0
+ − 1
<?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2
/**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3
{
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4
"Plugin Name" : "plugin_specialuserfuncs_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5
"Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6
"Description" : "plugin_specialuserfuncs_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7
"Author" : "Dan Fuhry",
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 8
"Version" : "1.1.6",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9
"Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10
}
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11
**!*/
0
+ − 12
+ − 13
/*
+ − 14
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 15
* Version 1.1.6 (Caoineag beta 1)
536
+ − 16
* Copyright (C) 2006-2008 Dan Fuhry
0
+ − 17
*
+ − 18
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 19
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 20
*
+ − 21
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 22
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 23
*/
+ − 24
+ − 25
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 26
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 27
// $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 28
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 29
function SpecialUserFuncs_paths_init()
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 30
{
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 31
register_special_page('Login', 'specialpage_log_in');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 32
register_special_page('Logout', 'specialpage_log_out');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 33
register_special_page('Register', 'specialpage_register');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 34
register_special_page('Preferences', 'specialpage_preferences');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 35
register_special_page('Contributions', 'specialpage_contributions');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 36
register_special_page('ChangeStyle', 'specialpage_change_theme');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 37
register_special_page('ActivateAccount', 'specialpage_activate_account');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 38
register_special_page('Captcha', 'specialpage_captcha');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 39
register_special_page('PasswordReset', 'specialpage_password_reset');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 40
register_special_page('Memberlist', 'specialpage_member_list');
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 41
register_special_page('LangExportJSON', 'specialpage_language_export', false);
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 42
register_special_page('Avatar', 'specialpage_avatar', false);
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 43
}
0
+ − 44
+ − 45
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 46
+ − 47
$__login_status = '';
+ − 48
+ − 49
function page_Special_Login()
+ − 50
{
+ − 51
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 52
global $__login_status;
209
+ − 53
global $lang;
0
+ − 54
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 55
require_once(ENANO_ROOT . '/includes/math.php');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 56
require_once(ENANO_ROOT . '/includes/diffiehellman.php');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 57
global $dh_supported;
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 58
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 59
$locked_out = false;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 60
// are we locked out?
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 61
$threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 62
$duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 63
// convert to minutes
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 64
$duration = $duration * 60;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 65
$policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 66
if ( $policy != 'disable' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 67
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 68
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 69
$timestamp_cutoff = time() - $duration;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 70
$q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 71
$fails = $db->numrows();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 72
if ( $fails >= $threshold )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 73
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 74
$row = $db->fetchrow();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 75
$locked_out = true;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 76
$lockdata = array(
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 77
'locked_out' => true,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 78
'lockout_threshold' => $threshold,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 79
'lockout_duration' => ( $duration / 60 ),
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 80
'lockout_fails' => $fails,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 81
'lockout_policy' => $policy,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 82
'lockout_last_time' => $row['timestamp'],
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 83
'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 84
'captcha' => ''
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 85
);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 86
if ( $policy == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 87
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 88
$lockdata['captcha'] = $session->make_captcha();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 89
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 90
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 91
$db->free_result();
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 92
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 93
0
+ − 94
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 95
{
436
+ − 96
header('Content-type: text/javascript');
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 97
$username = ( $session->user_logged_in ) ? $session->username : false;
0
+ − 98
$response = Array(
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 99
'username' => $username,
0
+ − 100
'key' => $pubkey,
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 101
'challenge' => $challenge,
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 102
'locked_out' => false
0
+ − 103
);
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 104
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 105
if ( $locked_out )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 106
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 107
foreach ( $lockdata as $x => $y )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 108
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 109
$response[$x] = $y;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 110
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 111
unset($x, $y);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 112
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 113
436
+ − 114
// 1.1.3: generate diffie hellman key
+ − 115
$response['dh_supported'] = $dh_supported;
+ − 116
if ( $dh_supported )
+ − 117
{
+ − 118
$dh_key_priv = dh_gen_private();
+ − 119
$dh_key_pub = dh_gen_public($dh_key_priv);
+ − 120
$dh_key_priv = $_math->str($dh_key_priv);
+ − 121
$dh_key_pub = $_math->str($dh_key_pub);
+ − 122
$response['dh_public_key'] = $dh_key_pub;
+ − 123
// store the keys in the DB
+ − 124
$q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
+ − 125
if ( !$q )
+ − 126
$db->die_json();
+ − 127
}
+ − 128
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 129
$response = enano_json_encode($response);
0
+ − 130
echo $response;
+ − 131
return null;
+ − 132
}
+ − 133
+ − 134
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 135
if ( isset($_POST['login']) )
+ − 136
{
+ − 137
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 138
{
+ − 139
$level = intval($_POST['auth_level']);
+ − 140
}
+ − 141
}
+ − 142
+ − 143
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 144
{
+ − 145
$level = USER_LEVEL_MEMBER;
+ − 146
}
93
+ − 147
if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
+ − 148
$paths->main_page();
0
+ − 149
$template->header();
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 150
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="try{runEncryption();}catch(e){};">';
209
+ − 151
$header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
0
+ − 152
if ( isset($_POST['login']) )
+ − 153
{
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 154
$errstring = $__login_status['error'];
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 155
switch($__login_status['error'])
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 156
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 157
case 'key_not_found':
209
+ − 158
$errstring = $lang->get('user_err_key_not_found');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 159
break;
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 160
case 'ERR_DH_KEY_NOT_FOUND':
586
234ddd896555
Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
diff
changeset
+ − 161
$errstring = $lang->get('user_err_dh_key_not_found'); // . " -- {$__login_status['debug']}";
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 162
break;
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 163
case 'ERR_DH_KEY_NOT_INTEGER':
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 164
$errstring = $lang->get('user_err_dh_key_not_numeric');
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 165
break;
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 166
case 'key_wrong_length':
209
+ − 167
$errstring = $lang->get('user_err_key_wrong_length');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 168
break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 169
case 'too_big_for_britches':
209
+ − 170
$errstring = $lang->get('user_err_too_big_for_britches');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 171
break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 172
case 'invalid_credentials':
209
+ − 173
$errstring = $lang->get('user_err_invalid_credentials');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 174
if ( $__login_status['lockout_policy'] == 'lockout' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 175
{
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 176
$errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 177
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 178
else if ( $__login_status['lockout_policy'] == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 179
{
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 180
$errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 181
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 182
break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 183
case 'backend_fail':
209
+ − 184
$errstring = $lang->get('user_err_backend_fail');
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 185
break;
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 186
case 'locked_out':
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 187
$attempts = intval($__login_status['lockout_fails']);
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 188
if ( $attempts > $__login_status['lockout_threshold'])
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 189
$attempts = $__login_status['lockout_threshold'];
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 190
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 191
