plugins/SpecialUserFuncs.php
changeset 229 97ae8e9d5e29
parent 227 0eca1498a77b
child 266 917dcc6c4ceb
equal deleted inserted replaced
147:d8156d18ac58 229:97ae8e9d5e29
     2 /*
     2 /*
     3 Plugin Name: Special user/login-related pages
     3 Plugin Name: Special user/login-related pages
     4 Plugin URI: http://enanocms.org/
     4 Plugin URI: http://enanocms.org/
     5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
     5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
     6 Author: Dan Fuhry
     6 Author: Dan Fuhry
     7 Version: 1.0.1
     7 Version: 1.0.2
     8 Author URI: http://enanocms.org/
     8 Author URI: http://enanocms.org/
     9 */
     9 */
    10 
    10 
    11 /*
    11 /*
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    13  * Version 1.0 release candidate 2
    13  * Version 1.0.2
    14  * Copyright (C) 2006-2007 Dan Fuhry
    14  * Copyright (C) 2006-2007 Dan Fuhry
    15  *
    15  *
    16  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    16  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    17  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    17  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    18  *
    18  *
    88       \'name\'=>\'Member list\',
    88       \'name\'=>\'Member list\',
    89       \'urlname\'=>\'Memberlist\',
    89       \'urlname\'=>\'Memberlist\',
    90       \'namespace\'=>\'Special\',
    90       \'namespace\'=>\'Special\',
    91       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    91       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    92       ));
    92       ));
       
    93       
       
    94     $paths->add_page(Array(
       
    95       \'name\'=>\'Language exporter\',
       
    96       \'urlname\'=>\'LangExportJSON\',
       
    97       \'namespace\'=>\'Special\',
       
    98       \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    99       ));
       
   100       
    93     ');
   101     ');
    94 
   102 
    95 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
   103 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
    96 
   104 
    97 $__login_status = '';
   105 $__login_status = '';
    98 
   106 
    99 function page_Special_Login()
   107 function page_Special_Login()
   100 {
   108 {
   101   global $db, $session, $paths, $template, $plugins; // Common objects
   109   global $db, $session, $paths, $template, $plugins; // Common objects
   102   global $__login_status;
   110   global $__login_status;
       
   111   global $lang;
   103   
   112   
   104   $pubkey = $session->rijndael_genkey();
   113   $pubkey = $session->rijndael_genkey();
   105   $challenge = $session->dss_rand();
   114   $challenge = $session->dss_rand();
       
   115   
       
   116   $locked_out = false;
       
   117   // are we locked out?
       
   118   $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
       
   119   $duration  = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
       
   120   // convert to minutes
       
   121   $duration  = $duration * 60;
       
   122   $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
       
   123   if ( $policy != 'disable' )
       
   124   {
       
   125     $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
       
   126     $timestamp_cutoff = time() - $duration;
       
   127     $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
       
   128     $fails = $db->numrows();
       
   129     if ( $fails >= $threshold )
       
   130     {
       
   131       $row = $db->fetchrow();
       
   132       $locked_out = true;
       
   133       $lockdata = array(
       
   134           'locked_out' => true,
       
   135           'lockout_threshold' => $threshold,
       
   136           'lockout_duration' => ( $duration / 60 ),
       
   137           'lockout_fails' => $fails,
       
   138           'lockout_policy' => $policy,
       
   139           'lockout_last_time' => $row['timestamp'],
       
   140           'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
       
   141           'captcha' => ''
       
   142         );
       
   143       if ( $policy == 'captcha' )
       
   144       {
       
   145         $lockdata['captcha'] = $session->make_captcha();
       
   146       }
       
   147     }
       
   148     $db->free_result();
       
   149   }
   106   
   150   
   107   if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
   151   if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
   108   {
   152   {
   109     $username = ( $session->user_logged_in ) ? $session->username : false;
   153     $username = ( $session->user_logged_in ) ? $session->username : false;
   110     $response = Array(
   154     $response = Array(
   111       'username' => $username,
   155       'username' => $username,
   112       'key' => $pubkey,
   156       'key' => $pubkey,
   113       'challenge' => $challenge
   157       'challenge' => $challenge,
       
   158       'locked_out' => false
   114       );
   159       );
       
   160     
       
   161     if ( $locked_out )
       
   162     {
       
   163       foreach ( $lockdata as $x => $y )
       
