# HG changeset patch # User Dan # Date 1243014542 14400 # Node ID 79770fb4132aedac76630d61628c04d225740b72 # Parent dbefcae6b5cd007b13e254b39e254f39858c3d7c Sped up AJAX de-auth a little; added a little extra info to login_success JSON responses diff -r dbefcae6b5cd -r 79770fb4132a includes/clientside/static/login.js --- a/includes/clientside/static/login.js Sat May 16 02:06:30 2009 +0000 +++ b/includes/clientside/static/login.js Fri May 22 13:49:02 2009 -0400 @@ -376,10 +376,11 @@ * @param object JSON packet to send */ -window.ajaxLoginPerformRequest = function(json) +window.ajaxLoginPerformRequest = function(json, _hookfunc) { json = toJSONString(json); json = ajaxEscape(json); + var hookfunc = typeof(_hookfunc) == 'function' ? _hookfunc : false; ajaxPost(makeUrlNS('Special', 'Login/action.json'), 'r=' + json, function(ajax) { if ( ajax.readyState == 4 && ajax.status == 200 ) @@ -392,7 +393,7 @@ return false; } response = parseJSON(response); - ajaxLoginProcessResponse(response); + ajaxLoginProcessResponse(response, hookfunc); } }, true); } @@ -402,7 +403,7 @@ * @param object JSON response */ -window.ajaxLoginProcessResponse = function(response) +window.ajaxLoginProcessResponse = function(response, hookfunc) { // Did the server send a plaintext error? if ( response.mode == 'error' ) @@ -430,7 +431,7 @@ break; case 'login_success': ajaxLoginSetStatus(AJAX_STATUS_SUCCESS); - logindata.successfunc(response.key); + logindata.successfunc(response.key, response); break; case 'login_failure': // Rid ourselves of any loading windows @@ -476,6 +477,10 @@ case 'noop': break; } + if ( hookfunc ) + { + hookfunc(response); + } } /* @@ -1125,20 +1130,19 @@ { var mp = miniPromptGetParent(this); var whitey = whiteOutMiniPrompt(mp); - setTimeout(function() - { - whiteOutReportSuccess(whitey); - setTimeout(function() - { - miniPromptDestroy(mp); - }, 1250); - }, 1000); ajaxLoginPerformRequest({ mode: 'logout', level: auth_level, csrf_token: csrf_token - }); + }, function(response) + { + whiteOutReportSuccess(whitey); + setTimeout(function() + { + miniPromptDestroy(mp); + }, 1250); + }); return false; } }); @@ -1262,17 +1266,24 @@ window.ajaxDynamicReauth = function(adminpage, level) { + if ( auth_level < USER_LEVEL_ADMIN ) + { + ajaxStartLogin(); + return false; + } + var old_sid = ENANO_SID; var targetpage = adminpage; if ( !level ) { level = USER_LEVEL_ADMIN; } - ajaxLogonInit(function(k) + ajaxLogonInit(function(k, response) { ajaxLoginReplaceSIDInline(k, old_sid, level); + window.user_id = response.user_id; + window.user_level = response.user_level; mb_current_obj.destroy(); - console.debug(targetpage); if ( typeof(targetpage) == 'string' ) { ajaxPage(targetpage); diff -r dbefcae6b5cd -r 79770fb4132a includes/sessions.php --- a/includes/sessions.php Sat May 16 02:06:30 2009 +0000 +++ b/includes/sessions.php Fri May 22 13:49:02 2009 -0400 @@ -927,6 +927,9 @@ $session_key = hmac_sha1($password_hmac, $salt); } + // Minimum level + $level = max(array($level, USER_LEVEL_MEMBER)); + // Type of key $key_type = ( $level > USER_LEVEL_MEMBER ) ? SK_ELEV : ( $remember ? SK_LONG : SK_SHORT ); @@ -958,6 +961,10 @@ if(!is_int($level)) die('Somehow an SQL injection attempt crawled into our session registrar! (2)'); + // Update RAM + $this->user_id = $user_id; + $this->user_level = max(array($this->user_level, $level)); + // All done! $query = $db->sql_query('INSERT INTO '.table_prefix.'session_keys(session_key, salt, user_id, auth_level, source_ip, time, key_type) VALUES(\''.$keyhash.'\', \''.$db->escape($salt).'\', '.$user_id.', '.$level.', \''.$ip.'\', '.$time.', ' . $key_type . ');'); if ( !$query && defined('IN_ENANO_UPGRADE') ) @@ -3999,7 +4006,7 @@ * login_build_userinfo, that will be in the $userinfo array here. Expected return values are: true if your plugin has * not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array * with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other - * than these will be ignored. + * than these will be treated as a pass-through, and the user's password will be validated through Enano's standard process. * @hook login_process_userdata_json */ @@ -4011,7 +4018,9 @@ { return array( 'mode' => 'login_success', - 'key' => ( $this->sid_super ) ? $this->sid_super : false + 'key' => ( $this->sid_super ) ? $this->sid_super : false, + 'user_id' => $this->user_id, + 'user_level' => $this->user_level ); } else if ( is_array($result) ) @@ -4047,7 +4056,9 @@ { return array( 'mode' => 'login_success', - 'key' => ( $this->sid_super ) ? $this->sid_super : false + 'key' => ( $this->sid_super ) ? $this->sid_super : false, + 'user_id' => $this->user_id, + 'user_level' => $this->user_level ); } else