$server_time = time();
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 192
$time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
209
+ − 193
if ( $time_rem < 1 )
+ − 194
$time_rem = $__login_status['lockout_duration'];
182
c69730750be3
Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
diff
changeset
+ − 195
209
+ − 196
$s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
+ − 197
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 198
$captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('user_err_locked_out_captcha_blurb') : '';
209
+ − 199
$errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
+ − 200
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 201
break;
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 202
default:
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 203
$errstring = $lang->get($errstring);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 204
break;
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 205
}
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 206
echo '<div class="error-box-mini">'.$errstring.'</div>';
0
+ − 207
}
+ − 208
if ( $p = $paths->getAllParams() )
+ − 209
{
+ − 210
echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 211
}
+ − 212
else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 213
{
+ − 214
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 215
}
+ − 216
?>
+ − 217
<div class="tblholder">
+ − 218
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 219
<tr>
+ − 220
<th colspan="3"><?php echo $header; ?></th>
+ − 221
</tr>
+ − 222
<tr>
+ − 223
<td colspan="3" class="row1">
+ − 224
<?php
+ − 225
if ( $level <= USER_LEVEL_MEMBER )
+ − 226
{
209
+ − 227
echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
0
+ − 228
}
+ − 229
else
+ − 230
{
209
+ − 231
echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
0
+ − 232
}
+ − 233
?>
+ − 234
</td>
+ − 235
</tr>
+ − 236
<tr>
+ − 237
<td class="row2">
209
+ − 238
<?php echo $lang->get('user_login_field_username'); ?>:
0
+ − 239
</td>
+ − 240
<td class="row1">
+ − 241
<input name="username" size="25" type="text" <?php
+ − 242
if ( $level <= USER_LEVEL_MEMBER )
+ − 243
{
+ − 244
echo 'tabindex="1" ';
+ − 245
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 246
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 247
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 248
echo 'tabindex="3" ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 249
}
0
+ − 250
if ( $session->user_logged_in )
+ − 251
{
+ − 252
echo 'value="' . $session->username . '"';
+ − 253
}
+ − 254
?> />
+ − 255
</td>
+ − 256
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 257
<td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
209
+ − 258
<small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
+ − 259
<?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
0
+ − 260
</td>
+ − 261
<?php } ?>
+ − 262
</tr>
+ − 263
<tr>
209
+ − 264
<td class="row2">
+ − 265
<?php echo $lang->get('user_login_field_password'); ?>:
+ − 266
</td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
0
+ − 267
</tr>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 268
<?php
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 269
if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 270
{
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 271
?>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 272
<tr>
209
+ − 273
<td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 274
</tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 275
<tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 276
<td class="row3">
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 277
<img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 278
</td>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 279
</tr>
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 280
<?php
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 281
}
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 282
$code = $plugins->setHook('login_form_html');
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 283
foreach ( $code as $cmd )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 284
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 285
eval($cmd);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 286
}
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 287
if ( $level <= USER_LEVEL_MEMBER )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 288
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 289
// "remember me" switch
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 290
// first order of business is to determine what the checkbox should say
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 291
$session_time = intval(getConfig('session_remember_time', '30'));
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 292
if ( $session_time === 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 293
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 294
// sessions are infinite
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 295
$text_remember = $lang->get('user_login_check_remember_infinite');
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 296
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 297
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 298
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 299
// is the number of days evenly divisible by 7? if so, use weeks
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 300
if ( $session_time % 7 == 0 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 301
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 302
$session_time = $session_time / 7;
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 303
$unit = 'week';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 304
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 305
else
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 306
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 307
$unit = 'day';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 308
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 309
// if it's not equal to 1, pluralize it
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 310
if ( $session_time != 1 )
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 311
{
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 312
$unit .= 's';
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 313
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 314
$text_remember = $lang->get('user_login_check_remember', array(
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 315
'session_length' => $session_time,
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 316
'length_units' => $lang->get("etc_unit_$unit")
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 317
));
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 318
}
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 319
?>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 320
<tr>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 321
<td class="row2">
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 322
<?php echo $lang->get('user_login_field_remember'); ?>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 323
</td>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 324
<td class="row1" colspan="2">
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 325
<label>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 326
<input type="checkbox" name="remember" tabindex="3" />
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 327
<?php echo $text_remember; ?>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 328
</label>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 329
</td>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 330
</tr>
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 331
<?php
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 332
}
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 333
if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 334
{
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 335
echo '<tr>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 336
<td class="row3" colspan="3">';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 337
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 338
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 339
$nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 340
echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 341
echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 342
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 343
echo ' </td>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 344
</tr>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 345
}
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 346
else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 347
{
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 348
echo '<tr>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 349
<td class="row3" colspan="3">';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 350
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 351
$returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 352
$usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 353
echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 354
echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 355
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 356
echo ' </td>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 357
</tr>';
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 358
}
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 359
else if ( $level > USER_LEVEL_MEMBER && !strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') && $dh_supported )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 360
{
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 361
echo '<tr>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 362
echo '<td class="row3" colspan="3">';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 363
echo '<p>' . $lang->get('user_login_dh_notice') . '</p>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 364
echo '</td>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 365
echo '</tr>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 366
}
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 367
?>
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 368
0
+ − 369
<tr>
688
f2a824ce5f18
Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
diff
changeset
+ − 370
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '4' : '2'; ?>" /></th>
0
+ − 371
</tr>
+ − 372
</table>
+ − 373
</div>
+ − 374
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 375
<?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 376
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 377
document.forms.loginform.username.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 378
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 379
<?php else: ?>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 380
<script type="text/javascript">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 381
document.forms.loginform.pass.focus();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 382
</script>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 383
<?php endif; ?>
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 384
<?php
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 385
echo $session->generate_aes_form();
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 386
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 387
// Any additional parameters that need to be passed back?
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 388
if ( $p = $paths->getAllParams() )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 389
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 390
// ... only if we have a return_to destination.
