0
+ − 1 <?php
+ − 2 /*
+ − 3 Plugin Name: Special user/login-related pages
23
+ − 4 Plugin URI: http://enanocms.org/
0
+ − 5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
+ − 6 Author: Dan Fuhry
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 7 Version: 1.0.1
23
+ − 8 Author URI: http://enanocms.org/
0
+ − 9 */
+ − 10
+ − 11 /*
+ − 12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13 * Version 1.0 release candidate 2
+ − 14 * Copyright (C) 2006-2007 Dan Fuhry
+ − 15 *
+ − 16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18 *
+ − 19 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21 */
+ − 22
+ − 23 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25 $plugins->attachHook('base_classes_initted', '
+ − 26 global $paths;
+ − 27 $paths->add_page(Array(
+ − 28 \'name\'=>\'Log in\',
+ − 29 \'urlname\'=>\'Login\',
+ − 30 \'namespace\'=>\'Special\',
+ − 31 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32 ));
+ − 33 $paths->add_page(Array(
+ − 34 \'name\'=>\'Log out\',
+ − 35 \'urlname\'=>\'Logout\',
+ − 36 \'namespace\'=>\'Special\',
+ − 37 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 38 ));
+ − 39 $paths->add_page(Array(
+ − 40 \'name\'=>\'Register\',
+ − 41 \'urlname\'=>\'Register\',
+ − 42 \'namespace\'=>\'Special\',
+ − 43 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 44 ));
+ − 45 $paths->add_page(Array(
+ − 46 \'name\'=>\'Edit Profile\',
+ − 47 \'urlname\'=>\'Preferences\',
+ − 48 \'namespace\'=>\'Special\',
+ − 49 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 50 ));
+ − 51
+ − 52 $paths->add_page(Array(
+ − 53 \'name\'=>\'Contributions\',
+ − 54 \'urlname\'=>\'Contributions\',
+ − 55 \'namespace\'=>\'Special\',
+ − 56 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 57 ));
+ − 58
+ − 59 $paths->add_page(Array(
+ − 60 \'name\'=>\'Change style\',
+ − 61 \'urlname\'=>\'ChangeStyle\',
+ − 62 \'namespace\'=>\'Special\',
+ − 63 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 64 ));
+ − 65
+ − 66 $paths->add_page(Array(
+ − 67 \'name\'=>\'Activate user account\',
+ − 68 \'urlname\'=>\'ActivateAccount\',
+ − 69 \'namespace\'=>\'Special\',
+ − 70 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 71 ));
+ − 72
+ − 73 $paths->add_page(Array(
+ − 74 \'name\'=>\'Captcha\',
+ − 75 \'urlname\'=>\'Captcha\',
+ − 76 \'namespace\'=>\'Special\',
+ − 77 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 78 ));
+ − 79
+ − 80 $paths->add_page(Array(
+ − 81 \'name\'=>\'Forgot password\',
+ − 82 \'urlname\'=>\'PasswordReset\',
+ − 83 \'namespace\'=>\'Special\',
+ − 84 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 85 ));
+ − 86 ');
+ − 87
+ − 88 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 89
+ − 90 $__login_status = '';
+ − 91
+ − 92 function page_Special_Login()
+ − 93 {
+ − 94 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95 global $__login_status;
+ − 96
+ − 97 $pubkey = $session->rijndael_genkey();
+ − 98 $challenge = $session->dss_rand();
+ − 99
+ − 100 if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 101 {
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 102 $username = ( $session->user_logged_in ) ? $session->username : false;
0
+ − 103 $response = Array(
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 104 'username' => $username,
0
+ − 105 'key' => $pubkey,
+ − 106 'challenge' => $challenge
+ − 107 );
+ − 108 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 109 $response = $json->encode($response);
+ − 110 echo $response;
+ − 111 return null;
+ − 112 }
+ − 113
+ − 114 $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 115 if ( isset($_POST['login']) )
+ − 116 {
+ − 117 if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 118 {
+ − 119 $level = intval($_POST['auth_level']);
+ − 120 }
+ − 121 }
+ − 122
+ − 123 if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 124 {
+ − 125 $level = USER_LEVEL_MEMBER;
+ − 126 }
93
+ − 127 if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
+ − 128 $paths->main_page();
0
+ − 129 $template->header();
+ − 130 echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
+ − 131 $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ − 132 if ( isset($_POST['login']) )
+ − 133 {
+ − 134 echo '<p>'.$__login_status.'</p>';
+ − 135 }
+ − 136 if ( $p = $paths->getAllParams() )
+ − 137 {
+ − 138 echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 139 }
+ − 140 else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 141 {
+ − 142 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 143 }
