 if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
125
+ − 1028 {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1029 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png';
221
+ − 1030 document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
+ − 1031 } else {
+ − 1032 failed = true;
+ − 1033 if(frm.password.value.length < 6)
+ − 1034 {
+ − 1035 document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
+ − 1036 }
+ − 1037 else if(frm.password.value != frm.password_confirm.value)
+ − 1038 {
+ − 1039 document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
+ − 1040 }
+ − 1041 else
+ − 1042 {
+ − 1043 document.getElementById('e_password').innerHTML = '';
+ − 1044 }
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1045 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
+ − 1046 }
+ − 1047 }
+ − 1048
+ − 1049 // E-mail address
+ − 1050
+ − 1051 // workaround for idiot jEdit bug
221
+ − 1052 if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
125
+ − 1053 {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1054 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png';
125
+ − 1055 } else {
+ − 1056 failed = true;
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1057 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
+ − 1058 }
+ − 1059 if(failed)
+ − 1060 {
+ − 1061 frm.submit.disabled = 'disabled';
+ − 1062 } else {
+ − 1063 frm.submit.disabled = false;
30
+ − 1064 }
+ − 1065 }
125
+ − 1066 function checkUsername()
30
+ − 1067 {
125
+ − 1068 var frm = document.forms.regform;
+ − 1069
+ − 1070 if(!namegood)
+ − 1071 {
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1072 var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1073 if ( frm.username.value.match(regex) )
125
+ − 1074 {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1075 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
+ − 1076 document.getElementById('e_username').innerHTML = ' ';
125
+ − 1077 } else {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1078 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1079 document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
+ − 1080 return false;
+ − 1081 }
+ − 1082 }
+ − 1083
221
+ − 1084 document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
125
+ − 1085 ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
407
+ − 1086 if ( ajax.readyState == 4 && ajax.status == 200 )
125
+ − 1087 if(ajax.responseText == 'good')
+ − 1088 {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1089 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png';
221
+ − 1090 document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
125
+ − 1091 namegood = true;
+ − 1092 } else if(ajax.responseText == 'bad') {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1093 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1094 document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
125
+ − 1095 namegood = false;
+ − 1096 } else {
+ − 1097 document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 1098 }
+ − 1099 });
0
+ − 1100 }
125
+ − 1101 function regenCaptcha()
30
+ − 1102 {
448
+ − 1103 var frm = document.forms.regform;
517
+ − 1104 document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
125
+ − 1105 return false;
30
+ − 1106 }
614
+ − 1107 addOnloadHook(function()
+ − 1108 {
+ − 1109 <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
+ − 1110 var frm = document.forms.regform;
+ − 1111 load_component('pwstrength');
+ − 1112 password_score_field(frm.password);
+ − 1113 <?php endif; ?>
+ − 1114 load_component('crypto');
+ − 1115 validateForm();
+ − 1116 setTimeout('checkUsername();', 1000);
+ − 1117 });
125
+ − 1118 // ]]>
+ − 1119 </script>
+ − 1120 </enano:no-opt>
30
+ − 1121 <?php
+ − 1122 }
+ − 1123 else
+ − 1124 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1125 $year = intval( enano_date('Y') );
30
+ − 1126 $year = $year - 13;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1127 $month = enano_date('F');
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1128 $day = enano_date('d');
30
+ − 1129
+ − 1130 $yo13_date = "$month $day, $year";
+ − 1131 $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 1132 $link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 1133
+ − 1134 // COPPA enabled, ask age
+ − 1135 echo '<div class="tblholder">';
+ − 1136 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1137 echo '<tr>
+ − 1138 <td class="row1">
221
+ − 1139 ' . $lang->get('user_reg_coppa_title') . '
30
+ − 1140 </td>
+ − 1141 </tr>
+ − 1142 <tr>
+ − 1143 <td class="row3">
221
+ − 1144 <a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
+ − 1145 <a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
30
+ − 1146 </td>
+ − 1147 </tr>';
+ − 1148 echo '</table>';
+ − 1149 echo '</div>';
+ − 1150 }
0
+ − 1151 $template->footer();
+ − 1152 }
+ − 1153
+ − 1154 function page_Special_Contributions() {
+ − 1155 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1156 global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1157
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1158 // This is a vast improvement over the old Special:Contributions in 1.0.x.
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1159
0
+ − 1160 $template->header();
+ − 1161 $user = $paths->getParam();
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1162 if ( !$user && isset($_GET['user']) )
0
+ − 1163 {
+ − 1164 $user = $_GET['user'];
+ − 1165 }
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1166 else if ( !$user && !isset($_GET['user']) )
0
+ − 1167 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1168 echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>';
0
+ − 1169 $template->footer();
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1170 return;
0
+ − 1171 }
+ − 1172
+ − 1173 $user = $db->escape($user);
414
818b4cd12b8b
Added "is_draft != 1" where appropriate in SQL queries to prevent drafts from being treated as real revisions.