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 391
$get_fwd = $_GET;
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 392
unset($get_fwd['do']);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 393
if ( isset($get_fwd['target_do']) )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 394
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 395
$get_fwd['do'] = $get_fwd['target_do'];
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 396
unset($get_fwd['target_do']);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 397
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 398
if ( isset($get_fwd['level']) )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 399
unset($get_fwd['level']);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 400
if ( isset($get_fwd['title']) )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 401
unset($get_fwd['title']);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 402
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 403
if ( !empty($get_fwd) )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 404
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 405
$get_string = htmlspecialchars(enano_json_encode($get_fwd));
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 406
echo '<input type="hidden" name="get_fwd" value="' . $get_string . '" />';
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 407
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 408
}
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 409
?>
0
+ − 410
</form>
+ − 411
<?php
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 412
echo $session->aes_javascript('loginform', 'pass');
0
+ − 413
?>
+ − 414
<?php
+ − 415
$template->footer();
+ − 416
}
+ − 417
+ − 418
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 419
{
+ − 420
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 421
global $__login_status;
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 422
global $lang;
604
+ − 423
require_once( ENANO_ROOT . '/includes/math.php' );
+ − 424
436
+ − 425
if ( $paths->getParam(0) === 'action.json' )
+ − 426
{
+ − 427
if ( !isset($_POST['r']) )
+ − 428
die('No request.');
+ − 429
+ − 430
$request = $_POST['r'];
+ − 431
try
+ − 432
{
+ − 433
$request = enano_json_decode($request);
+ − 434
}
+ − 435
catch ( Exception $e )
+ − 436
{
+ − 437
die(enano_json_encode(array(
+ − 438
'mode' => 'error',
+ − 439
'error' => 'ERR_JSON_PARSE_FAILED'
+ − 440
)));
+ − 441
}
+ − 442
+ − 443
echo enano_json_encode($session->process_login_request($request));
+ − 444
+ − 445
$db->close();
+ − 446
exit;
+ − 447
}
0
+ − 448
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 449
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 450
echo 'This version of the Enano LoginAPI is deprecated. Please clear your browser\'s cache and try your login again. Developers, please use the action.json method instead.';
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 451
return true;
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 452
}
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 453
if(isset($_POST['login']))
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 454
{
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 455
$captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 456
$captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 457
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 458
try
436
+ − 459
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 460
$password = $session->get_aes_post('pass');
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 461
}
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 462
catch ( Exception $e )
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 463
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 464
$__login_status = array(
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 465
'mode' => 'error',
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 466
'error' => $e->getMessage()
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 467
);
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 468
return false;
0
+ − 469
}
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 470
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 471
// These are to allow auth plugins to work universally between JSON and HTML login forms
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 472
$userinfo =& $_POST;
845
+ − 473
$userinfo['password'] =& $password;
843
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 474
$req = array(
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 475
'level' => intval($_POST['auth_level']),
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 476
'remember' => isset($_POST['remember'])
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 477
);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 478
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 479
// At this point if any extra fields were injected into the login form, we need to let plugins process it
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 480
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 481
/**
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 482
* Called upon processing an incoming login request from the plain HTML login form.. If you added anything to the form,
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 483
* that will be in the $userinfo array here and on $_POST. Expected return values are: true if your plugin has
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 484
* not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 485
* with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 486
* than these will be ignored.
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 487
* @hook login_process_userdata_json
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 488
*/
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 489
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 490
$skip_normal_login = false;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 491
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 492
$code = $plugins->setHook('login_process_userdata_json');
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 493
foreach ( $code as $cmd )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 494
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 495
$result = eval($cmd);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 496
if ( $result === true )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 497
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 498
$skip_normal_login = true;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 499
$result = array('success' => true);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 500
break;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 501
}
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 502
else if ( is_array($result) )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 503
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 504
if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 505
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 506
$__login_status = array(
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 507
'mode' => 'error',
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 508
'error' => $result['error']
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 509
);
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 510
return false;
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 511
}
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 512
}
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 513
}
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 514
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 515
if ( !$skip_normal_login )
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 516
{
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 517
$result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code, isset($_POST['remember']));
4415e50e4e84
Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
diff
changeset
+ − 518
}
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 519
179
36b287f1d85c
[F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
diff
changeset
+ − 520
if($result['success'])
0
+ − 521
{
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 522
$session->start();
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 523
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 524
$get_add = false;
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 525
if ( isset($_POST['get_fwd']) )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 526
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 527
try
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 528
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 529
$get_fwd = enano_json_decode($_POST['get_fwd']);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 530
$get_add = '';
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 531
foreach ( $get_fwd as $key => $value )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 532
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 533
$get_add .= "&{$key}=" . urlencode($value);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 534
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 535
$get_add = ltrim($get_add, '&');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 536
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 537
catch ( Exception $e )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 538
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 539
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 540
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 541
0
+ − 542
$template->load_theme($session->theme, $session->style);
+ − 543
if(isset($_POST['return_to']))
+ − 544
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 545
$name = get_page_title($_POST['return_to']);
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 546
$subst = array(
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 547
'username' => $session->username,
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 548
'redir_target' => $name
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 549
);
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 550
redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
+ − 551
}
+ − 552
else
+ − 553
{
221
+ − 554
$subst = array(
+ − 555
'username' => $session->username,
+ − 556
'redir_target' => $lang->get('user_login_success_body_mainpage')
+ − 557
);
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 558
redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
+ − 559
}
+ − 560
}
+ − 561
else
+ − 562
{
521
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 563
if ( $result['error'] === 'valid_reset' )
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 564
{
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 565
header('HTTP/1.1 302 Temporary Redirect');
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 566
header('Location: ' . $result['redirect_url']);