+ − 144 ?>
+ − 145 <div class="tblholder">
+ − 146 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 147 <tr>
+ − 148 <th colspan="3"><?php echo $header; ?></th>
+ − 149 </tr>
+ − 150 <tr>
+ − 151 <td colspan="3" class="row1">
+ − 152 <?php
+ − 153 if ( $level <= USER_LEVEL_MEMBER )
+ − 154 {
+ − 155 echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ − 156 }
+ − 157 else
+ − 158 {
+ − 159 echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ − 160 }
+ − 161 ?>
+ − 162 </td>
+ − 163 </tr>
+ − 164 <tr>
+ − 165 <td class="row2">
+ − 166 Username:
+ − 167 </td>
+ − 168 <td class="row1">
+ − 169 <input name="username" size="25" type="text" <?php
+ − 170 if ( $level <= USER_LEVEL_MEMBER )
+ − 171 {
+ − 172 echo 'tabindex="1" ';
+ − 173 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 174 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 175 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 176 echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 177 }
0
+ − 178 if ( $session->user_logged_in )
+ − 179 {
+ − 180 echo 'value="' . $session->username . '"';
+ − 181 }
+ − 182 ?> />
+ − 183 </td>
+ − 184 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 185 <td rowspan="2" class="row3">
+ − 186 <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
+ − 187 Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ − 188 </td>
+ − 189 <?php } ?>
+ − 190 </tr>
+ − 191 <tr>
+ − 192 <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ − 193 </tr>
+ − 194 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 195 <tr>
+ − 196 <td class="row3" colspan="3">
+ − 197 <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
+ − 198 <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ − 199 </td>
+ − 200 </tr>
+ − 201 <?php } ?>
+ − 202 <tr>
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 203 <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
0
+ − 204 </tr>
+ − 205 </table>
+ − 206 </div>
+ − 207 <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 208 <input type="hidden" name="use_crypt" value="no" />
+ − 209 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 210 <input type="hidden" name="crypt_data" value="" />
+ − 211 <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 212 <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 213 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 214 document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 215 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 216 <?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 217 <script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 218 document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 219 </script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 220 <?php endif; ?>
0
+ − 221 </form>
+ − 222 <?php
+ − 223 echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
+ − 224 ?>
+ − 225 <?php
+ − 226 $template->footer();
+ − 227 }
+ − 228
+ − 229 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 230 {
+ − 231 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 232 global $__login_status;
+ − 233 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 234 {
+ − 235 $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
+ − 236 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 237 $data = $json->decode($_POST['params']);
+ − 238 $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
+ − 239 $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ − 240 $session->start();
+ − 241 //echo "$result\n$session->sid_super";
+ − 242 //exit;
+ − 243 if ( $result == 'success' )
+ − 244 {
+ − 245 $response = Array(
+ − 246 'result' => 'success',
+ − 247 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
+ − 248 );
+ − 249 }
+ − 250 else
+ − 251 {
+ − 252 $response = Array(
+ − 253 'result' => 'error',
+ − 254 'error' => $result
+ − 255 );
+ − 256 }
+ − 257 $response = $json->encode($response);
+ − 258 echo $response;
+ − 259 $db->close();
+ − 260 exit;
+ − 261 }
+ − 262 if(isset($_POST['login'])) {
+ − 263 if($_POST['use_crypt'] == 'yes')
+ − 264 {
+ − 265 $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ − 266 }
+ − 267 else
+ − 268 {
+ − 269 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ − 270 }
+ − 271 $session->start();
+ − 272 $paths->init();
+ − 273 if($result == 'success')
+ − 274 {
+ − 275 $template->load_theme($session->theme, $session->style);
+ − 276 if(isset($_POST['return_to']))
+ − 277 {
+ − 278 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