Dan
diff
changeset
+ − 1174 $q = 'SELECT log_type, time_id, action, date_string, page_id, namespace, author, edit_summary, minor_edit, page_id, namespace, ( action = \'edit\' ) AS is_edit FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND log_type=\'page\' AND is_draft != 1 ORDER BY is_edit DESC, time_id DESC;';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1175 $q = $db->sql_query($q);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1176 if ( !$q )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1177 $db->_die('SpecialUserFuncs selecting contribution data');
0
+ − 1178
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1179 echo '<h3>' . $lang->get('userfuncs_contribs_heading_edits') . '</h3>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1180
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1181 $cnt_edits = 0;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1182 $cnt_other = 0;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1183 $current = 'cnt_edits';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1184 $cls = 'row2';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1185
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1186 while ( $row = $db->fetchrow($q) )
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1187 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1188 if ( $current == 'cnt_edits' && $row['is_edit'] != 1 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1189 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1190 // No longer processing page edits - split the table
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1191 if ( $cnt_edits == 0 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1192 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1193 echo '<p>' . $lang->get('userfuncs_contribs_msg_no_edits') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1194 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1195 else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1196 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1197 echo '</table></div>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1198 echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1199 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1200 $current = 'cnt_other';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1201 $cls = 'row2';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1202 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1203 if ( $$current == 0 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1204 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1205 echo '<div class="tblholder">
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1206 <table border="0" cellspacing="1" cellpadding="4">';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1207 echo ' <tr>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1208 <th>' . $lang->get('history_col_datetime') . '</th>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1209 echo ' <th>' . $lang->get('history_col_page') . '</th>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1210 if ( $current == 'cnt_edits' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1211 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1212 echo ' <th>' . $lang->get('history_col_summary') . '</th>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1213 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1214 echo ' <th>' . $lang->get('history_col_minor') . '</th>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1215 if ( $current == 'cnt_other' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1216 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1217 echo ' <th>' . $lang->get('history_col_action_taken') . '</th>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1218 <th>' . $lang->get('history_col_extra') . '</th>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1219 ';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1220 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1221 echo ' <th>' . $lang->get('history_col_actions') . '</th>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1222 </tr>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1223 }
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1224 $$current++;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1225 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1226
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1227 echo '<tr>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1228
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1229 // date & time
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1230 echo ' <td class="' . $cls . '">' . enano_date('d M Y h:i a', $row['time_id']) . '</td>';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1231
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1232 // page & link to said page
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1233 echo ' <td class="' . $cls . '"><a href="' . makeUrlNS($row['namespace'], $row['page_id']) . '">' . get_page_title_ns($row['page_id'], $row['namespace']) . '</a></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1234
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1235 switch ( $row['action'] )
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1236 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1237 case 'edit':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1238 if ( $row['edit_summary'] == 'Automatic backup created when logs were purged' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1239 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1240 $row['edit_summary'] = $lang->get('history_summary_clearlogs');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1241 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1242 else if ( empty($row['edit_summary']) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1243 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1244 $row['edit_summary'] = '<span style="color: #808080">' . $lang->get('history_summary_none_given') . '</span>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1245 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1246 echo ' <td class="' . $cls . '">' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1247 if ( $row['minor_edit'] == 1 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1248 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1249 echo '<td class="' . $cls . '"><b>M</b></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1250 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1251 else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1252 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1253 echo '<td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1254 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1255 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1256 case 'prot':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1257 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1258 echo ' <td class="' . $cls . '">' . $lang->get('history_log_protect') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1259 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1260 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1261 case 'unprot':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1262 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1263 echo ' <td class="' . $cls . '">' . $lang->get('history_log_unprotect') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1264 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1265 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1266 case 'semiprot':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1267 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1268 echo ' <td class="' . $cls . '">' . $lang->get('history_log_semiprotect') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1269 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1270 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1271 case 'rename':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1272 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1273 echo ' <td class="' . $cls . '">' . $lang->get('history_log_rename') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1274 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' ' . htmlspecialchars($row['edit_summary']) . