# HG changeset patch # User Dan # Date 1194114653 14400 # Node ID b11a2f1353c00a7a2bbd5325110e4ebd3a0af28e # Parent 97ae8e9d5e2965978ffcced8149930a9c164f4ec# Parent 3daa715e0f699012372dd6cc04189edfde89620c Merge in scaling abstraction from stable diff -r 3daa715e0f69 -r b11a2f1353c0 .hgtags --- a/.hgtags Sat Nov 03 14:15:14 2007 -0400 +++ b/.hgtags Sat Nov 03 14:30:53 2007 -0400 @@ -5,3 +5,4 @@ 6f0bbf88c3251ca597cb76ac8b59a1ee61d6dd3d rebrand 0b5244001799fa29e83bf06c5f14eb69350f171c rebrand 42c6c83b8a004163c9cc2d85f3c8eada3b73adf6 rebrand +d53cc29308f4f4b97fc6d054e9e0855f37137409 rebrand diff -r 3daa715e0f69 -r b11a2f1353c0 ajax.php --- a/ajax.php Sat Nov 03 14:15:14 2007 -0400 +++ b/ajax.php Sat Nov 03 14:30:53 2007 -0400 @@ -1,425 +1,425 @@ -connect(); - - // result is sent using JSON - $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); - $return = Array( - 'mode' => 'success', - 'users_real' => Array() - ); - - // should be connected to the DB now - $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false; - if ( !$name ) - { - $return = array( - 'mode' => 'error', - 'error' => 'Invalid URI' - ); - die( $json->encode($return) ); - } - $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; - $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); - if ( !$q ) - { - $return = array( - 'mode' => 'error', - 'error' => 'MySQL error selecting username data: '.addslashes(mysql_error()) - ); - die( $json->encode($return) ); - } - $i = 0; - while($r = $db->fetchrow()) - { - $return['users_real'][] = $r['username']; - $i++; - } - $db->free_result(); - - // all done! :-) - $db->close(); - - echo $json->encode( $return ); - - exit; - } - - require('includes/common.php'); - - global $db, $session, $paths, $template, $plugins; // Common objects - if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.'); - - $_ob = ''; - - switch($_GET['_mode']) { - case "checkusername": - echo PageUtils::checkusername($_GET['name']); - break; - case "getsource": - $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; - echo PageUtils::getsource($paths->page, $p); - break; - case "getpage": - // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); - $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id ); - - $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : ''; - $page->password = $pagepass; - - $page->send(); - break; - case "savepage": - $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : ''; - $minor = isset($_POST['minor']); - $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor); - if($e=='good') - { - $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace); - $page->send(); - } - else - { - echo '

Error saving the page: '.$e.'

'; - } - break; - case "protect": - echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']); - break; - case "histlist": - echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace); - break; - case "rollback": - echo PageUtils::rollback( (int)$_GET['id'] ); - break; - case "comments": - $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace); - if ( isset($_POST['data']) ) - { - $comments->process_json($_POST['data']); - } - else - { - die('{ "mode" : "error", "error" : "No input" }'); - } - break; - case "rename": - echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']); - break; - case "flushlogs": - echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace); - break; - case "deletepage": - $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; - if ( empty($reason) ) - die('Please enter a reason for deleting this page.'); - echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason); - break; - case "delvote": - echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace); - break; - case "resetdelvotes": - echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace); - break; - case "getstyles": - echo PageUtils::getstyles($_GET['id']); - break; - case "catedit": - echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace); - break; - case "catsave": - echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST); - break; - case "setwikimode": - echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']); - break; - case "setpass": - echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']); - break; - case "fillusername": - break; - case "fillpagename": - $name = (isset($_GET['name'])) ? $_GET['name'] : false; - if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\''); - $nd = RenderMan::strToPageID($name); - $c = 0; - $u = Array(); - $n = Array(); - - $name = sanitize_page_id($name); - $name = str_replace('_', ' ', $name); - - for($i=0;$ipages)/2;$i++) - { - if( ( - preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) || - preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) || - preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) || - preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) || - preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) || - preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons']) - ) && - ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' ) - && $paths->pages[$i]['visible'] - ) - { - $c++; - $u[] = $paths->pages[$i]['name']; - $n[] = $paths->pages[$i]['urlname']; - } - } - if($c > 0) - { - echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n"; - for($i=0;$iInvalid request.

'; $template->footer(); break; } - if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || - !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '

SQL injection attempt

'; $template->footer(); break; } - echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2); - break; - case "jsres": - die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.'); - break; - case "rdns": - if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!'); - $ip = $_GET['ip']; - $rdns = gethostbyaddr($ip); - if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.'; - else echo $rdns; - break; - case 'acljson': - $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; - echo PageUtils::acl_json($parms); - break; - case "change_theme": - if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) ) - { - die('Invalid input'); - } - if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) ) - { - die('Invalid input'); - } - if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') ) - { - die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css'); - } - if ( !$session->user_logged_in ) - { - die('You must be logged in to change your theme'); - } - // Just in case something slipped through... - $theme_id = $db->escape($_POST['theme_id']); - $style_id = $db->escape($_POST['style_id']); - $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;"); - if ( !$e ) - die( $db->get_error() ); - die('GOOD'); - break; - case 'get_tags': - $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); - - $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); - $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t - LEFT JOIN '.table_prefix.'page_groups AS pg - ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) - WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); - if ( !$q ) - $db->_die(); - - while ( $row = $db->fetchrow() ) - { - $can_del = true; - - $perm = ( $row['user'] != $session->user_id ) ? - 'tag_delete_other' : - 'tag_delete_own'; - - if ( $row['user'] == 1 && !$session->user_logged_in ) - // anonymous user trying to delete tag (hardcode blacklisted) - $can_del = false; - - if ( !$session->get_permissions($perm) ) - $can_del = false; - - if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN ) - $can_del = false; - - $ret['tags'][] = array( - 'id' => $row['tag_id'], - 'name' => $row['tag_name'], - 'can_del' => $can_del, - 'acl' => ( $row['used_in_acl'] == 1 ) - ); - } - - echo $json->encode($ret); - - break; - case 'addtag': - $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); - $resp = array( - 'success' => false, - 'error' => 'No error', - 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ), - 'in_acl' => false - ); - - // first of course, are we allowed to tag pages? - if ( !$session->get_permissions('tag_create') ) - { - $resp['error'] = 'You are not permitted to tag pages.'; - die($json->encode($resp)); - } - - // sanitize the tag name - $tag = sanitize_tag($_POST['tag']); - $tag = $db->escape($tag); - - if ( strlen($tag) < 2 ) - { - $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.'; - die($json->encode($resp)); - } - - // check if tag is already on page - $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); - if ( !$q ) - $db->_die(); - if ( $db->numrows() > 0 ) - { - $resp['error'] = 'This page already has this tag.'; - die($json->encode($resp)); - } - $db->free_result(); - - // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access - $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ); - $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';'); - if ( !$q ) - $db->_die(); - if ( $db->numrows() > 0 && !$can_edit_acl ) - { - $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.'; - die($json->encode($resp)); - } - $resp['in_acl'] = ( $db->numrows() > 0 ); - $db->free_result(); - - // we're good - $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - - $resp['success'] = true; - $resp['tag'] = $tag; - $resp['tag_id'] = $db->insert_id(); - - echo $json->encode($resp); - break; - case 'deltag': - - $tag_id = intval($_POST['tag_id']); - if ( empty($tag_id) ) - die('Invalid tag ID'); - - $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t - LEFT JOIN '.table_prefix.'page_groups AS pg - ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) ) - WHERE t.tag_id=' . $tag_id . ';'); - - if ( !$q ) - $db->_die(); - - if ( $db->numrows() < 1 ) - die('Could not find a tag with that ID'); - - $row = $db->fetchrow(); - $db->free_result(); - - if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace ) - $perms =& $session; - else - $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']); - - $perm = ( $row['user'] != $session->user_id ) ? - 'tag_delete_other' : - 'tag_delete_own'; - - if ( $row['user'] == 1 && !$session->user_logged_in ) - // anonymous user trying to delete tag (hardcode blacklisted) - die('You are not authorized to delete this tag.'); - - if ( !$perms->get_permissions($perm) ) - die('You are not authorized to delete this tag.'); - - if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN ) - die('You are not authorized to delete this tag.'); - - // We're good - $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';'); - if ( !$q ) - $db->_die(); - - echo 'success'; - - break; - case 'ping': - echo 'pong'; - break; - default: - die('Hacking attempt'); - break; - } - +connect(); + + // result is sent using JSON + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + $return = Array( + 'mode' => 'success', + 'users_real' => Array() + ); + + // should be connected to the DB now + $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false; + if ( !$name ) + { + $return = array( + 'mode' => 'error', + 'error' => 'Invalid URI' + ); + die( $json->encode($return) ); + } + $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; + $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); + if ( !$q ) + { + $return = array( + 'mode' => 'error', + 'error' => 'MySQL error selecting username data: '.addslashes(mysql_error()) + ); + die( $json->encode($return) ); + } + $i = 0; + while($r = $db->fetchrow()) + { + $return['users_real'][] = $r['username']; + $i++; + } + $db->free_result(); + + // all done! :-) + $db->close(); + + echo $json->encode( $return ); + + exit; + } + + require('includes/common.php'); + + global $db, $session, $paths, $template, $plugins; // Common objects + if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.'); + + $_ob = ''; + + switch($_GET['_mode']) { + case "checkusername": + echo PageUtils::checkusername($_GET['name']); + break; + case "getsource": + $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; + echo PageUtils::getsource($paths->page, $p); + break; + case "getpage": + // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); + $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id ); + + $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : ''; + $page->password = $pagepass; + + $page->send(); + break; + case "savepage": + $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : ''; + $minor = isset($_POST['minor']); + $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor); + if($e=='good') + { + $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace); + $page->send(); + } + else + { + echo '

Error saving the page: '.$e.'

'; + } + break; + case "protect": + echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']); + break; + case "histlist": + echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace); + break; + case "rollback": + echo PageUtils::rollback( (int)$_GET['id'] ); + break; + case "comments": + $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace); + if ( isset($_POST['data']) ) + { + $comments->process_json($_POST['data']); + } + else + { + die('{ "mode" : "error", "error" : "No input" }'); + } + break; + case "rename": + echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']); + break; + case "flushlogs": + echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace); + break; + case "deletepage": + $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; + if ( empty($reason) ) + die('Please enter a reason for deleting this page.'); + echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason); + break; + case "delvote": + echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace); + break; + case "resetdelvotes": + echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace); + break; + case "getstyles": + echo PageUtils::getstyles($_GET['id']); + break; + case "catedit": + echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace); + break; + case "catsave": + echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST); + break; + case "setwikimode": + echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']); + break; + case "setpass": + echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']); + break; + case "fillusername": + break; + case "fillpagename": + $name = (isset($_GET['name'])) ? $_GET['name'] : false; + if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\''); + $nd = RenderMan::strToPageID($name); + $c = 0; + $u = Array(); + $n = Array(); + + $name = sanitize_page_id($name); + $name = str_replace('_', ' ', $name); + + for($i=0;$ipages)/2;$i++) + { + if( ( + preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) || + preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) || + preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) || + preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) || + preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) || + preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons']) + ) && + ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' ) + && $paths->pages[$i]['visible'] + ) + { + $c++; + $u[] = $paths->pages[$i]['name']; + $n[] = $paths->pages[$i]['urlname']; + } + } + if($c > 0) + { + echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n"; + for($i=0;$iInvalid request.

'; $template->footer(); break; } + if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || + !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '

SQL injection attempt

'; $template->footer(); break; } + echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2); + break; + case "jsres": + die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.'); + break; + case "rdns": + if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!'); + $ip = $_GET['ip']; + $rdns = gethostbyaddr($ip); + if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.'; + else echo $rdns; + break; + case 'acljson': + $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; + echo PageUtils::acl_json($parms); + break; + case "change_theme": + if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) ) + { + die('Invalid input'); + } + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) ) + { + die('Invalid input'); + } + if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') ) + { + die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css'); + } + if ( !$session->user_logged_in ) + { + die('You must be logged in to change your theme'); + } + // Just in case something slipped through... + $theme_id = $db->escape($_POST['theme_id']); + $style_id = $db->escape($_POST['style_id']); + $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;"); + if ( !$e ) + die( $db->get_error() ); + die('GOOD'); + break; + case 'get_tags': + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + + $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); + $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t + LEFT JOIN '.table_prefix.'page_groups AS pg + ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) + WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); + if ( !$q ) + $db->_die(); + + while ( $row = $db->fetchrow() ) + { + $can_del = true; + + $perm = ( $row['user'] != $session->user_id ) ? + 'tag_delete_other' : + 'tag_delete_own'; + + if ( $row['user'] == 1 && !$session->user_logged_in ) + // anonymous user trying to delete tag (hardcode blacklisted) + $can_del = false; + + if ( !$session->get_permissions($perm) ) + $can_del = false; + + if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN ) + $can_del = false; + + $ret['tags'][] = array( + 'id' => $row['tag_id'], + 'name' => $row['tag_name'], + 'can_del' => $can_del, + 'acl' => ( $row['used_in_acl'] == 1 ) + ); + } + + echo $json->encode($ret); + + break; + case 'addtag': + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + $resp = array( + 'success' => false, + 'error' => 'No error', + 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ), + 'in_acl' => false + ); + + // first of course, are we allowed to tag pages? + if ( !$session->get_permissions('tag_create') ) + { + $resp['error'] = 'You are not permitted to tag pages.'; + die($json->encode($resp)); + } + + // sanitize the tag name + $tag = sanitize_tag($_POST['tag']); + $tag = $db->escape($tag); + + if ( strlen($tag) < 2 ) + { + $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.'; + die($json->encode($resp)); + } + + // check if tag is already on page + $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); + if ( !$q ) + $db->_die(); + if ( $db->numrows() > 0 ) + { + $resp['error'] = 'This page already has this tag.'; + die($json->encode($resp)); + } + $db->free_result(); + + // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access + $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ); + $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';'); + if ( !$q ) + $db->_die(); + if ( $db->numrows() > 0 && !$can_edit_acl ) + { + $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.'; + die($json->encode($resp)); + } + $resp['in_acl'] = ( $db->numrows() > 0 ); + $db->free_result(); + + // we're good + $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + + $resp['success'] = true; + $resp['tag'] = $tag; + $resp['tag_id'] = $db->insert_id(); + + echo $json->encode($resp); + break; + case 'deltag': + + $tag_id = intval($_POST['tag_id']); + if ( empty($tag_id) ) + die('Invalid tag ID'); + + $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t + LEFT JOIN '.table_prefix.'page_groups AS pg + ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) ) + WHERE t.tag_id=' . $tag_id . ';'); + + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + die('Could not find a tag with that ID'); + + $row = $db->fetchrow(); + $db->free_result(); + + if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace ) + $perms =& $session; + else + $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']); + + $perm = ( $row['user'] != $session->user_id ) ? + 'tag_delete_other' : + 'tag_delete_own'; + + if ( $row['user'] == 1 && !$session->user_logged_in ) + // anonymous user trying to delete tag (hardcode blacklisted) + die('You are not authorized to delete this tag.'); + + if ( !$perms->get_permissions($perm) ) + die('You are not authorized to delete this tag.'); + + if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN ) + die('You are not authorized to delete this tag.'); + + // We're good + $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';'); + if ( !$q ) + $db->_die(); + + echo 'success'; + + break; + case 'ping': + echo 'pong'; + break; + default: + die('Hacking attempt'); + break; + } + ?> \ No newline at end of file diff -r 3daa715e0f69 -r b11a2f1353c0 includes/captcha.php --- a/includes/captcha.php Sat Nov 03 14:15:14 2007 -0400 +++ b/includes/captcha.php Sat Nov 03 14:30:53 2007 -0400 @@ -1,7 +1,8 @@ '; + document.getElementById(aclManagerID + '_next').value = $lang.get('etc_wizard_next'); groups = parseJSON(ajax.responseText); if ( groups.mode == 'error' ) { @@ -104,13 +104,13 @@ grpb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'block'; document.getElementById('enACL_usrbox_'+seed).style.display = 'none'; }; lbl = document.createElement('label'); lbl.appendChild(grpb); - lbl.appendChild(document.createTextNode('A usergroup')); + lbl.appendChild(document.createTextNode($lang.get('acl_radio_usergroup'))); lbl.style.display = 'block'; span.appendChild(grpsel); anoninfo = document.createElement('div'); anoninfo.className = 'info-box-mini'; - anoninfo.appendChild(document.createTextNode('To edit permissions for guests, select "a specific user", and enter Anonymous as the username.')); + anoninfo.appendChild(document.createTextNode($lang.get('acl_msg_guest_howto'))); span.appendChild(document.createElement('br')); span.appendChild(anoninfo); @@ -122,7 +122,7 @@ usrb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'none'; document.getElementById('enACL_usrbox_'+seed).style.display = 'block'; }; lbl2 = document.createElement('label'); lbl2.appendChild(usrb); - lbl2.appendChild(document.createTextNode('A specific user')); + lbl2.appendChild(document.createTextNode($lang.get('acl_radio_user'))); lbl2.style.display = 'block'; usrsel = document.createElement('input'); @@ -167,21 +167,21 @@ lblPage = document.createElement('label'); lblPage.style.display = 'block'; lblPage.appendChild(scopeRadioPage); - lblPage.appendChild(document.createTextNode('Only this page')); + lblPage.appendChild(document.createTextNode($lang.get('acl_radio_scope_thispage'))); lblGlobal = document.createElement('label'); lblGlobal.style.display = 'block'; lblGlobal.appendChild(scopeRadioGlobal); - lblGlobal.appendChild(document.createTextNode('The entire website')); + lblGlobal.appendChild(document.createTextNode($lang.get('acl_radio_scope_wholesite'))); lblGroup = document.createElement('label'); lblGroup.style.display = 'block'; lblGroup.appendChild(scopeRadioGroup); - lblGroup.appendChild(document.createTextNode('A group of pages')); + lblGroup.appendChild(document.createTextNode($lang.get('acl_radio_scope_pagegroup'))); scopediv1.appendChild(lblPage); scopediv2.appendChild(lblGroup); scopediv3.appendChild(lblGlobal); scopedesc = document.createElement('p'); - scopedesc.appendChild(document.createTextNode('What should this access rule control?')); + scopedesc.appendChild(document.createTextNode($lang.get('acl_lbl_scope'))); scopePGrp = document.createElement('select'); scopePGrp.style.marginLeft = '13px'; @@ -219,10 +219,10 @@ container.style.paddingTop = '50px'; head = document.createElement('h2'); - head.appendChild(document.createTextNode('Manage page access')); + head.appendChild(document.createTextNode($lang.get('acl_lbl_welcome_title'))); desc = document.createElement('p'); - desc.appendChild(document.createTextNode('Please select who should be affected by this access rule.')); + desc.appendChild(document.createTextNode($lang.get('acl_lbl_welcome_body'))); container.appendChild(head); container.appendChild(desc); @@ -319,11 +319,14 @@ // Build the ACL edit form // try { - act_desc = ( data.type == 'new' ) ? 'Create access rule' : 'Editing permissions'; - target_type_t = ( data.target_type == 1 ) ? 'group' : 'user'; - target_name_t = data.target_name; - var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : ( data.namespace == '__PageGroup' ) ? 'this group of pages' : 'this page'; - html = '