   164       {
       
   165         $response[$x] = $y;
       
   166       }
       
   167       unset($x, $y);
       
   168     }
       
   169     
   115     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   170     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   116     $response = $json->encode($response);
   171     $response = $json->encode($response);
   117     echo $response;
   172     echo $response;
   118     return null;
   173     return null;
   119   }
   174   }
   133   }
   188   }
   134   if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
   189   if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
   135     $paths->main_page();
   190     $paths->main_page();
   136   $template->header();
   191   $template->header();
   137   echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
   192   echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
   138   $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
   193   $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
   139   if ( isset($_POST['login']) )
   194   if ( isset($_POST['login']) )
   140   {
   195   {
   141     echo '<p>'.$__login_status.'</p>';
   196     $errstring = $__login_status['error'];
       
   197     switch($__login_status['error'])
       
   198     {
       
   199       case 'key_not_found':
       
   200         $errstring = $lang->get('user_err_key_not_found');
       
   201         break;
       
   202       case 'key_wrong_length':
       
   203         $errstring = $lang->get('user_err_key_wrong_length');
       
   204         break;
       
   205       case 'too_big_for_britches':
       
   206         $errstring = $lang->get('user_err_too_big_for_britches');
       
   207         break;
       
   208       case 'invalid_credentials':
       
   209         $errstring = $lang->get('user_err_invalid_credentials');
       
   210         if ( $__login_status['lockout_policy'] == 'lockout' )
       
   211         {
       
   212           $errstring .= $lang->get('err_invalid_credentials_lockout', array('lockout_fails' => $__login_status['lockout_fails']));
       
   213         }
       
   214         else if ( $__login_status['lockout_policy'] == 'captcha' )
       
   215         {
       
   216           $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('lockout_fails' => $__login_status['lockout_fails']));
       
   217         }
       
   218         break;
       
   219       case 'backend_fail':
       
   220         $errstring = $lang->get('user_err_backend_fail');
       
   221         break;
       
   222       case 'locked_out':
       
   223         $attempts = intval($__login_status['lockout_fails']);
       
   224         if ( $attempts > $__login_status['lockout_threshold'])
       
   225           $attempts = $__login_status['lockout_threshold'];
       
   226         
       
   227         $server_time = time();
       
   228         $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
       
   229         if ( $time_rem < 1 )
       
   230           $time_rem = $__login_status['lockout_duration'];
       
   231         
       
   232         $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
       
   233         
       
   234         $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('err_locked_out_captcha_blurb') : '';
       
   235         $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
       
   236         
       
   237         break;
       
   238     }
       
   239     echo '<div class="error-box-mini">'.$errstring.'</div>';
   142   }
   240   }
   143   if ( $p = $paths->getAllParams() )
   241   if ( $p = $paths->getAllParams() )
   144   {
   242   {
   145     echo '<input type="hidden" name="return_to" value="'.$p.'" />';
   243     echo '<input type="hidden" name="return_to" value="'.$p.'" />';
   146   }
   244   }
   157         <tr>
   255         <tr>
   158           <td colspan="3" class="row1">
   256           <td colspan="3" class="row1">
   159             <?php
   257             <?php
   160             if ( $level <= USER_LEVEL_MEMBER )
   258             if ( $level <= USER_LEVEL_MEMBER )
   161             {
   259             {
   162               echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
   260               echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
   163             }
   261             }
   164             else
   262             else
   165             {
   263             {
   166               echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
   264               echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
   167             }
   265             }
   168             ?>
   266             ?>
   169           </td>
   267           </td>
   170         </tr>
   268         </tr>
   171         <tr>
   269         <tr>
   172           <td class="row2">
   270           <td class="row2">
   173             Username:
   271             <?php echo $lang->get('user_login_field_username'); ?>:
   174           </td>
   272           </td>
   175           <td class="row1">
   273           <td class="row1">
   176             <input name="username" size="25" type="text" <?php
   274             <input name="username" size="25" type="text" <?php
   177               if ( $level <= USER_LEVEL_MEMBER )
   275               if ( $level <= USER_LEVEL_MEMBER )
   178               {
   276               {
   187                 echo 'value="' . $session->username . '"';
   285                 echo 'value="' . $session->username . '"';
   188               }
   286               }
   189               ?> />
   287               ?> />
   190           </td>
   288           </td>
   191           <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
   289           <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
   192           <td rowspan="2" class="row3">
   290           <td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
   193             <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
   291             <small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
   194             Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
   292             <?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
   195           </td>
   293           </td>
   196           <?php } ?>
   294           <?php } ?>
   197         </tr>
   295         </tr>
   198         <tr>
   296         <tr>
   199           <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
   297           <td class="row2">
       