93
+ − 279 redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
0
+ − 280 }
+ − 281 else
+ − 282 {
93
+ − 283 redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );
0
+ − 284 }
+ − 285 }
+ − 286 else
+ − 287 {
+ − 288 $GLOBALS['__login_status'] = $result;
+ − 289 }
+ − 290 }
+ − 291 }
+ − 292
+ − 293 function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 294 {
+ − 295 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 296
+ − 297 $response = Array(
+ − 298 'result' => 'success_reset',
+ − 299 'user_id' => $user_id,
+ − 300 'temppass' => $passkey
+ − 301 );
+ − 302
+ − 303 $response = $json->encode($response);
+ − 304 echo $response;
+ − 305
+ − 306 $db->close();
+ − 307
+ − 308 exit;
+ − 309 }
+ − 310
+ − 311 function page_Special_Logout() {
+ − 312 global $db, $session, $paths, $template, $plugins; // Common objects
93
+ − 313 if ( !$session->user_logged_in )
+ − 314 $paths->main_page();
+ − 315
0
+ − 316 $l = $session->logout();
93
+ − 317 if ( $l == 'success' )
+ − 318 {
+ − 319 redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
+ − 320 }
0
+ − 321 $template->header();
+ − 322 echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ − 323 $template->footer();
+ − 324 }
+ − 325
30
+ − 326 function page_Special_Register()
+ − 327 {
0
+ − 328 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 329 if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 330 {
+ − 331 $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
+ − 332 die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ − 333 }
93
+ − 334 if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
+ − 335 {
+ − 336 $paths->main_page();
+ − 337 }
30
+ − 338 if(isset($_POST['submit']))
+ − 339 {
+ − 340 $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 341
0
+ − 342 $captcharesult = $session->get_captcha($_POST['captchahash']);
+ − 343 if($captcharesult != $_POST['captchacode'])
30
+ − 344 {
0
+ − 345 $s = 'The confirmation code you entered was incorrect.';
30
+ − 346 }
0
+ − 347 else
30
+ − 348 {
+ − 349 if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 350 {
+ − 351 $s = 'Invalid COPPA input';
+ − 352 }
+ − 353 else
+ − 354 {
+ − 355 $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
+ − 356
+ − 357 // CAPTCHA code was correct, create the account
+ − 358 $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);
+ − 359 }
+ − 360 }
+ − 361 if($s == 'success' && !isset($coppa))
0
+ − 362 {
+ − 363 switch(getConfig('account_activation'))
+ − 364 {
+ − 365 case "none":
+ − 366 default:
+ − 367 $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ − 368 break;
+ − 369 case "user":
+ − 370 $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ − 371 break;
+ − 372 case "admin":
+ − 373 $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ − 374 break;
+ − 375 }
+ − 376 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 377 }
30
+ − 378 else if ( $s == 'success' && $coppa )
+ − 379 {
+ − 380 $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
+ − 381 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 382 }
0
+ − 383 }
+ − 384 $template->header();
+ − 385 echo 'A user account enables you to have greater control over your browsing experience.';
30
+ − 386
+ − 387 if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 388 {
+ − 389 $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 390 $session->kill_captcha();
+ − 391 $captchacode = $session->make_captcha();
+ − 392 ?>
+ − 393 <h3>Create a user account</h3>
+ − 394 <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 395 <div class="tblholder">
+ − 396 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 397 <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ − 398 <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
+ − 399 <tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
+ − 400 <tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
+ − 401 <tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
+ − 402 <tr><td class="row1" style="width: 50%;"><?php if ( $coppa ) echo 'Your parent or guardian\'s e'; else echo 'E'; ?>-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
+ − 403 <tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
+ − 404 <tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
+ − 405 <tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
+ − 406 <tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
+ − 407 </table>
+ − 408 </div>
+ − 409 <?php
+ − 410 $val = ( $coppa ) ? 'yes' : 'no';
