436
+ − 1 /*
+ − 2 * AJAX-based intelligent login interface
+ − 3 */
+ − 4
+ − 5 /*
+ − 6 * FRONTEND
+ − 7 */
+ − 8
+ − 9 /**
+ − 10 * Performs a logon as a regular member.
+ − 11 */
+ − 12
582
+ − 13 window.ajaxLogonToMember = function()
436
+ − 14 {
+ − 15 // IE <6 pseudo-compatibility
+ − 16 if ( KILL_SWITCH )
+ − 17 return true;
+ − 18 if ( auth_level >= USER_LEVEL_MEMBER )
+ − 19 return true;
+ − 20 ajaxLoginInit(function(k)
+ − 21 {
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 22 if ( on_main_page && main_page_members != physical_title )
741
+ − 23 {
+ − 24 window.location = makeUrl(main_page_members);
+ − 25 }
+ − 26 else
+ − 27 {
+ − 28 window.location.reload();
+ − 29 }
436
+ − 30 }, USER_LEVEL_MEMBER);
+ − 31 }
+ − 32
+ − 33 /**
+ − 34 * Authenticates to the highest level the current user is allowed to go to.
+ − 35 */
+ − 36
582
+ − 37 window.ajaxLogonToElev = function()
436
+ − 38 {
+ − 39 if ( auth_level == user_level )
+ − 40 return true;
+ − 41
+ − 42 ajaxLoginInit(function(k)
+ − 43 {
+ − 44 ENANO_SID = k;
+ − 45 var url = String(' ' + window.location).substr(1);
+ − 46 url = append_sid(url);
+ − 47 window.location = url;
+ − 48 }, user_level);
+ − 49 }
+ − 50
+ − 51 /*
+ − 52 * BACKEND
+ − 53 */
+ − 54
+ − 55 /**
+ − 56 * Holding object for various AJAX authentication information.
+ − 57 * @var object
+ − 58 */
+ − 59
+ − 60 var logindata = {};
+ − 61
+ − 62 /**
+ − 63 * Path to the image used to indicate loading progress
+ − 64 * @var string
+ − 65 */
+ − 66
+ − 67 if ( !ajax_login_loadimg_path )
+ − 68 var ajax_login_loadimg_path = false;
+ − 69
+ − 70 if ( !ajax_login_successimg_path )
+ − 71 var ajax_login_successimg_path = false;
+ − 72
887
+ − 73 if ( !ajax_login_lockimg_path )
+ − 74 var ajax_login_lockimg_path = false;
+ − 75
436
+ − 76 /**
+ − 77 * Status variables
+ − 78 * @var int
+ − 79 */
+ − 80
+ − 81 var AJAX_STATUS_LOADING_KEY = 1;
+ − 82 var AJAX_STATUS_GENERATING_KEY = 2;
+ − 83 var AJAX_STATUS_LOGGING_IN = 3;
+ − 84 var AJAX_STATUS_SUCCESS = 4;
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 85 var AJAX_STATUS_ERROR = 5;
436
+ − 86 var AJAX_STATUS_DESTROY = 65535;
+ − 87
+ − 88 /**
+ − 89 * State constants
+ − 90 * @var int
+ − 91 */
+ − 92
+ − 93 var AJAX_STATE_EARLY_INIT = 1;
+ − 94 var AJAX_STATE_LOADING_KEY = 2;
+ − 95
+ − 96 /**
887
+ − 97 * Switch to decide if DiffieHellman shows a "browser incompatible" error
+ − 98 * @var bool
+ − 99 */
+ − 100
+ − 101 var ajax_login_prevent_dh = IE || is_iPhone;
+ − 102
+ − 103 /**
436
+ − 104 * Performs the AJAX request to get an encryption key and from there spawns the login form.
+ − 105 * @param function The function that will be called once authentication completes successfully.
+ − 106 * @param int The security level to authenticate at - see http://docs.enanocms.org/Help:Appendix_B
+ − 107 */
+ − 108
582
+ − 109 window.ajaxLoginInit = function(call_on_finish, user_level)
436
+ − 110 {
780
f65e35566b63
A few fixes to the most recently added feature: more efficiency tweaks, tweaked l10n to have beetter fetch-on-demand support to ensure that stubs are never returned
Dan
diff
changeset
+ − 111 load_component(['messagebox', 'flyin', 'fadefilter', 'jquery', 'jquery-ui', 'l10n', 'crypto']);
582
+ − 112
436
+ − 113 logindata = {};
+ − 114
+ − 115 var title = ( user_level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 116 logindata.mb_object = new MessageBox(MB_OKCANCEL | MB_ICONLOCK, title, '');
436
+ − 117
+ − 118 logindata.mb_object.onclick['Cancel'] = function()
+ − 119 {
+ − 120 // Hide the error message and captcha
+ − 121 if ( document.getElementById('ajax_login_error_box') )
+ − 122 {
+ − 123 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 124 }
+ − 125 if ( document.getElementById('autoCaptcha') )
+ − 126 {
+ − 127 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 128 setTimeout(function() {
+ − 129 var d = document.getElementById('autoCaptcha');
+ − 130 d.parentNode.removeChild(d);
+ − 131 }, to);
+ − 132 }
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 133 // Ask the server to clean our key
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 134 ajaxLoginPerformRequest({
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 135 mode: 'clean_key',
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 136 key_aes: logindata.key_aes,
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 137 key_dh: logindata.key_dh
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 138 });
436
+ − 139 };
+ − 140
+ − 141 logindata.mb_object.onbeforeclick['OK'] = function()
+ − 142 {
+ − 143 ajaxLoginSubmitForm();
+ − 144 return true;
+ − 145 }
+ − 146
+ − 147 // Fetch the inner content area
+ − 148 logindata.mb_inner = document.getElementById('messageBox').getElementsByTagName('div')[0];
+ − 149
+ − 150 // Initialize state
+ − 151 logindata.showing_status = false;
+ − 152 logindata.user_level = user_level;
+ − 153 logindata.successfunc = call_on_finish;
+ − 154
+ − 155 // Build the "loading" window
+ − 156 ajaxLoginSetStatus(AJAX_STATUS_LOADING_KEY);
+ − 157
+ − 158 // Request the key
+ − 159 ajaxLoginPerformRequest({ mode: 'getkey' });
+ − 160 }
+ − 161
+ − 162 /**
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 163 * For compatibility only.
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 164 */
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 165
582
+ − 166 window.ajaxLogonInit = function(call_on_finish, user_level)
532
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 167 {
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 168 return ajaxLoginInit(call_on_finish, user_level);
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 169 }
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 170
03429d7b1537
Finally fixed link coloring settings in Oxygen Bleu; added compatibility wrapper for people that "ajaxLogonInit" over "ajaxLoginInit"
Dan
diff
changeset
+ − 171 /**
436
+ − 172 * Sets the contents of the AJAX login window to the appropriate status message.