   298             <?php echo $lang->get('user_login_field_password'); ?>:
       
   299           </td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
   200          </tr>
   300          </tr>
   201          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
   301          <?php
       
   302          if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
       
   303          {
       
   304            ?>
       
   305            <tr>
       
   306              <td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
       
   307            </tr>
       
   308            <tr>
       
   309              <td class="row3">
       
   310                <img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
       
   311              </td>
       
   312            </tr>
       
   313            <?php
       
   314          }
       
   315          ?>
   202          <tr>
   316          <tr>
   203            <td class="row3" colspan="3">
   317            <td class="row3" colspan="3">
   204              <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
   318              <?php
   205              <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
   319              if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
       
   320              {
       
   321                $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
       
   322                $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
       
   323                echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
       
   324                echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
       
   325              }
       
   326              else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
       
   327              {
       
   328                $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
       
   329                $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
       
   330                echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
       
   331                echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
       
   332              }
       
   333              ?>
   206            </td>
   334            </td>
   207          </tr>
   335          </tr>
   208          <?php } ?>
       
   209          <tr>
   336          <tr>
   210            <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
   337            <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
   211          </tr>
   338          </tr>
   212       </table>
   339       </table>
   213     </div>
   340     </div>
   235 
   362 
   236 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
   363 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
   237 {
   364 {
   238   global $db, $session, $paths, $template, $plugins; // Common objects
   365   global $db, $session, $paths, $template, $plugins; // Common objects
   239   global $__login_status;
   366   global $__login_status;
       
   367   global $lang;
   240   if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
   368   if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
   241   {
   369   {
   242     $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
   370     $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
   243     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   371     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   244     $data = $json->decode($_POST['params']);
   372     $data = $json->decode($_POST['params']);
       
   373     $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false;
       
   374     $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false;
   245     $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
   375     $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
   246     $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
   376     $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code);
   247     $session->start();
   377     $session->start();
   248     //echo "$result\n$session->sid_super";
   378     if ( $result['success'] )
   249     //exit;
       
   250     if ( $result == 'success' )
       
   251     {
   379     {
   252       $response = Array(
   380       $response = Array(
   253           'result' => 'success',
   381           'result' => 'success',
   254           'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
   382           'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
   255         );
   383         );
   256     }
   384     }
   257     else
   385     else
   258     {
   386     {
       
   387       $captcha = '';
       
   388       if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' )
       
   389       {
       
   390         $session->kill_captcha();
       
   391         $captcha = $session->make_captcha();
       
   392       }
   259       $response = Array(
   393       $response = Array(
   260           'result' => 'error',
   394           'result' => 'error',
   261           'error' => $result
   395           'data' => $result,
       
   396           'captcha' => $captcha
   262         );
   397         );
   263     }
   398     }
   264     $response = $json->encode($response);
   399     $response = $json->encode($response);
   265     echo $response;
   400     echo $response;
   266     $db->close();
   401     $db->close();
   267     exit;
   402     exit;
   268   }
   403   }
   269   if(isset($_POST['login'])) {
   404   if(isset($_POST['login'])) {
       
   405     $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
       
   406     $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
   270     if($_POST['use_crypt'] == 'yes')
   407     if($_POST['use_crypt'] == 'yes')
   271     {
   408     {
   272       $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
   409       $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code);
   273     }
   410     }
   274     else
   411     else
   275     {
   412     {
   276       $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
   413       $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
   277     }
   414     }
   278     $session->start();
   415     $session->start();
   279     $paths->init();
   416     $paths->init();
   280     if($result == 'success')
   417     if($result['success'])
   281     {
   418     {
   282       $template->load_theme($session->theme, $session->style);
   419       $template->load_theme($session->theme, $session->style);
   283       if(isset($_POST['return_to']))
   420       if(isset($_POST['return_to']))
   284       {
   421       {
   285         $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
   422         $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
   286         redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
   423         $subst = array(
       