'+act_desc+'

This panel allows you to edit what the '+target_type_t+' "'+target_name_t+'" can do on ' + scope_type + '. Unless you set a permission to "Deny", these permissions may be overridden by other rules.

'; + + var act_desc = ( data.type == 'new' ) ? $lang.get('acl_lbl_editwin_title_create') : $lang.get('acl_lbl_editwin_title_edit'); + var target_type_t = ( data.target_type == 1 ) ? $lang.get('acl_target_type_group') : $lang.get('acl_target_type_user'); + var target_name_t = data.target_name; + var scope_type = ( data.page_id == false && data.namespace == false ) ? $lang.get('acl_scope_type_wholesite') : ( data.namespace == '__PageGroup' ) ? $lang.get('acl_scope_type_pagegroup') : $lang.get('acl_scope_type_thispage'); + + html = '

'+act_desc+'

'; + html += '

' + $lang.get('acl_lbl_editwin_body', { target_type: target_type_t, target: target_name_t, scope_type: scope_type }) + '

'; parser = new templateParser(data.template.acl_field_begin); html += parser.run(); @@ -335,7 +338,14 @@ cls = ( cls == 'row1' ) ? 'row2' : 'row1'; p = new templateParser(data.template.acl_field_item); vars = new Object(); - vars['FIELD_DESC'] = data.acl_descs[i]; + if ( data.acl_descs[i].match(/^([a-z0-9_]+)$/) ) + { + vars['FIELD_DESC'] = $lang.get(data.acl_descs[i]); + } + else + { + vars['FIELD_DESC'] = data.acl_descs[i]; + } vars['FIELD_DENY_CHECKED'] = ''; vars['FIELD_DISALLOW_CHECKED'] = ''; vars['FIELD_WIKIMODE_CHECKED'] = ''; @@ -367,7 +377,7 @@ html += parser.run(); if(data.type == 'edit') - html += '

Delete this rule

'; + html += '

' + $lang.get('acl_lbl_deleterule') + '

'; var main = document.getElementById(aclManagerID + '_main'); main.innerHTML = html; @@ -383,7 +393,7 @@ aclPermList = array_keys(data.acl_types); document.getElementById(aclManagerID + '_back').style.display = 'inline'; - document.getElementById(aclManagerID + '_next').value = 'Save Changes'; + document.getElementById(aclManagerID + '_next').value = $lang.get('etc_save_changes'); // } catch(e) { alert(e); aclDebug(ajax.responseText); } @@ -393,24 +403,24 @@ note.className = 'info-box'; note.style.marginLeft = '0'; var b = document.createElement('b'); - b.appendChild(document.createTextNode('Permissions updated')); + b.appendChild(document.createTextNode($lang.get('acl_lbl_save_success_title'))); note.appendChild(b); note.appendChild(document.createElement('br')); - note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.')); + note.appendChild(document.createTextNode($lang.get('acl_lbl_save_success_body', { target_name: data.target_name }))); note.appendChild(document.createElement('br')); var a = document.createElement('a'); a.href = 'javascript:void(0);'; a.onclick = function() { this.parentNode.parentNode.removeChild(this.parentNode); return false; }; - a.appendChild(document.createTextNode('[ dismiss :')); + a.appendChild(document.createTextNode('[ ' + $lang.get('acl_btn_success_dismiss') + ' :')); note.appendChild(a); var a2 = document.createElement('a'); a2.href = 'javascript:void(0);'; a2.onclick = function() { killACLManager(); return false; }; - a2.appendChild(document.createTextNode(': close manager ]')); + a2.appendChild(document.createTextNode(': ' + $lang.get('acl_btn_success_close') + ' ]')); note.appendChild(a2); document.getElementById(aclManagerID + '_main').insertBefore(note, document.getElementById(aclManagerID + '_main').firstChild); if(!document.getElementById(aclManagerID+'_deletelnk')) - document.getElementById(aclManagerID + '_main').innerHTML += '

Delete this rule

'; + document.getElementById(aclManagerID + '_main').innerHTML += '

' + $lang.get('acl_lbl_deleterule') + '

'; //fadeInfoBoxes(); document.getElementById(aclManagerID+'_main').scrollTop = 0; @@ -428,7 +438,7 @@ { document.getElementById(aclManagerID+'_main').innerHTML = ''; document.getElementById(aclManagerID + '_back').style.display = 'none'; - document.getElementById(aclManagerID + '_next').value = 'Next >'; + document.getElementById(aclManagerID + '_next').value = $lang.get('etc_wizard_next'); var thispage = strToPageID(title); groups.page_id = thispage[0]; groups.namespace = thispage[1]; @@ -441,20 +451,20 @@ note.style.width = '558px'; note.id = 'aclSuccessNotice_' + Math.floor(Math.random() * 100000); b = document.createElement('b'); - b.appendChild(document.createTextNode('Entry deleted')); + b.appendChild(document.createTextNode($lang.get('acl_lbl_delete_success_title'))); note.appendChild(b); note.appendChild(document.createElement('br')); - note.appendChild(document.createTextNode('The access rules for '+aclDataCache.target_name+' on this page have been deleted.')); + note.appendChild(document.createTextNode($lang.get('acl_lbl_delete_success_title', { target_name: aclDataCache.target_name }))); note.appendChild(document.createElement('br')); a = document.createElement('a'); a.href = '#'; a.onclick = function() { opacity(this.parentNode.id, 100, 0, 1000); setTimeout('var div = document.getElementById("' + this.parentNode.id + '"); div.parentNode.removeChild(div);', 1100); return false; }; - a.appendChild(document.createTextNode('[ dismiss :')); + a.appendChild(document.createTextNode('[ ' + $lang.get('acl_btn_success_dismiss') + ' :')); note.appendChild(a); a = document.createElement('a'); a.href = '#'; a.onclick = function() { killACLManager(); return false; }; - a.appendChild(document.createTextNode(': close manager ]')); + a.appendChild(document.createTextNode(': ' + $lang.get('acl_btn_success_close') + ' ]')); note.appendChild(a); document.getElementById(aclManagerID + '_main').insertBefore(note, document.getElementById(aclManagerID + '_main').firstChild); //fadeInfoBoxes(); @@ -542,7 +552,7 @@ back = document.createElement('input'); back.type = 'button'; - back.value = '< Back'; + back.value = $lang.get('etc_wizard_back'); back.style.fontWeight = 'normal'; back.onclick = function() { ajaxACLSwitchToSelector(); return false; }; back.style.display = 'none'; @@ -550,14 +560,14 @@ saver = document.createElement('input'); saver.type = 'submit'; - saver.value = 'Next >'; + saver.value = $lang.get('etc_wizard_next'); saver.style.fontWeight = 'bold'; saver.id = aclManagerID + '_next'; closer = document.createElement('input'); closer.type = 'button'; - closer.value = 'Cancel Changes'; - closer.onclick = function() { if(!confirm('Do you really want to close the ACL manager?')) return false; killACLManager(); return false; } + closer.value = $lang.get('etc_cancel_changes'); + closer.onclick = function() { if(!confirm($lang.get('acl_msg_closeacl_confirm'))) return false; killACLManager(); return false; } spacer1 = document.createTextNode(' '); spacer2 = document.createTextNode(' '); @@ -624,7 +634,7 @@ var target_type = parseInt(getRadioState(thefrm, 'target_type', ['1', '2'])); if(isNaN(target_type)) { - alert('Please select a target type.'); + alert($lang.get('acl_err_pleaseselect_targettype')); return false; } target_id = ( target_type == 1 ) ? parseInt(thefrm.group_id.value) : thefrm.username.value; @@ -666,7 +676,7 @@ } if(target_id == '') { - alert('Please enter a username.'); + alert($lang.get('acl_err_pleaseselect_username')); return false; } __aclJSONSubmitAjaxHandler(obj); diff -r 3daa715e0f69 -r b11a2f1353c0 includes/clientside/static/ajax.js --- a/includes/clientside/static/ajax.js Sat Nov 03 14:15:14 2007 -0400 +++ b/includes/clientside/static/ajax.js Sat Nov 03 14:30:53 2007 -0400 @@ -71,7 +71,7 @@ if(ajax.readyState == 4) { unsetAjaxLoading(); if(edit_open) { - c=confirm('Do you really want to revert your changes?'); + c=confirm($lang.get('editor_msg_revert_confirm')); if(!c) return; } edit_open = true; @@ -82,18 +82,18 @@ // Allow the textarea grippifier to re-create the resizer control on the textarea grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas)); } - disableUnload('If you do, any changes that you have made to this page will be lost.'); + disableUnload($lang.get('editor_msg_unload')); var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ? - 'wikitext editor | graphical editor' : - 'wikitext editor | graphical editor' ; + '' + $lang.get('editor_btn_wikitext') + ' | ' + $lang.get('editor_btn_graphical') : + $lang.get('editor_btn_wikitext') + ' | ' + $lang.get('editor_btn_graphical') + '' ; document.getElementById('ajaxEditContainer').innerHTML = '\
\ ' + switcher + '
\
\
\ - Edit summary:
\ -
\ - save changes | preview changes | revert changes | discard changes\ + ' + $lang.get('editor_lbl_edit_summary') + '
\ +
\ + ' + $lang.get('editor_btn_save') + ' | ' + $lang.get('editor_btn_preview') + ' | ' + $lang.get('editor_btn_revert') + ' | ' + $lang.get('editor_btn_cancel') + '\
\ '+editNotice+'\
'; @@ -110,14 +110,14 @@ { $('ajaxEditArea').switchToMCE(); createCookie('enano_editor_mode', 'tinymce', 365); - $('switcher').object.innerHTML = 'wikitext editor | graphical editor'; + $('switcher').object.innerHTML = '' + $lang.get('editor_btn_wikitext') + ' | ' + $lang.get('editor_btn_graphical'); } function setEditorText() { $('ajaxEditArea').destroyMCE(); createCookie('enano_editor_mode', 'text', 365); - $('switcher').object.innerHTML = 'wikitext editor | graphical editor'; + $('switcher').object.innerHTML = $lang.get('editor_btn_wikitext') + ' | ' + $lang.get('editor_btn_graphical') + ''; } function ajaxViewSource() @@ -129,11 +129,7 @@ ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() { if(ajax.readyState == 4) { unsetAjaxLoading(); - if(edit_open) { - c=confirm('Do you really want to revert your changes?'); - if(!c) return; - } - edit_open = true; + edit_open = false; selectButtonMajor('article'); selectButtonMinor('edit'); if(in_array('ajaxEditArea', grippied_textareas)) @@ -144,7 +140,7 @@ document.getElementById('ajaxEditContainer').innerHTML = '\
\
\ - close viewer\ + ' + $lang.get('editor_btn_closeviewer') + '\
'; initTextareas(); } @@ -194,7 +190,7 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - c = confirm('Do you really want to discard your changes?'); + c = confirm($lang.get('editor_msg_discard_confirm')); if(!c) return; ajaxReset(); } @@ -204,6 +200,9 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; + var ns_id = strToPageID(title); + if ( ns_id[1] == 'Special' || ns_id[1] == 'Admin' ) + return false; enableUnload(); setAjaxLoading(); ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() { @@ -226,7 +225,7 @@ if(shift) { r = 'NO_REASON'; } else { - r = prompt('Reason for (un)protecting:'); + r = prompt($lang.get('ajax_protect_prompt_reason')); if(!r || r=='') return; } setAjaxLoading(); @@ -248,7 +247,7 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.'); + r = prompt($lang.get('ajax_rename_prompt')); if(!r || r=='') return; setAjaxLoading(); ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() { @@ -278,12 +277,12 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - var reason = prompt('Please enter your reason for deleting this page.'); + var reason = prompt($lang.get('ajax_delete_prompt_reason')); if ( !reason || reason == '' ) { return false; } - c = confirm('You are about to REVERSIBLY delete this page. Do you REALLY want to do this?\n\n(Comments and categorization data, as well as any attached files, will be permanently lost)'); + c = confirm($lang.get('ajax_delete_confirm')); if(!c) { return; @@ -303,7 +302,7 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - c = confirm('Are you sure that you want to vote that this page be deleted?'); + c = confirm($lang.get('ajax_delvote_confirm')); if(!c) return; setAjaxLoading(); ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() { @@ -319,7 +318,7 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?'); + c = confirm($lang.get('ajax_delvote_reset_confirm')); if(!c) return; setAjaxLoading(); ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() { @@ -457,9 +456,9 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?'); + c = confirm($lang.get('ajax_clearlogs_confirm')); if(!c) return; - c = confirm('You\'re ABSOLUTELY sure???'); + c = confirm($lang.get('ajax_clearlogs_confirm_nag')); if(!c) return; setAjaxLoading(); ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() { @@ -563,13 +562,13 @@ if ( KILL_SWITCH ) return true; var inner_html = ''; - inner_html += '