+ − 411 echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 412 ?>
+ − 413 </form>
+ − 414 <script type="text/javascript">
+ − 415 // <![CDATA[
+ − 416 var namegood = false;
+ − 417 function validateForm()
0
+ − 418 {
30
+ − 419 var frm = document.forms.regform;
+ − 420 failed = false;
+ − 421
+ − 422 // Username
+ − 423 if(!namegood)
0
+ − 424 {
30
+ − 425 if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
+ − 426 {
+ − 427 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 428 document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ − 429 } else {
+ − 430 failed = true;
+ − 431 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 432 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 433 }
+ − 434 }
+ − 435 document.getElementById('b_username').innerHTML = '';
+ − 436 if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
+ − 437 {
+ − 438 document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 439 }
+ − 440
+ − 441 // Password
+ − 442 if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ − 443 {
+ − 444 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 445 document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
0
+ − 446 } else {
+ − 447 failed = true;
30
+ − 448 if(frm.password.value.length < 6)
+ − 449 document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ − 450 else if(frm.password.value != frm.password_confirm.value)
+ − 451 document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
+ − 452 else
+ − 453 document.getElementById('e_password').innerHTML = '';
+ − 454 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 455 }
+ − 456
+ − 457 // E-mail address
+ − 458 if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ − 459 {
+ − 460 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 461 } else {
+ − 462 failed = true;
+ − 463 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 464 }
+ − 465 if(failed)
+ − 466 {
+ − 467 frm.submit.disabled = 'disabled';
+ − 468 } else {
+ − 469 frm.submit.disabled = false;
0
+ − 470 }
+ − 471 }
30
+ − 472 function checkUsername()
0
+ − 473 {
30
+ − 474 var frm = document.forms.regform;
+ − 475
+ − 476 if(!namegood)
+ − 477 {
+ − 478 if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ − 479 {
+ − 480 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 481 document.getElementById('e_username').innerHTML = '';
+ − 482 } else {
+ − 483 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 484 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 485 return false;
+ − 486 }
+ − 487 }
+ − 488
+ − 489 document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ − 490 ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
+ − 491 if(ajax.readyState == 4)
+ − 492 if(ajax.responseText == 'good')
+ − 493 {
+ − 494 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 495 document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ − 496 namegood = true;
+ − 497 } else if(ajax.responseText == 'bad') {
+ − 498 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 499 document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ − 500 namegood = false;
+ − 501 } else {
+ − 502 document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 503 }
+ − 504 });
0
+ − 505 }
30
+ − 506 function regenCaptcha()
0
+ − 507 {
30
+ − 508 var frm = document.forms.regform;
+ − 509 document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
+ − 510 return false;
0
+ − 511 }
30
+ − 512 validateForm();
+ − 513 setTimeout('checkUsername();', 1000);
+ − 514 // ]]>
+ − 515 </script>
+ − 516 <?php
+ − 517 }
+ − 518 else
+ − 519 {
+ − 520 $year = intval( date('Y') );
+ − 521 $year = $year - 13;
+ − 522 $month = date('F');
+ − 523 $day = date('d');
+ − 524
+ − 525 $yo13_date = "$month $day, $year";
+ − 526 $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 527 $link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 528
+ − 529 // COPPA enabled, ask age
+ − 530 echo '<div class="tblholder">';
+ − 531 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 532 echo '<tr>
+ − 533 <td class="row1">
+ − 534 Before you can register, please tell us your age.
+ − 535 </td>
+ − 536 </tr>
+ − 537 <tr>
+ − 538 <td class="row3">
+ − 539 <a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
+ − 540 <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ − 541 </td>
+ − 542 </tr>';
+ − 543 echo '</table>';
+ − 544 echo '</div>';
+ − 545 }
0
+ − 546 $template->footer();
+ − 547 }
+ − 548
+ − 549 /*
+ − 550 If you want the old preferences page back, be my guest.