+ − 173 * @param int One of AJAX_STATUS_*
+ − 174 */
+ − 175
582
+ − 176 window.ajaxLoginSetStatus = function(status)
436
+ − 177 {
+ − 178 if ( !logindata.mb_inner )
+ − 179 return false;
+ − 180 if ( logindata.showing_status )
+ − 181 {
+ − 182 var div = document.getElementById('ajax_login_status');
+ − 183 if ( div )
+ − 184 logindata.mb_inner.removeChild(div);
+ − 185 }
+ − 186 switch(status)
+ − 187 {
+ − 188 case AJAX_STATUS_LOADING_KEY:
+ − 189
+ − 190 // Create the status div
+ − 191 var div = document.createElement('div');
+ − 192 div.id = 'ajax_login_status';
+ − 193 div.style.marginTop = '10px';
+ − 194 div.style.textAlign = 'center';
+ − 195
+ − 196 // The circly ball ajaxy image + status message
+ − 197 var status_msg = $lang.get('user_login_ajax_fetching_key');
+ − 198
+ − 199 // Insert the status message
+ − 200 div.appendChild(document.createTextNode(status_msg));
+ − 201
+ − 202 // Append a br or two to space things properly
+ − 203 div.appendChild(document.createElement('br'));
+ − 204 div.appendChild(document.createElement('br'));
+ − 205
+ − 206 var img = document.createElement('img');
+ − 207 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 208 div.appendChild(img);
+ − 209
+ − 210 // Another coupla brs
+ − 211 div.appendChild(document.createElement('br'));
+ − 212 div.appendChild(document.createElement('br'));
+ − 213
+ − 214 // The link to the full login form
+ − 215 var small = document.createElement('small');
+ − 216 small.innerHTML = $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 217 div.appendChild(small);
+ − 218
+ − 219 // Insert the entire message into the login window
+ − 220 logindata.mb_inner.innerHTML = '';
+ − 221 logindata.mb_inner.appendChild(div);
+ − 222
+ − 223 break;
+ − 224 case AJAX_STATUS_GENERATING_KEY:
+ − 225
+ − 226 // Create the status div
+ − 227 var div = document.createElement('div');
+ − 228 div.id = 'ajax_login_status';
+ − 229 div.style.marginTop = '10px';
+ − 230 div.style.textAlign = 'center';
+ − 231
+ − 232 // The circly ball ajaxy image + status message
+ − 233 var status_msg = $lang.get('user_login_ajax_generating_key');
+ − 234
+ − 235 // Insert the status message
+ − 236 div.appendChild(document.createTextNode(status_msg));
+ − 237
+ − 238 // Append a br or two to space things properly
+ − 239 div.appendChild(document.createElement('br'));
+ − 240 div.appendChild(document.createElement('br'));
+ − 241
+ − 242 var img = document.createElement('img');
887
+ − 243 img.src = ( ajax_login_lockimg_path ) ? ajax_login_lockimg_path : scriptPath + '/images/lock48.png';
436
+ − 244 div.appendChild(img);
+ − 245
+ − 246 // Another coupla brs
+ − 247 div.appendChild(document.createElement('br'));
+ − 248 div.appendChild(document.createElement('br'));
+ − 249
+ − 250 // The link to the full login form
+ − 251 var small = document.createElement('small');
+ − 252 small.innerHTML = $lang.get('user_login_ajax_link_fullform_dh', { link_full_form: makeUrlNS('Special', 'Login/' + title) });
+ − 253 div.appendChild(small);
+ − 254
+ − 255 // Insert the entire message into the login window
+ − 256 logindata.mb_inner.innerHTML = '';
+ − 257 logindata.mb_inner.appendChild(div);
+ − 258
+ − 259 break;
+ − 260 case AJAX_STATUS_LOGGING_IN:
+ − 261
+ − 262 // Create the status div
+ − 263 var div = document.createElement('div');
+ − 264 div.id = 'ajax_login_status';
+ − 265 div.style.marginTop = '10px';
+ − 266 div.style.textAlign = 'center';
+ − 267
+ − 268 // The circly ball ajaxy image + status message
+ − 269 var status_msg = $lang.get('user_login_ajax_loggingin');
+ − 270
+ − 271 // Insert the status message
+ − 272 div.appendChild(document.createTextNode(status_msg));
+ − 273
+ − 274 // Append a br or two to space things properly
+ − 275 div.appendChild(document.createElement('br'));
+ − 276 div.appendChild(document.createElement('br'));
+ − 277
+ − 278 var img = document.createElement('img');
+ − 279 img.src = ( ajax_login_loadimg_path ) ? ajax_login_loadimg_path : scriptPath + '/images/loading-big.gif';
+ − 280 div.appendChild(img);
+ − 281
+ − 282 // Insert the entire message into the login window
+ − 283 logindata.mb_inner.innerHTML = '';
+ − 284 logindata.mb_inner.appendChild(div);
+ − 285
+ − 286 break;
+ − 287 case AJAX_STATUS_SUCCESS:
+ − 288
+ − 289 // Create the status div
+ − 290 var div = document.createElement('div');
+ − 291 div.id = 'ajax_login_status';
+ − 292 div.style.marginTop = '10px';
+ − 293 div.style.textAlign = 'center';
+ − 294
+ − 295 // The circly ball ajaxy image + status message
+ − 296 var status_msg = $lang.get('user_login_success_short');
+ − 297
+ − 298 // Insert the status message
+ − 299 div.appendChild(document.createTextNode(status_msg));
+ − 300
+ − 301 // Append a br or two to space things properly
+ − 302 div.appendChild(document.createElement('br'));
+ − 303 div.appendChild(document.createElement('br'));
+ − 304
+ − 305 var img = document.createElement('img');
+ − 306 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 307 div.appendChild(img);
+ − 308
+ − 309 // Insert the entire message into the login window
+ − 310 logindata.mb_inner.innerHTML = '';
+ − 311 logindata.mb_inner.appendChild(div);
+ − 312
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 313 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 314
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 315 case AJAX_STATUS_ERROR:
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 316 // Create the status div
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 317 var div = document.createElement('div');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 318 div.id = 'ajax_login_status';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 319 div.style.marginTop = '10px';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 320 div.style.textAlign = 'center';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 321
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 322 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 323 var status_msg = $lang.get('user_login_ajax_err_crypto');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 324
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 325 // Insert the status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 326 div.appendChild(document.createTextNode(status_msg));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 327
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 328 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 329 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 330 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 331
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 332 var img = document.createElement('img');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 333 img.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/checkbad.png';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 334 div.appendChild(img);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 335
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 336 // Append a br or two to space things properly
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 337 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 338 div.appendChild(document.createElement('br'));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 339
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 340 // The circly ball ajaxy image + status message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 341 var detail_msg = $lang.get('user_login_ajax_err_crypto_details');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 342 var full_link = $lang.get('user_login_ajax_err_crypto_link');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 343 var link = document.createElement('a');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 344 link.href = makeUrlNS('Special', 'Login/' + title);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 345 link.appendChild(document.createTextNode(full_link));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 346 var span = document.createElement('span');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 347 span.style.fontSize = 'smaller';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 348
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 349 // Insert the message
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 350 span.appendChild(document.createTextNode(detail_msg + ' '));
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 351 span.appendChild(link);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 352 div.appendChild(span);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 353
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 354 // Insert the entire message into the login window
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 355 logindata.mb_inner.innerHTML = '';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 356 logindata.mb_inner.appendChild(div);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 357
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 358 break;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 359
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 360 default:
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 361 eval(setHook('login_set_status'));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 362 break;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 363
436
+ − 364 case AJAX_STATUS_DESTROY:
+ − 365 case null:
+ − 366 case undefined:
+ − 367 logindata.showing_status = false;
+ − 368 return null;
+ − 369 break;
+ − 370 }
+ − 371 logindata.showing_status = true;
+ − 372 }
+ − 373
+ − 374 /**
+ − 375 * Performs an AJAX logon request to the server and calls ajaxLoginProcessResponse() on the result.