'; - var chtheme_mb = new messagebox(MB_OKCANCEL|MB_ICONQUESTION, 'Change your theme', inner_html); + var chtheme_mb = new messagebox(MB_OKCANCEL|MB_ICONQUESTION, $lang.get('ajax_changestyle_title'), inner_html); chtheme_mb.onbeforeclick['OK'] = ajaxChangeStyleComplete; } @@ -614,7 +613,7 @@ var p_parent = document.createElement('p'); var label = document.createElement('label'); p_parent.id = 'chtheme_sel_style_parent'; - label.appendChild(document.createTextNode('Style: ')); + label.appendChild(document.createTextNode($lang.get('ajax_changestyle_lbl_style') + ' ')); var select = document.createElement('select'); select.id = 'chtheme_sel_style'; for ( var i in options ) @@ -643,7 +642,7 @@ var style = $('chtheme_sel_style'); if ( !theme.object || !style.object ) { - alert('Please select a theme from the list.'); + alert($lang.get('ajax_changestyle_pleaseselect_theme')); return true; } var theme_id = theme.object.value; @@ -667,7 +666,7 @@ { if ( ajax.responseText == 'GOOD' ) { - var c = confirm('Your theme preference has been changed.\nWould you like to reload the page now to see the changes?'); + var c = confirm($lang.get('ajax_changestyle_success')); if ( c ) window.location.reload(); } @@ -876,7 +875,7 @@ // IE <6 pseudo-compatibility if ( KILL_SWITCH ) return true; - if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') ) + if ( !confirm($lang.get('ajax_killphp_confirm')) ) return false; var $killdiv = $dynano('php_killer'); if ( !$killdiv.object ) @@ -897,7 +896,7 @@ var newdiv = document.createElement('div'); // newdiv.style = $killdiv.object.style; newdiv.className = $killdiv.object.className; - newdiv.innerHTML = 'Success
Embedded PHP in pages has been disabled.'; + newdiv.innerHTML = 'Success
' + $lang.get('ajax_killphp_success'); $killdiv.object.parentNode.appendChild(newdiv); $killdiv.object.parentNode.removeChild($killdiv.object); } @@ -934,14 +933,14 @@ if ( !catbox ) return false; var linkbox = catbox.parentNode.firstChild.firstChild.nextSibling; - linkbox.firstChild.nodeValue = 'show page categorization'; + linkbox.firstChild.nodeValue = $lang.get('catedit_catbox_link_showcategorization'); linkbox.onclick = function() { ajaxTagToCat(); return false; }; catHTMLBuf = catbox.innerHTML; catbox.innerHTML = ''; - catbox.appendChild(document.createTextNode('Page tags: ')); + catbox.appendChild(document.createTextNode($lang.get('tags_lbl_page_tags')+' ')); if ( json.tags.length < 1 ) { - catbox.appendChild(document.createTextNode('No tags on this page')); + catbox.appendChild(document.createTextNode($lang.get('tags_lbl_no_tags'))); } for ( var i = 0; i < json.tags.length; i++ ) { @@ -965,7 +964,7 @@ var addlink = document.createElement('a'); addlink.href = '#'; addlink.onclick = function() { try { ajaxAddTagStage1(); } catch(e) { }; return false; }; - addlink.appendChild(document.createTextNode('(add a tag)')); + addlink.appendChild(document.createTextNode($lang.get('tags_btn_add_tag'))); catbox.appendChild(addlink); } } @@ -984,7 +983,7 @@ var addlink = document.createElement('a'); addlink.href = '#'; addlink.onclick = function() { ajaxAddTagStage2(this.parentNode.firstChild.nextSibling.value, this.parentNode); return false; }; - addlink.appendChild(document.createTextNode('+ Add')); + addlink.appendChild(document.createTextNode($lang.get('tags_btn_add'))); text.type = 'text'; text.size = '15'; text.onkeyup = function(e) @@ -996,7 +995,7 @@ } adddiv.style.margin = '5px 0 0 0'; - adddiv.appendChild(document.createTextNode('Add a tag: ')); + adddiv.appendChild(document.createTextNode($lang.get('tags_lbl_add_tag')+' ')); adddiv.appendChild(text); adddiv.appendChild(document.createTextNode(' ')); adddiv.appendChild(addlink); @@ -1038,7 +1037,7 @@ var node = parent.childNodes[1]; var insertafter = false; var nukeafter = false; - if ( node.nodeValue == 'No tags on this page' ) + if ( node.nodeValue == $lang.get('tags_lbl_no_tags') ) { nukeafter = true; } @@ -1079,12 +1078,12 @@ var writeNoTags = false; if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == ', ' ) arrDelete.push(parentobj.previousSibling.previousSibling.previousSibling); - else if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == 'Page tags: ' ) + else if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == $lang.get('tags_lbl_page_tags') + ' ' ) arrDelete.push(parentobj.nextSibling); - if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == 'Page tags: ' && + if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == $lang.get('tags_lbl_page_tags') + ' ' && parentobj.nextSibling.nextSibling.firstChild ) - if ( parentobj.nextSibling.nextSibling.firstChild.nodeValue == '(add a tag)') + if ( parentobj.nextSibling.nextSibling.firstChild.nodeValue == $lang.get('tags_btn_add_tag')) writeNoTags = true; ajaxPost(stdAjaxPrefix + '&_mode=deltag', 'tag_id=' + String(tag_id), function() @@ -1102,7 +1101,7 @@ } if ( writeNoTags ) { - var node1 = document.createTextNode('No tags on this page'); + var node1 = document.createTextNode($lang.get('tags_lbl_no_tags')); var node2 = document.createTextNode(' '); insertAfter(parent, node1, parent.firstChild); insertAfter(parent, node2, node1); @@ -1125,7 +1124,7 @@ return false; addtag_open = false; var linkbox = catbox.parentNode.firstChild.firstChild.nextSibling; - linkbox.firstChild.nodeValue = 'show page tags'; + linkbox.firstChild.nodeValue = $lang.get('tags_catbox_link'); linkbox.onclick = function() { ajaxCatToTag(); return false; }; catbox.innerHTML = catHTMLBuf; catHTMLBuf = false; @@ -1148,7 +1147,7 @@ if ( keepalive_interval ) clearInterval(keepalive_interval); var span = document.getElementById('keepalivestat'); - span.firstChild.nodeValue = 'Turn on keep-alive'; + span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_off'); } else { @@ -1156,7 +1155,7 @@ if ( !keepalive_interval ) keepalive_interval = setInterval('ajaxPingServer();', 600000); var span = document.getElementById('keepalivestat'); - span.firstChild.nodeValue = 'Turn off keep-alive'; + span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_on'); ajaxPingServer(); } } @@ -1168,19 +1167,50 @@ if ( !keepalive_interval ) keepalive_interval = setInterval('ajaxPingServer();', 600000); var span = document.getElementById('keepalivestat'); - span.firstChild.nodeValue = 'Turn off keep-alive'; + span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_on'); } else { if ( keepalive_interval ) clearInterval(keepalive_interval); var span = document.getElementById('keepalivestat'); - span.firstChild.nodeValue = 'Turn on keep-alive'; + span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_off'); } }; function aboutKeepAlive() { - new messagebox(MB_OK|MB_ICONINFORMATION, 'About the keep-alive feature', 'Keep-alive is a new Enano feature that keeps your administrative session from timing out while you are using the administration panel. This feature can be useful if you are editing a large page or doing something in the administration interface that will take longer than 15 minutes.

For security reasons, Enano mandates that high-privilege logins last only 15 minutes, with the time being reset each time a page is loaded (or, more specifically, each time the session API is started). The consequence of this is that if you are performing an action in the administration panel that takes more than 15 minutes, your session may be terminated. The keep-alive feature attempts to relieve this by sending a "ping" to the server every 10 minutes.

Please note that keep-alive state is determined by a cookie. Thus, if you log out and then back in as a different administrator, keep-alive will use the same setting that was used when you were logged in as the first administrative user. In the same way, if you log into the administration panel under your account from another computer, keep-alive will be set to "off".

For more information:
Overview of Enano'+"'"+'s security model'); + new messagebox(MB_OK|MB_ICONINFORMATION, $lang.get('user_keepalive_info_title'), $lang.get('user_keepalive_info_body')); } +function ajaxShowCaptcha(code) +{ + var mydiv = document.createElement('div'); + mydiv.style.backgroundColor = '#FFFFFF'; + mydiv.style.padding = '10px'; + mydiv.style.position = 'absolute'; + mydiv.style.top = '0px'; + mydiv.id = 'autoCaptcha'; + mydiv.style.zIndex = String( getHighestZ() + 1 ); + var img = document.createElement('img'); + img.onload = function() + { + if ( this.loaded ) + return true; + var mydiv = document.getElementById('autoCaptcha'); + var width = getWidth(); + var divw = $(mydiv).Width(); + var left = ( width / 2 ) - ( divw / 2 ); + mydiv.style.left = left + 'px'; + fly_in_top(mydiv, false, true); + this.loaded = true; + }; + img.src = makeUrlNS('Special', 'Captcha/' + code); + img.onclick = function() { this.src = this.src + '/a'; }; + img.style.cursor = 'pointer'; + mydiv.appendChild(img); + domObjChangeOpac(0, mydiv); + var body = document.getElementsByTagName('body')[0]; + body.appendChild(mydiv); +} + diff -r 3daa715e0f69 -r b11a2f1353c0 includes/clientside/static/comments.js --- a/includes/clientside/static/comments.js Sat Nov 03 14:15:14 2007 -0400 +++ b/includes/clientside/static/comments.js Sat Nov 03 14:30:53 2007 -0400 @@ -48,7 +48,7 @@ annihiliateComment(response.id); break; case 'materialize': - alert('Your comment has been posted. If it does not appear right away, it is probably awaiting approval.'); + alert($lang.get('comment_msg_comment_posted')); hideCommentForm(); materializeComment(response); break; @@ -70,36 +70,43 @@ // Header - html += '

Article Comments

'; + html += '

' + $lang.get('comment_heading') + '

'; - var ns = ( strToPageID(title)[1]=='Article' ) ? 'article' : ( strToPageID(title)[1].toLowerCase() ) + ' page'; + var ns = ENANO_PAGE_TYPE; // Counters if ( data.auth_mod_comments ) { var cnt = ( data.auth_mod_comments ) ? data.count_total : data.count_appr; - if ( cnt == 0 ) cnt = 'no'; - var s = ( cnt == 1 ) ? '' : 's'; - var is = ( cnt == 1 ) ? 'is' : 'are'; - html += "

There "+is+" " + cnt + " comment"+s+" on this "+ns+"."; + + var subst = { + num_comments: cnt, + page_type: ns + } + var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) ); + + html += "

" + count_msg + ''; if ( data.count_unappr > 0 ) { - html += ' ' + data.count_unappr + ' of those are unapproved.'; + html += ' ' + $lang.get('comment_msg_count_unapp_mod', { num_unapp: data.count_unappr }) + ''; } html += '

'; } else { var cnt = data.count_appr; - if ( cnt == 0 ) cnt = 'no'; - var s = ( cnt == 1 ) ? '' : 's'; - var is = ( cnt == 1 ) ? 'is' : 'are'; - html += "

There "+is+" " + cnt + " comment"+s+" on this "+ns+"."; + + var subst = { + num_comments: cnt, + page_type: ns + } + var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) ); + + html += "

" + count_msg; if ( data.count_unappr > 0 ) { - var s = ( data.count_unappr == 1 ) ? '' : 's'; - var is = ( data.count_unappr == 1 ) ? 'is' : 'are'; - html += ' However, there '+is+' '+data.count_unappr+' additional comment'+s+' awaiting approval.'; + var unappr_msg = ( data.count_unappr == 1 ) ? $lang.get('comment_msg_count_unapp_one') : $lang.get('comment_msg_count_unapp_plural', { num_unapp: data.count_unappr }); + html += ' ' + unappr_msg; } html += '

'; } @@ -118,28 +125,28 @@ // Posting form - html += '

Got something to say?

'; - html += '

If you have comments or suggestions on this article, you can shout it out here.'; + html += '

' + $lang.get('comment_postform_title') + '

'; + html += '

' + $lang.get('comment_postform_blurb'); if ( data.approval_needed ) - html+=' Before your post will be visible to the public, a moderator will have to approve it.'; - html += ' Leave a comment...

'; + html+=' ' + $lang.get('comment_postform_blurb_unapp'); + html += ' ' + $lang.get('comment_postform_blurb_link') + '

'; html += ''; @@ -171,7 +178,7 @@ tplvars.SIGNATURE = this_comment.signature; if ( this_comment.approved != '1' ) - tplvars.SUBJECT += ' (Unapproved)'; + tplvars.SUBJECT += ' ' + $lang.get('comment_msg_note_unapp') + ''; // Name tplvars.NAME = this_comment.name; @@ -179,29 +186,29 @@ tplvars.NAME = '' + this_comment.name + ''; // User level - tplvars.USER_LEVEL = 'Guest'; - if ( this_comment.user_level >= data.user_level.member ) tplvars.USER_LEVEL = 'Member'; - if ( this_comment.user_level >= data.user_level.mod ) tplvars.USER_LEVEL = 'Moderator'; - if ( this_comment.user_level >= data.user_level.admin ) tplvars.USER_LEVEL = 'Administrator'; - + tplvars.USER_LEVEL = $lang.get('user_type_guest'); + if ( this_comment.user_level >= data.user_level.member ) tplvars.USER_LEVEL = $lang.get('user_type_member'); + if ( this_comment.user_level >= data.user_level.mod ) tplvars.USER_LEVEL = $lang.get('user_type_mod'); + if ( this_comment.user_level >= data.user_level.admin ) tplvars.USER_LEVEL = $lang.get('user_type_admin'); + // Send PM link - tplvars.SEND_PM_LINK=(this_comment.user_id>1 && data.logged_in)?'Send private message
':''; + tplvars.SEND_PM_LINK=(this_comment.user_id>1)?'' + $lang.get('comment_btn_send_privmsg') + '
':''; // Add buddy link - tplvars.ADD_BUDDY_LINK=(this_comment.user_id>1 && data.logged_in && this_comment.is_buddy != 1)?'Add to buddy list
':''; + tplvars.ADD_BUDDY_LINK=(this_comment.user_id>1)?'' + $lang.get('comment_btn_add_buddy') + '
':''; // Edit link - tplvars.EDIT_LINK='edit'; + tplvars.EDIT_LINK='' + $lang.get('comment_btn_edit') + ''; // Delete link - tplvars.DELETE_LINK='delete'; + tplvars.DELETE_LINK='' + $lang.get('comment_btn_delete') + ''; // Moderation: (Un)approve link - var appr = ( this_comment.approved == 1 ) ? 'Unapprove' : 'Approve'; + var appr = ( this_comment.approved == 1 ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve'); tplvars.MOD_APPROVE_LINK=''+appr+''; // Moderation: Delete post link - tplvars.MOD_DELETE_LINK='Delete'; + tplvars.MOD_DELETE_LINK='' + $lang.get('comment_btn_mod_delete') + ''; var tplbool = new Object(); @@ -212,9 +219,9 @@ tplbool.is_foe = ( this_comment.is_buddy == 1 && this_comment.is_friend == 0 ); if ( tplbool.is_friend ) - tplvars.USER_LEVEL += '
On your friend list'; + tplvars.USER_LEVEL += '
' + $lang.get('comment_on_friend_list') + ''; else if ( tplbool.is_foe ) - tplvars.USER_LEVEL += '
On your foe list'; + tplvars.USER_LEVEL += '
' + $lang.get('comment_on_foe_list') + ''; parser.assign_vars(tplvars); parser.assign_bool(tplbool); @@ -255,7 +262,7 @@ cmt.appendChild(ta); link.style.fontWeight = 'bold'; - link.innerHTML = 'save'; + link.innerHTML = $lang.get('comment_btn_save'); link.onclick = function() { var id = this.id.substr(this.id.indexOf('_')+1); saveComment(id, this); return false; }; } @@ -273,7 +280,7 @@ 'subj' : subj }; link.style.fontWeight = 'normal'; - link.innerHTML = 'edit'; + link.innerHTML = $lang.get('comment_btn_edit'); link.onclick = function() { var id = this.id.substr(this.id.indexOf('_')+1); editComment(id, this); return false; }; ajaxComments(req); } @@ -282,7 +289,7 @@ { if ( !shift ) { - var c = confirm('Do you really want to delete this comment?'); + var c = confirm($lang.get('comment_msg_delete_confirm')); if(!c) return false; } @@ -340,36 +347,17 @@ } if ( data.approved && data.approved != '1' ) { - document.getElementById('subject_' + data.id).innerHTML += ' (Unapproved)'; + document.getElementById('subject_' + data.id).innerHTML += ' ' + $lang.get('comment_msg_note_unapp') + ''; } if ( data.approved && ( typeof(data.approve_updated) == 'string' && data.approve_updated == 'yes' ) ) { - var appr = ( data.approved == '1' ) ? 'Unapprove' : 'Approve'; + var appr = ( data.approved == '1' ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve'); document.getElementById('comment_approve_'+data.id).innerHTML = appr; - // Update approval status - var p = document.getElementById('comment_status'); - var count = p.firstChild.nodeValue.split(' ')[2]; - - if ( p.firstChild.nextSibling ) - { - var span = p.firstChild.nextSibling; - var is = ( data.approved == '1' ) ? -1 : 1; - var n_unapp = parseInt(span.firstChild.nodeValue.split(' ')[0]) + is; - n_unapp = n_unapp + ''; - } + if ( data.approved == '1' ) + comment_decrement_unapproval(); else - { - var span = document.createElement('span'); - p.innerHTML += ' '; - span.innerHTML = ' '; - span.style.color = '#D84308'; - var n_unapp = '1'; - p.appendChild(span); - } - span.innerHTML = n_unapp + ' of those are unapproved.'; - if ( n_unapp == '0' ) - p.removeChild(span); + comment_increment_unapproval(); } if ( data.text ) { @@ -396,41 +384,24 @@ // Does the actual DOM object removal function annihiliateComment(id) // Did I spell that right? { - // Approved? - var p = document.getElementById('comment_status'); - + var approved = true; if(document.getElementById('comment_approve_'+id)) { var appr = document.getElementById('comment_approve_'+id).firstChild.nodeValue; - if ( p.firstChild.nextSibling && appr == 'Approve' ) + if ( appr == $lang.get('comment_btn_mod_approve') ) { - var span = p.firstChild.nextSibling; - var t = span.firstChild.nodeValue; - var n_unapp = ( parseInt(t.split(' ')[0]) ) - 1; - if ( n_unapp == 0 ) - p.removeChild(span); - else - span.firstChild.nodeValue = n_unapp + t.substr(t.indexOf(' ')); + approved = false; } } var div = document.getElementById('comment_holder_'+id); div.parentNode.removeChild(div); - var t = p.firstChild.nodeValue.split(' '); - t[2] = ( parseInt(t[2]) - 1 ) + ''; - delete(t.toJSONString); - if ( t[2] == '1' ) + + // update approval status + if ( document.getElementById('comment_count_unapp_inner') && !approved ) { - t[1] = 'is'; - t[3] = 'comment'; + comment_decrement_unapproval(); } - else - { - t[1] = 'are'; - t[3] = 'comments'; - } - t = implode(' ', t); - p.firstChild.nodeValue = t; } function materializeComment(data) @@ -465,32 +436,32 @@ tplvars.NAME = '' + data.name + ''; if ( data.approved != '1' ) - tplvars.SUBJECT += ' (Unapproved)'; + tplvars.SUBJECT += ' ' + $lang.get('comment_msg_note_unapp') + ''; // User level - tplvars.USER_LEVEL = 'Guest'; - if ( data.user_level >= data.user_level_list.member ) tplvars.USER_LEVEL = 'Member'; - if ( data.user_level >= data.user_level_list.mod ) tplvars.USER_LEVEL = 'Moderator'; - if ( data.user_level >= data.user_level_list.admin ) tplvars.USER_LEVEL = 'Administrator'; + tplvars.USER_LEVEL = $lang.get('user_type_guest'); + if ( data.user_level >= data.user_level_list.member ) tplvars.USER_LEVEL = $lang.get('user_type_member'); + if ( data.user_level >= data.user_level_list.mod ) tplvars.USER_LEVEL = $lang.get('user_type_mod'); + if ( data.user_level >= data.user_level_list.admin ) tplvars.USER_LEVEL = $lang.get('user_type_admin'); // Send PM link - tplvars.SEND_PM_LINK=(data.user_id>1)?'Send private message
':''; + tplvars.SEND_PM_LINK=(data.user_id>1)?'' + $lang.get('comment_btn_send_privmsg') + '
':''; // Add buddy link - tplvars.ADD_BUDDY_LINK=(data.user_id>1)?'Add to buddy list
':''; + tplvars.ADD_BUDDY_LINK=(data.user_id>1)?'' + $lang.get('comment_btn_add_buddy') + '
':''; // Edit link - tplvars.EDIT_LINK='edit'; + tplvars.EDIT_LINK='' + $lang.get('comment_btn_edit') + ''; // Delete link - tplvars.DELETE_LINK='delete'; + tplvars.DELETE_LINK='' + $lang.get('comment_btn_delete') + ''; // Moderation: (Un)approve link - var appr = ( data.approved == 1 ) ? 'Unapprove' : 'Approve'; + var appr = ( data.approved == 1 ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve'); tplvars.MOD_APPROVE_LINK=''+appr+''; // Moderation: Delete post link - tplvars.MOD_DELETE_LINK='Delete'; + tplvars.MOD_DELETE_LINK='' + $lang.get('comment_btn_mod_delete') + ''; var tplbool = new Object(); @@ -519,50 +490,80 @@ document.getElementById('comment_source_'+i).value = data.comment_source; - var p = document.getElementById('comment_status'); - var t = p.firstChild.nodeValue.split(' '); - var n = ( isNaN(parseInt(t[2])) ) ? 0 : parseInt(t[2]); - t[2] = ( n + 1 ) + ''; - delete(t.toJSONString); - if ( t[2] == '1' ) - { - t[1] = 'is'; - t[3] = 'comment'; + var cnt = document.getElementById('comment_count_inner').innerHTML; + cnt = parseInt(cnt); + if ( isNaN(cnt) ) + cnt = 0; + + var subst = { + num_comments: cnt, + page_type: ENANO_PAGE_TYPE } - else - { - t[1] = 'are'; - t[3] = 'comments'; - } - t = implode(' ', t); - p.firstChild.nodeValue = t; + + var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) ); + + document.getElementById('comment_status').firstChild.innerHTML = count_msg; if(document.getElementById('comment_approve_'+i)) { - var appr = document.getElementById('comment_approve_'+i).firstChild.nodeValue; - if ( p.firstChild.nextSibling && appr == 'Approve' ) + var is_unappr = document.getElementById('comment_approve_'+i).firstChild.nodeValue; + is_unappr = ( is_unappr == $lang.get('comment_btn_mod_approve') ); + if ( is_unappr ) { - var span = p.firstChild.nextSibling; - var t = span.firstChild.nodeValue; - var n_unapp = ( parseInt(t.split(' ')[0]) ) - 1; - if ( n_unapp == 0 ) - p.removeChild(span); - else - span.firstChild.nodeValue = n_unapp + t.substr(t.indexOf(' ')); - } - else if ( appr == 'Approve' && !p.firstChild.nextSibling ) - { - var span = document.createElement('span'); - p.innerHTML += ' '; - span.innerHTML = '1 of those are unapproved.'; - span.style.color = '#D84308'; - var n_unapp = '1'; - p.appendChild(span); + comment_increment_unapproval(); } } } +function comment_decrement_unapproval() +{ + if ( document.getElementById('comment_count_unapp_inner') ) + { + var num_unapp = parseInt(document.getElementById('comment_count_unapp_inner').innerHTML); + if ( !isNaN(num_unapp) ) + { + num_unapp = num_unapp - 1; + if ( num_unapp == 0 ) + { + var p = document.getElementById('comment_status'); + p.removeChild(p.childNodes[2]); + p.removeChild(p.childNodes[1]); + } + else + { + var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: num_unapp }); + document.getElementById('comment_count_unapp_inner').parentNode.innerHTML = count_msg; + } + } + } +} + +function comment_increment_unapproval() +{ + if ( document.getElementById('comment_count_unapp_inner') ) + { + var num_unapp = parseInt(document.getElementById('comment_count_unapp_inner').innerHTML); + if ( isNaN(num_unapp) ) + num_unapp = 0; + num_unapp = num_unapp + 1; + var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: num_unapp }); + document.getElementById('comment_count_unapp_inner').parentNode.innerHTML = count_msg; + } + else + { + var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: 1 }); + var status = document.getElementById('comment_status'); + if ( !status.childNodes[1] ) + status.appendChild(document.createTextNode(' ')); + var span = document.createElement('span'); + span.id = 'comment_status_unapp'; + span.style.color = '#D84308'; + span.innerHTML = count_msg; + status.appendChild(span); + } +} + function htmlspecialchars(text) { text = text.replace(/ $data['lockout_threshold']) + $attempts = $data['lockout_threshold']; + $time_rem = $data.time_rem; + $s = ( $time_rem == 1 ) ? '' : $lang.get('meta_plural'); + + var subst = { + lockout_threshold: $data.lockout_threshold, + time_rem: $time_rem, + plural: $s, + captcha_blurb: ( $data.lockout_policy == 'captcha' ? $lang.get('user_err_locked_out_captcha_blurb') : '' ) + } + + $errstring = $lang.get('user_err_locked_out', subst); + + break; + } + return $errstring; +} function ajaxPromptAdminAuth(call_on_ok, level) { @@ -313,13 +369,24 @@ level = USER_LEVEL_MEMBER; ajax_auth_level_cache = level; var loading_win = '
\ -