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 567
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 568
$db->close();
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 569
exit();
d264784355e5
Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
diff
changeset
+ − 570
}
0
+ − 571
$GLOBALS['__login_status'] = $result;
+ − 572
}
+ − 573
}
+ − 574
}
+ − 575
+ − 576
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 577
{
+ − 578
$response = Array(
+ − 579
'result' => 'success_reset',
+ − 580
'user_id' => $user_id,
+ − 581
'temppass' => $passkey
+ − 582
);
+ − 583
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 584
$response = enano_json_encode($response);
0
+ − 585
echo $response;
+ − 586
+ − 587
$db->close();
+ − 588
exit;
+ − 589
}
+ − 590
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 591
function page_Special_Logout()
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 592
{
0
+ − 593
global $db, $session, $paths, $template, $plugins; // Common objects
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 594
global $lang;
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 595
93
+ − 596
if ( !$session->user_logged_in )
+ − 597
$paths->main_page();
+ − 598
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 599
$token = $paths->getParam(0);
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 600
if ( $token !== $session->csrf_token )
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 601
{
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 602
csrf_request_confirm();
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 603
}
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 604
0
+ − 605
$l = $session->logout();
93
+ − 606
if ( $l == 'success' )
+ − 607
{
741
+ − 608
$url = makeUrl(get_main_page(), false, true);
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 609
if ( $paths->getParam(1) )
436
+ − 610
{
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 611
$pi = explode('/', $paths->getAllParams());
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 612
$pi = implode('/', array_values(array_slice($pi, 1)));
436
+ − 613
list($pid, $ns) = RenderMan::strToPageID($pi);
+ − 614
$perms = $session->fetch_page_acl($pid, $ns);
+ − 615
if ( $perms->get_permissions('read') )
+ − 616
{
+ − 617
$url = makeUrl($pi, false, true);
+ − 618
}
+ − 619
}
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 620
redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
93
+ − 621
}
0
+ − 622
$template->header();
221
+ − 623
echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
+ − 624
echo '<p>' . $l . '</p>';
0
+ − 625
$template->footer();
+ − 626
}
+ − 627
30
+ − 628
function page_Special_Register()
+ − 629
{
0
+ − 630
global $db, $session, $paths, $template, $plugins; // Common objects
221
+ − 631
global $lang;
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 632
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 633
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 634
{
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 635
$paths->main_page();
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 636
}
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 637
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 638
// form field trackers
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 639
$username = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 640
$email = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 641
$realname = '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 642
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 643
$terms = getConfig('register_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 644
0
+ − 645
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 646
{
221
+ − 647
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
+ − 648
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
0
+ − 649
}
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 650
// are we locked out from logging in? if so, also lock out registration
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 651
if ( getConfig('lockout_policy') === 'lockout' )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 652
{
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 653
$ip = $db->escape($_SERVER['REMOTE_ADDR']);
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 654
$threshold = time() - ( 60 * intval(getConfig('lockout_duration')) );
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 655
$limit = intval(getConfig('lockout_threshold'));
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 656
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;");
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 657
if ( !$q )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 658
$db->_die();
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 659
if ( $db->numrows() >= $limit )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 660
{
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 661
$row = $db->fetchrow();
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 662
$db->free_result();
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 663
$time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60);
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 664
die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '</p>');
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 665
}
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 666
$db->free_result();
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 667
}
30
+ − 668
if(isset($_POST['submit']))
+ − 669
{
+ − 670
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 671
0
+ − 672
$captcharesult = $session->get_captcha($_POST['captchahash']);
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 673
$session->kill_captcha();
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 674
// bypass captcha if logged in (at this point, if logged in, we're admin)
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 675
if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) )
30
+ − 676
{
221
+ − 677
$s = $lang->get('user_reg_err_captcha');
30
+ − 678
}
0
+ − 679
else
30
+ − 680
{
+ − 681
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 682
{
+ − 683
$s = 'Invalid COPPA input';
+ − 684
}
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 685
else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) )
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 686
{
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 687
$s = $lang->get('user_reg_err_accept_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 688
}
30
+ − 689
else
+ − 690
{
+ − 691
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 692
$s = false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 693
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 694
// decrypt password
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 695
// as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 696
// and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 697
// forgot his password, that's his problem.
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 698
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 699
if ( $_POST['use_crypt'] == 'yes' )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 700
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 701
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 702
$crypt_key = $session->fetch_public_key($_POST['crypt_key']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 703
if ( !$crypt_key )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 704
{
221
+ − 705
$s = $lang->get('user_reg_err_missing_key');
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 706
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 707
else
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 708
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 709
$data = $_POST['crypt_data'];
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 710
$bin_key = hexdecode($crypt_key);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 711
//die("Decrypting with params: key $crypt_key, data $data");
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 712
$password = $aes->decrypt($data, $bin_key, ENC_HEX);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 713
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 714
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 715
else
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 716
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 717
$password = $_POST['password'];
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 718
}
30
+ − 719
799
+ − 720
$error =& $s;
+ − 721
+ − 722
/**
+ − 723
* Validation of POST data coming from registration. Put an error message in the variable $error to stop registration.
+ − 724
* @hook ucp_register_validate
+ − 725
*/
+ − 726
+ − 727
$code = $plugins->setHook('ucp_register_validate');
+ − 728
foreach ( $code as $cmd )
+ − 729
{
+ − 730
eval($cmd);
+ − 731
}
+ − 732
+ − 733
// All things verified, create account
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 734
if ( !$s )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 735
$s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa);
30
+ − 736
}
+ − 737
}
125
+ − 738
if($s == 'success' && !$coppa)
0
+ − 739
{
+ − 740
switch(getConfig('account_activation'))
+ − 741
{
+ − 742
case "none":
+ − 743
default:
221
+ − 744
$str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
0
+ − 745
break;
+ − 746
case "user":
221
+ − 747
$str = $lang->get('user_reg_msg_success_activ_user');
0
+ − 748
break;
+ − 749
case "admin":
221
+ − 750
$str = $lang->get('user_reg_msg_success_activ_admin');
0
+ − 751
break;
+ − 752
}
221
+ − 753
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
0
+ − 754
}
30
+ − 755
else if ( $s == 'success' && $coppa )
+ − 756
{
221
+ − 757
$str = $lang->get('user_reg_msg_success_activ_coppa');
+ − 758
die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
30
+ − 759
}
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 760
$username = htmlspecialchars($_POST['username']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 761
$email = htmlspecialchars($_POST['email']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 762
$realname = htmlspecialchars($_POST['real_name']);
0
+ − 763
}
+ − 764
$template->header();
221
+ − 765
echo $lang->get('user_reg_msg_greatercontrol');
30
+ − 766
+ − 767
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 768
{
+ − 769
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 770
$session->kill_captcha();
+ − 771
$captchacode = $session->make_captcha();
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 772
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 773
$pubkey = $session->rijndael_genkey();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 774
$challenge = $session->dss_rand();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 775
30
+ − 776
?>
221
+ − 777
<h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
+ − 778