   424             'username' => $session->username,
       
   425             'redir_target' => $name
       
   426           );
       
   427         redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
   287       }
   428       }
   288       else
   429       else
   289       {
   430       {
   290         redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );
   431         $subst = array(
       
   432             'username' => $session->username,
       
   433             'redir_target' => $lang->get('user_login_success_body_mainpage')
       
   434           );
       
   435         redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
   291       }
   436       }
   292     }
   437     }
   293     else
   438     else
   294     {
   439     {
   295       $GLOBALS['__login_status'] = $result;
   440       $GLOBALS['__login_status'] = $result;
   315   exit;
   460   exit;
   316 }
   461 }
   317 
   462 
   318 function page_Special_Logout() {
   463 function page_Special_Logout() {
   319   global $db, $session, $paths, $template, $plugins; // Common objects
   464   global $db, $session, $paths, $template, $plugins; // Common objects
       
   465   global $lang;
   320   if ( !$session->user_logged_in )
   466   if ( !$session->user_logged_in )
   321     $paths->main_page();
   467     $paths->main_page();
   322   
   468   
   323   $l = $session->logout();
   469   $l = $session->logout();
   324   if ( $l == 'success' )
   470   if ( $l == 'success' )
   325   {
   471   {
   326     redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
   472     
       
   473     redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4);
   327   }
   474   }
   328   $template->header();
   475   $template->header();
   329   echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
   476   echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
       
   477   echo '<p>' . $l . '</p>';
   330   $template->footer();
   478   $template->footer();
   331 }
   479 }
   332 
   480 
   333 function page_Special_Register()
   481 function page_Special_Register()
   334 {
   482 {
   335   global $db, $session, $paths, $template, $plugins; // Common objects
   483   global $db, $session, $paths, $template, $plugins; // Common objects
       