Fetching an encryption key...

\ -

Not working? Use the alternate login form.

\ +

' + $lang.get('user_login_ajax_fetching_key') + '

\ +

' + $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '

\

Please wait...

\
'; - var title = ( level > USER_LEVEL_MEMBER ) ? 'You are requesting a sensitive operation.' : 'Please enter your username and password to continue.'; + var title = ( level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title'); ajax_auth_mb_cache = new messagebox(MB_OKCANCEL|MB_ICONLOCK, title, loading_win); ajax_auth_mb_cache.onbeforeclick['OK'] = ajaxValidateLogin; + ajax_auth_mb_cache.onbeforeclick['Cancel'] = function() + { + if ( document.getElementById('autoCaptcha') ) + { + var to = fly_out_top(document.getElementById('autoCaptcha'), false, true); + setTimeout(function() { + var d = document.getElementById('autoCaptcha'); + d.parentNode.removeChild(d); + }, to); + } + } ajaxAuthLoginInnerSetup(); } @@ -335,6 +402,20 @@ return false; } response = parseJSON(response); + var disable_controls = false; + if ( response.locked_out && !ajax_auth_error_string ) + { + response.error = 'locked_out'; + ajax_auth_error_string = ajaxAuthErrorToString(response); + if ( response.lockout_policy == 'captcha' ) + { + ajax_auth_show_captcha = response.captcha; + } + else + { + disable_controls = true; + } + } var level = ajax_auth_level_cache; var form_html = ''; var shown_error = false; @@ -346,26 +427,40 @@ } else if ( level > USER_LEVEL_MEMBER ) { - form_html += 'Please re-enter your login details, to verify your identity.

'; + form_html += $lang.get('user_login_ajax_prompt_body_elev') + '

'; } + if ( ajax_auth_show_captcha ) + { + var captcha_html = ' \ + \ + ' + $lang.get('user_login_field_captcha') + ': \ + \ + '; + } + else + { + var captcha_html = ''; + } + var disableme = ( disable_controls ) ? 'disabled="disabled" ' : ''; form_html += ' \ \ \ - \ \ - \ + ' + captcha_html + ' \ \ \ \
Username: \ + ' + $lang.get('user_login_field_username') + ': \
Password: \ + ' + $lang.get('user_login_field_password') + ': \
\ -
Trouble logging in? Try the full login form.
'; + ' + $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title, 'level=' + level) }) + '
'; if ( level <= USER_LEVEL_MEMBER ) { form_html += ' \ - Did you forget your password?
\ - Maybe you need to create an account.
'; + ' + $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '
\ + ' + $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') }); } - form_html += ' \ + form_html += '
\
\ @@ -383,8 +478,21 @@ { $('ajaxlogin_user').object.focus(); } - $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; - $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + if ( ajax_auth_show_captcha ) + { + $('ajaxlogin_captcha_code').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; + $('ajaxlogin_captcha_code').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + } + else + { + $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; + $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + } + if ( disable_controls ) + { + var panel = document.getElementById('messageBoxButtons'); + panel.firstChild.disabled = true; + } /* ## This causes the background image to disappear under Fx 2 if ( shown_error ) @@ -398,6 +506,11 @@ fader.start(); } */ + if ( ajax_auth_show_captcha ) + { + ajaxShowCaptcha(ajax_auth_show_captcha); + ajax_auth_show_captcha = false; + } } }); } @@ -412,6 +525,15 @@ password = document.getElementById('ajaxlogin_pass').value; auth_enabled = false; + if ( document.getElementById('autoCaptcha') ) + { + var to = fly_out_top(document.getElementById('autoCaptcha'), false, true); + setTimeout(function() { + var d = document.getElementById('autoCaptcha'); + d.parentNode.removeChild(d); + }, to); + } + disableJSONExts(); // @@ -467,11 +589,17 @@ 'level' : ajax_auth_level_cache }; + if ( document.getElementById('ajaxlogin_captcha_hash') ) + { + json_data.captcha_hash = document.getElementById('ajaxlogin_captcha_hash').value; + json_data.captcha_code = document.getElementById('ajaxlogin_captcha_code').value; + } + json_data = toJSONString(json_data); json_data = encodeURIComponent(json_data); var loading_win = '
\ -

Logging in...

\ +

' + $lang.get('user_login_ajax_loggingin') + '

\

Please wait...

\
'; @@ -509,18 +637,23 @@ } break; case 'error': - if ( response.error == 'The username and/or password is incorrect.' ) + if ( response.data.error == 'invalid_credentials' || response.data.error == 'locked_out' ) { - ajax_auth_error_string = response.error; + ajax_auth_error_string = ajaxAuthErrorToString(response.data); mb_current_obj.updateContent(''); document.getElementById('messageBox').style.backgroundColor = '#C0C0C0'; var mb_parent = document.getElementById('messageBox').parentNode; new Spry.Effect.Shake(mb_parent, {duration: 1500}).start(); setTimeout("document.getElementById('messageBox').style.backgroundColor = '#FFF'; ajaxAuthLoginInnerSetup();", 2500); + + if ( response.data.lockout_policy == 'captcha' && response.data.error == 'locked_out' ) + { + ajax_auth_show_captcha = response.captcha; + } } else { - alert(response.error); + ajax_auth_error_string = ajaxAuthErrorToString(response.data); ajaxAuthLoginInnerSetup(); } break; diff -r 3daa715e0f69 -r b11a2f1353c0 includes/clientside/static/template-compiler.js --- a/includes/clientside/static/template-compiler.js Sat Nov 03 14:15:14 2007 -0400 +++ b/includes/clientside/static/template-compiler.js Sat Nov 03 14:30:53 2007 -0400 @@ -54,6 +54,7 @@ code = code.replace(new RegExp(unescape('%0A'), 'g'), '\\n'); code = "'" + code + "'"; code = code.replace(/\{([A-z0-9_-]+)\}/ig, "' + this.tpl_strings['$1'] + '"); + code = code.replace(/\{lang:([a-z0-9_]+)\}/g, "' + $lang.get('$1') + '"); code = code.replace(/\

'; - break; - default: - $title = 'Invalid topic'; - $content = 'Invalid help topic.'; - break; - } - echo << - - - Enano installation quick help • {$title} - - - - -

{$title}

- {$content} -

- Close window -

- - -EOF; - exit; - break; - default: - break; -} - -$template = new template_nodb(); -$template->load_theme('oxygen', 'bleu', false); - -$modestrings = Array( - 'welcome' => 'Welcome', - 'license' => 'License Agreement', - 'sysreqs' => 'Server requirements', - 'database'=> 'Database information', - 'website' => 'Website configuration', - 'login' => 'Administration login', - 'confirm' => 'Confirm installation', - 'install' => 'Database installation', - 'finish' => 'Installation complete' - ); - -$sideinfo = ''; -$vars = $template->extract_vars('elements.tpl'); -$p = $template->makeParserText($vars['sidebar_button']); -foreach ( $modestrings as $id => $str ) -{ - if ( $_GET['mode'] == $id ) - { - $flags = 'style="font-weight: bold; text-decoration: underline;"'; - $this_page = $str; - } - else - { - $flags = ''; - } - $p->assign_vars(Array( - 'HREF' => '#', - 'FLAGS' => $flags . ' onclick="return false;"', - 'TEXT' => $str - )); - $sideinfo .= $p->run(); -} - -$template->init_vars(); - -if(isset($_GET['mode']) && $_GET['mode'] == 'css') -{ - header('Content-type: text/css'); - echo $template->get_css(); - exit; -} - -$template->header(); -if(!isset($_GET['mode'])) $_GET['mode'] = 'license'; -switch($_GET['mode']) -{ - default: - case 'welcome': - ?> -
- [ Enano CMS Project logo ] -

Welcome to Enano

-

version 1.0.2 – stable
- also affectionately known as "coblynau" :)

- You are about to install a NIGHTLY BUILD of Enano.
Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.
'; - } - ?> -
- -
- - -

Welcome to the Enano installer.

-

Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.

-

To get started, please read and accept the following license agreement. You've probably seen it before.

-
-

GNU General Public License

-

Declaration of license usage

-

Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

-

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License (below) for more details.

-

By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.

-

Human-readable version

-

Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.

-
    -
  • You may to run Enano for any purpose.
  • -
  • You may study how Enano works and adapt it to your needs.
  • -
  • You may redistribute copies so you can help your neighbor.
  • -
  • You may improve Enano and release your improvements to the public, so that the whole community benefits.
  • -
-

You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:

-
    -
  • You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • -
  • If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • -
  • If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.
  • -
-

Disclaimer: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.
Text copied from the Creative Commons GPL Deed page

- -

Notice for prerelease versions

-

This version of Enano is designed only for testing and evaluation purposes. It is not yet completely stable, and should not be used on production websites. As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.

- -

Lawyer-readable version

- -
- - -

Checking your server

-

Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.

- - =4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.'); - run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.'); - run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".'); - run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true); - //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true); - run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.

If you are installing Enano on a SourceForge web site:
SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.'); - run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.

If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true); - run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true); - run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true); - echo '
'; - if(!$failed) - { - ?> - - - '; - run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.'); - echo '
'; - } - } - ?> - - -

Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend, - and we need to have access to a MySQL server in order to continue.

-

If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from - MySQL.com. Please note that, like Enano, MySQL is licensed under the GNU GPL. - If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL - or purchase a proprietary license.

- MySQL login information for this virtual appliance:

Database hostname: localhost
Database login: username "enano", password: "clurichaun" (without quotes)
Database name: enano_www1

'; - } - ?> -
- - - - - - - - - - - - - -

Database information

Database hostname
This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".
Good/bad icon
Database name
The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.
Good/bad icon
Database login
These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.
Good/bad icon

Optional information

Table prefix
The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).
Good/bad icon
Database administrative login
If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.
Good/bad icon
MySQL versionMySQL version information will be checked when you click "Test Connection".Good/bad icon
Delete existing tables?
If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.
- -
- restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - ?> - -
- '."\n"; - } - ?> -

The next step is to enter some information about your website. You can always change this information later, using the administration panel.

- - - - - - -
Website name
The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".
Good/bad icon
Website description
This text will be shown below the name of your website.
Good/bad icon
Copyright info
This should be a one-line legal notice that will appear at the bottom of all your pages.
Good/bad icon
Wiki mode
This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.
URL scheme
Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.
name="urlscheme" value="ugly" id="ugly">
name="urlscheme" value="short" id="short">
- -
- restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - require('config.php'); - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); - if ( isset($crypto_key) ) - { - $cryptkey = $crypto_key; - } - if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) ) - { - $cryptkey = $aes->gen_readymade_key(); - $handle = @fopen(ENANO_ROOT.'/config.php', 'w'); - if(!$handle) - { - echo '

ERROR: Cannot open config.php for writing - exiting!