+ − 376 * @param object JSON packet to send
+ − 377 */
+ − 378
1001
+ − 379 window.ajaxLoginPerformRequest = function(json, _hookfunc)
436
+ − 380 {
+ − 381 json = toJSONString(json);
+ − 382 json = ajaxEscape(json);
1001
+ − 383 var hookfunc = typeof(_hookfunc) == 'function' ? _hookfunc : false;
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 384 ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function(ajax)
436
+ − 385 {
+ − 386 if ( ajax.readyState == 4 && ajax.status == 200 )
+ − 387 {
+ − 388 // parse response
+ − 389 var response = String(ajax.responseText + '');
651
ce9d78d7251d
Improved JSON validation and error interface when validation fails; made rank manager support custom CSS
Dan
diff
changeset
+ − 390 if ( !check_json_response(response) )
436
+ − 391 {
+ − 392 handle_invalid_json(response);
+ − 393 return false;
+ − 394 }
+ − 395 response = parseJSON(response);
1001
+ − 396 ajaxLoginProcessResponse(response, hookfunc);
436
+ − 397 }
+ − 398 }, true);
+ − 399 }
+ − 400
+ − 401 /**
+ − 402 * Processes a response from the login server
+ − 403 * @param object JSON response
+ − 404 */
+ − 405
1001
+ − 406 window.ajaxLoginProcessResponse = function(response, hookfunc)
436
+ − 407 {
+ − 408 // Did the server send a plaintext error?
+ − 409 if ( response.mode == 'error' )
+ − 410 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 411 if ( logindata.mb_object )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 412 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 413 logindata.mb_object.destroy();
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 414 var error_msg = $lang.get('user_' + ( response.error.toLowerCase() ));
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 415 new MessageBox(MB_ICONSTOP | MB_OK, $lang.get('user_err_login_generic_title'), error_msg);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 416 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 417 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 418 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 419 alert(response.error);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 420 }
436
+ − 421 return false;
+ − 422 }
+ − 423 // Main mode switch
+ − 424 switch ( response.mode )
+ − 425 {
+ − 426 case 'build_box':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 427 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 428 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 429 // The server wants us to build the login form, all the information is there
+ − 430 ajaxLoginBuildForm(response);
+ − 431 break;
+ − 432 case 'login_success':
+ − 433 ajaxLoginSetStatus(AJAX_STATUS_SUCCESS);
1001
+ − 434 logindata.successfunc(response.key, response);
436
+ − 435 break;
+ − 436 case 'login_failure':
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 437 // Rid ourselves of any loading windows
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 438 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
436
+ − 439 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ − 440 var mb_parent = document.getElementById('messageBox').parentNode;
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 441 var do_respawn = ( typeof(response.respawn) == 'boolean' && response.respawn == true ) || typeof(response.respawn) != 'boolean';
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 442 if ( do_respawn )
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 443 {
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 444 $(mb_parent).effect("shake", {}, 200);
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 445 setTimeout(function()
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 446 {
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 447 document.getElementById('messageBox').style.backgroundColor = '#FFF';
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 448
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 449 ajaxLoginBuildForm(response.respawn_info);
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 450 ajaxLoginShowFriendlyError(response);
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 451 }, 2500);
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 452 }
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 453 else
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 454 {
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 455 ajaxLoginShowFriendlyError(response);
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 456 }
436
+ − 457 break;
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 458 case 'login_success_reset':
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 459 var conf = confirm($lang.get('user_login_ajax_msg_used_temp_pass'));
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 460 if ( conf )
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 461 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 462 var url = makeUrlNS('Special', 'PasswordReset/stage2/' + response.user_id + '/' + response.temp_password);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 463 window.location = url;
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 464 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 465 else
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 466 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 467 // treat as a failure
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 468 ajaxLoginSetStatus(AJAX_STATUS_DESTROY);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 469 document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 470 var mb_parent = document.getElementById('messageBox').parentNode;
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 471 $(mb_parent).effect("shake", {}, 1500);
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 472 setTimeout(function()
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 473 {
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 474 document.getElementById('messageBox').style.backgroundColor = '#FFF';
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 475 ajaxLoginBuildForm(response.respawn_info);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 476 // don't show an error here, just silently respawn
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 477 }, 2500);
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 478 }
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 479 break;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 480 case 'logout_success':
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 481 if ( ENANO_SID )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 482 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 483 ajaxLoginReplaceSIDInline(false, ENANO_SID, USER_LEVEL_MEMBER);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 484 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 485 break;
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 486 case 'noop':
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
diff
changeset
+ − 487 break;
436
+ − 488 }
1001
+ − 489 if ( hookfunc )
+ − 490 {
+ − 491 hookfunc(response);
+ − 492 }
436
+ − 493 }
+ − 494
+ − 495 /*
+ − 496 * RESPONSE HANDLERS
+ − 497 */
+ − 498
+ − 499 /**
+ − 500 * Builds the login form.
+ − 501 * @param object Metadata to build off of
+ − 502 */
+ − 503
582
+ − 504 window.ajaxLoginBuildForm = function(data)
436
+ − 505 {
+ − 506 // let's hope this effectively preloads the image...
887
+ − 507 var _1 = document.createElement('img');
+ − 508 _1.src = ( ajax_login_successimg_path ) ? ajax_login_successimg_path : scriptPath + '/images/check.png';
+ − 509 var _2 = document.createElement('img');
+ − 510 _2.src = ( ajax_login_lockimg_path ) ? ajax_login_lockimg_path : scriptPath + '/images/lock48.png';
436
+ − 511
+ − 512 var div = document.createElement('div');
+ − 513 div.id = 'ajax_login_form';
+ − 514
+ − 515 var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ − 516
+ − 517 // text displayed on re-auth
+ − 518 if ( logindata.user_level > USER_LEVEL_MEMBER )
+ − 519 {
+ − 520 div.innerHTML += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
+ − 521 }
+ − 522
+ − 523 // Create the form
+ − 524 var form = document.createElement('form');
+ − 525 form.action = 'javascript:void(ajaxLoginSubmitForm());';
+ − 526 form.onsubmit = function()
+ − 527 {
+ − 528 ajaxLoginSubmitForm();
+ − 529 return false;
+ − 530 }
460
+ − 531 if ( IE )
+ − 532 {
+ − 533 form.style.marginTop = '-20px';
+ − 534 }
436
+ − 535
+ − 536 // Using tables to wrap form elements because it results in a
+ − 537 // more visually appealing form. Yes, tables suck. I don't really
+ − 538 // care - they make forms look good.