   484   global $lang;
   336   
   485   
   337   // form field trackers
   486   // form field trackers
   338   $username = '';
   487   $username = '';
   339   $email = '';
   488   $email = '';
   340   $realname = '';
   489   $realname = '';
   341   
   490   
   342   if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
   491   if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
   343   {
   492   {
   344     $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
   493     $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
   345     die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
   494     die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
   346   }
   495   }
   347   if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
   496   if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
   348   {
   497   {
   349     $paths->main_page();
   498     $paths->main_page();
   350   }
   499   }
   353     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   502     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   354     
   503     
   355     $captcharesult = $session->get_captcha($_POST['captchahash']);
   504     $captcharesult = $session->get_captcha($_POST['captchahash']);
   356     if($captcharesult != $_POST['captchacode'])
   505     if($captcharesult != $_POST['captchacode'])
   357     {
   506     {
   358       $s = 'The confirmation code you entered was incorrect.';
   507       $s = $lang->get('user_reg_err_captcha');
   359     }
   508     }
   360     else
   509     else
   361     {
   510     {
   362       if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
   511       if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
   363       {
   512       {
   377         {
   526         {
   378           $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
   527           $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
   379           $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
   528           $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
   380           if ( !$crypt_key )
   529           if ( !$crypt_key )
   381           {
   530           {
   382             $s = 'Couldn\'t look up public encryption key';
   531             $s = $lang->get('user_reg_err_missing_key');
   383           }
   532           }
   384           else
   533           else
   385           {
   534           {
   386             $data = $_POST['crypt_data'];
   535             $data = $_POST['crypt_data'];
   387             $bin_key = hexdecode($crypt_key);
   536             $bin_key = hexdecode($crypt_key);
   404     {
   553     {
   405       switch(getConfig('account_activation'))
   554       switch(getConfig('account_activation'))
   406       {
   555       {
   407         case "none":
   556         case "none":
   408         default:
   557         default:
   409           $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
   558           $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
   410           break;
   559           break;
   411         case "user":
   560         case "user":
   412           $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
   561           $str = $lang->get('user_reg_msg_success_activ_user');
   413           break;
   562           break;
   414         case "admin":
   563         case "admin":
   415           $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
   564           $str = $lang->get('user_reg_msg_success_activ_admin');
   416           break;
   565           break;
   417       }
   566       }
   418       die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
   567       die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
   419     }
   568     }
   420     else if ( $s == 'success' && $coppa )
   569     else if ( $s == 'success' && $coppa )
   421     {
   570     {
   422       $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
   571       $str = $lang->get('user_reg_msg_success_activ_coppa');
   423       die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
   572       die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
   424     }
   573     }
   425     $username = htmlspecialchars($_POST['username']);
   574     $username = htmlspecialchars($_POST['username']);
   426     $email    = htmlspecialchars($_POST['email']);
   575     $email    = htmlspecialchars($_POST['email']);
   427     $realname = htmlspecialchars($_POST['real_name']);
   576     $realname = htmlspecialchars($_POST['real_name']);
   428   }
   577   }
   429   $template->header();
   578   $template->header();
   430   echo 'A user account enables you to have greater control over your browsing experience.';
   579   echo $lang->get('user_reg_msg_greatercontrol');
   431   
   580   
   432   if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
   581   if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
   433   {
   582   {
   434     $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
   583     $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
   435     $session->kill_captcha();
   584     $session->kill_captcha();
   437     
   586     
   438     $pubkey = $session->rijndael_genkey();
   587     $pubkey = $session->rijndael_genkey();
   439     $challenge = $session->dss_rand();
   588     $challenge = $session->dss_rand();
   440     
   589     
   441     ?>
   590     ?>
   442       <h3>Create a user account</h3>
   591       <h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
   443       <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="runEncryption();">
   592       <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
   444         <div class="tblholder">
   593         <div class="tblholder">
   445           <table border="0" width="100%" cellspacing="1" cellpadding="4">
   594           <table border="0" width="100%" cellspacing="1" cellpadding="4">
   446             <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
   595             <tr><th class="subhead" colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
   447             
   596             
   448             <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
   597             <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
   449             
   598             
   450             <!-- FIELD: Username -->
   599             <!-- FIELD: Username -->
   451             <tr>
   600             <tr>
   452               <td class="row1" style="width: 50%;">
   601               <td class="row1" style="width: 50%;">
   453                 Preferred username:
   602                 <?php echo $lang->get('user_reg_lbl_field_username'); ?>
   454                 <span id="e_username"></span>
   603                 <span id="e_username"></span>
   455               </td>
   604               </td>
   456               <td class="row1" style="width: 50%;">
   605               <td class="row1" style="width: 50%;">
   457                 <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" />
   606                 <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
   458               </td>
   607               </td>
   459               <td class="row1" style="max-width: 24px;">
   608               <td class="row1" style="max-width: 24px;">
   460                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />
   609                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />
   461               </td>
   610               </td>
   462             </tr>
   611             </tr>
   463             
   612             
   464             <!-- FIELD: Password -->
   613             <!-- FIELD: Password -->
   465             <tr>
   614             <tr>
   466               <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
   615               <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
   467                 Password:
   616                 <?php echo $lang->get('user_reg_lbl_field_password'); ?>
   468                 <span id="e_password"></span>
   617                 <span id="e_password"></span>
   469                 <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
   618                 <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
   470                 <small>It needs to score at least <b><?php echo getConfig('pw_strength_minimum'); ?></b> for your registration to be accepted.</small>
   619                 <small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
   471                 <?php endif; ?>
   620                 <?php endif; ?>
   472               </td>
   621               </td>
   473               <td class="row3" style="width: 50%;">
   622               <td class="row3" style="width: 50%;">
   474                 <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm();" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
   623                 <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
   475               </td>
   624               </td>
   476               <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
   625               <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
   477                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />
   626                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />
   478               </td>
   627               </td>
   479             </tr>
   628             </tr>
   480             
   629             
   481             <!-- FIELD: Password confirmation -->
   630             <!-- FIELD: Password confirmation -->
   482             <tr>
   631             <tr>
   483               <td class="row3" style="width: 50%;">
   632               <td class="row3" style="width: 50%;">
   484                 <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small>
   633                 <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
   485               </td>
   634               </td>
   486             </tr>
   635             </tr>
   487             
   636             
   488             <!-- FIELD: Password strength meter -->
   637             <!-- FIELD: Password strength meter -->
   489             
   638             
   497             
   646             
   498             <!-- FIELD: E-mail address -->
   647             <!-- FIELD: E-mail address -->
   499             <tr>
   648             <tr>
   500               <td class="row1" style="width: 50%;">
   649               <td class="row1" style="width: 50%;">
   501                 <?php
   650                 <?php
   502                   if ( $coppa ) echo 'Your parent or guardian\'s e'; 
   651                   if ( $coppa )
   503                   else echo 'E';
   652                   {
   504                 ?>-mail address:
   653                     echo $lang->get('user_reg_lbl_field_email_coppa');
       