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
30
+ − 779
<div class="tblholder">
+ − 780
<table border="0" width="100%" cellspacing="1" cellpadding="4">
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 781
<tr><th colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 782
30
+ − 783
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 784
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 785
<!-- FIELD: Username -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 786
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 787
<td class="row1" style="width: 50%;">
221
+ − 788
<?php echo $lang->get('user_reg_lbl_field_username'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 789
<span id="e_username"></span>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 790
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 791
<td class="row1" style="width: 50%;">
221
+ − 792
<input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 793
</td>
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 794
<td class="row1" style="width: 1px;">
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 795
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 796
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 797
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 798
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 799
<!-- FIELD: Password -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 800
<tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 801
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
221
+ − 802
<?php echo $lang->get('user_reg_lbl_field_password'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 803
<span id="e_password"></span>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 804
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
221
+ − 805
<small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 806
<?php endif; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 807
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 808
<td class="row3" style="width: 50%;">
221
+ − 809
<input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 810
</td>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 811
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 812
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 813
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 814
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 815
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 816
<!-- FIELD: Password confirmation -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 817
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 818
<td class="row3" style="width: 50%;">
221
+ − 819
<input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 820
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 821
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 822
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 823
<!-- FIELD: Password strength meter -->
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 824
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 825
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 826
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 827
<td class="row3" style="width: 50%;">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 828
<div id="pwmeter"></div>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 829
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 830
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 831
<?php endif; ?>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 832
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 833
<!-- FIELD: E-mail address -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 834
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 835
<td class="row1" style="width: 50%;">
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 836
<?php
221
+ − 837
if ( $coppa )
+ − 838
{
+ − 839
echo $lang->get('user_reg_lbl_field_email_coppa');
+ − 840
}
+ − 841
else
+ − 842
{
+ − 843
echo $lang->get('user_reg_lbl_field_email');
+ − 844
}
+ − 845
?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 846
<?php
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 847
if ( ( $x = getConfig('account_activation') ) == 'user' )
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 848
{
221
+ − 849
echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 850
}
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 851
?>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 852
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 853
<td class="row1" style="width: 50%;">
221
+ − 854
<input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 855
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 856
<td class="row1" style="max-width: 24px;">
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 857
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 858
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 859
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 860
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 861
<!-- FIELD: Real name -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 862
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 863
<td class="row3" style="width: 50%;">
221
+ − 864
<?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
+ − 865
<small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 866
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 867
<td class="row3" style="width: 50%;">
799
+ − 868
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" />
+ − 869
</td>
+ − 870
<td class="row3" style="max-width: 24px;">
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 871
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 872
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 873
799
+ − 874
<?php
+ − 875
/**
+ − 876
* Allows adding fields to the user registration form. Form is built with Enano tables, 3 columns. (Rightmost can be left empty or if you're using Javascript validation an image you can update with your own Javascript code)
+ − 877
* @hook ucp_register_form
+ − 878
*/
+ − 879
+ − 880
$code = $plugins->setHook('ucp_register_form');
+ − 881
foreach ( $code as $cmd )
+ − 882
{
+ − 883
eval($cmd);
+ − 884
}
+ − 885
?>
+ − 886
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 887
<!-- FIELD: CAPTCHA image -->
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 888
<?php
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 889
if ( !$session->user_logged_in ):
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 890
?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 891
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 892
<td class="row1" style="width: 50%;" rowspan="2">
221
+ − 893
<?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 894
<small>
221
+ − 895
<?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 896
<br />
221
+ − 897
<?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 898
</small>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 899
</td>
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 900
<td class="row1">
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 901
<img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><br />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 902
<span id="b_username"></span>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 903
</td>
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 904
<td class="row1">
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 905
</td>
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 906
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 907
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 908
<!-- FIELD: CAPTCHA input field -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 909
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 910
<td class="row1" colspan="2">
221
+ − 911
<?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 912
<input tabindex="6" name="captchacode" type="text" size="10" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 913
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 914
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 915
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 916
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 917
<!-- FIELD: TOU -->
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 918
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 919
<?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 920
if ( !empty($terms) ):
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 921
?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 922
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 923
<tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 924
<td class="row1" colspan="3">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 925
<?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 926
echo $lang->get('user_reg_msg_please_read_tou');
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 927
?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 928
</td>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 929
</tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 930
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 931
<tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 932
<td class="row3" colspan="3">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 933
<div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 934
<?php
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 935
echo RenderMan::render($terms);
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 936
?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 937
</div>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 938
<p style="text-align: center;">
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 939
<label>
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
diff
changeset
+ − 940
<input tabindex="7" type="checkbox" name="tou_agreed" />
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 941
<b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 942
</label>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 943
</p>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 944
</td>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 945
</tr>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 946
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 947
<?php
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 948
endif; // !empty($terms)
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 949
endif; // $session->user_logged_in
348
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 950
?>
87e08a6e4fec
Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
diff
changeset
+ − 951
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 952
<!-- FIELD: submit button -->
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 953
<tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 954
<th class="subhead" colspan="3" style="text-align: center;">
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
diff