+ − 539
+ − 540 var table = document.createElement('table');
+ − 541 table.style.margin = '0 auto';
+ − 542
+ − 543 // Field - username
+ − 544 var tr1 = document.createElement('tr');
+ − 545 var td1_1 = document.createElement('td');
+ − 546 td1_1.appendChild(document.createTextNode($lang.get('user_login_field_username') + ':'));
+ − 547 tr1.appendChild(td1_1);
+ − 548 var td1_2 = document.createElement('td');
+ − 549 var f_username = document.createElement('input');
+ − 550 f_username.id = 'ajax_login_field_username';
+ − 551 f_username.name = 'ajax_login_field_username';
+ − 552 f_username.type = 'text';
+ − 553 f_username.size = '25';
+ − 554 if ( data.username )
+ − 555 f_username.value = data.username;
+ − 556 td1_2.appendChild(f_username);
+ − 557 tr1.appendChild(td1_2);
+ − 558 table.appendChild(tr1);
+ − 559
+ − 560 // Field - password
+ − 561 var tr2 = document.createElement('tr');
+ − 562 var td2_1 = document.createElement('td');
+ − 563 td2_1.appendChild(document.createTextNode($lang.get('user_login_field_password') + ':'));
+ − 564 tr2.appendChild(td2_1);
+ − 565 var td2_2 = document.createElement('td');
+ − 566 var f_password = document.createElement('input');
+ − 567 f_password.id = 'ajax_login_field_password';
+ − 568 f_password.name = 'ajax_login_field_username';
+ − 569 f_password.type = 'password';
+ − 570 f_password.size = '25';
+ − 571 if ( !show_captcha )
+ − 572 {
+ − 573 f_password.onkeyup = function(e)
+ − 574 {
461
+ − 575 if ( !e )
436
+ − 576 e = window.event;
461
+ − 577 if ( !e && IE )
436
+ − 578 return true;
+ − 579 if ( e.keyCode == 13 )
+ − 580 {
+ − 581 ajaxLoginSubmitForm();
+ − 582 }
+ − 583 }
+ − 584 }
+ − 585 td2_2.appendChild(f_password);
+ − 586 tr2.appendChild(td2_2);
+ − 587 table.appendChild(tr2);
+ − 588
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 589 eval(setHook('login_build_form'));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 590
436
+ − 591 // Field - captcha
+ − 592 if ( show_captcha )
+ − 593 {
+ − 594 var tr3 = document.createElement('tr');
+ − 595 var td3_1 = document.createElement('td');
+ − 596 td3_1.appendChild(document.createTextNode($lang.get('user_login_field_captcha') + ':'));
+ − 597 tr3.appendChild(td3_1);
+ − 598 var td3_2 = document.createElement('td');
+ − 599 var f_captcha = document.createElement('input');
+ − 600 f_captcha.id = 'ajax_login_field_captcha';
+ − 601 f_captcha.name = 'ajax_login_field_username';
+ − 602 f_captcha.type = 'text';
+ − 603 f_captcha.size = '25';
+ − 604 f_captcha.onkeyup = function(e)
+ − 605 {
+ − 606 if ( !e )
+ − 607 e = window.event;
+ − 608 if ( !e.keyCode )
+ − 609 return true;
+ − 610 if ( e.keyCode == 13 )
+ − 611 {
+ − 612 ajaxLoginSubmitForm();
+ − 613 }
+ − 614 }
+ − 615 td3_2.appendChild(f_captcha);
+ − 616 tr3.appendChild(td3_2);
+ − 617 table.appendChild(tr3);
+ − 618 }
+ − 619
+ − 620 // Done building the main part of the form
+ − 621 form.appendChild(table);
+ − 622
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 623 // Field: remember login
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 624 if ( logindata.user_level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 625 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 626 var lbl_remember = document.createElement('label');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 627 lbl_remember.style.fontSize = 'smaller';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 628 lbl_remember.style.display = 'block';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 629 lbl_remember.style.textAlign = 'center';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 630
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 631 // figure out what text to put in the "remember me" checkbox
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 632 // infinite session length?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 633 if ( data.extended_time == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 634 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 635 // yes, infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 636 var txt_remember = $lang.get('user_login_ajax_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 637 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 638 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 639 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 640 if ( data.extended_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 641 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 642 // number of days is a multiple of 7
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 643 // use weeks as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 644 var sess_time = data.extended_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 645 var unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 646 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 647 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 648 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 649 // use days as our unit
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 650 var sess_time = data.extended_time;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 651 var unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 652 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 653 // more than one week or day?
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 654 if ( sess_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 655 unit += 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 656
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 657 // assemble the string
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 658 var txt_remember = $lang.get('user_login_ajax_check_remember', {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 659 session_length: sess_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 660 length_units: $lang.get('etc_unit_' + unit)
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 661 });
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 662 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 663 var check_remember = document.createElement('input');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 664 check_remember.type = 'checkbox';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 665 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 666 check_remember.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("login_remember", ck, 3650);');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 667 if ( readCookie('login_remember') != 'disable' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 668 check_remember.setAttribute('checked', 'checked');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 669 check_remember.id = 'ajax_login_field_remember';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 670 lbl_remember.appendChild(check_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 671 lbl_remember.innerHTML += ' ' + txt_remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 672
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 673 form.appendChild(lbl_remember);
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 674 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 675
436
+ − 676 // Field: enable Diffie Hellman
887
+ − 677 if ( ajax_login_prevent_dh )
460
+ − 678 {
+ − 679 var lbl_dh = document.createElement('span');
+ − 680 lbl_dh.style.fontSize = 'smaller';
+ − 681 lbl_dh.style.display = 'block';
+ − 682 lbl_dh.style.textAlign = 'center';
+ − 683 lbl_dh.innerHTML = $lang.get('user_login_ajax_check_dh_ie');
+ − 684 form.appendChild(lbl_dh);
+ − 685 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 686 else if ( !data.allow_diffiehellman )
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 687 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 688 // create hidden control - server requested that DiffieHellman be disabled (usually means not supported)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 689 var check_dh = document.createElement('input');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 690 check_dh.type = 'hidden';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 691 check_dh.id = 'ajax_login_field_dh';
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 692 form.appendChild(check_dh);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 693 }
460
+ − 694 else
+ − 695 {
+ − 696 var lbl_dh = document.createElement('label');
+ − 697 lbl_dh.style.fontSize = 'smaller';
+ − 698 lbl_dh.style.display = 'block';
+ − 699 lbl_dh.style.textAlign = 'center';
+ − 700 var check_dh = document.createElement('input');
+ − 701 check_dh.type = 'checkbox';
+ − 702 // this onclick attribute changes the cookie whenever the checkbox or label is clicked
+ − 703 check_dh.setAttribute('onclick', 'var ck = ( this.checked ) ? "enable" : "disable"; createCookie("diffiehellman_login", ck, 3650);');
+ − 704 if ( readCookie('diffiehellman_login') != 'disable' )
+ − 705 check_dh.setAttribute('checked', 'checked');
+ − 706 check_dh.id = 'ajax_login_field_dh';
+ − 707 lbl_dh.appendChild(check_dh);
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 708 lbl_dh.innerHTML += ' ' + $lang.get('user_login_ajax_check_dh');
460
+ − 709 form.appendChild(lbl_dh);
+ − 710 }
436
+ − 711
460
+ − 712 if ( IE )
+ − 713 {
+ − 714 div.innerHTML += form.outerHTML;
+ − 715 }
+ − 716 else
+ − 717 {
+ − 718 div.appendChild(form);
+ − 719 }
436
+ − 720
+ − 721 // Diagnostic / help links
+ − 722 // (only displayed in login, not in re-auth)
+ − 723 if ( logindata.user_level == USER_LEVEL_MEMBER )
+ − 724 {
+ − 725 form.style.marginBottom = '10px';
+ − 726 var links = document.createElement('small');
+ − 727 links.style.display = 'block';
+ − 728 links.style.textAlign = 'center';
+ − 729 links.innerHTML = '';
+ − 730 if ( !show_captcha )
+ − 731 links.innerHTML += $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '<br />';
+ − 732 // Always shown