+ − 551 function page_Special_Preferences() {
+ − 552 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 553 $template->header();
+ − 554 if(isset($_POST['submit'])) {
+ − 555 $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
+ − 556 if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
+ − 557 else echo $data;
+ − 558 } else {
+ − 559 echo '
+ − 560 <h3>Edit your profile</h3>
+ − 561 <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
+ − 562 <table border="0" style="margin-left: 0.2in;">
+ − 563 <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
+ − 564 <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
+ − 565 <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
+ − 566 <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
+ − 567 <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
+ − 568 <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
+ − 569 <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
+ − 570 <tr><td colspan="2">
+ − 571 <input type="submit" name="submit" value="Save Changes" /></td></tr>
+ − 572 </table>
+ − 573 </form>
+ − 574 ';
+ − 575 }
+ − 576 $template->footer();
+ − 577 }
+ − 578 */
+ − 579
+ − 580 function page_Special_Contributions() {
+ − 581 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 582 $template->header();
+ − 583 $user = $paths->getParam();
+ − 584 if(!$user && isset($_GET['user']))
+ − 585 {
+ − 586 $user = $_GET['user'];
+ − 587 }
+ − 588 elseif(!$user && !isset($_GET['user']))
+ − 589 {
+ − 590 echo 'No user selected!';
+ − 591 $template->footer();
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 592 return;
0
+ − 593 }
+ − 594
+ − 595 $user = $db->escape($user);
+ − 596
+ − 597 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
+ − 598 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 599 echo 'History of edits and actions<h3>Edits:</h3>';
+ − 600 if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 601 while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 602 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 603 $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 604 echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary'];
0
+ − 605 if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 606 echo '<br />';
+ − 607 }
+ − 608 $db->free_result();
+ − 609 echo '<h3>Other changes:</h3>';
+ − 610 $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
+ − 611 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 612 if($db->numrows() < 1) echo 'No history entries in this category.';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 613 while($r = $db->fetchrow())
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 614 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 615 if ( $r['log_type'] == 'page' )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 616 {
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 617 $title = get_page_title($r['page_id'], $r['namespace']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 618 echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: ';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 619 if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 620 else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary'];
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 621 else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']);
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 622 else if ( $r['action'] == 'create' ) echo 'Created page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 623 else if ( $r['action'] == 'delete' ) echo 'Deleted page';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 624 if ( $r['minor_edit'] ) echo '<b> - minor edit</b>';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 625 echo '<br />';
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 626 }
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 627 else if($r['log_type']=='security')
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 628 {
0
+ − 629 // Not implemented, and when it is, it won't be public
+ − 630 }
+ − 631 }
+ − 632 $db->free_result();
+ − 633 $template->footer();
+ − 634 }
+ − 635
+ − 636 function page_Special_ChangeStyle()
+ − 637 {
+ − 638 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 639 if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
+ − 640 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 641 {
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 642 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 643 die('Hacking attempt');
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 644 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 645 die('Hacking attempt');
0
+ − 646 $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 647 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
+ − 648 if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
+ − 649 if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
+ − 650 $d = $db->escape($_POST['theme']);
+ − 651 $f = $db->escape($_POST['style']);
+ − 652 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
+ − 653 if(!$db->sql_query($q))