'; - $template->footer(); - exit; - } - fwrite($handle, ''); - fclose($handle); - } - ?> - -
- '."\n"; - } - ?> -

Next, enter your desired username and password. The account you create here will be used to administer your site.

- - - - - - - - - - - -
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.
Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
- Allow administrators to embed PHP code into pages:
- Do not under any circumstances enable this option without reading these - important security implications. - -
-    - -
If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.
- -
- - - -
- - restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - ?> -
- '."\n"; - } - ?> -

Enano is ready to install.

-

The wizard has finished collecting information and is ready to install the database schema. Please review the information below, - and then click the button below to install the database.

-
    -
  • Database hostname:
  • -
  • Database name:
  • -
  • Database user:
  • -
  • Database password: <hidden>
  • -
  • Site name:
  • -
  • Site description:
  • -
  • Administration username:
  • -
  • Cipher strength: -bit AES
    Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.
  • -
- -
- restart the installation.'; - $template->footer(); - exit; - } - switch($_POST['urlscheme']) - { - case "ugly": - default: - $cp = scriptPath.'/index.php?title='; - break; - case "short": - $cp = scriptPath.'/index.php/'; - break; - case "tiny": - $cp = scriptPath.'/'; - break; - } - function err($t) { global $template; echo $t; $template->footer(); exit; } - - if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) ) - err('Hacking attempt was detected in table_prefix.'); - - echo 'Connecting to MySQL...'; - if($_POST['db_root_user'] != '') - { - $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']); - if(!$conn) err('Error connecting to MySQL: '.mysql_error()); - $q = mysql_query('USE '.$_POST['db_name']); - if(!$q) - { - $q = mysql_query('CREATE DATABASE '.$_POST['db_name']); - if(!$q) err('Error initializing database: '.mysql_error()); - } - $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); - if(!$q) err('Could not create the user account'); - $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); - if(!$q) err('Could not create the user account'); - mysql_close($conn); - } - $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); - if(!$conn) err('Error connecting to MySQL: '.mysql_error()); - $q = mysql_query('USE '.$_POST['db_name']); - if(!$q) err('Error selecting database: '.mysql_error()); - echo 'done!
'; - - // Are we supposed to drop any existing tables? If so, do it now - if(isset($_POST['drop_tables'])) - { - echo 'Dropping existing Enano tables...'; - // Our list of tables included in Enano - $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' ); - $tables = implode(', ', $tables); - $tables = str_replace('mdg_', $_POST['table_prefix'], $tables); - $query_of_death = 'DROP TABLE '.$tables.';'; - mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist - echo 'done!
'; - } - - $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; - - echo 'Decrypting administration password...'; - - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); - - if ( !empty($_POST['crypt_data']) ) - { - require('config.php'); - if ( !isset($cryptkey) ) - { - echo 'failed!
Cannot get the key from config.php'; - break; - } - $key = hexdecode($cryptkey); - - $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX); - - } - else - { - $dec = $_POST['admin_pass']; - } - echo 'done!
Generating '.AES_BITS.'-bit AES private key...'; - $privkey = $aes->gen_readymade_key(); - $pkba = hexdecode($privkey); - $encpass = $aes->encrypt($dec, $pkba, ENC_HEX); - - echo 'done!
Preparing for schema execution...'; - $schema = file_get_contents('schema.sql'); - $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); - $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); - $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); - $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema); - $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($encpass ), $schema); - $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); - $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); - $schema = str_replace('{{REAL_NAME}}', '', $schema); - $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); - $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema); - $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema); - // Not anymore!! :-D - // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema); - - if(isset($_POST['wiki_mode'])) - { - $schema = str_replace('{{WIKI_MODE}}', '1', $schema); - } - else - { - $schema = str_replace('{{WIKI_MODE}}', '0', $schema); - } - - // Build an array of queries - $schema = explode("\n", $schema); - - foreach ( $schema as $i => $sql ) - { - $query =& $schema[$i]; - $t = trim($query); - if ( empty($t) || preg_match('/^(\#|--)/i', $t) ) - { - unset($schema[$i]); - unset($query); - } - } - - $schema = array_values($schema); - $schema = implode("\n", $schema); - $schema = explode(";\n", $schema); - - foreach ( $schema as $i => $sql ) - { - $query =& $schema[$i]; - if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' ) - { - $query .= ';'; - } - } - - // echo '
' . htmlspecialchars(print_r($schema, true)) . '
'; - // break; - - echo 'done!
Executing schema.sql...'; - - // OK, do the loop, baby!!! - foreach($schema as $q) - { - $r = mysql_query($q, $conn); - if(!$r) err('Error during mainstream installation: '.mysql_error()); - } - - echo 'done!
Writing configuration files...'; - if($_POST['urlscheme']=='tiny') - { - $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+'); - if(!$ht) err('Error opening file .htaccess for writing'); - fwrite($ht, ' -RewriteEngine on -RewriteCond %{REQUEST_FILENAME} !-d -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA] -RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L] -'); - fclose($ht); - } - - $config_file = ''; - - $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w'); - if(!$cf_handle) err('Couldn\'t open file config.php for writing'); - fwrite($cf_handle, $config_file); - fclose($cf_handle); - - echo 'done!
Starting the Enano API...'; - - $template_bak = $template; - - // Get Enano loaded - $_GET['title'] = 'Main_Page'; - require('includes/common.php'); - - // We need to be logged in (with admin rights) before logs can be flushed - $session->login_without_crypto($_POST['admin_user'], $dec, false); - - // Now that login cookies are set, initialize the session manager and ACLs - $session->start(); - $paths->init(); - - unset($template); - $template =& $template_bak; - - echo 'done!
Initializing logs...'; - - $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn); - if ( !$q ) - err('Error setting up logs: '.$db->get_error()); - - if ( !$session->get_permissions('clear_logs') ) - { - echo '
Error: session manager won\'t permit flushing logs, these is a bug.'; - break; - } - - // unset($session); - // $session = new sessionManager(); - // $session->start(); - - PageUtils::flushlogs('Main_Page', 'Article'); - - echo 'done!

Installation of Enano is complete.

Review any warnings above, and then click here to finish the installation.'; - - // echo ''; - - break; - case "finish": - echo '

Congratulations!

-

You have finished installing Enano on this server.

-

Now what?

-

Click the link below to see the main page for your website. Where to go from here:

-
    -
  • The first thing you should do is log into your site using the Log in link on the sidebar.
  • -
  • Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.
  • -
  • Visit the Enano Plugin Gallery to download and use plugins on your site.
  • -
  • Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.
  • -
  • Hire some moderators, to help you keep rowdy users tame.
  • -
  • Tell the Enano team what you think.
  • -
  • Spread the word about Enano by adding a link to the Enano homepage on your sidebar! You can enable this option in the General Configuration section of the administration panel.
  • -
-

Go to your website...

'; - break; -} -$template->footer(); - -?> +The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.

If you wish to upgrade an older Enano installation to this version, please use the upgrade script.

'); + exit; +} + +define('IN_ENANO_INSTALL', 'true'); + +define('ENANO_VERSION', '1.1.1'); +// In beta versions, define ENANO_BETA_VERSION here + +if(!defined('scriptPath')) { + $sp = dirname($_SERVER['REQUEST_URI']); + if($sp == '/' || $sp == '\\') $sp = ''; + define('scriptPath', $sp); +} + +if(!defined('contentPath')) { + $sp = dirname($_SERVER['REQUEST_URI']); + if($sp == '/' || $sp == '\\') $sp = ''; + define('contentPath', $sp); +} +global $_starttime, $this_page, $sideinfo; +$_starttime = microtime(true); + +// Determine directory (special case for development servers) +if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) +{ + $filename = str_replace('/repo/', '/', __FILE__); +} +else +{ + $filename = __FILE__; +} + +define('ENANO_ROOT', dirname($filename)); + +function is_page($p) +{ + return true; +} + +require('includes/wikiformat.php'); +require('includes/constants.php'); +require('includes/rijndael.php'); +require('includes/functions.php'); + +strip_magic_quotes_gpc(); + +//die('Key size: ' . AES_BITS . '
Block size: ' . AES_BLOCKSIZE); + +if(!function_exists('wikiFormat')) +{ + function wikiFormat($message, $filter_links = true) + { + $wiki = & Text_Wiki::singleton('Mediawiki'); + $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename'); + $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath); + $result = $wiki->transform($message, 'Xhtml'); + + // HTML fixes + $result = preg_replace('#([\s]*?)<\/tr>#is', '', $result); + $result = preg_replace('#

([\s]*?)<\/p>#is', '', $result); + $result = preg_replace('#
([\s]*?)$descTest passed"; + } elseif(!$val && $warn) { + if($cv) $color='FFFFCC'; else $color='FFFFAA'; + echo "$desc
$extended_descTest passed with warning"; + $warned = true; + } else { + if($cv) $color='FFCCCC'; else $color='FFAAAA'; + echo "$desc
$extended_descTest failed"; + $failed = true; + } +} +function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; } + +require_once('includes/template.php'); + +if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome'; +switch($_GET['mode']) +{ + case 'mysql_test': + error_reporting(0); + $dbhost = rawurldecode($_POST['host']); + $dbname = rawurldecode($_POST['name']); + $dbuser = rawurldecode($_POST['user']); + $dbpass = rawurldecode($_POST['pass']); + $dbrootuser = rawurldecode($_POST['root_user']); + $dbrootpass = rawurldecode($_POST['root_pass']); + if($dbrootuser != '') + { + $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + die('root'.$e); + } + $rsp = 'good'; + $q = mysql_query('USE '.$dbname, $conn); + if(!$q) + { + $e = mysql_error(); + if(strstr($e, 'Unknown database')) + { + $rsp .= '_creating_db'; + } + } + mysql_close($conn); + $conn = mysql_connect($dbhost, $dbuser, $dbpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + $rsp .= '_creating_user'; + } + mysql_close($conn); + die($rsp); + } + else + { + $conn = mysql_connect($dbhost, $dbuser, $dbpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + die('auth'.$e); + } + $q = mysql_query('USE '.$dbname, $conn); + if(!$q) + { + $e = mysql_error(); + if(strstr($e, 'Unknown database')) + { + die('name'.$e); + } + else + { + die('perm'.$e); + } + } + } + $v = mysql_get_server_info(); + if(version_compare($v, '4.1.17', '<')) die('vers'.$v); + mysql_close($conn); + die('good'); + break; + case 'pophelp': + $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid'; + switch($topic) + { + case 'admin_embed_php': + $title = 'Allow administrators to embed PHP'; + $content = '

This option allows you to control whether anything between the standard <?php and ?> tags will be treated as + PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will + execute that code when the page is loaded. There are obvious potential security implications here, which should + be carefully considered before enabling this option.

+

If you are the only administrator of this site, or if you have a high level of trust for those will be administering + the site with you, you should enable this to allow extreme customization of pages.

+

Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding + is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to + embed Javascript and arbitrary HTML and CSS.

+

If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time + using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection.

'; + break; + default: + $title = 'Invalid topic'; + $content = 'Invalid help topic.'; + break; + } + echo << + + + Enano installation quick help • {$title} + + + + +

{$title}

+ {$content} +

+ Close window +

+ + +EOF; + exit; + break; + default: + break; +} + +$template = new template_nodb(); +$template->load_theme('stpatty', 'shamrock', false); + +$modestrings = Array( + 'welcome' => 'Welcome', + 'license' => 'License Agreement', + 'sysreqs' => 'Server requirements', + 'database'=> 'Database information', + 'website' => 'Website configuration', + 'login' => 'Administration login', + 'confirm' => 'Confirm installation', + 'install' => 'Database installation', + 'finish' => 'Installation complete' + ); + +$sideinfo = ''; +$vars = $template->extract_vars('elements.tpl'); +$p = $template->makeParserText($vars['sidebar_button']); +foreach ( $modestrings as $id => $str ) +{ + if ( $_GET['mode'] == $id ) + { + $flags = 'style="font-weight: bold; text-decoration: underline;"'; + $this_page = $str; + } + else + { + $flags = ''; + } + $p->assign_vars(Array( + 'HREF' => '#', + 'FLAGS' => $flags . ' onclick="return false;"', + 'TEXT' => $str + )); + $sideinfo .= $p->run(); +} + +$template->init_vars(); + +if(isset($_GET['mode']) && $_GET['mode'] == 'css') +{ + header('Content-type: text/css'); + echo $template->get_css(); + exit; +} + +$template->header(); +if(!isset($_GET['mode'])) $_GET['mode'] = 'license'; +switch($_GET['mode']) +{ + default: + case 'welcome': + ?> +
+ [ Enano CMS Project logo ] +

Welcome to Enano

+

version 1.1.1 – unstable

+ You are about to install a NIGHTLY BUILD of Enano.
Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.
'; + } + ?> +
+ +
+ + +

Welcome to the Enano installer.

+

Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.

+

To get started, please read and accept the following license agreement. You've probably seen it before.

+
+

GNU General Public License

+

Declaration of license usage

+

Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

+

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License (below) for more details.

+

By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.

+

Human-readable version

+

Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.

+
    +
  • You may to run Enano for any purpose.
  • +
  • You may study how Enano works and adapt it to your needs.
  • +
  • You may redistribute copies so you can help your neighbor.
  • +
  • You may improve Enano and release your improvements to the public, so that the whole community benefits.
  • +
+

You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:

+
    +
  • You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • +
  • If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • +
  • If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.
  • +
+

Disclaimer: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.
Text copied from the Creative Commons GPL Deed page

+ +

Notice for prerelease versions

+

This version of Enano is designed only for testing and evaluation purposes. It is not yet completely stable, and should not be used on production websites. As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.

+ +

Lawyer-readable version

+ +
+ + +

Checking your server

+

Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.

+ + =4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.'); + run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.'); + run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".'); + run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true); + //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true); + run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.

If you are installing Enano on a SourceForge web site:
SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.'); + run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.

If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true); + run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true); + run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true); + echo '
'; + if(!$failed) + { + ?> + +
+ '; + run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.'); + echo '
'; + } + } + ?> + + +

Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend, + and we need to have access to a MySQL server in order to continue.

+

If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from + MySQL.com. Please note that, like Enano, MySQL is licensed under the GNU GPL. + If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL + or purchase a proprietary license.

+ MySQL login information for this virtual appliance:

Database hostname: localhost
Database login: username "enano", password: "clurichaun" (without quotes)
Database name: enano_www1

'; + } + ?> +
+ + + + + + + + + + + + + +

Database information

Database hostname
This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".
Good/bad icon
Database name
The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.
Good/bad icon
Database login
These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.
Good/bad icon

Optional information

Table prefix
The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).
Good/bad icon
Database administrative login
If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.
Good/bad icon
MySQL versionMySQL version information will be checked when you click "Test Connection".Good/bad icon
Delete existing tables?
If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + ?> + +
+ '."\n"; + } + ?> +

The next step is to enter some information about your website. You can always change this information later, using the administration panel.

+ + + + + + +
Website name
The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".
Good/bad icon
Website description
This text will be shown below the name of your website.
Good/bad icon
Copyright info
This should be a one-line legal notice that will appear at the bottom of all your pages.
Good/bad icon
Wiki mode
This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.
URL scheme
Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.
name="urlscheme" value="ugly" id="ugly">
name="urlscheme" value="short" id="short">
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + require('config.php'); + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + if ( isset($crypto_key) ) + { + $cryptkey = $crypto_key; + } + if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) ) + { + $cryptkey = $aes->gen_readymade_key(); + $handle = @fopen(ENANO_ROOT.'/config.php', 'w'); + if(!$handle) + { + echo '

ERROR: Cannot open config.php for writing - exiting!

'; + $template->footer(); + exit; + } + fwrite($handle, ''); + fclose($handle); + } + ?> + +
+ '."\n"; + } + ?> +

Next, enter your desired username and password. The account you create here will be used to administer your site.

+ + + + + + + + + + + +
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.
Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
+ Allow administrators to embed PHP code into pages:
+ Do not under any circumstances enable this option without reading these + important security implications. + +
+    + +
If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.
+ +
+ + + +
+ + restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + ?> +
+ '."\n"; + } + ?> +

Enano is ready to install.

+

The wizard has finished collecting information and is ready to install the database schema. Please review the information below, + and then click the button below to install the database.