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1275 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1276 case 'create':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1277 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1278 echo ' <td class="' . $cls . '">' . $lang->get('history_log_create') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1279 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1280 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1281 case 'delete':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1282 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1283 echo ' <td class="' . $cls . '">' . $lang->get('history_log_delete') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1284 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1285 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1286 case 'reupload':
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1287 echo ' <td class="' . $cls . '"></td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1288 echo ' <td class="' . $cls . '">' . $lang->get('history_log_uploadnew') . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1289 echo ' <td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $row['edit_summary'] . '</td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1290 break;
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1291 }
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1292
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1293 // actions column
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1294 echo ' <td class="' . $cls . '" style="text-align: center;">';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1295 if ( $row['is_edit'] == 1 )
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1296 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1297 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "oldid={$row['time_id']}", true) . '">' . $lang->get('history_action_view') . '</a> | ';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1298 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_restore') . '</a>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1299 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1300 else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1301 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1302 echo ' <a href="' . makeUrlNS($row['namespace'], $row['page_id'], "do=rollback&id={$row['time_id']}", true) . '">' . $lang->get('history_action_revert') . '</a>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1303 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1304 echo ' </td>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1305
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1306 if ( $current == 'cnt_other' && $cnt_edits + $cnt_other >= $db->numrows($q) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1307 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1308 echo '</table></div>';
0
+ − 1309 }
+ − 1310 }
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1311
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1312 if ( $current == 'cnt_edits' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1313 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1314 // no "other" edits, close the table
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1315 if ( $cnt_edits > 0 )
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1316 echo '</table></div>';
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1317 else
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1318 echo '<p>' . $lang->get('userfuncs_contribs_msg_no_edits') . '</p>';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1319 echo '<h3>' . $lang->get('userfuncs_contribs_heading_other') . '</h3>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1320 echo '<p>' . $lang->get('userfuncs_contribs_msg_no_other') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1321 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1322
0
+ − 1323 $db->free_result();
+ − 1324 $template->footer();
+ − 1325 }
+ − 1326
+ − 1327 function page_Special_ChangeStyle()
+ − 1328 {
+ − 1329 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1330 global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1331
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1332 if ( !$session->user_logged_in )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1333 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1334 die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1335 }
0
+ − 1336 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 1337 {
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1338 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1339 die('Hacking attempt');
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1340 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1341 die('Hacking attempt');
0
+ − 1342 $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 1343 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1344 if ( !file_exists($d) || !is_dir($d) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1345 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1346 die('The directory "'.$d.'" does not exist.');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1347 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1348 if ( !file_exists($f) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1349 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1350 die('The file "'.$f.'" does not exist.');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1351 }
0
+ − 1352 $d = $db->escape($_POST['theme']);
+ − 1353 $f = $db->escape($_POST['style']);
+ − 1354 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1355 if ( !$db->sql_query($q) )
0
+ − 1356 {
+ − 1357 $db->_die('Your theme/style preferences were not updated.');
+ − 1358 }
+ − 1359 else
+ − 1360 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1361 redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3);
0
+ − 1362 }
+ − 1363 }
+ − 1364 else
+ − 1365 {
+ − 1366 $template->header();
+ − 1367 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1368 if ( !$ret )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1369 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1370 $ret = getConfig('main_page');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1371 }
0
+ − 1372 ?>
+ − 1373 <form action="<?php echo makeUrl($paths->page); ?>" method="post">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1374 <?php if ( !isset($_POST['themeselected']) ) { ?>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1375 <h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3>
0
+ − 1376 <p>
+ − 1377 <select name="theme">
+ − 1378 <?php
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1379 foreach ( $template->theme_list as $t )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1380 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1381 if ( $t['enabled'] )
0
+ − 1382 {