+ − 654 {
+ − 655 $db->_die('Your theme/style preferences were not updated.');
+ − 656 }
+ − 657 else
+ − 658 {
+ − 659 redirect(makeUrl($_POST['return_to']), '', '', 0);
+ − 660 }
+ − 661 }
+ − 662 else
+ − 663 {
+ − 664 $template->header();
+ − 665 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
+ − 666 if(!$ret) $ret = getConfig('main_page');
+ − 667 ?>
+ − 668 <form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 669 <?php if(!isset($_POST['themeselected'])) { ?>
+ − 670 <h3>Please select a new theme:</h3>
+ − 671 <p>
+ − 672 <select name="theme">
+ − 673 <?php
+ − 674 foreach($template->theme_list as $t) {
+ − 675 if($t['enabled'])
+ − 676 {
+ − 677 echo '<option value="'.$t['theme_id'].'"';
+ − 678 if($t['theme_id'] == $session->theme) echo ' selected="selected"';
+ − 679 echo '>'.$t['theme_name'].'</option>';
+ − 680 }
+ − 681 }
+ − 682 ?>
+ − 683 </select>
+ − 684 </p>
+ − 685 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 686 <input type="submit" name="themeselected" value="Continue" /></p>
+ − 687 <?php } else {
+ − 688 $theme = $_POST['theme'];
+ − 689 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 690 die('Hacking attempt');
+ − 691 ?>
+ − 692 <h3>Please select a stylesheet:</h3>
+ − 693 <p>
+ − 694 <select name="style">
+ − 695 <?php
+ − 696 $dir = './themes/'.$theme.'/css/';
+ − 697 $list = Array();
+ − 698 // Open a known directory, and proceed to read its contents
+ − 699 if (is_dir($dir)) {
+ − 700 if ($dh = opendir($dir)) {
+ − 701 while (($file = readdir($dh)) !== false) {
+ − 702 if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 703 $list[] = substr($file, 0, strlen($file)-4);
+ − 704 }
+ − 705 }
+ − 706 closedir($dh);
+ − 707 }
+ − 708 } else die($dir.' is not a dir');
+ − 709 foreach ( $list as $l )
+ − 710 {
+ − 711 echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 712 }
+ − 713 ?>
+ − 714 </select>
+ − 715 </p>
+ − 716 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 717 <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+ − 718 <input type="submit" name="allclear" value="Change style" /></p>
+ − 719 <?php } ?>
+ − 720 </form>
+ − 721 <?php
+ − 722 $template->footer();
+ − 723 }
+ − 724 }
+ − 725
+ − 726 function page_Special_ActivateAccount()
+ − 727 {
+ − 728 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 729 $user = $paths->getParam(0);
+ − 730 if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 731 $key = $paths->getParam(1);
+ − 732 if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 733 $s = $session->activate_account(str_replace('_', ' ', $user), $key);
+ − 734 if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
+ − 735 else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
+ − 736 }
+ − 737
+ − 738 function page_Special_Captcha()
+ − 739 {
+ − 740 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 741 if($paths->getParam(0) == 'make')
+ − 742 {
+ − 743 $session->kill_captcha();
+ − 744 echo $session->make_captcha();
+ − 745 return;
+ − 746 }
+ − 747 $hash = $paths->getParam(0);
+ − 748 if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
+ − 749 $code = $session->get_captcha($hash);
+ − 750 if(!$code) die('Invalid hash or IP address incorrect.');
+ − 751 require(ENANO_ROOT.'/includes/captcha.php');
+ − 752 $captcha = new captcha($code);
+ − 753 //header('Content-disposition: attachment; filename=autocaptcha.png');
+ − 754 $captcha->make_image();
+ − 755 exit;
+ − 756 }
+ − 757
+ − 758 function page_Special_PasswordReset()
+ − 759 {
+ − 760 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 761 $template->header();
+ − 762 if($paths->getParam(0) == 'stage2')
+ − 763 {
+ − 764 $user_id = intval($paths->getParam(1));
+ − 765 $encpass = $paths->getParam(2);
+ − 766 if ( $user_id < 2 )
+ − 767 {
+ − 768 echo '<p>Hacking attempt</p>';
+ − 769 $template->footer();
+ − 770 return false;
+ − 771 }
+ − 772 if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 773 {
+ − 774 echo '<p>Hacking attempt</p>';
+ − 775 $template->footer();
+ − 776 return false;
+ − 777 }
+ − 778
+ − 779 $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 780 if($db->numrows() < 1)
+ − 781 {
+ − 782 echo '<p>Invalid credentials</p>';
+ − 783 $template->footer();
+ − 784 return false;
+ − 785 }
+ − 786 $row = $db->fetchrow();
+ − 787 $db->free_result();
+ − 788
+ − 789 if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
+ − 790 {
+ − 791 echo '<p>Password has expired</p>';
+ − 792 $template->footer();
+ − 793 return false;
+ − 794 }
+ − 795
+ − 796 if ( isset($_POST['do_stage2']) )
+ − 797 {
+ − 798 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 799 if($_POST['use_crypt'] == 'yes')
+ − 800 {
+ − 801 $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 802 if(!$crypt_key)
+ − 803 {
+ − 804 echo 'ERROR: Couldn\'t look up public key for decryption.';
+ − 805 $template->footer();
+ − 806 return false;
+ − 807 }
+ − 808 $crypt_key = hexdecode($crypt_key);
+ − 809 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 810 if(strlen($data) < 6)
+ − 811 {
+ − 812 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 813 $template->footer();