+ − 733 links.innerHTML += $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br />';
+ − 734 if ( !show_captcha )
+ − 735 links.innerHTML += $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
+ − 736 div.appendChild(links);
+ − 737 }
+ − 738
+ − 739 // Insert the entire form into the login window
+ − 740 logindata.mb_inner.innerHTML = '';
+ − 741 logindata.mb_inner.appendChild(div);
+ − 742
+ − 743 // Post operations: field focus
816
+ − 744 setTimeout(
+ − 745 function()
+ − 746 {
+ − 747 if ( logindata.loggedin_username )
+ − 748 document.getElementById('ajax_login_field_password').focus();
+ − 749 else
+ − 750 document.getElementById('ajax_login_field_username').focus();
+ − 751 }, 750);
436
+ − 752
+ − 753 // Post operations: show captcha window
+ − 754 if ( show_captcha )
+ − 755 ajaxShowCaptcha(show_captcha);
+ − 756
+ − 757 // Post operations: stash encryption keys and All That Jazz(TM)
+ − 758 logindata.key_aes = data.aes_key;
+ − 759 logindata.key_dh = data.dh_public_key;
+ − 760 logindata.captcha_hash = show_captcha;
460
+ − 761 logindata.loggedin_username = data.username
436
+ − 762
+ − 763 // Are we locked out? If so simulate an error and disable the controls
+ − 764 if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ − 765 {
+ − 766 f_username.setAttribute('disabled', 'disabled');
+ − 767 f_password.setAttribute('disabled', 'disabled');
+ − 768 var fake_packet = {
+ − 769 error_code: 'locked_out',
+ − 770 respawn_info: data
+ − 771 };
+ − 772 ajaxLoginShowFriendlyError(fake_packet);
+ − 773 }
+ − 774 }
+ − 775
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 776 window.ajaxLoginSubmitForm = function(real, username, password, captcha, remember)
436
+ − 777 {
+ − 778 // Perform AES test to make sure it's all working
+ − 779 if ( !aes_self_test() )
+ − 780 {
+ − 781 alert('BUG: AES self-test failed');
+ − 782 login_cache.mb_object.destroy();
+ − 783 return false;
+ − 784 }
+ − 785 // Hide the error message and captcha
+ − 786 if ( document.getElementById('ajax_login_error_box') )
+ − 787 {
+ − 788 document.getElementById('ajax_login_error_box').parentNode.removeChild(document.getElementById('ajax_login_error_box'));
+ − 789 }
+ − 790 if ( document.getElementById('autoCaptcha') )
+ − 791 {
+ − 792 var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ − 793 setTimeout(function() {
+ − 794 var d = document.getElementById('autoCaptcha');
+ − 795 d.parentNode.removeChild(d);
+ − 796 }, to);
+ − 797 }
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 798 // "Remember session" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 799 if ( typeof(remember) == 'boolean' )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 800 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 801 var remember_session = remember;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 802 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 803 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 804 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 805 if ( document.getElementById('ajax_login_field_remember') )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 806 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 807 var remember_session = ( document.getElementById('ajax_login_field_remember').checked ) ? true : false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 808 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 809 else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 810 {
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 811 var remember_session = false;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 812 }
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 813 }
436
+ − 814 // Encryption: preprocessor
+ − 815 if ( real )
+ − 816 {
+ − 817 var do_dh = true;
+ − 818 }
+ − 819 else if ( document.getElementById('ajax_login_field_dh') )
+ − 820 {
+ − 821 var do_dh = document.getElementById('ajax_login_field_dh').checked;
+ − 822 }
+ − 823 else
+ − 824 {
887
+ − 825 if ( ajax_login_prevent_dh )
460
+ − 826 {
509
175df10e0b56
Added a copy of Firebug Lite for debugging purposes. License is uncertain but being treated as MPL. (If is is not MPL then it is under something more permissive that permits relicensing anyway)
Dan
diff
changeset
+ − 827 // IE/MobileSafari doesn't have this control, continue silently IF the rest
460
+ − 828 // of the login form is there
+ − 829 if ( !document.getElementById('ajax_login_field_username') )
+ − 830 {
+ − 831 return false;
+ − 832 }
+ − 833 }
+ − 834 else
+ − 835 {
+ − 836 // The user probably clicked ok when the form wasn't in there.
+ − 837 return false;
+ − 838 }
436
+ − 839 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 840
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 841 if ( typeof(username) != 'string' )
436
+ − 842 {
+ − 843 var username = document.getElementById('ajax_login_field_username').value;
+ − 844 }
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 845 if ( typeof(password) != 'string' )
436
+ − 846 {
+ − 847 var password = document.getElementById('ajax_login_field_password').value;
+ − 848 }
+ − 849 if ( !captcha && document.getElementById('ajax_login_field_captcha') )
+ − 850 {
+ − 851 var captcha = document.getElementById('ajax_login_field_captcha').value;
+ − 852 }
+ − 853
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 854 // Only run early submit hook once
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 855 if ( !window.logindata.early_submit_run )
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 856 eval(setHook('login_submit_early'));
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 857
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 858 window.logindata.early_submit_run = true;
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 859
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 860 try
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 861 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 862
436
+ − 863 if ( do_dh )
+ − 864 {
+ − 865 ajaxLoginSetStatus(AJAX_STATUS_GENERATING_KEY);
+ − 866 if ( !real )
+ − 867 {
+ − 868 // Wait while the browser updates the login window
+ − 869 setTimeout(function()
+ − 870 {
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 871 ajaxLoginSubmitForm(true, username, password, captcha, remember_session);
887
+ − 872 }, 20);
436
+ − 873 return true;
+ − 874 }
887
+ − 875 var dh_start = (new Date()).getTime();
436
+ − 876 // Perform Diffie Hellman stuff
+ − 877 var dh_priv = dh_gen_private();
+ − 878 var dh_pub = dh_gen_public(dh_priv);
+ − 879 var secret = dh_gen_shared_secret(dh_priv, logindata.key_dh);
+ − 880 // secret_hash is used to verify that the server guesses the correct secret
+ − 881 var secret_hash = hex_sha1(secret);
+ − 882 // crypt_key is the actual AES key
+ − 883 var crypt_key = (hex_sha256(secret)).substr(0, (keySizeInBits / 4));
887
+ − 884 var dh_time = (new Date()).getTime() - dh_start;
+ − 885 console.debug("DH: complete, time = %dms", dh_time);
436
+ − 886 }
+ − 887 else
+ − 888 {
+ − 889 var crypt_key = logindata.key_aes;
+ − 890 }
+ − 891
+ − 892 ajaxLoginSetStatus(AJAX_STATUS_LOGGING_IN);
+ − 893
+ − 894 // Encrypt the password and username
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 895 var userinfo = {
436
+ − 896 username: username,
+ − 897 password: password
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 898 };
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 899
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 900 eval(setHook('login_build_userinfo'));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 901
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 902 userinfo = toJSONString(userinfo);
436
+ − 903 var crypt_key_ba = hexToByteArray(crypt_key);
+ − 904 userinfo = stringToByteArray(userinfo);
+ − 905
+ − 906 userinfo = rijndaelEncrypt(userinfo, crypt_key_ba, 'ECB');
+ − 907 userinfo = byteArrayToHex(userinfo);
+ − 908 // Encrypted username and password (serialized with JSON) are now in the userinfo string
+ − 909
+ − 910 // Collect other needed information
+ − 911 if ( logindata.captcha_hash )
+ − 912 {
+ − 913 var captcha_hash = logindata.captcha_hash;
+ − 914 var captcha_code = captcha;
+ − 915 }
+ − 916 else
+ − 917 {
+ − 918 var captcha_hash = false;
+ − 919 var captcha_code = false;
+ − 920 }
+ − 921
+ − 922 // Ship it across the 'net
+ − 923 if ( do_dh )
+ − 924 {
+ − 925 var json_packet = {
+ − 926 mode: 'login_dh',
+ − 927 userinfo: userinfo,
+ − 928 captcha_code: captcha_code,
+ − 929 captcha_hash: captcha_hash,
+ − 930 dh_public_key: logindata.key_dh,
+ − 931 dh_client_key: dh_pub,
+ − 932 dh_secret_hash: secret_hash,
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 933 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 934 remember: remember_session
436
+ − 935 }
+ − 936 }
+ − 937 else
+ − 938 {
+ − 939 var json_packet = {
+ − 940 mode: 'login_aes',
+ − 941 userinfo: userinfo,
+ − 942 captcha_code: captcha_code,
+ − 943 captcha_hash: captcha_hash,
+ − 944 key_aes: hex_md5(crypt_key),
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 945 level: logindata.user_level,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 946 remember: remember_session
436
+ − 947 }
+ − 948 }
718
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 949 }
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 950 catch(e)
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 951 {
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 952 ajaxLoginSetStatus(AJAX_STATUS_ERROR);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 953 console.error('Exception caught in login process; backtrace follows');
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 954 console.debug(e);
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 955 return false;
12485b1d41fd
Fixed issue where login box was not obeying server orders to disable DiffieHellman. Increased quality of error handling for JS errors during login process.