+
    +
  • Database hostname:
  • +
  • Database name:
  • +
  • Database user:
  • +
  • Database password: <hidden>
  • +
  • Site name:
  • +
  • Site description:
  • +
  • Administration username:
  • +
  • Cipher strength: -bit AES
    Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.
  • +
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + switch($_POST['urlscheme']) + { + case "ugly": + default: + $cp = scriptPath.'/index.php?title='; + break; + case "short": + $cp = scriptPath.'/index.php/'; + break; + case "tiny": + $cp = scriptPath.'/'; + break; + } + function err($t) { global $template; echo $t; $template->footer(); exit; } + + echo 'Connecting to MySQL...'; + if($_POST['db_root_user'] != '') + { + $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']); + if(!$conn) err('Error connecting to MySQL: '.mysql_error()); + $q = mysql_query('USE '.$_POST['db_name']); + if(!$q) + { + $q = mysql_query('CREATE DATABASE '.$_POST['db_name']); + if(!$q) err('Error initializing database: '.mysql_error()); + } + $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); + if(!$q) err('Could not create the user account'); + $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); + if(!$q) err('Could not create the user account'); + mysql_close($conn); + } + $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if(!$conn) err('Error connecting to MySQL: '.mysql_error()); + $q = mysql_query('USE '.$_POST['db_name']); + if(!$q) err('Error selecting database: '.mysql_error()); + echo 'done!
'; + + // Are we supposed to drop any existing tables? If so, do it now + if(isset($_POST['drop_tables'])) + { + echo 'Dropping existing Enano tables...'; + // Our list of tables included in Enano + $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' ); + $tables = implode(', ', $tables); + $tables = str_replace('mdg_', $_POST['table_prefix'], $tables); + $query_of_death = 'DROP TABLE '.$tables.';'; + mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist + echo 'done!
'; + } + + $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; + + echo 'Decrypting administration password...'; + + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + + if ( !empty($_POST['crypt_data']) ) + { + require('config.php'); + if ( !isset($cryptkey) ) + { + echo 'failed!
Cannot get the key from config.php'; + break; + } + $key = hexdecode($cryptkey); + + $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX); + + } + else + { + $dec = $_POST['admin_pass']; + } + echo 'done!
Generating '.AES_BITS.'-bit AES private key...'; + $privkey = $aes->gen_readymade_key(); + $pkba = hexdecode($privkey); + $encpass = $aes->encrypt($dec, $pkba, ENC_HEX); + + echo 'done!
Preparing for schema execution...'; + $schema = file_get_contents('schema.sql'); + $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); + $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); + $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); + $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema); + $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($encpass ), $schema); + $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); + $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); + $schema = str_replace('{{REAL_NAME}}', '', $schema); + $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); + $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema); + $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema); + // Not anymore!! :-D + // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema); + + if(isset($_POST['wiki_mode'])) + { + $schema = str_replace('{{WIKI_MODE}}', '1', $schema); + } + else + { + $schema = str_replace('{{WIKI_MODE}}', '0', $schema); + } + + // Build an array of queries + $schema = explode("\n", $schema); + + foreach ( $schema as $i => $sql ) + { + $query =& $schema[$i]; + $t = trim($query); + if ( empty($t) || preg_match('/^(\#|--)/i', $t) ) + { + unset($schema[$i]); + unset($query); + } + } + + $schema = array_values($schema); + $schema = implode("\n", $schema); + $schema = explode(";\n", $schema); + + foreach ( $schema as $i => $sql ) + { + $query =& $schema[$i]; + if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' ) + { + $query .= ';'; + } + } + + // echo '
' . htmlspecialchars(print_r($schema, true)) . '
'; + // break; + + echo 'done!
Executing schema.sql...'; + + // OK, do the loop, baby!!! + foreach($schema as $q) + { + $r = mysql_query($q, $conn); + if(!$r) err('Error during mainstream installation: '.mysql_error()); + } + + echo 'done!
Writing configuration files...'; + if($_POST['urlscheme']=='tiny') + { + $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+'); + if(!$ht) err('Error opening file .htaccess for writing'); + fwrite($ht, ' +RewriteEngine on +RewriteCond %{REQUEST_FILENAME} !-d +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA] +RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L] +'); + fclose($ht); + } + + $config_file = ''; + + $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w'); + if(!$cf_handle) err('Couldn\'t open file config.php for writing'); + fwrite($cf_handle, $config_file); + fclose($cf_handle); + + echo 'done!
Starting the Enano API...'; + + $template_bak = $template; + + // Get Enano loaded + $_GET['title'] = 'Main_Page'; + require('includes/common.php'); + + // We need to be logged in (with admin rights) before logs can be flushed + $session->login_without_crypto($_POST['admin_user'], $dec, false); + + // Now that login cookies are set, initialize the session manager and ACLs + $session->start(); + $paths->init(); + + unset($template); + $template =& $template_bak; + + echo 'done!
Initializing logs...'; + + $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn); + if ( !$q ) + err('Error setting up logs: '.$db->get_error()); + + if ( !$session->get_permissions('clear_logs') ) + { + echo '
Error: session manager won\'t permit flushing logs, these is a bug.'; + break; + } + + // unset($session); + // $session = new sessionManager(); + // $session->start(); + + PageUtils::flushlogs('Main_Page', 'Article'); + + echo 'done!

Installation of Enano is complete.

Review any warnings above, and then click here to finish the installation.'; + + // echo ''; + + break; + case "finish": + echo '

Congratulations!

+

You have finished installing Enano on this server.

+

Now what?

+

Click the link below to see the main page for your website. Where to go from here:

+
    +
  • The first thing you should do is log into your site using the Log in link on the sidebar.
  • +
  • Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.
  • +
  • Visit the Enano Plugin Gallery to download and use plugins on your site.
  • +
  • Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.
  • +
  • Hire some moderators, to help you keep rowdy users tame.
  • +
  • Tell the Enano team what you think.
  • +
  • Spread the word about Enano by adding a link to the Enano homepage on your sidebar! You can enable this option in the General Configuration section of the administration panel.
  • +
+

Go to your website...

'; + break; +} +$template->footer(); + +?> diff -r 3daa715e0f69 -r b11a2f1353c0 language/english/enano.json --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/language/english/enano.json Sat Nov 03 14:30:53 2007 -0400 @@ -0,0 +1,556 @@ +/* + * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between + * Version 1.1.1 + * Copyright (C) 2006-2007 Dan Fuhry + * + * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. + */ + +// This is the main language file for Enano. Feel free to use it as a base for your own translations. +// All text in this file before the first left curly brace and all text after the last curly brace will +// be trimmed. So you can use a limited amount of Javascript in this so that the language can be imported +// via Javascript as well. + +var enano_lang = { + categories: [ + 'adm', 'meta', 'user', 'page', 'comment', 'onpage', 'etc', 'editor', 'history', 'catedit', 'tags', 'delvote', 'ajax', 'sidebar', 'acl', + 'perm', + ], + strings: { + meta: { + adm: 'Administration panel nav menu', + meta: 'Language category strings', + user: 'Login, logout, and authentication', + page: 'Page creation and control', + comment: 'Comment display', + onpage: 'On-page buttons and controls', + etc: 'Miscellaneous strings', + editor: 'Page editor interface', + history: 'Page history and log viewer', + catedit: 'Categorization box and editor', + tags: 'Page tagging interface', + delvote: 'Page deletion vote interface', + ajax: 'On-page AJAX applets', + sidebar: 'Default sidebar blocks and buttons', + acl: 'Access control list editor', + perm: 'Page actions (for ACLs)', + plural: 's', + enano_about_poweredby: '

This website is powered by Enano, the lightweight and open source CMS that everyone can use. Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano uses, please see Legal Information.

The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified, distributed, and used to create derivative works. For more information about Free Software, check out the Wikipedia page or the Free Software Foundation\'s homepage.

', + enano_about_gpl: '

This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

You should have received a copy of the GNU General Public License along with this program; if not, write to:

Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor
Boston, MA 02110-1301, USA

Alternatively, you can read it online.

', + enano_about_lbl_enanoversion: 'Enano version:', + enano_about_lbl_webserver: 'Web server:', + enano_about_lbl_serverplatform: 'Server platform:', + enano_about_lbl_phpversion: 'PHP version:', + enano_about_lbl_mysqlversion: 'MySQL version:', + }, + user: { + login_message_short: 'Please enter your username and password to log in.', + login_message_short_elev: 'Please re-enter your login details', + login_body: 'Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can create an account.', + login_body_elev: 'You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.', + login_field_username: 'Username', + login_field_password: 'Password', + login_forgotpass_blurb: 'Forgot your password? No problem.', + login_createaccount_blurb: 'Maybe you need to create an account.', + login_field_captcha: 'Code in image', + login_nocrypt_title: 'Important note regarding cryptography:', + login_nocrypt_body: 'Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should log in without using encryption.', + login_nocrypt_countrylist: 'This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.', + login_usecrypt_title: 'Encryption is currently turned off.', + login_usecrypt_body: 'If you are not in one of the countries listed below, you should enable encryption to secure the logon process.', + login_usecrypt_countrylist: 'The cryptography restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.', + login_success_title: 'Login successful', + login_success_body: 'You have successfully logged into the %config.site_name% site as "%username%". Redirecting to %redir_target%...', + login_success_body_mainpage: 'the main page', + + login_ajax_fetching_key: 'Fetching an encryption key...', + login_ajax_prompt_title: 'Please enter your username and password to continue.', + login_ajax_prompt_title_elev: 'You are requesting a sensitive operation.', + login_ajax_prompt_body_elev: 'Please re-enter your login details, to verify your identity.', + login_ajax_link_fullform: 'Trouble logging in? Try the full login form.', + login_ajax_link_forgotpass: 'Did you forget your password?', + login_ajax_loggingin: 'Logging in...', + + err_key_not_found: 'Enano couldn\'t look up the encryption key used to encrypt your password. This most often happens if a cache rotation occurred during your login attempt, or if you refreshed the login page.', + err_key_wrong_length: 'The encryption key was the wrong length.', + err_too_big_for_britches: 'You are trying to authenticate at a level that your user account does not permit.', + err_invalid_credentials: 'You have entered an invalid username or password. Please enter your login details again.', + err_invalid_credentials_lockout: ' You have used up %fails% out of %config.lockout_threshold% login attempts. After you have used up all %config.lockout_threshold% login attempts, you will be locked out from logging in for %config.lockout_duration% minutes.', + err_invalid_credentials_lockout_captcha: ' You have used up %lockout_fails% out of %config.lockout_threshold% login attempts. After you have used up all %config.lockout_threshold% login attempts, you will have to enter a visual confirmation code while logging in, effective for %config.lockout_duration% minutes.', + err_backend_fail: 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.', + err_locked_out: 'You have used up all %config.lockout_threshold% allowed login attempts. Please wait %time_rem% minute%plural% before attempting to log in again%captcha_blurb%.', + err_locked_out_captcha_blurb: ', or enter the visual confirmation code shown above in the appropriate box', + + logout_success_title: 'Logged out', + logout_success_body: 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', + logout_confirm_title: 'Are you sure you want to log out?', + logout_confirm_body: 'If you log out, you will no longer be able to access your user preferences, your private messages, or certain areas of this site until you log in again.', + logout_confirm_title_elev: 'Are you sure you want to de-authenticate?', + logout_confirm_body_elev: 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.', + logout_err_title: 'An error occurred during the logout process.', + // Unused at this point + logout_err_not_loggedin: 'You don\'t seem to be logged in.', + + keepalive_info_title: 'About the keep-alive feature', + keepalive_info_body: 'Keep-alive is a new Enano feature that keeps your administrative session from timing out while you are using the administration panel. This feature can be useful if you are editing a large page or doing something in the administration interface that will take longer than 15 minutes.

For security reasons, Enano mandates that high-privilege logins last only 15 minutes, with the time being reset each time a page is loaded (or, more specifically, each time the session API is started). The consequence of this is that if you are performing an action in the administration panel that takes more than 15 minutes, your session may be terminated. The keep-alive feature attempts to relieve this by sending a "ping" to the server every 10 minutes.

Please note that keep-alive state is determined by a cookie. Thus, if you log out and then back in as a different administrator, keep-alive will use the same setting that was used when you were logged in as the first administrative user. In the same way, if you log into the administration panel under your account from another computer, keep-alive will be set to "off".

For more information:
Overview of Enano\'s security model', + + type_guest: 'Guest', + type_member: 'Member', + type_mod: 'Moderator', + type_admin: 'Administrator', + + msg_elev_timed_out: 'Your administrative session has timed out. Log in again', + + reg_err_captcha: 'The confirmation code you entered was incorrect.', + reg_err_disabled_title: 'Registration disabled', + reg_err_disabled_body: 'The administrator has disabled the registration of new accounts on this site.', + reg_err_disabled_body_adminblurb: 'Oops...it seems that you are the administrator...hehe...you can also force account registration to work.', + reg_err_username_invalid: 'Your username must be at least two characters in length and may not contain any of the following characters: < > _ & ? \' " % / \\.', + // Not exactly an error + reg_err_password_good: 'The password you entered is valid.', + reg_err_alert_password_tooshort: 'Your password must be 6 characters or greater in length.', + reg_err_alert_password_nomatch: 'The passwords you entered do not match.', + reg_err_missing_key: 'Couldn\'t look up public encryption key', + + reg_msg_greatercontrol: 'A user account enables you to have greater control over your browsing experience.', + reg_msg_table_title: 'Create a user account', + reg_msg_table_subtitle: 'Please tell us a little bit about yourself.', + reg_msg_username_checking: 'Checking availability...', + reg_msg_username_available: 'This username is available.', + reg_msg_username_unavailable: 'This username is already taken.', + reg_msg_password_length: 'Your password must be at least six characters in length.', + reg_msg_password_score: 'It needs to score at least %config.pw_strength_minimum% for your registration to be accepted.', + reg_msg_password_needmatch: 'The passwords you entered do not match.', + reg_msg_email_activuser: 'An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.', + reg_msg_realname_optional: 'Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.', + reg_msg_captcha_pleaseenter: 'Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can generate a new image.', + reg_msg_captcha_blind: 'If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.', + reg_msg_success_title: 'Registration successful', + reg_msg_success_body: 'Thank you for registering, your user account has been created.', + reg_msg_success_activ_none: 'You may now log in with the username and password that you created.', + reg_msg_success_activ_user: 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.', + reg_msg_success_activ_admin: 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.', + reg_msg_success_activ_coppa: 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.', + + reg_lbl_field_username: 'Preferred username:', + reg_lbl_field_password: 'Password:', + reg_lbl_field_password_confirm: 'Enter your password again to confirm.', + reg_lbl_field_email: 'E-mail address:', + reg_lbl_field_email_coppa: 'Your parent or guardian\'s e-mail address:', + reg_lbl_field_realname: 'Real name:', + reg_lbl_field_captcha: 'Visual confirmation', + reg_lbl_field_captcha_code: 'Code:', + + reg_coppa_title: 'Before you can register, please tell us your age.', + reg_coppa_link_atleast13: 'I was born on or before %yo13_date% and am at least 13 years of age', + reg_coppa_link_not13: 'I was born after %yo13_date% and am less than 13 years of age', + }, + onpage: { + lbl_pagetools: 'Page tools', + lbl_page_article: 'article', + lbl_page_admin: 'administration page', + lbl_page_system: 'system message', + lbl_page_file: 'uploaded file', + lbl_page_help: 'documentation page', + lbl_page_user: 'user page', + lbl_page_special: 'special page', + lbl_page_template: 'template', + lbl_page_project: 'project page', + lbl_page_category: 'category', + + btn_discussion: 'discussion (%num_comments%)', + btn_discussion_unapp: 'discussion (%num_comments% total, %num_unapp% unapp.)', + btn_edit: 'edit this page', + btn_viewsource: 'view source', + btn_history: 'history', + btn_moreoptions: 'more options', + + btn_rename: 'rename', + btn_printable: 'view printable version', + btn_votedelete: 'vote to delete this page', + btn_votedelete_reset: 'reset deletion votes', + lbl_wikimode: 'page wiki mode:', + btn_wikimode_on: 'on', + btn_wikimode_off: 'off', + btn_wikimode_global: 'global', + lbl_protect: 'protection:', + btn_protect_on: 'on', + btn_protect_off: 'off', + btn_protect_semi: 'semi', + btn_clearlogs: 'clear page logs', + btn_deletepage: 'delete this page', + btn_deletepage_votes: ' (%num_votes% vote%plural%)', + lbl_password: 'page password:', + btn_password_set: 'set', + btn_acl: 'manage page access', + btn_admin: 'administrative options', + }, + comment: { + lbl_subject: 'Subject', + lbl_mod_options: 'Moderator options:', + heading: 'Article comments', + btn_send_privmsg: 'Send private message', + btn_add_buddy: 'Add to buddy list', + btn_edit: 'edit', + btn_delete: 'delete', + btn_mod_approve: 'Approve', + btn_mod_unapprove: 'Unapprove', + btn_mod_delete: 'Delete', + btn_save: 'save', + + msg_comment_posted: 'Your comment has been posted. If it does not appear right away, it is probably awaiting approval.', + + msg_count_zero: 'There are no comments on this %page_type%.', + msg_count_one: 'There is 1 comment on this %page_type%.', + msg_count_plural: 'There are %num_comments% comments on this %page_type%.', + + msg_count_unapp_mod: '%num_unapp% of those are unapproved.', + msg_count_unapp_one: 'However, there is 1 additional comment awaiting approval.', + msg_count_unapp_plural: 'However, there are %num_unapp% additional comments awaiting approval.', + + msg_note_unapp: '(Unapproved)', + + msg_delete_confirm: 'Do you really want to delete this comment?', + + postform_title: 'Got something to say?', + postform_blurb: 'If you have comments or suggestions on this article, you can shout it out here.', + postform_blurb_unapp: 'Before your post will be visible to the public, a moderator will have to approve it.', + postform_blurb_captcha: 'Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.', + postform_blurb_link: 'Leave a comment...', + postform_field_name: 'Your name/screen name:', + postform_field_subject: 'Comment subject:', + postform_field_comment: 'Comment:', + postform_field_captcha_title: 'Visual confirmation:', + postform_field_captcha_blurb: 'Please enter the confirmation code seen in the image on the right into the box. If you cannot read the code, please click on the image to generate a new one. This helps to prevent automated bot posting.', + postform_field_captcha_label: 'Confirmation code:', + postform_field_captcha_cantread_js: 'If you can\'t read the code, click on the image to generate a new one.', + postform_field_captcha_cantread_nojs: 'If you can\'t read the code, please refresh this page to generate a new one.', + postform_btn_submit: 'Submit comment', + + on_friend_list: 'On your friend list', + on_foe_list: 'On your foe list', + }, + adm: { + cat_general: 'General', + cat_content: 'Content', + cat_appearance: 'Appearance', + cat_users: 'Users', + cat_security: 'Security', + cat_plugins: 'Plugin configuration', + + page_general_config: 'General configuration', + page_file_uploads: 'File uploads', + page_file_types: 'Allowed file types', + page_plugins: 'Manage plugins', + page_db_backup: 'Backup database', + + page_manager: 'Manage pages', + page_editor: 'Edit page content', + page_pg_groups: 'Manage page groups', + + page_themes: 'Manage themes', + + page_users: 'Manage users', + page_user_groups: 'Edit user groups', + page_coppa: 'COPPA support', + page_mass_email: 'Mass e-mail', + + page_security_log: 'Security log', + page_ban_control: 'Ban control', + + btn_home: 'Administration panel home', + btn_logout: 'Log out of admin panel', + btn_keepalive_off: 'Turn on keep-alive', + btn_keepalive_on: 'Turn off keep-alive', + btn_keepalive_about: 'About keep-alive', + btn_keepalive_loading: 'Loading keep-alive button...', + + err_not_auth_title: 'Error: Not authenticated', + err_not_auth_body: 'It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.', + }, + editor: { + msg_revert_confirm: 'Do you really want to revert your changes?', + msg_discard_confirm: 'Do you really want to discard your changes?', + msg_unload: 'If you do, any changes that you have made to this page will be lost.', + btn_graphical: 'graphical editor', + btn_wikitext: 'wikitext editor', + lbl_edit_summary: 'Edit summary:', + lbl_minor_edit: 'This is a minor edit', + btn_save: 'Save changes', + btn_preview: 'Show preview', + btn_revert: 'Revert changes', + btn_cancel: 'Cancel and return to page', + btn_closeviewer: 'Close viewer', + preview_blurb: 'Reminder: This is only a preview - your changes to this page have not yet been saved.', + }, + history: { + summary_clearlogs: 'Automatic backup created when logs were purged', + page_subtitle: 'History of edits and actions', + heading_edits: 'Edits:', + heading_other: 'Other changes:', + no_entries: 'No history entries in this category.', + btn_compare: 'Compare selected revisions', + col_diff: 'Diff', + col_datetime: 'Date/time', + col_user: 'User', + col_summary: 'Edit summary', + col_minor: 'Minor', + col_actions: 'Actions', + col_action_taken: 'Action taken', + col_extra: 'Extra info', + extra_reason: 'Reason:', + extra_oldtitle: 'Old title:', + tip_rdns: 'Click cell background for reverse DNS info', + action_view: 'View', + action_contrib: 'User contribs', + action_restore: 'Restore', + action_revert: 'Revert action', + log_protect: 'Protected page', + log_unprotect: 'Unprotected page', + log_semiprotect: 'Semi-protected page', + log_rename: 'Renamed page', + log_create: 'Created page', + log_delete: 'Deleted page', + log_uploadnew: 'Uploaded new file version', + lbl_comparingrevisions: 'Comparing revisions:', + }, + page: { + protect_lbl_success_title: 'Page protected', + protect_lbl_success_body: 'The protection setting has been applied. Return to the page.', + protect_err_need_reason: 'Error: you must enter a reason for protecting this page.', + protect_lbl_reason: 'Reason for protecting the page:', + protect_lbl_level: 'Protecion level to be applied:', + protect_lbl_level_none: 'No protection', + protect_lbl_level_semi: 'Semi-protection', + protect_lbl_level_full: 'Full protection', + protect_btn_submit: 'Protect page', + + rename_err_need_name: 'Error: you must enter a new name for this page.', + rename_lbl: 'Please enter a new name for this page:', + rename_btn_submit: 'Rename page', + + flushlogs_warning_stern: '