changeset
+ − 955
<input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" />
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 956
</td>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 957
</tr>
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
diff
changeset
+ − 958
30
+ − 959
</table>
+ − 960
</div>
+ − 961
<?php
+ − 962
$val = ( $coppa ) ? 'yes' : 'no';
+ − 963
echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 964
?>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 965
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 966
<input type="hidden" name="use_crypt" value="no" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 967
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 968
<input type="hidden" name="crypt_data" value="" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 969
<script type="text/javascript">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 970
// ENCRYPTION CODE
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 971
function runEncryption()
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 972
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 973
var frm = document.forms.regform;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 974
if ( frm.password.value.length < 1 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 975
return true;
221
+ − 976
pass1 = frm.password.value;
+ − 977
pass2 = frm.password_confirm.value;
+ − 978
if ( pass1 != pass2 )
+ − 979
{
+ − 980
alert($lang.get('user_reg_err_alert_password_nomatch'));
+ − 981
return false;
+ − 982
}
+ − 983
if ( pass1.length < 6 && pass1.length > 0 )
+ − 984
{
+ − 985
alert($lang.get('user_reg_err_alert_password_tooshort'));
+ − 986
return false;
+ − 987
}
614
+ − 988
if(aes_self_test())
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 989
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 990
frm.use_crypt.value = 'yes';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 991
var cryptkey = frm.crypt_key.value;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 992
frm.crypt_key.value = hex_md5(cryptkey);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 993
cryptkey = hexToByteArray(cryptkey);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 994
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 995
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 996
frm.submit.disabled = true;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 997
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 998
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 999
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1000
pass = frm.password.value;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1001
pass = stringToByteArray(pass);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1002
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1003
if(!cryptstring)
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1004
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1005
return false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1006
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1007
cryptstring = byteArrayToHex(cryptstring);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1008
frm.crypt_data.value = cryptstring;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1009
frm.password.value = "";
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1010
frm.password_confirm.value = "";
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1011
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1012
return true;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1013
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1014
</script>
30
+ − 1015
</form>
125
+ − 1016
<!-- Don't optimize this script, it fails when compressed -->
+ − 1017
<enano:no-opt>
+ − 1018
<script type="text/javascript">
+ − 1019
// <![CDATA[
+ − 1020
var namegood = false;
221
+ − 1021
function validateForm(field)
0
+ − 1022
{
221
+ − 1023
if ( typeof(field) != 'object' )
+ − 1024
{
+ − 1025
field = {
+ − 1026
name: '_nil',
459
31c23016ab62
Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
diff
changeset
+ − 1027
value: '_nil'
221
+ − 1028
}
+ − 1029
}
+ − 1030
// wait until $lang is initted
+ − 1031
if ( typeof($lang) != 'object' )
+ − 1032
{
+ − 1033
setTimeout('validateForm();', 200);
+ − 1034
return false;
+ − 1035
}
125
+ − 1036
var frm = document.forms.regform;
+ − 1037
failed = false;
+ − 1038
+ − 1039
// Username
221
+ − 1040
if(!namegood && ( field.name == 'username' || field.name == '_nil' ) )
30
+ − 1041
{
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1042
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1043
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1044
if ( frm.username.value.match(regex) )
125
+ − 1045
{
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1046
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
+ − 1047
document.getElementById('e_username').innerHTML = ' ';
125
+ − 1048
} else {
+ − 1049
failed = true;
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1050
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1051
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
+ − 1052
}
+ − 1053
}
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1054
if ( document.getElementById('b_username') )
125
+ − 1055
{
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1056
document.getElementById('b_username').innerHTML = '';
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1057
if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1058
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1059
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1060
}
125
+ − 1061
}
+ − 1062
+ − 1063
// Password
221
+ − 1064
if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
125
+ − 1065
{
221
+ − 1066
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
125
+ − 1067
{
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1068
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png';
221
+ − 1069
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
+ − 1070
} else {
+ − 1071
failed = true;
+ − 1072
if(frm.password.value.length < 6)
+ − 1073
{
+ − 1074
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
+ − 1075
}
+ − 1076
else if(frm.password.value != frm.password_confirm.value)
+ − 1077
{
+ − 1078
document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
+ − 1079
}
+ − 1080
else
+ − 1081
{
+ − 1082
document.getElementById('e_password').innerHTML = '';
+ − 1083
}
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1084
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
+ − 1085
}
+ − 1086
}
+ − 1087
+ − 1088
// E-mail address
+ − 1089
+ − 1090
// workaround for idiot jEdit bug
221
+ − 1091
if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
125
+ − 1092
{
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1093
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png';
125
+ − 1094
} else {
+ − 1095
failed = true;
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1096
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
+ − 1097
}
+ − 1098
if(failed)
+ − 1099
{
+ − 1100
frm.submit.disabled = 'disabled';
+ − 1101
} else {
+ − 1102
frm.submit.disabled = false;
30
+ − 1103
}
+ − 1104
}
125
+ − 1105
function checkUsername()
30
+ − 1106
{
125
+ − 1107
var frm = document.forms.regform;
+ − 1108
+ − 1109
if(!namegood)
+ − 1110
{
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1111
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1112
if ( frm.username.value.match(regex) )
125
+ − 1113
{
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1114
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
+ − 1115
document.getElementById('e_username').innerHTML = ' ';
125
+ − 1116
} else {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1117
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1118
document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
+ − 1119
return false;
+ − 1120
}
+ − 1121
}
+ − 1122
221
+ − 1123
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
125
+ − 1124
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
407
+ − 1125
if ( ajax.readyState == 4 && ajax.status == 200 )
125
+ − 1126
if(ajax.responseText == 'good')
+ − 1127
{
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1128
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png';
221
+ − 1129
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
125
+ − 1130
namegood = true;
+ − 1131
} else if(ajax.responseText == 'bad') {
404
fb4f9e6f378f
Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
diff
changeset
+ − 1132
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
+ − 1133
document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
125
+ − 1134
namegood = false;
+ − 1135
} else {
+ − 1136
document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 1137
}
+ − 1138
});
0
+ − 1139
}
125
+ − 1140
function regenCaptcha()
30
+ − 1141
{
448
+ − 1142
var frm = document.forms.regform;
517
+ − 1143
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
125
+ − 1144
return false;
30
+ − 1145
}
614
+ − 1146
addOnloadHook(function()
+ − 1147
{
+ − 1148
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
+ − 1149
var frm = document.forms.regform;
+ − 1150
load_component('pwstrength');
+ − 1151
password_score_field(frm.password);
+ − 1152
<?php endif; ?>
+ − 1153
load_component('crypto');
+ − 1154
validateForm();
+ − 1155
setTimeout('checkUsername();', 1000);
+ − 1156
});
125
+ − 1157
// ]]>
+ − 1158
</script>
+ − 1159
</enano:no-opt>
30
+ − 1160
<?php
+ − 1161
}
+ − 1162
else
+ − 1163
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1164
$year = intval( enano_date('Y') );
30
+ − 1165
$year = $year - 13;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1166
$month = enano_date('F');
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1167
$day = enano_date('d');
30
+ − 1168
+ − 1169
$yo13_date = "$month $day, $year";
+ − 1170
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 1171
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 1172
+ − 1173
// COPPA enabled, ask age
+ − 1174
echo '<div class="tblholder">';
+ − 1175
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1176
echo '<tr>
+ − 1177
<td class="row1">
221
+ − 1178
' . $lang->get('user_reg_coppa_title') . '
30
+ − 1179
</td>
+ − 1180
</tr>
+ − 1181
<tr>
+ − 1182
<td class="row3">
221
+ − 1183
<a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
+ − 1184
<a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
30
+ − 1185
</td>
+ − 1186
</tr>';
+ − 1187
echo '</table>';
+ − 1188
echo '</div>';
+ − 1189
}
0
+ − 1190
$template->footer();
+ − 1191
}
+ − 1192
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1193
function page_Special_Contributions()
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1194
{
0
+ − 1195
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1196
global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1197
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1198
// This is a vast improvement over the old Special:Contributions in 1.0.x.