Dan
diff
changeset
+ − 956 }
1026
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 957 // reset this...
f0431eb8161e
AJAX login: fixed improper run of login_submit_early; fixed failure to redirect if main_page_members == current page
Dan
diff
changeset
+ − 958 window.logindata.early_submit_run = false;
436
+ − 959 ajaxLoginPerformRequest(json_packet);
+ − 960 }
+ − 961
582
+ − 962 window.ajaxLoginShowFriendlyError = function(response)
436
+ − 963 {
+ − 964 if ( !response.respawn_info )
+ − 965 return false;
+ − 966 if ( !response.error_code )
+ − 967 return false;
+ − 968 var text = ajaxLoginGetErrorText(response);
+ − 969 if ( document.getElementById('ajax_login_error_box') )
+ − 970 {
+ − 971 // console.info('Reusing existing error-box');
+ − 972 document.getElementById('ajax_login_error_box').innerHTML = text;
+ − 973 return true;
+ − 974 }
+ − 975
+ − 976 // console.info('Drawing new error-box');
+ − 977
+ − 978 // calculate position for the top of the box
699
c7d737202d59
Removed Adobe Spry and replaced with jQuery. Please report any new bugs on the forums or via IRC. In a related note, auto-completion should work now at least for usernames. Still hacking away at page name completion...
Dan
diff
changeset
+ − 979 var mb_bottom = $dynano('messageBoxButtons').Top() + $dynano('messageBoxButtons').Height();
436
+ − 980 // if the box isn't done flying in yet, just estimate
+ − 981 if ( mb_bottom < ( getHeight() / 2 ) )
+ − 982 {
+ − 983 mb_bottom = ( getHeight() / 2 ) + 120;
+ − 984 }
+ − 985 var win_bottom = getHeight() + getScrollOffset();
+ − 986 var top = mb_bottom + ( ( win_bottom - mb_bottom ) / 2 ) - 32;
+ − 987 // left position = 0.2 * window_width, seeing as the box is 60% width this works hackishly but nice and quick
+ − 988 var left = getWidth() * 0.2;
+ − 989
+ − 990 // create the div
+ − 991 var errbox = document.createElement('div');
+ − 992 errbox.className = 'error-box-mini';
+ − 993 errbox.style.position = 'absolute';
+ − 994 errbox.style.width = '60%';
+ − 995 errbox.style.top = top + 'px';
+ − 996 errbox.style.left = left + 'px';
694
43367c66d869
Couple of fixes (hacks) for Opera and the aftermath of that z-index change to darken() and enlighten() fadefilters; added ajaxOpenDirectACLRule() to placeholder list
Dan
diff
changeset
+ − 997 errbox.style.zIndex = getHighestZ();
436
+ − 998 errbox.innerHTML = text;
+ − 999 errbox.id = 'ajax_login_error_box';
+ − 1000
+ − 1001 var body = document.getElementsByTagName('body')[0];
+ − 1002 body.appendChild(errbox);
+ − 1003 }
+ − 1004
582
+ − 1005 window.ajaxLoginGetErrorText = function(response)
436
+ − 1006 {
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1007 if ( !response.error_code.match(/^[a-z0-9]+_[a-z0-9_]+$/) )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1008 {
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1009 return response.error_code;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1010 }
436
+ − 1011 switch ( response.error_code )
+ − 1012 {
+ − 1013 default:
899
+ − 1014 eval(setHook('ajax_login_process_error'));
+ − 1015 if ( !ls )
+ − 1016 {
+ − 1017 var ls = $lang.get('user_err_' + response.error_code);
+ − 1018 if ( ls == 'user_err_' + response.error_code )
+ − 1019 // Adding response here allows language strings to utilize additional information passed from the error packet
+ − 1020 ls = $lang.get(response.error_code, response);
+ − 1021 }
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1022
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1023 return ls;
436
+ − 1024 break;
+ − 1025 case 'locked_out':
+ − 1026 if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' )
+ − 1027 {
+ − 1028 return $lang.get('user_err_locked_out', {
+ − 1029 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1030 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 1031 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 1032 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural'),
+ − 1033 captcha_blurb: ''
+ − 1034 });
+ − 1035 break;
+ − 1036 }
+ − 1037 case 'invalid_credentials':
+ − 1038 var base = $lang.get('user_err_invalid_credentials');
+ − 1039 if ( response.respawn_info.locked_out )
+ − 1040 {
+ − 1041 base += ' ';
+ − 1042 var captcha_blurb = '';
+ − 1043 switch(response.respawn_info.lockout_info.lockout_policy)
+ − 1044 {
+ − 1045 case 'captcha':
+ − 1046 captcha_blurb = $lang.get('user_err_locked_out_captcha_blurb');
+ − 1047 break;
+ − 1048 case 'lockout':
+ − 1049 break;
+ − 1050 default:
+ − 1051 base += 'WTF? Shouldn\'t be locked out with lockout policy set to disable.';
+ − 1052 break;
+ − 1053 }
+ − 1054 base += $lang.get('user_err_locked_out', {
+ − 1055 captcha_blurb: captcha_blurb,
+ − 1056 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1057 lockout_duration: response.respawn_info.lockout_info.lockout_duration,
+ − 1058 time_rem: response.respawn_info.lockout_info.time_rem,
+ − 1059 plural: ( response.respawn_info.lockout_info.time_rem == 1 ) ? '' : $lang.get('meta_plural')
+ − 1060 });
+ − 1061 }
+ − 1062 else if ( response.respawn_info.lockout_info.lockout_policy == 'lockout' || response.respawn_info.lockout_info.lockout_policy == 'captcha' )
+ − 1063 {
+ − 1064 // if we have a lockout policy of captcha or lockout, then warn the user
+ − 1065 switch ( response.respawn_info.lockout_info.lockout_policy )
+ − 1066 {
+ − 1067 case 'captcha':
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1068 base += $lang.get('user_err_invalid_credentials_lockout_captcha', {
436
+ − 1069 fails: response.respawn_info.lockout_info.lockout_fails,
+ − 1070 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
+ − 1071 lockout_duration: response.respawn_info.lockout_info.lockout_duration
+ − 1072 });
+ − 1073 break;
+ − 1074 case 'lockout':
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1075 base += $lang.get('user_err_invalid_credentials_lockout', {
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1076 fails: response.respawn_info.lockout_info.lockout_fails,
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1077 lockout_threshold: response.respawn_info.lockout_info.lockout_threshold,
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1078 lockout_duration: response.respawn_info.lockout_info.lockout_duration
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 1079 });
436
+ − 1080 break;
+ − 1081 }
+ − 1082 }
+ − 1083 return base;
+ − 1084 break;
+ − 1085 }
+ − 1086 }
+ − 1087
585
+ − 1088 window.ajaxShowCaptcha = function(code)
+ − 1089 {
+ − 1090 var mydiv = document.createElement('div');
+ − 1091 mydiv.style.backgroundColor = '#FFFFFF';
+ − 1092 mydiv.style.padding = '10px';
+ − 1093 mydiv.style.position = 'absolute';
+ − 1094 mydiv.style.top = '0px';
+ − 1095 mydiv.id = 'autoCaptcha';
+ − 1096 mydiv.style.zIndex = String( getHighestZ() + 1 );
+ − 1097 var img = document.createElement('img');
+ − 1098 img.onload = function()
+ − 1099 {
+ − 1100 if ( this.loaded )
+ − 1101 return true;
+ − 1102 var mydiv = document.getElementById('autoCaptcha');
+ − 1103 var width = getWidth();
+ − 1104 var divw = $dynano(mydiv).Width();
+ − 1105 var left = ( width / 2 ) - ( divw / 2 );
+ − 1106 mydiv.style.left = left + 'px';
+ − 1107 fly_in_top(mydiv, false, true);
+ − 1108 this.loaded = true;
+ − 1109 };
+ − 1110 img.src = makeUrlNS('Special', 'Captcha/' + code);
+ − 1111 img.onclick = function() { this.src = this.src + '/a'; };
+ − 1112 img.style.cursor = 'pointer';
+ − 1113 mydiv.appendChild(img);
+ − 1114 domObjChangeOpac(0, mydiv);
+ − 1115 var body = document.getElementsByTagName('body')[0];
+ − 1116 body.appendChild(mydiv);
+ − 1117 }
+ − 1118
582
+ − 1119 window.ajaxInitLogout = function()
+ − 1120 {
887
+ − 1121 load_component(['messagebox', 'l10n', 'flyin', 'fadefilter', 'jquery', 'jquery-ui']);
+ − 1122
+ − 1123 var title = $lang.get('user_logout_confirm_title');
+ − 1124 var message = ( auth_level > USER_LEVEL_MEMBER ) ? $lang.get('user_logout_confirm_body_nelev') : $lang.get('user_logout_confirm_body_normal');
+ − 1125 var buttons = [];
+ − 1126 buttons.push({
+ − 1127 text: $lang.get('user_logout_confirm_btn_logout'),
+ − 1128 color: 'red',
+ − 1129 style: {
+ − 1130 fontWeight: 'bold'
+ − 1131 },
+ − 1132 onclick: function()
+ − 1133 {
+ − 1134 miniPromptDestroy(this);