+ − 1383 echo '<option value="'.$t['theme_id'].'"';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1384 if ( $t['theme_id'] == $session->theme )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1385 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1386 echo ' selected="selected"';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1387 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1388 echo '>' . $t['theme_name'] . '</option>';
0
+ − 1389 }
+ − 1390 }
+ − 1391 ?>
+ − 1392 </select>
+ − 1393 </p>
+ − 1394 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1395 <input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
0
+ − 1396 <?php } else {
+ − 1397 $theme = $_POST['theme'];
+ − 1398 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 1399 die('Hacking attempt');
+ − 1400 ?>
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1401 <h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3>
0
+ − 1402 <p>
+ − 1403 <select name="style">
+ − 1404 <?php
+ − 1405 $dir = './themes/'.$theme.'/css/';
+ − 1406 $list = Array();
+ − 1407 // Open a known directory, and proceed to read its contents
+ − 1408 if (is_dir($dir)) {
+ − 1409 if ($dh = opendir($dir)) {
+ − 1410 while (($file = readdir($dh)) !== false) {
+ − 1411 if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1412 $list[] = substr($file, 0, strlen($file)-4);
+ − 1413 }
+ − 1414 }
+ − 1415 closedir($dh);
+ − 1416 }
+ − 1417 } else die($dir.' is not a dir');
+ − 1418 foreach ( $list as $l )
+ − 1419 {
+ − 1420 echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 1421 }
+ − 1422 ?>
+ − 1423 </select>
+ − 1424 </p>
+ − 1425 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 1426 <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1427 <input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
0
+ − 1428 <?php } ?>
+ − 1429 </form>
+ − 1430 <?php
+ − 1431 $template->footer();
+ − 1432 }
+ − 1433 }
+ − 1434
+ − 1435 function page_Special_ActivateAccount()
+ − 1436 {
+ − 1437 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1438 global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1439
0
+ − 1440 $user = $paths->getParam(0);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1441 if ( !$user )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1442 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1443 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1444 }
0
+ − 1445 $key = $paths->getParam(1);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1446 if ( !$key )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1447 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1448 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1449 }
0
+ − 1450 $s = $session->activate_account(str_replace('_', ' ', $user), $key);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1451 if ( $s > 0 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1452 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1453 die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1454 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1455 else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1456 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1457 die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1458 }
0
+ − 1459 }
+ − 1460
+ − 1461 function page_Special_Captcha()
+ − 1462 {
+ − 1463 global $db, $session, $paths, $template, $plugins; // Common objects
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1464 if ( $paths->getParam(0) == 'make' )
0
+ − 1465 {
+ − 1466 $session->kill_captcha();
+ − 1467 echo $session->make_captcha();
+ − 1468 return;
+ − 1469 }
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1470
0
+ − 1471 $hash = $paths->getParam(0);
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1472 if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1473 {
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1474 $paths->main_page();
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1475 }
402
+ − 1476
+ − 1477 $session->make_captcha(7, $hash);
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1478 $code = $session->generate_captcha_code();
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1479 $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1480 if ( !$q )
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1481 $db->_die();
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1482
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1483 require ( ENANO_ROOT.'/includes/captcha.php' );
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1484 $captcha = captcha_object($hash, 'freecap');
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 1485 // $captcha->debug = true;
0
+ − 1486 $captcha->make_image();
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1487
0
+ − 1488 exit;
+ − 1489 }
+ − 1490
+ − 1491 function page_Special_PasswordReset()
+ − 1492 {
+ − 1493 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1494 global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1495
0
+ − 1496 $template->header();
+ − 1497 if($paths->getParam(0) == 'stage2')
+ − 1498 {
+ − 1499 $user_id = intval($paths->getParam(1));
+ − 1500 $encpass = $paths->getParam(2);
+ − 1501 if ( $user_id < 2 )
+ − 1502 {
+ − 1503 echo '<p>Hacking attempt</p>';
+ − 1504 $template->footer();
+ − 1505 return false;
+ − 1506 }
+ − 1507 if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 1508 {
+ − 1509 echo '<p>Hacking attempt</p>';
+ − 1510 $template->footer();
+ − 1511 return false;
+ − 1512 }
+ − 1513
+ − 1514 $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 1515 if($db->numrows() < 1)
+ − 1516 {
+ − 1517 echo '<p>Invalid credentials</p>';
+ − 1518 $template->footer();
+ − 1519 return false;
+ − 1520 }
+ − 1521 $row = $db->fetchrow();
+ − 1522 $db->free_result();
+ − 1523
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1524 if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() )
0
+ − 1525 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1526 echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>';
0
+ − 1527 $template->footer();
+ − 1528 return false;
+ − 1529 }
+ − 1530
+ − 1531 if ( isset($_POST['do_stage2']) )
+ − 1532 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1533 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
0
+ − 1534 if($_POST['use_crypt'] == 'yes')
+ − 1535 {
+ − 1536 $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 1537 if(!$crypt_key)
+ − 1538 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1539 echo $lang->get('user_err_key_not_found');
0
+ − 1540 $template->footer();
+ − 1541 return false;
+ − 1542 }
+ − 1543 $crypt_key = hexdecode($crypt_key);
+ − 1544 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 1545 if(strlen($data) < 6)
+ − 1546 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1547 echo $lang->get('userfuncs_passreset_err_too_short');
0
+ − 1548 $template->footer();
+ − 1549 return false;
+ − 1550 }
+ − 1551 }
+ − 1552 else
+ − 1553 {
+ − 1554 $data = $_POST['pass'];
+ − 1555 $conf = $_POST['pass_confirm'];
+ − 1556 if($data != $conf)
+ − 1557 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1558 echo $lang->get('userfuncs_passreset_err_no_match');
0
+ − 1559 $template->footer();
+ − 1560 return false;
+ − 1561 }
+ − 1562 if(strlen($data) < 6)
+ − 1563 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1564 echo $lang->get('userfuncs_passreset_err_too_short');
0
+ − 1565 $template->footer();
+ − 1566 return false;
+ − 1567 }
+ − 1568 }
+ − 1569 if(empty($data))
+ − 1570 {
+ − 1571 echo 'ERROR: Sanity check failed!';
+ − 1572 $template->footer();
+ − 1573 return false;
+ − 1574 }
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1575 if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1576 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1577 $min_score = intval(getConfig('pw_strength_minimum'));