You are about to destroy all logged edits and actions on this page.

Unlike deleting or editing this page, this action is not reversible! You should only do this if you are desparate for database space.

Do you really want to continue?

', + flushlogs_btn_submit: 'Flush logs', + + delvote_warning_stern: '

Your vote counts.

If you think that this page is not relavent to the content on this site, or if it looks like this page was only created in an attempt to spam the site, you can request that this page be deleted by an administrator.

After you vote, you should leave a comment explaining the reason for your vote, especially if you are the first person to vote against this page.

', + + delvote_count_zero: 'So far, no one has voted for the deletion of this page.', + delvote_count_one: 'So far, one person has voted to delete this page.', + delvote_count_plural: 'So far, %delvotes% people have voted to delete this page.', + delvote_btn_submit: 'Vote to delete this page', + delvote_reset_btn_submit: 'Reset votes', + + delete_warning_stern: '

You are about to destroy this page.

While the deletion of the page itself is completely reversible, it is impossible to recover any comments or category information on this page. If this is a file page, the file along with all older revisions of it will be permanently deleted. Also, any custom information that this page is tagged with, such as a custom name, protection status, or additional settings such as whether to allow comments, will be permanently lost.

Are you absolutely sure that you want to continue?
You will not be asked again.

', + delete_btn_submit: 'Delete this page', + delete_lbl_reason: 'Reason for deleting:', + + wikimode_success_redirect: 'Wiki mode for this page has been set. Redirecting you to the page...', + wikimode_level_on: 'Wiki features will be enabled.', + wikimode_level_off: 'Wiki features will be disabled.', + wikimode_level_global: 'Wiki features will be synchronized to the global setting.', + wikimode_heading: 'You are changing wiki mode for this page.', + wikimode_warning: 'If you want to continue, please click the button below.', + wikimode_blurb_disable: 'Because this will disable the wiki behavior on this page, several features, most notably the ability for users to vote to have this page deleted, will be disabled as they are not relevant to non-wiki pages. In addition, users will not be able to edit this page unless an ACL rule specifically permits them.', + wikimode_blurb_enable: 'Because this will enable the wiki behavior on this page, users will gain the ability to freely edit this page unless an ACL rule specifically denies them. If your site is public and gets good traffic, you should be aware of the possiblity of vandalism, and you need to be ready to revert malicious edits to this page.', + wikimode_btn_submit: 'Set wiki mode', + + detag_err_page_exists: 'The detag action is only valid for pages that have been deleted in the past.', + detag_success_title: 'Page detagged', + detag_success_body: 'All stale tags have been removed from this page.', + }, + catedit: { + title: 'Select which categories this page should be included in.', + no_categories: 'There are no categories on this site yet.', + catbox_lbl_categories: 'Categories:', + catbox_lbl_uncategorized: '(Uncategorized)', + catbox_link_edit: 'edit categorization', + catbox_link_showcategorization: 'show page categorization', + }, + tags: { + catbox_link: 'show page tags', + lbl_page_tags: 'Page tags:', + lbl_no_tags: 'No tags on this page', + btn_add_tag: '(add a tag)', + lbl_add_tag: 'Add a tag:', + btn_add: '+ Add', + }, + delvote: { + lbl_votes_one: 'There is one user that thinks this page should be deleted.', + lbl_votes_plural: 'There are %num_users% users that think this page should be deleted.', + lbl_users_that_voted: 'Users that voted:', + btn_deletepage: 'Delete page', + btn_resetvotes: 'Reset votes', + }, + ajax: { + // Client-side messages + protect_prompt_reason: 'Reason for (un)protecting:', + rename_prompt: 'What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.', + delete_prompt_reason: 'Please enter your reason for deleting this page.', + delete_confirm: 'You are about to REVERSIBLY delete this page. Do you REALLY want to do this?\n\n(Comments and categorization data, as well as any attached files, will be permanently lost)', + delvote_confirm: 'Are you sure that you want to vote that this page be deleted?', + delvote_reset_confirm: 'This action will reset the number of votes against this page to zero. Do you really want to do this?', + clearlogs_confirm: 'You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?', + clearlogs_confirm_nag: 'You\'re ABSOLUTELY sure???', + changestyle_select: '[Select]', + changestyle_title: 'Change your theme', + changestyle_pleaseselect_theme: 'Please select a theme from the list.', + changestyle_lbl_theme: 'Theme:', + changestyle_lbl_style: 'Style:', + changestyle_success: 'Your theme preference has been changed.\nWould you like to reload the page now to see the changes?', + killphp_confirm: 'Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.', + killphp_success: 'Embedded PHP in pages has been disabled.', + lbl_moreoptions_nojs: 'More options for this page', + + // Server-side responses + rename_too_short: 'The name you entered is too short. Please enter a longer name for this page.', + rename_success: 'The page "%page_name_old%" has been renamed to "%page_name_new%". You are encouraged to leave a comment explaining your action.\n\nYou will see the change take effect the next time you reload this page.', + clearlogs_success: 'The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.', + delete_need_reason: 'Invalid reason for deletion passed. Please enter a reason for deleting this page.', + delete_success: 'This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.', + delvote_success: 'Your vote to have this page deleted has been cast.\nYou are encouraged to leave a comment explaining the reason for your vote.', + delvote_already_voted: 'It appears that you have already voted to have this page deleted.', + delvote_reset_success: 'The number of votes for having this page deleted has been reset to zero.', + password_success: 'The password for this page has been set.', + password_disable_success: 'The password for this page has been disabled.', + + }, + sidebar: { + title_navigation: 'Navigation', + title_tools: 'Tools', + title_search: 'Search', + title_links: 'Links', + + btn_home: 'Home', + btn_createpage: 'Create a page', + btn_uploadfile: 'Upload file', + btn_specialpages: 'Special pages', + btn_administration: 'Administration', + btn_editsidebar: 'Edit the sidebar', + btn_search_go: 'Go', + + btn_userpage: 'User page', + btn_mycontribs: 'My contributions', + btn_preferences: 'Preferences', + btn_privatemessages: 'Private messages', + btn_groupcp: 'Group control panel', + btn_register: 'Create an account', + btn_login: 'Log in', + btn_logout: 'Log out', + btn_changestyle: 'Change theme', + }, + acl: { + err_access_denied: 'You are not authorized to view or edit access control lists.', + err_missing_template: 'It seems that (a) the file acledit.tpl is missing from this theme, and (b) the JSON response is working.', + err_user_not_found: 'The username you entered was not found.', + err_bad_group_id: 'The group ID you submitted is not valid.', + err_demo: 'Editing access control lists is disabled in the administration demo.', + err_zero_list: 'Supplied rule list has a length of zero', + err_pleaseselect_targettype: 'Please select a target type.', + err_pleaseselect_username: 'Please enter a username.', + + radio_usergroup: 'A usergroup', + radio_user: 'A specific user', + radio_scope_thispage: 'Only this page', + radio_scope_wholesite: 'The entire website', + radio_scope_pagegroup: 'A group of pages', + + lbl_scope: 'What should this access rule control?', + lbl_welcome_title: 'Manage page access', + lbl_welcome_body: 'Please select who should be affected by this access rule.', + lbl_editwin_title_create: 'Create access rule', + lbl_editwin_title_edit: 'Editing permissions', + lbl_editwin_body: 'This panel allows you to edit what the %target_type% "%target%" can do on %scope_type%. Unless you set a permission to "Deny", these permissions may be overridden by other rules.', + lbl_deleterule: 'Delete this rule', + lbl_save_success_title: 'Permissions updated', + lbl_save_success_body: 'The permissions for %target_name% on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.', + lbl_delete_success_title: 'Rule deleted', + lbl_delete_success_body: 'The access rules for %target_name% on this page have been deleted.', + lbl_field_deny: 'Deny', + lbl_field_disallow: 'Disallow', + lbl_field_wikimode: 'Wiki mode', + lbl_field_allow: 'Allow', + lbl_help: '

Permission types:

  • Allow means that the user is allowed to access the item
  • Wiki mode means the user can access the item if wiki mode is active (per-page wiki mode is taken into account)
  • Disallow means the user is denied access unless something allows it.
  • Deny means that the user is denied access to the item. This setting overrides all other permissions.
', + + scope_type_wholesite: 'this entire site', + scope_type_thispage: 'this page', + scope_type_pagegroup: 'this group of pages', + + target_type_user: 'user', + target_type_group: 'group', + + msg_guest_howto: 'To edit permissions for guests, select "a specific user", and enter Anonymous as the username.', + msg_deleterule_confirm: 'Do you really want to delete this rule?', + msg_closeacl_confirm: 'Do you really want to close the ACL manager?', + + btn_success_dismiss: 'dismiss', + btn_success_close: 'close manager', + btn_deleterule: 'Delete rule', + btn_createrule: 'Create rule', + btn_returnto_editor: 'Return to ACL editor', + btn_returnto_userscope: 'Return to user/scope selection', + }, + perm: { + read: 'Read page(s)', + post_comments: 'Post comments', + edit_comments: 'Edit own comments', + edit_page: 'Edit page', + view_source: 'View source', + mod_comments: 'Moderate comments', + history_view: 'View history/diffs', + history_rollback: 'Rollback history', + history_rollback_extra: 'Undelete page(s)', + protect: 'Protect page(s)', + rename: 'Rename page(s)', + clear_logs: 'Clear page logs (dangerous)', + vote_delete: 'Vote to delete', + vote_reset: 'Reset delete votes', + delete_page: 'Delete page(s)', + tag_create: 'Tag page(s)', + tag_delete_own: 'Remove own page tags', + tag_delete_other: 'Remove others\' page tags', + set_wiki_mode: 'Set per-page wiki mode', + password_set: 'Set password', + password_reset: 'Disable/reset password', + mod_misc: 'Super moderator (generate SQL backtraces, view IP addresses, and send large numbers of private messages)', + edit_cat: 'Edit categorization', + even_when_protected: 'Allow editing, renaming, and categorization even when protected', + upload_files: 'Upload files', + upload_new_version: 'Upload new versions of files', + create_page: 'Create pages', + php_in_pages: 'Embed PHP code in pages', + edit_acl: 'Edit access control lists', + }, + etc: { + redirect_title: 'Redirecting...', + redirect_body: 'Please wait while you are redirected.', + redirect_timeout: 'If you are not redirected within %timeout% seconds, please click here.', + // Generic "Save Changes" button + save_changes: 'Save changes', + // Generic "Cancel changes" button + cancel_changes: 'Cancel changes', + // Generic wizard buttons + wizard_next: 'Next >', + wizard_back: '< Back', + wizard_previous: '< Previous', + // Generic "Notice:" label + lbl_notice: 'Notice:', + // Generic "Access denied" + access_denied: 'Access to the specified file, resource, or action is denied.', + access_denied_short: 'Access denied', + return_to_page: 'Return to the page', + invalid_request_short: 'Invalid request', + // Message box buttons + ok: 'OK', + cancel: 'Cancel', + yes: 'Yes', + no: 'No' + } + } +}; + +// All done! :-) + diff -r 3daa715e0f69 -r b11a2f1353c0 plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Sat Nov 03 14:15:14 2007 -0400 +++ b/plugins/PrivateMessages.php Sat Nov 03 14:30:53 2007 -0400 @@ -35,12 +35,18 @@ function page_Special_PrivateMessages() { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$session->user_logged_in) die_friendly('Access denied', '

You need to log in to view your private messages.

'); + if ( !$session->user_logged_in ) + { + die_friendly('Access denied', '

You need to log in to view your private messages.

'); + } $argv = Array(); $argv[] = $paths->getParam(0); $argv[] = $paths->getParam(1); $argv[] = $paths->getParam(2); - if(!$argv[0]) $argv[0] = 'InVaLiD'; + if ( !$argv[0] ) + { + $argv[0] = 'InVaLiD'; + } switch($argv[0]) { default: @@ -48,17 +54,29 @@ break; case 'View': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '

You are not authorized to view this message.

'); - if($r['message_to'] == $session->username) + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) + { + die_friendly('Access denied', '

You are not authorized to view this message.

'); + } + if ( $r['message_to'] == $session->username ) { $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); $db->free_result(); - if(!$q) $db->_die('Could not mark message as read'); + if ( !$q ) + { + $db->_die('Could not mark message as read'); + } } $template->header(); userprefs_show_menu(); @@ -69,7 +87,7 @@ Subject: Date: Message:'; echo RenderMan::render($r['signature']); @@ -82,33 +100,60 @@ break; case 'Move': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to alter this message.

'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', '

You are not authorized to alter this message.