   654                   }
       
   655                   else
       
   656                   {
       
   657                     echo $lang->get('user_reg_lbl_field_email');
       
   658                   }
       
   659                 ?>
   505                 <?php
   660                 <?php
   506                   if ( ( $x = getConfig('account_activation') ) == 'user' )
   661                   if ( ( $x = getConfig('account_activation') ) == 'user' )
   507                   {
   662                   {
   508                     echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small>';
   663                     echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
   509                   }
   664                   }
   510                 ?>
   665                 ?>
   511               </td>
   666               </td>
   512               <td class="row1" style="width: 50%;">
   667               <td class="row1" style="width: 50%;">
   513                 <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm();" />
   668                 <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
   514               </td>
   669               </td>
   515               <td class="row1" style="max-width: 24px;">
   670               <td class="row1" style="max-width: 24px;">
   516                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />
   671                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />
   517               </td>
   672               </td>
   518             </tr>
   673             </tr>
   519             
   674             
   520             <!-- FIELD: Real name -->
   675             <!-- FIELD: Real name -->
   521             <tr>
   676             <tr>
   522               <td class="row3" style="width: 50%;">
   677               <td class="row3" style="width: 50%;">
   523                 Real name:<br />
   678                 <?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
   524                 <small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small>
   679                 <small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
   525               </td>
   680               </td>
   526               <td class="row3" style="width: 50%;">
   681               <td class="row3" style="width: 50%;">
   527                 <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
   682                 <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
   528               </td>
   683               </td>
   529             </tr>
   684             </tr>
   530             
   685             
   531             <!-- FIELD: CAPTCHA image -->
   686             <!-- FIELD: CAPTCHA image -->
   532             <tr>
   687             <tr>
   533               <td class="row1" style="width: 50%;" rowspan="2">
   688               <td class="row1" style="width: 50%;" rowspan="2">
   534                 Visual confirmation<br />
   689                 <?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
   535                 <small>
   690                 <small>
   536                   Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br />
   691                   <?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
   537                   <br />
   692                   <br />
   538                   If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.
   693                   <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
   539                 </small>
   694                 </small>
   540               </td>
   695               </td>
   541               <td colspan="2" class="row1">
   696               <td colspan="2" class="row1">
   542                 <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
   697                 <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />
   543                 <span id="b_username"></span>
   698                 <span id="b_username"></span>
   545             </tr>
   700             </tr>
   546             
   701             
   547             <!-- FIELD: CAPTCHA input field -->
   702             <!-- FIELD: CAPTCHA input field -->
   548             <tr>
   703             <tr>
   549               <td class="row1" colspan="2">
   704               <td class="row1" colspan="2">
   550                 Code:
   705                 <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
   551                 <input tabindex="6" name="captchacode" type="text" size="10" />
   706                 <input tabindex="6" name="captchacode" type="text" size="10" />
   552                 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
   707                 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
   553               </td>
   708               </td>
   554             </tr>
   709             </tr>
   555             
   710             
   595         function runEncryption()
   750         function runEncryption()
   596         {
   751         {
   597           var frm = document.forms.regform;
   752           var frm = document.forms.regform;
   598           if ( frm.password.value.length < 1 )
   753           if ( frm.password.value.length < 1 )
   599             return true;
   754             return true;
       
   755           pass1 = frm.password.value;
       
   756           pass2 = frm.password_confirm.value;
       
   757           if ( pass1 != pass2 )
       
   758           {
       
   759             alert($lang.get('user_reg_err_alert_password_nomatch'));
       
   760             return false;
       
   761           }
       
   762           if ( pass1.length < 6 && pass1.length > 0 )
       
   763           {
       
   764             alert($lang.get('user_reg_err_alert_password_tooshort'));
       
   765             return false;
       