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1578 $inp_score = password_score($data);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1579 if ( $inp_score < $min_score )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1580 {
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1581 $url = makeUrl($paths->fullpage);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1582 echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>";
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1583 $template->footer();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1584 return false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1585 }
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1586 }
591
2529833a7731
Made $session->private_key protected and added pk_{en,de}crypt methods for encrypting and decrypting data using the private key
Dan
diff
changeset
+ − 1587 $encpass = $session->pk_encrypt($data, ENC_HEX);
0
+ − 1588 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 1589
+ − 1590 if($q)
+ − 1591 {
+ − 1592 $session->login_without_crypto($row['username'], $data);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1593 echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(getConfig('main_page')))) . '</p>';
0
+ − 1594 }
+ − 1595 else
+ − 1596 {
+ − 1597 echo $db->get_error();
+ − 1598 }
+ − 1599
+ − 1600 $template->footer();
+ − 1601 return false;
+ − 1602 }
+ − 1603
+ − 1604 // Password reset form
+ − 1605 $pubkey = $session->rijndael_genkey();
+ − 1606
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1607 $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1608 $pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1609 $pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : '';
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1610
0
+ − 1611 ?>
+ − 1612 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 1613 <br />
+ − 1614 <div class="tblholder">
+ − 1615 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1616 <tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1617 <tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1618 <tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1619 <?php echo $pw_meter; ?>
0
+ − 1620 <tr>
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1621 <td colspan="2" class="row3" style="text-align: center;">
0
+ − 1622 <input type="hidden" name="use_crypt" value="no" />
+ − 1623 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 1624 <input type="hidden" name="crypt_data" value="" />
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1625 <input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" />
0
+ − 1626 </td>
+ − 1627 </tr>
+ − 1628 </table>
+ − 1629 </div>
+ − 1630 </form>
+ − 1631 <script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1632 if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1633 {
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1634 disableJSONExts();
0
+ − 1635 str = '';
+ − 1636 for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 1637 var key = hexToByteArray(str);
+ − 1638 var pt = hexToByteArray(str);
+ − 1639 var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 1640 var ct = byteArrayToHex(ct);
+ − 1641 switch(keySizeInBits)
+ − 1642 {
+ − 1643 case 128:
+ − 1644 v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 1645 break;
+ − 1646 case 192:
+ − 1647 v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 1648 break;
+ − 1649 case 256:
+ − 1650 v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 1651 break;
+ − 1652 }
+ − 1653 var testpassed = ( ct == v && md5_vm_test() );
+ − 1654 var frm = document.forms.resetform;
+ − 1655 if(testpassed)
+ − 1656 {
+ − 1657 frm.use_crypt.value = 'yes';
+ − 1658 var cryptkey = frm.crypt_key.value;
+ − 1659 frm.crypt_key.value = hex_md5(cryptkey);
+ − 1660 cryptkey = hexToByteArray(cryptkey);
+ − 1661 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 1662 {
+ − 1663 frm._login.disabled = true;
+ − 1664 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 1665 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 1666 }
+ − 1667 }
+ − 1668 function runEncryption()
+ − 1669 {
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1670 var frm = document.forms.resetform;
0
+ − 1671 pass1 = frm.pass.value;
+ − 1672 pass2 = frm.pass_confirm.value;
+ − 1673 if ( pass1 != pass2 )
+ − 1674 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1675 alert($lang.get('userfuncs_passreset_err_no_match'));
0
+ − 1676 return false;
+ − 1677 }
+ − 1678 if ( pass1.length < 6 )
+ − 1679 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1680 alert($lang.get('userfuncs_passreset_err_too_short'));
0
+ − 1681 return false;
+ − 1682 }
+ − 1683 if(testpassed)
+ − 1684 {
+ − 1685 pass = frm.pass.value;
+ − 1686 pass = stringToByteArray(pass);
+ − 1687 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 1688 if(!cryptstring)
+ − 1689 {
+ − 1690 return false;
+ − 1691 }
+ − 1692 cryptstring = byteArrayToHex(cryptstring);
+ − 1693 frm.crypt_data.value = cryptstring;
+ − 1694 frm.pass.value = "";
+ − 1695 frm.pass_confirm.value = "";
+ − 1696 }
+ − 1697 return true;
+ − 1698 }
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1699 }
0
+ − 1700 </script>
+ − 1701 <?php
+ − 1702 $template->footer();
+ − 1703 return true;
+ − 1704 }
+ − 1705 if(isset($_POST['do_reset']))
+ − 1706 {
+ − 1707 if($session->mail_password_reset($_POST['username']))
+ − 1708 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1709 echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>';
0
+ − 1710 }
+ − 1711 else
+ − 1712 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1713 echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>';
0
+ − 1714 }
+ − 1715 $template->footer();
+ − 1716 return true;
+ − 1717 }
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1718 echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1719 <p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p>
0
+ − 1720 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1721 <p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1722 <p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p>
0
+ − 1723 </form>';
+ − 1724 $template->footer();
+ − 1725 }
+ − 1726
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1727 function page_Special_Memberlist()
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1728 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1729 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1730 global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1731
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1732 $template->header();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1733
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1734 $startletters = 'abcdefghijklmnopqrstuvwxyz';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1735 $startletters = enano_str_split($startletters);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1736 $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1737 if ( !in_array($startletter, $startletters) && $startletter != 'chr' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1738 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1739 $startletter = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1740 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1741
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1742 $startletter_sql = $startletter;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1743 if ( $startletter == 'chr' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1744 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1745 $startletter_sql = '([^a-z])';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1746 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1747
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1748 // offset