'); + } $fname = $argv[2]; - if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) + { + die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + } $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); $db->free_result(); - if(!$q) $db->_die('The message was not successfully moved.'); + if ( !$q ) + { + $db->_die('The message was not successfully moved.'); + } die_friendly('Message status', '

Your message has been moved to the folder "'.$fname.'".

Return to inbox

'); break; case 'Delete': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); - if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to delete this message.

'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', '

You are not authorized to delete this message.

'); + } $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); - if(!$q) $db->_die('The message was not successfully deleted.'); + if ( !$q ) + { + $db->_die('The message was not successfully deleted.'); + } $db->free_result(); die_friendly('Message status', '

The message has been deleted.

Return to inbox

'); break; case 'Compose': - if($argv[1]=='Send' && isset($_POST['_send'])) + if ( $argv[1]=='Send' && isset($_POST['_send']) ) { // Check each POST DATA parameter... if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); @@ -191,10 +236,26 @@ ?>
- - - - + + + + + + + + + + +
Compose new private message
To:
Separate multiple names with a single comma; you
can send this message to up to users.
username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
Subject:
Message:
Compose new private message
+ To:
+ Separate multiple names with a single comma; you
+ may send this message to up to users.
+
+ username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> +
+ Subject: + +
Message:
- - - + + +
Edit draft
To:
Separate multiple names with a single comma
Subject:
Message:
To:
Separate multiple names with a single comma
Subject:
Message:
auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -115,9 +118,12 @@ function page_Admin_GeneralConfig() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -203,6 +209,16 @@ setConfig('pw_strength_minimum', $strength); } + // Account lockout policy + if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) ) + setConfig('lockout_threshold', $_POST['lockout_threshold']); + + if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) ) + setConfig('lockout_duration', $_POST['lockout_duration']); + + if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) ) + setConfig('lockout_policy', $_POST['lockout_policy']); + echo '
Your changes to the site configuration have been saved.

'; } @@ -351,6 +367,43 @@ + + + Account lockouts + + Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times. + + + Lockout threshold:
+ How many times can a user enter wrong credentials before a lockout goes into effect? + + + + + + + + Lockout duration:
+ This is how long an account lockout should last, in minutes. + + + + + + + + Lockout policy:
+ What should be done when a lockout goes into effect? + + +
+
+ + + + + + Password strength @@ -464,9 +517,12 @@ function page_Admin_UploadConfig() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -581,9 +637,12 @@ function page_Admin_PluginManager() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -722,9 +781,12 @@ function page_Admin_UploadAllowedMimeTypes() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -785,9 +847,12 @@ function page_Admin_Sidebar() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -842,9 +907,12 @@ /* function page_Admin_UserManager() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -1112,9 +1180,12 @@ function page_Admin_GroupManager() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -1471,9 +1542,12 @@ function page_Admin_COPPA() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -1544,9 +1618,12 @@ function page_Admin_PageManager() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -1740,9 +1817,12 @@ function page_Admin_PageEditor() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -1840,9 +1920,12 @@ { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -2103,15 +2186,18 @@ function page_Admin_BanControl() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '') { - $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . ''); + $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . ''); if(!$e) $db->_die('The ban list entry was not deleted.'); } if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE')) @@ -2215,9 +2301,12 @@ function page_Admin_MassEmail() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -2431,9 +2520,12 @@ function page_Admin_DBBackup() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -2535,9 +2627,12 @@ function page_Admin_AdminLogout() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; return; } @@ -2548,6 +2643,7 @@ function page_Special_Administration() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if($session->auth_level < USER_LEVEL_ADMIN) { redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0); @@ -2573,7 +2669,7 @@ } if ( t == namespace_list.Admin + 'AdminLogout' ) { - var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.'); + var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title_elev'), $lang.get('user_logout_confirm_body_elev')); mb.onclick['Yes'] = function() { var tigraentry = document.getElementById('i_div0_0').parentNode; var tigraobj = $(tigraentry); @@ -2685,7 +2781,7 @@ } else { - echo '
Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.
'; + echo ''; } ?> @@ -2710,6 +2806,7 @@ function page_Special_EditSidebar() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if($session->auth_level < USER_LEVEL_ADMIN) { @@ -3194,7 +3291,7 @@ $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; break; } - $block_name = $template->tplWikiFormat($row['block_name']); + $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']); if ( empty($block_name) ) $block_name = '<Unnamed>'; $t = '' . $block_name . ''; diff -r 3daa715e0f69 -r b11a2f1353c0 plugins/SpecialPageFuncs.php --- a/plugins/SpecialPageFuncs.php Sat Nov 03 14:15:14 2007 -0400 +++ b/plugins/SpecialPageFuncs.php Sat Nov 03 14:30:53 2007 -0400 @@ -358,6 +358,8 @@ function page_Special_About_Enano() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + $platform = 'Unknown'; $uname = @file_get_contents('/proc/sys/kernel/ostype'); if($uname == "Linux\n") @@ -378,23 +380,52 @@
-
About the Enano Content Management System

This website is powered by Enano, the lightweight and open source - CMS that everyone can use. Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano - uses, please see Legal Information.

-

The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified, - distributed, and used to create derivative works. For more information about Free Software, check out the - Wikipedia page or - the Free Software Foundation's homepage.

-

This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

-

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

-

You should have received a copy of - the GNU General Public License along with this program; if not, write to:

-

Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor
- Boston, MA 02110-1301, USA

-

Alternatively, you can read it online.

+
+ get('meta_enano_about_poweredby'); + $subst = array( + 'gpl_link' => makeUrlNS('Special', 'GNU_General_Public_License') + ); + echo $lang->get('meta_enano_about_gpl', $subst); + if ( $lang->lang_code != 'eng' ): + // Do not remove this block of code. Doing so is a violation of the GPL. (A copy of the GPL in other languages + // must be accompanied by a copy of the English GPL.) + ?> +

(English)

+

+ This website is powered by Enano, the lightweight and open source CMS that everyone can use. + Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano uses, please + see Legal Information. +

+

+ The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified, + distributed, and used to create derivative works. For more information about Free Software, check out the + Wikipedia page or + the Free Software Foundation's homepage. +

+

+ This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. +

+

+ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. +

+

+ You should have received a copy of + the GNU General Public License along with this program; if not, write to: +

+

+ Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor
+ Boston, MA 02110-1301, USA +

+

+ Alternatively, you can read it online. +

+
@@ -417,11 +448,11 @@
- Enano version: - Web server: - Server platform: - PHP version: - MySQL version:_conn); ?> + get('meta_enano_about_lbl_enanoversion'); ?> + get('meta_enano_about_lbl_webserver'); ?> + get('meta_enano_about_lbl_serverplatform'); ?> + get('meta_enano_about_lbl_phpversion'); ?> + get('meta_enano_about_lbl_mysqlversion'); ?>_conn); ?>
\'Special\', \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', )); + + $paths->add_page(Array( + \'name\'=>\'Language exporter\', + \'urlname\'=>\'LangExportJSON\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + '); // function names are IMPORTANT!!! The name pattern is: page__ @@ -100,18 +108,65 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $__login_status; + global $lang; $pubkey = $session->rijndael_genkey(); $challenge = $session->dss_rand(); + $locked_out = false; + // are we locked out? + $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5; + $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; + // convert to minutes + $duration = $duration * 60; + $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; + if ( $policy != 'disable' ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + $timestamp_cutoff = time() - $duration; + $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); + $fails = $db->numrows(); + if ( $fails >= $threshold ) + { + $row = $db->fetchrow(); + $locked_out = true; + $lockdata = array( + 'locked_out' => true, + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy, + 'lockout_last_time' => $row['timestamp'], + 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), + 'captcha' => '' + ); + if ( $policy == 'captcha' ) + { + $lockdata['captcha'] = $session->make_captcha(); + } + } + $db->free_result(); + } + if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) { $username = ( $session->user_logged_in ) ? $session->username : false; $response = Array( 'username' => $username, 'key' => $pubkey, - 'challenge' => $challenge + 'challenge' => $challenge, + 'locked_out' => false ); + + if ( $locked_out ) + { + foreach ( $lockdata as $x => $y ) + { + $response[$x] = $y; + } + unset($x, $y); + } + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); $response = $json->encode($response); echo $response; @@ -135,10 +190,53 @@ $paths->main_page(); $template->header(); echo '
'; - $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.'; + $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short'); if ( isset($_POST['login']) ) { - echo '

'.$__login_status.'

'; + $errstring = $__login_status['error']; + switch($__login_status['error']) + { + case 'key_not_found': + $errstring = $lang->get('user_err_key_not_found'); + break; + case 'key_wrong_length': + $errstring = $lang->get('user_err_key_wrong_length'); + break; + case 'too_big_for_britches': + $errstring = $lang->get('user_err_too_big_for_britches'); + break; + case 'invalid_credentials': + $errstring = $lang->get('user_err_invalid_credentials'); + if ( $__login_status['lockout_policy'] == 'lockout' ) + { + $errstring .= $lang->get('err_invalid_credentials_lockout', array('lockout_fails' => $__login_status['lockout_fails'])); + } + else if ( $__login_status['lockout_policy'] == 'captcha' ) + { + $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('lockout_fails' => $__login_status['lockout_fails'])); + } + break; + case 'backend_fail': + $errstring = $lang->get('user_err_backend_fail'); + break; + case 'locked_out': + $attempts = intval($__login_status['lockout_fails']); + if ( $attempts > $__login_status['lockout_threshold']) + $attempts = $__login_status['lockout_threshold']; + + $server_time = time(); + $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); + if ( $time_rem < 1 ) + $time_rem = $__login_status['lockout_duration']; + + $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural'); + + $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('err_locked_out_captcha_blurb') : ''; + $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem)); + + break; + } + echo '
'.$errstring.'
'; } if ( $p = $paths->getAllParams() ) { @@ -159,18 +257,18 @@ Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can create an account.

'; + echo '

' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '

'; } else { - echo '

You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.

'; + echo '

' . $lang->get('user_login_body_elev') . '

'; } ?> - Username: + get('user_login_field_username'); ?>: /> - - Forgot your password? No problem.
- Maybe you need to create an account.
+ + get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?>
+ get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?>
- Password:
+ + get('user_login_field_password'); ?>: + - + + + get('user_login_field_captcha'); ?>:
+ + + + + + + -

Important note regarding cryptography: Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should log in without using encryption.

-

This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.

+ getAllParams() ) ? '/' . $return : ''; + $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true); + echo '

' . $lang->get('user_login_nocrypt_title') . ' ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '

'; + echo '

' . $lang->get('user_login_nocrypt_countrylist') . '

'; + } + else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) ) + { + $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : ''; + $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true); + echo '

' . $lang->get('user_login_usecrypt_title') . ' ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '

'; + echo '

' . $lang->get('user_login_usecrypt_countrylist') . '

'; + } + ?> - @@ -237,17 +364,18 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $__login_status; + global $lang; if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) { $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);'); $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); $data = $json->decode($_POST['params']); + $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false; + $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false; $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; - $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level); + $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code); $session->start(); - //echo "$result\n$session->sid_super"; - //exit; - if ( $result == 'success' ) + if ( $result['success'] ) { $response = Array( 'result' => 'success', @@ -256,9 +384,16 @@ } else { + $captcha = ''; + if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' ) + { + $session->kill_captcha(); + $captcha = $session->make_captcha(); + } $response = Array( 'result' => 'error', - 'error' => $result + 'data' => $result, + 'captcha' => $captcha ); } $response = $json->encode($response); @@ -267,27 +402,37 @@ exit; } if(isset($_POST['login'])) { + $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false; + $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false; if($_POST['use_crypt'] == 'yes') { - $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level'])); + $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code); } else { - $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level'])); + $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code); } $session->start(); $paths->init(); - if($result == 'success') + if($result['success']) { $template->load_theme($session->theme, $session->style); if(isset($_POST['return_to'])) { $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; - redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); + $subst = array( + 'username' => $session->username, + 'redir_target' => $name + ); + redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); } else { - redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' ); + $subst = array( + 'username' => $session->username, + 'redir_target' => $lang->get('user_login_success_body_mainpage') + ); + redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) ); } } else @@ -317,22 +462,26 @@ function page_Special_Logout() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( !$session->user_logged_in ) $paths->main_page(); $l = $session->logout(); if ( $l == 'success' ) { - redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); + + redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); } $template->header(); - echo '

An error occurred during the logout process.

'.$l.'

'; + echo '

' . $lang->get('user_logout_err_title') . '

'; + echo '

' . $l . '

'; $template->footer(); } function page_Special_Register() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; // form field trackers $username = ''; @@ -341,8 +490,8 @@ if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) { - $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

Oops...it seems that you are the administrator...hehe...you can also force account registration to work.

' : ''; - die_friendly('Registration disabled', '

The administrator has disabled new user registration on this site.

' . $s); + $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '

' : ''; + die_friendly($lang->get('user_reg_err_disabled_title'), '

' . $lang->get('user_reg_err_disabled_body') . '

' . $s); } if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) { @@ -355,7 +504,7 @@ $captcharesult = $session->get_captcha($_POST['captchahash']); if($captcharesult != $_POST['captchacode']) { - $s = 'The confirmation code you entered was incorrect.'; + $s = $lang->get('user_reg_err_captcha'); } else { @@ -379,7 +528,7 @@ $crypt_key = $session->fetch_public_key($_POST['crypt_key']); if ( !$crypt_key ) { - $s = 'Couldn\'t look up public encryption key'; + $s = $lang->get('user_reg_err_missing_key'); } else { @@ -406,28 +555,28 @@ { case "none": default: - $str = 'You may now log in with the username and password that you created.'; + $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true))); break; case "user": - $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.'; + $str = $lang->get('user_reg_msg_success_activ_user'); break; case "admin": - $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.'; + $str = $lang->get('user_reg_msg_success_activ_admin'); break; } - die_friendly('Registration successful', '

Thank you for registering, your user account has been created. '.$str.'

'); + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); } else if ( $s == 'success' && $coppa ) { - $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.'; - die_friendly('Registration successful', '

Thank you for registering, your user account has been created. '.$str.'

'); + $str = $lang->get('user_reg_msg_success_activ_coppa'); + die_friendly($lang->get('user_reg_msg_success_title'), '

' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '

'); } $username = htmlspecialchars($_POST['username']); $email = htmlspecialchars($_POST['email']); $realname = htmlspecialchars($_POST['real_name']); } $template->header(); - echo 'A user account enables you to have greater control over your browsing experience.'; + echo $lang->get('user_reg_msg_greatercontrol'); if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) { @@ -439,22 +588,22 @@ $challenge = $session->dss_rand(); ?> -

Create a user account

- +

get('user_reg_msg_table_title'); ?>

+
- + '; ?> @@ -499,18 +648,24 @@ @@ -597,6 +752,18 @@ var frm = document.forms.regform; if ( frm.password.value.length < 1 ) return true; + pass1 = frm.password.value; + pass2 = frm.password_confirm.value; + if ( pass1 != pass2 ) + { + alert($lang.get('user_reg_err_alert_password_nomatch')); + return false; + } + if ( pass1.length < 6 && pass1.length > 0 ) + { + alert($lang.get('user_reg_err_alert_password_tooshort')); + return false; + } if(aes_testpassed) { frm.use_crypt.value = 'yes'; @@ -609,21 +776,6 @@ len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; alert('The key is messed up\nType: '+typeof(cryptkey)+len); } - } - pass1 = frm.password.value; - pass2 = frm.password_confirm.value; - if ( pass1 != pass2 ) - { - alert('The passwords you entered do not match.'); - return false; - } - if ( pass1.length < 6 && pass1.length > 0 ) - { - alert('The new password must be 6 characters or greater in length.'); - return false; - } - if(aes_testpassed) - { pass = frm.password.value; pass = stringToByteArray(pass); cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); @@ -645,24 +797,37 @@
Please tell us a little bit about yourself.
get('user_reg_msg_table_subtitle'); ?>
'.$s.'
- Preferred username: + get('user_reg_lbl_field_username'); ?> - + Good/bad icon @@ -464,14 +613,14 @@
- Password: + get('user_reg_lbl_field_password'); ?> -10 ): ?> - It needs to score at least for your registration to be accepted. + get('user_reg_msg_password_score'); ?> - Loading... + Loading... Good/bad icon @@ -481,7 +630,7 @@
- Enter your password again to confirm. + get('user_reg_lbl_field_password_confirm'); ?>
-mail address: + if ( $coppa ) + { + echo $lang->get('user_reg_lbl_field_email_coppa'); + } + else + { + echo $lang->get('user_reg_lbl_field_email'); + } + ?> An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.'; + echo '
' . $lang->get('user_reg_msg_email_activuser') . ''; } ?>
- + Good/bad icon @@ -520,8 +675,8 @@
- Real name:
- Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site. + get('user_reg_lbl_field_realname'); ?>
+ get('user_reg_msg_realname_optional'); ?>
@@ -531,11 +686,11 @@
- Visual confirmation
+ get('user_reg_lbl_field_captcha'); ?>
- Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can generate a new image.
+ get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?>

- If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you. + get('user_reg_msg_captcha_blind'); ?>
@@ -547,7 +702,7 @@
- Code: + get('user_reg_lbl_field_captcha_code'); ?>