   766           }
   600           if(aes_testpassed)
   767           if(aes_testpassed)
   601           {
   768           {
   602             frm.use_crypt.value = 'yes';
   769             frm.use_crypt.value = 'yes';
   603             var cryptkey = frm.crypt_key.value;
   770             var cryptkey = frm.crypt_key.value;
   604             frm.crypt_key.value = hex_md5(cryptkey);
   771             frm.crypt_key.value = hex_md5(cryptkey);
   607             {
   774             {
   608               frm.submit.disabled = true;
   775               frm.submit.disabled = true;
   609               len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
   776               len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
   610               alert('The key is messed up\nType: '+typeof(cryptkey)+len);
   777               alert('The key is messed up\nType: '+typeof(cryptkey)+len);
   611             }
   778             }
   612           }
       
   613           pass1 = frm.password.value;
       
   614           pass2 = frm.password_confirm.value;
       
   615           if ( pass1 != pass2 )
       
   616           {
       
   617             alert('The passwords you entered do not match.');
       
   618             return false;
       
   619           }
       
   620           if ( pass1.length < 6 && pass1.length > 0 )
       
   621           {
       
   622             alert('The new password must be 6 characters or greater in length.');
       
   623             return false;
       
   624           }
       
   625           if(aes_testpassed)
       
   626           {
       
   627             pass = frm.password.value;
   779             pass = frm.password.value;
   628             pass = stringToByteArray(pass);
   780             pass = stringToByteArray(pass);
   629             cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
   781             cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
   630             if(!cryptstring)
   782             if(!cryptstring)
   631             {
   783             {
   643       <!-- Don't optimize this script, it fails when compressed -->
   795       <!-- Don't optimize this script, it fails when compressed -->
   644       <enano:no-opt>
   796       <enano:no-opt>
   645         <script type="text/javascript">
   797         <script type="text/javascript">
   646           // <![CDATA[
   798           // <![CDATA[
   647           var namegood = false;
   799           var namegood = false;
   648           function validateForm()
   800           function validateForm(field)
   649           {
   801           {
       
   802             if ( typeof(field) != 'object' )
       
   803             {
       
   804               field = {
       
   805                 name: '_nil',
       
   806                 value: '_nil',
       
   807               }
       
   808             }
       
   809             // wait until $lang is initted
       
   810             if ( typeof($lang) != 'object' )
       
   811             {
       
   812               setTimeout('validateForm();', 200);
       
   813               return false;
       
   814             }
   650             var frm = document.forms.regform;
   815             var frm = document.forms.regform;
   651             failed = false;
   816             failed = false;
   652             
   817             
   653             // Username
   818             // Username
   654             if(!namegood)
   819             if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) 
   655             {
   820             {
   656               //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
   821               //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
   657               var regex = new RegExp('^([^<>_&\?]+){2,}$', 'ig');
   822               var regex = new RegExp('^([^<>_&\?]+){2,}$', 'ig');
   658               if ( frm.username.value.match(regex) )
   823               if ( frm.username.value.match(regex) )
   659               {
   824               {
   660                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   825                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   661                 document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
   826                 document.getElementById('e_username').innerHTML = '&nbsp;';
   662               } else {
   827               } else {
   663                 failed = true;
   828                 failed = true;
   664                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   829                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   665                 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
   830                 document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
   666               }
   831               }
   667             }
   832             }
   668             document.getElementById('b_username').innerHTML = '';
   833             document.getElementById('b_username').innerHTML = '';
   669             if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
   834             if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
   670             {
   835             {
   671               document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
   836               document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
   672             }
   837             }
   673             
   838             
   674             // Password
   839             // Password
   675             if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
   840             if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
   676             {
   841             {
   677               document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
   842               if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
   678               document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
       
   679             } else {
       
   680               failed = true;
       
   681               if(frm.password.value.length < 6)
       
   682               {
   843               {
   683                 document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
   844                 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
       
   845                 document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
       
   846               } else {
       
   847                 failed = true;
       
   848                 if(frm.password.value.length < 6)
       
   849                 {
       
   850                   document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
       
   851                 }
       
   852                 else if(frm.password.value != frm.password_confirm.value)
       
   853                 {
       
   854                   document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
       
   855                 }
       
   856                 else
       
   857                 {
       
   858                   document.getElementById('e_password').innerHTML = '';
       
   859                 }
       
   860                 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
   684               }
   861               }
   685               else if(frm.password.value != frm.password_confirm.value)
       
   686               {
       
   687                 document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
       
   688               }
       
   689               else
       
   690               {
       
   691                 document.getElementById('e_password').innerHTML = '';
       