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1749 $offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1750
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1751 // sort order
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1752 $sortkeys = array(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1753 'uid' => 'u.user_id',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1754 'username' => 'u.username',
111
+ − 1755 'email' => 'u.email',
+ − 1756 'regist' => 'u.reg_time'
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1757 );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1758
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1759 $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1760 $sort_sqllet = $sortkeys[$sortby];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1761
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1762 $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1763
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1764 $sortorders = array();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1765 foreach ( $sortkeys as $k => $_unused )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1766 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1767 $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1768 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1769
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1770 // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1771
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1772 echo '<div class="tblholder">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1773 <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1774 <tr>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1775 echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1776 echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1777 foreach ( $startletters as $letter )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1778 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1779 echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1780 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1781 echo ' </tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1782 </table>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1783 </div>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1784
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1785 // formatter parameters
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1786 $formatter = new MemberlistFormatter();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1787 $formatters = array(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1788 'username' => array($formatter, 'username'),
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1789 'user_level' => array($formatter, 'user_level'),
111
+ − 1790 'email' => array($formatter, 'email'),
+ − 1791 'reg_time' => array($formatter, 'reg_time')
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1792 );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1793
105
+ − 1794 // User search
+ − 1795 if ( isset($_GET['finduser']) )
+ − 1796 {
+ − 1797 $finduser = str_replace(array( '%', '_'),
+ − 1798 array('\\%', '\\_'),
+ − 1799 $_GET['finduser']);
+ − 1800 $finduser = str_replace(array('*', '?'),
+ − 1801 array('%', '_'),
+ − 1802 $finduser);
+ − 1803 $finduser = $db->escape($finduser);
322
+ − 1804 $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
105
+ − 1805 $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
+ − 1806 }
+ − 1807 else
+ − 1808 {
322
+ − 1809 if ( ENANO_DBLAYER == 'MYSQL' )
+ − 1810 $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
+ − 1811 else if ( ENANO_DBLAYER == 'PGSQL' )
+ − 1812 $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
105
+ − 1813 $finduser_url = '';
+ − 1814 }
+ − 1815
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1816 // Column markers
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1817 $headings = '<tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1818 <th style="max-width: 50px;">
105
+ − 1819 <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
+ − 1820 </th>
+ − 1821 <th>
342
+ − 1822 <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1823 </th>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1824 <th>
342
+ − 1825 ' . $lang->get('userfuncs_ml_column_userlevel') . '
111
+ − 1826 </th>
+ − 1827 <th>
342
+ − 1828 <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1829 </th>
111
+ − 1830 <th>
342
+ − 1831 <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a>
111
+ − 1832 </th>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1833 </tr>';
105
+ − 1834
+ − 1835 // determine number of rows
322
+ − 1836 $q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
105
+ − 1837 if ( !$q )
+ − 1838 $db->_die();
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1839
105
+ − 1840 $num_rows = $db->numrows();
+ − 1841 $db->free_result();
+ − 1842
+ − 1843 if ( !empty($finduser_url) )
+ − 1844 {
342
+ − 1845 switch ( $num_rows )
+ − 1846 {
+ − 1847 case 0:
+ − 1848 $str = $lang->get('userfuncs_ml_msg_matches_zero'); break;
+ − 1849 case 1:
+ − 1850 $str = $lang->get('userfuncs_ml_msg_matches_one'); break;
+ − 1851 default:
+ − 1852 $str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break;
+ − 1853 }
+ − 1854 echo "<h3>$str</h3>";
105
+ − 1855 }
+ − 1856
+ − 1857 // main selector
111
+ − 1858 $q = $db->sql_unbuffered_query('SELECT u.user_id, u.username, u.reg_time, u.email, u.user_level, u.reg_time, x.email_public FROM '.table_prefix.'users AS u
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1859 LEFT JOIN '.table_prefix.'users_extra AS x
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1860 ON ( u.user_id = x.user_id )
322
+ − 1861 WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1862 ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';');
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1863 if ( !$q )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1864 $db->_die();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1865
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1866 $html = paginate(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1867 $q, // MySQL result resource
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1868 '<tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1869 <td class="{_css_class}">{user_id}</td>
111
+ − 1870 <td class="{_css_class}" style="text-align: left;">{username}</td>
+ − 1871 <td class="{_css_class}">{user_level}</td>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1872 <td class="{_css_class}">{email}</small></td>
111
+ − 1873 <td class="{_css_class}">{reg_time}</td>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1874 </tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1875 ', // TPL code for rows
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1876 $num_rows, // Number of results
105
+ − 1877 makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1878 $offset, // Start at this number
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1879 25, // Results per page
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1880 $formatters, // Formatting hooks
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1881 '<div class="tblholder">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1882 <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1883 ' . $headings . '
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1884 ', // Header (printed before rows)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1885 ' ' . $headings . '
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1886 </table>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1887 </div>
105
+ − 1888 ' .