+ − 814 return false;
+ − 815 }
+ − 816 }
+ − 817 else
+ − 818 {
+ − 819 $data = $_POST['pass'];
+ − 820 $conf = $_POST['pass_confirm'];
+ − 821 if($data != $conf)
+ − 822 {
+ − 823 echo 'ERROR: The passwords you entered do not match.';
+ − 824 $template->footer();
+ − 825 return false;
+ − 826 }
+ − 827 if(strlen($data) < 6)
+ − 828 {
+ − 829 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 830 $template->footer();
+ − 831 return false;
+ − 832 }
+ − 833 }
+ − 834 if(empty($data))
+ − 835 {
+ − 836 echo 'ERROR: Sanity check failed!';
+ − 837 $template->footer();
+ − 838 return false;
+ − 839 }
+ − 840 $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
+ − 841 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 842
+ − 843 if($q)
+ − 844 {
+ − 845 $session->login_without_crypto($row['username'], $data);
+ − 846 echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
+ − 847 }
+ − 848 else
+ − 849 {
+ − 850 echo $db->get_error();
+ − 851 }
+ − 852
+ − 853 $template->footer();
+ − 854 return false;
+ − 855 }
+ − 856
+ − 857 // Password reset form
+ − 858 $pubkey = $session->rijndael_genkey();
+ − 859
+ − 860 ?>
+ − 861 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 862 <br />
+ − 863 <div class="tblholder">
+ − 864 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 865 <tr><th colspan="2">Reset password</th></tr>
+ − 866 <tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
+ − 867 <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
+ − 868 <tr>
+ − 869 <td colspan="2" class="row1" style="text-align: center;">
+ − 870 <input type="hidden" name="use_crypt" value="no" />
+ − 871 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 872 <input type="hidden" name="crypt_data" value="" />
+ − 873 <input type="submit" name="do_stage2" value="Reset password" />
+ − 874 </td>
+ − 875 </tr>
+ − 876 </table>
+ − 877 </div>
+ − 878 </form>
+ − 879 <script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 880 if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 881 {
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 882 disableJSONExts();
0
+ − 883 str = '';
+ − 884 for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 885 var key = hexToByteArray(str);
+ − 886 var pt = hexToByteArray(str);
+ − 887 var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 888 var ct = byteArrayToHex(ct);
+ − 889 switch(keySizeInBits)
+ − 890 {
+ − 891 case 128:
+ − 892 v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 893 break;
+ − 894 case 192:
+ − 895 v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 896 break;
+ − 897 case 256:
+ − 898 v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 899 break;
+ − 900 }
+ − 901 var testpassed = ( ct == v && md5_vm_test() );
+ − 902 var frm = document.forms.resetform;
+ − 903 if(testpassed)
+ − 904 {
+ − 905 frm.use_crypt.value = 'yes';
+ − 906 var cryptkey = frm.crypt_key.value;
+ − 907 frm.crypt_key.value = hex_md5(cryptkey);
+ − 908 cryptkey = hexToByteArray(cryptkey);
+ − 909 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 910 {
+ − 911 frm._login.disabled = true;
+ − 912 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 913 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 914 }
+ − 915 }
+ − 916 function runEncryption()
+ − 917 {
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 918 var frm = document.forms.resetform;
0
+ − 919 pass1 = frm.pass.value;
+ − 920 pass2 = frm.pass_confirm.value;
+ − 921 if ( pass1 != pass2 )
+ − 922 {
+ − 923 alert('The passwords you entered do not match.');
+ − 924 return false;
+ − 925 }
+ − 926 if ( pass1.length < 6 )
+ − 927 {
+ − 928 alert('The new password must be 6 characters or greater in length.');
+ − 929 return false;
+ − 930 }
+ − 931 if(testpassed)
+ − 932 {
+ − 933 pass = frm.pass.value;
+ − 934 pass = stringToByteArray(pass);
+ − 935 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 936 if(!cryptstring)
+ − 937 {
+ − 938 return false;
+ − 939 }
+ − 940 cryptstring = byteArrayToHex(cryptstring);
+ − 941 frm.crypt_data.value = cryptstring;
+ − 942 frm.pass.value = "";
+ − 943 frm.pass_confirm.value = "";
+ − 944 }
+ − 945 return true;
+ − 946 }
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 947 }
0
+ − 948 </script>
+ − 949 <?php
+ − 950 $template->footer();
+ − 951 return true;
+ − 952 }
+ − 953 if(isset($_POST['do_reset']))
+ − 954 {
+ − 955 if($session->mail_password_reset($_POST['username']))
+ − 956 {
+ − 957 echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
+ − 958 }
+ − 959 else
+ − 960 {
+ − 961 echo '<p>Error occured, your new password was not sent.</p>';
+ − 962 }
+ − 963 $template->footer();
+ − 964 return true;
+ − 965 }
+ − 966 echo '<p>Don\'t worry, it happens to the best of us.</p>
+ − 967 <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
+ − 968 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 969 <p>Username: '.$template->username_field('username').'</p>
+ − 970 <p><input type="submit" name="do_reset" value="Mail new password" /></p>
+ − 971 </form>';
+ − 972 $template->footer();
+ − 973 }
+ − 974
+ − 975 ?>