   692               }
       
   693               document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
       
   694             }
   862             }
   695             
   863             
   696             // E-mail address
   864             // E-mail address
   697             
   865             
   698             // workaround for idiot jEdit bug
   866             // workaround for idiot jEdit bug
   699             if ( validateEmail(frm.email.value) )
   867             if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
   700             {
   868             {
   701               document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
   869               document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
   702             } else {
   870             } else {
   703               failed = true;
   871               failed = true;
   704               document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
   872               document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
   714           {
   882           {
   715             var frm = document.forms.regform;
   883             var frm = document.forms.regform;
   716             
   884             
   717             if(!namegood)
   885             if(!namegood)
   718             {
   886             {
   719               if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
   887               var r = new RegExp('^([A-z0-9 \.:\!@\#\*]+){2,}$', 'g');
       
   888               if(frm.username.value.match(r))
   720               {
   889               {
   721                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   890                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   722                 document.getElementById('e_username').innerHTML = '';
   891                 document.getElementById('e_username').innerHTML = '&nbsp;';
   723               } else {
   892               } else {
   724                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   893                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   725                 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
   894                 document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
   726                 return false;
   895                 return false;
   727               }
   896               }
   728             }
   897             }
   729             
   898             
   730             document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
   899             document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
   731             ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
   900             ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
   732               if(ajax.readyState == 4)
   901               if(ajax.readyState == 4)
   733                 if(ajax.responseText == 'good')
   902                 if(ajax.responseText == 'good')
   734                 {
   903                 {
   735                   document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
   904                   document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
   736                   document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
   905                   document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
   737                   namegood = true;
   906                   namegood = true;
   738                 } else if(ajax.responseText == 'bad') {
   907                 } else if(ajax.responseText == 'bad') {
   739                   document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   908                   document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   740                   document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
   909                   document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
   741                   namegood = false;
   910                   namegood = false;
   742                 } else {
   911                 } else {
   743                   document.getElementById('e_username').innerHTML = ajax.responseText;
   912                   document.getElementById('e_username').innerHTML = ajax.responseText;
   744                 }
   913                 }
   745             });
   914             });
   774     // COPPA enabled, ask age
   943     // COPPA enabled, ask age
   775     echo '<div class="tblholder">';
   944     echo '<div class="tblholder">';
   776     echo '<table border="0" cellspacing="1" cellpadding="4">';
   945     echo '<table border="0" cellspacing="1" cellpadding="4">';
   777     echo '<tr>
   946     echo '<tr>
   778             <td class="row1">
   947             <td class="row1">
   779               Before you can register, please tell us your age.
   948               ' . $lang->get('user_reg_coppa_title') . '
   780             </td>
   949             </td>
   781           </tr>
   950           </tr>
   782           <tr>
   951           <tr>
   783             <td class="row3">
   952             <td class="row3">
   784               <a href="' . $link_coppa_no  . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
   953               <a href="' . $link_coppa_no  . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
   785               <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
   954               <a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
   786             </td>
   955             </td>
   787           </tr>';
   956           </tr>';
   788     echo '</table>';
   957     echo '</table>';
   789     echo '</div>';
   958     echo '</div>';
   790   }
   959   }
  1509   {
  1678   {
  1510     return $this->format_date($time);
  1679     return $this->format_date($time);
  1511   }
  1680   }
  1512 }
  1681 }
  1513 
  1682 
       
  1683 function page_Special_LangExportJSON()
       
  1684 {
       
  1685   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1686   global $lang;
       
  1687   
       
  1688   $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
       
  1689   
       
  1690   if ( $lang->lang_id == $lang_id )
       
  1691     $lang_local =& $lang;
       
  1692   else
       
  1693     $lang_local = new Language($lang_id);
       
  1694   
       
  1695   $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
  1696   
       
  1697   $timestamp = date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
       
  1698   header("Last-Modified: $timestamp");
       
  1699   header("Date: $timestamp");
       
  1700   header('Content-type: text/javascript');
       
  1701   
       
  1702   $lang_local->fetch();
       
  1703   echo "if ( typeof(enano_lang) != 'object' )
       
  1704   var enano_lang = new Object();
       
  1705 
       
  1706 enano_lang[{$lang->lang_id}] = " . $json->encode($lang_local->strings) . ";";
       
  1707   
       
  1708 }
       
  1709 
  1514 ?>
  1710 ?>