+ − 1889 '<div style="float: left;">
+ − 1890 <form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
322
+ − 1891 . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 1892 . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '')
342
+ − 1893 . '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br />
+ − 1894 <small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>'
105
+ − 1895 . '</form>
+ − 1896 </div>' // Footer (printed after rows)
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1897 );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1898
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1899 if ( $num_rows < 1 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1900 {
342
+ − 1901 echo ( isset($_GET['finduser']) ) ? '<p>' . $lang->get('userfuncs_ml_err_nousers_find') . '</p>' :
+ − 1902 '<p>' . $lang->get('userfuncs_ml_err_nousers') . '</p>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1903 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1904 else
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1905 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1906 echo $html;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1907 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1908
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1909 $template->footer();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1910 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1911
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1912 /**
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1913 * Class for formatting results for the memberlist.
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1914 * @access private
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1915 */
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1916
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1917 class MemberlistFormatter
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1918 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1919 function username($username, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1920 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1921 global $db, $session, $paths, $template, $plugins; // Common objects
342
+ − 1922 global $lang;
+ − 1923
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1924 $userpage = $paths->nslist['User'] . sanitize_page_id($username);
342
+ − 1925 $class = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' class="wikilink-nonexistent" title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1926 $anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . '>' . htmlspecialchars($username) . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1927 if ( $session->user_level >= USER_LEVEL_ADMIN )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1928 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1929 $anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
342
+ − 1930 onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1931 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1932 return $anchor;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1933 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1934 function user_level($level, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1935 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1936 global $db, $session, $paths, $template, $plugins; // Common objects
342
+ − 1937 global $lang;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1938 switch ( $level )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1939 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1940 case USER_LEVEL_GUEST:
342
+ − 1941 $s_level = $lang->get('userfuncs_ml_level_guest'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1942 case USER_LEVEL_MEMBER:
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1943 case USER_LEVEL_CHPREF:
342
+ − 1944 $s_level = $lang->get('userfuncs_ml_level_member'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1945 case USER_LEVEL_MOD:
342
+ − 1946 $s_level = $lang->get('userfuncs_ml_level_mod'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1947 case USER_LEVEL_ADMIN:
342
+ − 1948 $s_level = $lang->get('userfuncs_ml_level_admin'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1949 default:
342
+ − 1950 $s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level ));
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1951 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1952 return $s_level;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1953 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1954 function email($addy, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1955 {
342
+ − 1956 global $lang;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1957 if ( $row['email_public'] == '1' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1958 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1959 global $email;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1960 $addy = $email->encryptEmail($addy);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1961 return $addy;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1962 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1963 else
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1964 {
342
+ − 1965 return '<small><' . $lang->get('userfuncs_ml_email_nonpublic') . '></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1966 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1967 }
111
+ − 1968 /**
+ − 1969 * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant.
+ − 1970 * @param int UNIX timestamp
+ − 1971 * @return string
+ − 1972 */
+ − 1973
+ − 1974 function format_date($time)
+ − 1975 {
342
+ − 1976 global $lang;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1977 // Our formattting string to pass to enano_date()
111
+ − 1978 // This should not include minute/second info, only today's date in whatever format suits your fancy
+ − 1979 $formatstring = 'F j, Y';
+ − 1980 // Today's date
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1981 $today = enano_date($formatstring);
111
+ − 1982 // Yesterday's date
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1983 $yesterday = enano_date($formatstring, (time() - (24*60*60)));
111
+ − 1984 // Date on the input
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1985 $then = enano_date($formatstring, $time);
111
+ − 1986 // "X days ago" logic
+ − 1987 for ( $i = 2; $i <= 6; $i++ )
+ − 1988 {
+ − 1989 // hours_in_day * minutes_in_hour * seconds_in_minute * num_days
+ − 1990 $offset = 24 * 60 * 60 * $i;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1991 $days_ago = enano_date($formatstring, (time() - $offset));
111
+ − 1992 // so does the input timestamp match the date from $i days ago?