+ − 1135 window.location = makeUrlNS('Special', 'Logout/' + csrf_token + '/' + window.title);
+ − 1136 return false;
+ − 1137 }
+ − 1138 });
+ − 1139 if ( auth_level > USER_LEVEL_MEMBER )
+ − 1140 {
+ − 1141 buttons.push({
+ − 1142 text: $lang.get('user_logout_confirm_btn_deauth'),
+ − 1143 color: 'blue',
+ − 1144 onclick: function()
+ − 1145 {
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1146 var mp = miniPromptGetParent(this);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1147 var whitey = whiteOutMiniPrompt(mp);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1148
887
+ − 1149 ajaxLoginPerformRequest({
+ − 1150 mode: 'logout',
+ − 1151 level: auth_level,
+ − 1152 csrf_token: csrf_token
1001
+ − 1153 }, function(response)
+ − 1154 {
+ − 1155 whiteOutReportSuccess(whitey);
+ − 1156 setTimeout(function()
+ − 1157 {
+ − 1158 miniPromptDestroy(mp);
+ − 1159 }, 1250);
+ − 1160 });
887
+ − 1161 return false;
+ − 1162 }
+ − 1163 });
+ − 1164 }
+ − 1165 buttons.push({
+ − 1166 text: $lang.get('etc_cancel'),
+ − 1167 onclick: function()
+ − 1168 {
+ − 1169 miniPromptDestroy(this);
+ − 1170 return false;
+ − 1171 }
+ − 1172 });
+ − 1173
+ − 1174 miniPromptMessage({
+ − 1175 title: title,
+ − 1176 message: message,
+ − 1177 buttons: buttons
+ − 1178 });
582
+ − 1179 }
+ − 1180
+ − 1181 window.mb_logout = function()
+ − 1182 {
+ − 1183 ajaxInitLogout();
+ − 1184 }
+ − 1185
+ − 1186 window.ajaxStartLogin = function()
+ − 1187 {
+ − 1188 ajaxLogonToMember();
+ − 1189 }
+ − 1190
+ − 1191 window.ajaxStartAdminLogin = function()
+ − 1192 {
+ − 1193 // IE <6 pseudo-compatibility
+ − 1194 if ( KILL_SWITCH )
+ − 1195 return true;
+ − 1196 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1197 {
+ − 1198 ajaxLoginInit(function(k) {
+ − 1199 ENANO_SID = k;
+ − 1200 auth_level = USER_LEVEL_ADMIN;
+ − 1201 var loc = makeUrlNS('Special', 'Administration');
+ − 1202 if ( (ENANO_SID + ' ').length > 1 )
+ − 1203 window.location = loc;
+ − 1204 }, USER_LEVEL_ADMIN);
+ − 1205 return false;
+ − 1206 }
+ − 1207 var loc = makeUrlNS('Special', 'Administration');
+ − 1208 window.location = loc;
+ − 1209 }
+ − 1210
+ − 1211 window.ajaxAdminPage = function()
+ − 1212 {
+ − 1213 // IE <6 pseudo-compatibility
+ − 1214 if ( KILL_SWITCH )
+ − 1215 return true;
+ − 1216 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1217 {
+ − 1218 ajaxPromptAdminAuth(function(k) {
+ − 1219 ENANO_SID = k;
+ − 1220 auth_level = USER_LEVEL_ADMIN;
+ − 1221 var loc = String(window.location + '');
+ − 1222 window.location = append_sid(loc);
+ − 1223 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1224 if ( (ENANO_SID + ' ').length > 1 )
+ − 1225 window.location = loc;
+ − 1226 }, 9);
+ − 1227 return false;
+ − 1228 }
+ − 1229 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 1230 window.location = loc;
+ − 1231 }
+ − 1232
+ − 1233 var navto_ns;
+ − 1234 var navto_pg;
+ − 1235 var navto_ul;
+ − 1236
+ − 1237 window.ajaxLoginNavTo = function(namespace, page_id, min_level)
+ − 1238 {
+ − 1239 // IE <6 pseudo-compatibility
+ − 1240 if ( KILL_SWITCH )
+ − 1241 return true;
+ − 1242 navto_pg = page_id;
+ − 1243 navto_ns = namespace;
+ − 1244 navto_ul = min_level;
+ − 1245 if ( auth_level < min_level )
+ − 1246 {
+ − 1247 ajaxPromptAdminAuth(function(k) {
+ − 1248 ENANO_SID = k;
+ − 1249 auth_level = navto_ul;
+ − 1250 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1251 if ( (ENANO_SID + ' ').length > 1 )
+ − 1252 window.location = loc;
+ − 1253 }, min_level);
+ − 1254 return false;
+ − 1255 }
+ − 1256 var loc = makeUrlNS(navto_ns, navto_pg);
+ − 1257 window.location = loc;
+ − 1258 }
+ − 1259
+ − 1260 window.ajaxAdminUser = function(username)
+ − 1261 {
+ − 1262 // IE <6 pseudo-compatibility
+ − 1263 if ( KILL_SWITCH )
+ − 1264 return true;
+ − 1265 if ( auth_level < USER_LEVEL_ADMIN )
+ − 1266 {
+ − 1267 ajaxPromptAdminAuth(function(k) {
+ − 1268 ENANO_SID = k;
+ − 1269 auth_level = USER_LEVEL_ADMIN;
+ − 1270 var loc = String(window.location + '');
+ − 1271 window.location = append_sid(loc);
+ − 1272 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1273 if ( (ENANO_SID + ' ').length > 1 )
+ − 1274 window.location = loc;
+ − 1275 }, 9);
+ − 1276 return false;
+ − 1277 }
+ − 1278 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'UserManager&src=get&user=' + ajaxEscape(username));
+ − 1279 window.location = loc;
+ − 1280 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1281
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1282 window.ajaxDynamicReauth = function(adminpage, level)
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1283 {
1002
+ − 1284 if ( auth_level < USER_LEVEL_MEMBER )
1001
+ − 1285 {
+ − 1286 ajaxStartLogin();
+ − 1287 return false;
+ − 1288 }
+ − 1289
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1290 var old_sid = ENANO_SID;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1291 var targetpage = adminpage;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1292 if ( !level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1293 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1294 level = USER_LEVEL_ADMIN;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1295 }
1001
+ − 1296 ajaxLogonInit(function(k, response)
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1297 {
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1298 ajaxLoginReplaceSIDInline(k, old_sid, level);
1001
+ − 1299 window.user_id = response.user_id;
+ − 1300 window.user_level = response.user_level;
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1301 mb_current_obj.destroy();
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1302 if ( typeof(targetpage) == 'string' )
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1303 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1304 ajaxPage(targetpage);
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1305 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1306 else if ( typeof(targetpage) == 'function' )
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1307 {
887
+ − 1308 targetpage(k);
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1309 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1310 }, level);
883
+ − 1311 if ( typeof(adminpage) == 'string' )
+ − 1312 {
+ − 1313 ajaxLoginShowFriendlyError({
+ − 1314 error_code: 'admin_session_timed_out',
+ − 1315 respawn_info: {}
+ − 1316 });
+ − 1317 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 1318 }
794
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1319
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1320 window.ajaxRenewSession = function()
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1321 {
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1322 ajaxDynamicReauth(false);
720516162012
Added support for re-auth on submit to rank manager when session goes bad; still more to come
Dan
diff
changeset
+ − 1323 }
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1324
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1325 window.ajaxTrashElevSession = function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1326 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1327 load_component(['messagebox', 'fadefilter', 'l10n', 'flyin', 'jquery', 'jquery-ui']);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1328 miniPromptMessage({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1329 title: $lang.get('user_logout_confirm_title_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1330 message: $lang.get('user_logout_confirm_body_elev'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1331 buttons: [
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1332 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1333 text: $lang.get('user_logout_confirm_btn_logout'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1334 color: 'red',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1335 style: {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1336 fontWeight: 'bold'
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1337 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1338 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1339 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1340 ajaxLoginPerformRequest({
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1341 mode: 'logout',
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1342 level: auth_level,