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1199
0
+ − 1200
$template->header();
+ − 1201
$user = $paths->getParam();
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1202
if ( !$user && isset($_GET['user']) )
0
+ − 1203
{
+ − 1204
$user = $_GET['user'];
+ − 1205
}
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1206
else if ( !$user && !isset($_GET['user']) )
0
+ − 1207
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1208
echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>';
0
+ − 1209
$template->footer();
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1210
return;
0
+ − 1211
}
+ − 1212
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1213
$url = makeUrlNS("Special", "Log/user={$user}");
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1214
redirect($url, '', '', 0);
0
+ − 1215
}
+ − 1216
+ − 1217
function page_Special_ChangeStyle()
+ − 1218
{
+ − 1219
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1220
global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1221
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1222
if ( !$session->user_logged_in )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1223
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1224
die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1225
}
0
+ − 1226
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 1227
{
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1228
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1229
die('Hacking attempt');
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1230
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 1231
die('Hacking attempt');
0
+ − 1232
$d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 1233
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1234
if ( !file_exists($d) || !is_dir($d) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1235
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1236
die('The directory "'.$d.'" does not exist.');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1237
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1238
if ( !file_exists($f) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1239
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1240
die('The file "'.$f.'" does not exist.');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1241
}
0
+ − 1242
$d = $db->escape($_POST['theme']);
+ − 1243
$f = $db->escape($_POST['style']);
+ − 1244
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1245
if ( !$db->sql_query($q) )
0
+ − 1246
{
+ − 1247
$db->_die('Your theme/style preferences were not updated.');
+ − 1248
}
+ − 1249
else
+ − 1250
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1251
redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3);
0
+ − 1252
}
+ − 1253
}
+ − 1254
else
+ − 1255
{
+ − 1256
$template->header();
+ − 1257
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1258
if ( !$ret )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1259
{
741
+ − 1260
$ret = get_main_page();
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1261
}
0
+ − 1262
?>
+ − 1263
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1264
<?php if ( !isset($_POST['themeselected']) ) { ?>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1265
<h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3>
0
+ − 1266
<p>
+ − 1267
<select name="theme">
+ − 1268
<?php
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1269
foreach ( $template->theme_list as $t )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1270
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1271
if ( $t['enabled'] )
0
+ − 1272
{
+ − 1273
echo '<option value="'.$t['theme_id'].'"';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1274
if ( $t['theme_id'] == $session->theme )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1275
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1276
echo ' selected="selected"';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1277
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1278
echo '>' . $t['theme_name'] . '</option>';
0
+ − 1279
}
+ − 1280
}
+ − 1281
?>
+ − 1282
</select>
+ − 1283
</p>
+ − 1284
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1285
<input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
0
+ − 1286
<?php } else {
+ − 1287
$theme = $_POST['theme'];
+ − 1288
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 1289
die('Hacking attempt');
+ − 1290
?>
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1291
<h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3>
0
+ − 1292
<p>
+ − 1293
<select name="style">
+ − 1294
<?php
+ − 1295
$dir = './themes/'.$theme.'/css/';
+ − 1296
$list = Array();
+ − 1297
// Open a known directory, and proceed to read its contents
+ − 1298
if (is_dir($dir)) {
+ − 1299
if ($dh = opendir($dir)) {
+ − 1300
while (($file = readdir($dh)) !== false) {
+ − 1301
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1302
$list[] = substr($file, 0, strlen($file)-4);
+ − 1303
}
+ − 1304
}
+ − 1305
closedir($dh);
+ − 1306
}
+ − 1307
} else die($dir.' is not a dir');
+ − 1308
foreach ( $list as $l )
+ − 1309
{
+ − 1310
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 1311
}
+ − 1312
?>
+ − 1313
</select>
+ − 1314
</p>
+ − 1315
<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 1316
<input type="hidden" name="theme" value="<?php echo $theme; ?>" />
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1317
<input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
0
+ − 1318
<?php } ?>
+ − 1319
</form>
+ − 1320
<?php
+ − 1321
$template->footer();
+ − 1322
}
+ − 1323
}
+ − 1324
+ − 1325
function page_Special_ActivateAccount()
+ − 1326
{
+ − 1327
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1328
global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1329
0
+ − 1330
$user = $paths->getParam(0);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1331
if ( !$user )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1332
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1333
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1334
}
0
+ − 1335
$key = $paths->getParam(1);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1336
if ( !$key )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1337
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1338
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1339
}
0
+ − 1340
$s = $session->activate_account(str_replace('_', ' ', $user), $key);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1341
if ( $s > 0 )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1342
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1343
die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1344
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1345
else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1346
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1347
die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1348
}
0
+ − 1349
}
+ − 1350
+ − 1351
function page_Special_Captcha()
+ − 1352
{
+ − 1353
global $db, $session, $paths, $template, $plugins; // Common objects
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1354
if ( $paths->getParam(0) == 'make' )
0
+ − 1355
{
+ − 1356
$session->kill_captcha();
+ − 1357
echo $session->make_captcha();
+ − 1358
return;
+ − 1359
}
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1360
0
+ − 1361
$hash = $paths->getParam(0);
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1362
if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1363
{
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1364
$paths->main_page();
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1365
}
402
+ − 1366
987
+ − 1367
$session->make_captcha(7, $hash);
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1368
$code = $session->generate_captcha_code();
987
+ − 1369
// Avoid letting our captchas end up on failblog.org
+ − 1370
// BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png
989
+ − 1371
foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word )
987
+ − 1372
{
+ − 1373
if ( stristr($code, $word) )
+ − 1374
{
+ − 1375
// but don't put too much effort into this (will only correct this once)
+ − 1376
$code = $session->generate_captcha_code();
+ − 1377
break;
+ − 1378
}
+ − 1379
}
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1380
$q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1381
if ( !$q )
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1382
$db->_die();
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1383
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 1384
require ( ENANO_ROOT.'/includes/captcha.php' );
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1385
$captcha = captcha_object($hash, 'freecap');
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 1386
// $captcha->debug = true;
0
+ − 1387
$captcha->make_image();
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 1388
0
+ − 1389
exit;
+ − 1390
}
+ − 1391
+ − 1392
function page_Special_PasswordReset()
+ − 1393
{
+ − 1394
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1395
global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1396
0
+ − 1397
$template->header();
+ − 1398
if($paths->getParam(0) == 'stage2')
+ − 1399
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1400
require_once(ENANO_ROOT . '/includes/math.php');
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1401
require_once(ENANO_ROOT . '/includes/diffiehellman.php');
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1402
0
+ − 1403
$user_id = intval($paths->getParam(1));
+ − 1404
$encpass = $paths->getParam(2);
+ − 1405
if ( $user_id < 2 )
+ − 1406
{
+ − 1407
echo '<p>Hacking attempt</p>';
+ − 1408
$template->footer();
+ − 1409
return false;
+ − 1410
}
+ − 1411
if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 1412
{
+ − 1413
echo '<p>Hacking attempt</p>';
+ − 1414
$template->footer();
+ − 1415
return false;
+ − 1416
}
+ − 1417
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1418
$q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
0
+ − 1419
if($db->numrows() < 1)
+ − 1420
{
+ − 1421
echo '<p>Invalid credentials</p>';
+ − 1422
$template->footer();
+ − 1423
return false;
+ − 1424
}
+ − 1425
$row = $db->fetchrow();
+ − 1426
$db->free_result();
+ − 1427
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1428
$temp_pass = $session->pk_decrypt($encpass);
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1429
$temp_hmac = hmac_sha1($temp_pass, $row['password_salt']);
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1430
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1431
if ( $temp_hmac !== $row['temp_password'] )
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1432
{
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1433
echo '<p>Invalid credentials</p>';
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1434
$template->footer();
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1435
return false;
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1436
}
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1437
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1438