+ − 1993 if ( $then == $days_ago )
+ − 1994 {
+ − 1995 // yes, return $i
342
+ − 1996 return $lang->get('userfuncs_ml_date_daysago', array('days_ago' => $i));
111
+ − 1997 }
+ − 1998 }
+ − 1999 // either yesterday, today, or before 6 days ago
+ − 2000 switch($then)
+ − 2001 {
+ − 2002 case $today:
342
+ − 2003 return $lang->get('userfuncs_ml_date_today');
111
+ − 2004 case $yesterday:
342
+ − 2005 return $lang->get('userfuncs_ml_date_yesterday');
111
+ − 2006 default:
+ − 2007 return $then;
+ − 2008 }
+ − 2009 // .--.
+ − 2010 // |o_o |
+ − 2011 // |!_/ |
+ − 2012 // // \ \
+ − 2013 // (| | )
+ − 2014 // /'\_ _/`\
+ − 2015 // \___)=(___/
+ − 2016 return 'Linux rocks!';
+ − 2017 }
+ − 2018 function reg_time($time, $row)
+ − 2019 {
+ − 2020 return $this->format_date($time);
+ − 2021 }
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2022 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2023
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2024 function page_Special_LangExportJSON()
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2025 {
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2026 global $db, $session, $paths, $template, $plugins; // Common objects
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2027 global $lang;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2028
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2029 $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2030
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2031 if ( $lang->lang_id == $lang_id )
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2032 $lang_local =& $lang;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2033 else
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2034 $lang_local = new Language($lang_id);
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2035
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2036 $lang_strings = enano_json_encode($lang_local->strings);
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2037 $etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp);
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2038
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2039 if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2040 {
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2041 if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2042 {
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2043 header('HTTP/1.1 304 Not Modified');
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2044 exit();
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2045 }
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2046 }
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2047
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2048 $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 2049 // generate expires header
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 2050 $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 2051
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2052 header("Last-Modified: $timestamp");
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2053 header("Date: $timestamp");
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2054 header("ETag: \"$etag\"");
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2055 header('Content-type: text/javascript');
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 2056 header("Expires: $expires");
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2057
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2058 $lang_local->fetch();
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2059 echo "if ( typeof(enano_lang) != 'object' )
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2060 var enano_lang = new Object();
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2061
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2062 enano_lang[{$lang->lang_id}] = " . $lang_strings . ";";
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 2063
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 2064 gzip_output();
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2065
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 2066 exit(0);
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2067 }
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 2068
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2069 /**
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2070 * Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4.
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2071 */
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2072
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2073 function page_Special_Avatar()
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2074 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2075 global $db, $session, $paths, $template, $plugins; // Common objects
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2076 global $aggressive_optimize_html;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2077 $aggressive_optimize_html = false;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2078
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2079 $img_types = array(
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2080 IMAGE_TYPE_PNG => 'png',
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2081 IMAGE_TYPE_GIF => 'gif',
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2082 IMAGE_TYPE_JPG => 'jpg'
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2083 );
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2084
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2085 $avi_id = $paths->getParam(0);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2086 if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2087 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2088 echo 'Doesn\'t match the regexp';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2089 return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2090 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2091
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2092 $avi_id_dec = hexdecode($avi_id);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2093 $avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2094 if ( !$avi_id_dec )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2095 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2096 echo 'Bad unpack';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2097 return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2098 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2099
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2100 // check parameters
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2101 if ( !isset($img_types[$avi_id_dec['img_type']]) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2102 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2103 echo 'Invalid image type';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2104 return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2105 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2106
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2107 // build file path
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2108 $avi_type = $img_types[$avi_id_dec['img_type']];
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2109 $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2110 if ( file_exists($avi_path) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2111 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2112 $avi_mod_time = @filemtime($avi_path);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2113 $avi_mod_time = date('r', $avi_mod_time);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2114 $avi_size = @filesize($avi_path);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2115 header("Last-Modified: $avi_mod_time");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2116 header("Content-Length: $avi_size");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2117 header("Content-Type: image/$avi_type");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2118 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2119 header("Cache-Control: public");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2120
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2121 $fh = @fopen($avi_path, 'r');
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2122 if ( !$fh )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2123 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2124 echo 'Could not open file';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2125 return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2126 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2127
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2128 while ( $fd = @fread($fh, 1024) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2129 {
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2130 echo $fd;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2131 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2132 fclose($fh);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2133
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2134 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2135 return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2136 }
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2137
0
+ − 2138 ?>