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1343 csrf_token: csrf_token
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1344 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1345 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1346 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1347 },
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1348 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1349 text: $lang.get('etc_cancel'),
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1350 onclick: function()
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1351 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1352 miniPromptDestroy(this);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1353 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1354 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1355 ]
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1356 });
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1357 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1358
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1359 /**
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1360 * Take an SID and patch all internal links on the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1361 * @param string New key. If false, removes keys from the page.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1362 * @param string Old key. If false, only appends the new SID (more work as it uses DOM, use when dynamically going up to elevated)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1363 * @param int New level, not a huge deal but sets auth_level. Try to specify it as some functions depend on it.
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1364 */
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1365
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1366 window.ajaxLoginReplaceSIDInline = function(key, oldkey, level)
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1367 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1368 var host = String(window.location.hostname);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1369 var exp = new RegExp('^https?://' + host.replace('.', '\.') + contentPath.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1370 var rexp = new RegExp('^https?://' + host.replace('.', '\.'), 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1371
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1372 if ( key )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1373 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1374 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1375 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1376 var body = document.getElementsByTagName('body')[0];
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1377 var replace = new RegExp(oldkey, 'g');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1378 body.innerHTML = body.innerHTML.replace(replace, key);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1379 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1380 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1381 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1382 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1383 // append SID to all internal links
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1384 ENANO_SID = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1385
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1386 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1387 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1388 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1389 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1390 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1391 var newurl = (String(append_sid(links[i].href))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1392 links[i].href = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1393 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1394 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1395
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1396 var forms = document.getElementsByTagName('form');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1397 for ( var i = 0; i < forms.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1398 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1399 if ( forms[i].method.toLowerCase() == 'post' )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1400 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1401 if ( forms[i].action.match(exp, links[i]) )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1402 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1403 var newurl = (String(append_sid(forms[i].action))).replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1404 forms[i].action = newurl;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1405 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1406 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1407 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1408 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1409 if ( !forms[i].auth )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1410 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1411 var auth = document.createElement('input');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1412 auth.type = 'hidden';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1413 auth.name = 'auth';
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1414 auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1415 forms[i].appendChild(auth);
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1416 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1417 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1418 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1419 forms[i].auth.value = key;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1420 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1421 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1422 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1423 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1424 if ( level )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1425 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1426 auth_level = level;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1427 }
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 1428 window.location.hash = '#auth:' + key;
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1429 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1430 else
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1431 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1432 auth_level = USER_LEVEL_MEMBER;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1433 ENANO_SID = false;
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1434 if ( oldkey )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1435 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1436 var links = document.getElementsByTagName('a');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1437 for ( var i = 0; i < links.length; i++ )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1438 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1439 if ( links[i].href.match(exp, links[i]) && links[i].href.indexOf('#') == -1 )
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1440 {
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1441 links[i].href = links[i].href.replace(/\?auth=([a-f0-9]+)(&|#|$)/, '$2').replace(/&auth=([a-f0-9]+)/, '').replace(rexp, '');
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1442 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1443 }
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1444 }
824
28d9fbcd4f0d
Login: reauth: window.location.hash is now updated to include the new SID so that page reloads will use it
Dan
diff
changeset
+ − 1445 window.location.hash = '#auth:false';
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1446 }
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1447 window.stdAjaxPrefix = append_sid(scriptPath + '/ajax.php?title=' + title);
811
5c807fe77020
Added support for live re-auth and de-auth; fully AJAX, no page reload required, plus plugin-usable API.
Dan
diff
changeset
+ − 1448 }