if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() )
0
+ − 1439
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1440
echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>';
0
+ − 1441
$template->footer();
+ − 1442
return false;
+ − 1443
}
+ − 1444
+ − 1445
if ( isset($_POST['do_stage2']) )
+ − 1446
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1447
$data = $session->get_aes_post('pass');
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1448
0
+ − 1449
if(empty($data))
+ − 1450
{
+ − 1451
echo 'ERROR: Sanity check failed!';
+ − 1452
$template->footer();
+ − 1453
return false;
+ − 1454
}
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1455
if ( strlen($data) < 6 )
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1456
{
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1457
echo '<p>' . $lang->get('userfuncs_passreset_err_too_short') . '</p>';
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1458
$template->footer();
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1459
return false;
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1460
}
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1461
if ( $_POST['use_crypt'] == 'no' )
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1462
{
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1463
if ( $_POST['pass'] !== $_POST['pass_confirm'] )
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1464
{
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1465
echo '<p>' . $lang->get('userfuncs_passreset_err_no_match') . '</p>';
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1466
$template->footer();
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1467
return false;
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1468
}
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1469
}
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1470
if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1471
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1472
$min_score = intval(getConfig('pw_strength_minimum'));
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1473
$inp_score = password_score($data);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1474
if ( $inp_score < $min_score )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1475
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1476
$url = makeUrl($paths->fullpage);
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1477
echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>";
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1478
$template->footer();
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1479
return false;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1480
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1481
}
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1482
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1483
$session->set_password($user_id, $data);
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1484
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1485
$q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';');
0
+ − 1486
+ − 1487
if($q)
+ − 1488
{
+ − 1489
$session->login_without_crypto($row['username'], $data);
741
+ − 1490
echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '</p>';
0
+ − 1491
}
+ − 1492
else
+ − 1493
{
+ − 1494
echo $db->get_error();
+ − 1495
}
+ − 1496
+ − 1497
$template->footer();
+ − 1498
return false;
+ − 1499
}
+ − 1500
+ − 1501
// Password reset form
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1502
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1503
$pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div></td></tr>' : '';
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1504
$pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : '';
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1505
0
+ − 1506
?>
+ − 1507
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 1508
<br />
+ − 1509
<div class="tblholder">
+ − 1510
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1511
<tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1512
<tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1513
<tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1514
<?php echo $pw_meter; ?>
0
+ − 1515
<tr>
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1516
<td colspan="2" class="row3" style="text-align: center;">
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1517
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1518
<input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" />
0
+ − 1519
</td>
+ − 1520
</tr>
+ − 1521
</table>
+ − 1522
</div>
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1523
<?php echo $session->generate_aes_form(); ?>
0
+ − 1524
</form>
+ − 1525
<script type="text/javascript">
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1526
addOnloadHook(function()
0
+ − 1527
{
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1528
load_component('pwstrength');
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1529
password_score_field(document.forms.resetform.pass);
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1530
});
0
+ − 1531
</script>
+ − 1532
<?php
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 1533
echo $session->aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key');
0
+ − 1534
$template->footer();
+ − 1535
return true;
+ − 1536
}
701
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 1537
if ( $session->user_logged_in )
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 1538
{
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 1539
$paths->main_page();
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 1540
}
dd80cde96a6c
Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
diff
changeset
+ − 1541
0
+ − 1542
if(isset($_POST['do_reset']))
+ − 1543
{
+ − 1544
if($session->mail_password_reset($_POST['username']))
+ − 1545
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1546
echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>';
0
+ − 1547
}
+ − 1548
else
+ − 1549
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1550
echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>';
0
+ − 1551
}
+ − 1552
$template->footer();
+ − 1553
return true;
+ − 1554
}
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1555
echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1556
<p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p>
0
+ − 1557
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1558
<p>' . $lang->get('userfuncs_passreset_lbl_username') . ' '.$template->username_field('username').'</p>
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1559
<p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p>
0
+ − 1560
</form>';
+ − 1561
$template->footer();
+ − 1562
}
+ − 1563
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1564
function page_Special_Memberlist()
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1565
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1566
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1567
global $lang;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1568
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1569
$template->header();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1570
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1571
$startletters = 'abcdefghijklmnopqrstuvwxyz';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1572
$startletters = enano_str_split($startletters);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1573
$startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1574
if ( !in_array($startletter, $startletters) && $startletter != 'chr' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1575
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1576
$startletter = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1577
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1578
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1579
$startletter_sql = $startletter;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1580
if ( $startletter == 'chr' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1581
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1582
$startletter_sql = '([^a-z])';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1583
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1584
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1585
// offset
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1586
$perpage = 25;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1587
$page = (( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 1) - 1;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1588
$offset = $page * $perpage;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1589
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1590
// sort order
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1591
$sortkeys = array(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1592
'uid' => 'u.user_id',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1593
'username' => 'u.username',
111
+ − 1594
'email' => 'u.email',
+ − 1595
'regist' => 'u.reg_time'
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1596
);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1597
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1598
$sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1599
$sort_sqllet = $sortkeys[$sortby];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1600
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1601
$target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1602
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1603
$sortorders = array();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1604
foreach ( $sortkeys as $k => $_unused )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1605
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1606
$sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1607
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1608
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1609
// Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1610
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1611
echo '<div class="tblholder">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1612
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1613
<tr>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1614
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1615
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1616
foreach ( $startletters as $letter )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1617
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1618
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1619
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1620
echo ' </tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1621
</table>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1622
</div>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1623
105
+ − 1624
// User search
+ − 1625
if ( isset($_GET['finduser']) )
+ − 1626
{
+ − 1627
$finduser = str_replace(array( '%', '_'),
+ − 1628
array('\\%', '\\_'),
+ − 1629
$_GET['finduser']);
+ − 1630
$finduser = str_replace(array('*', '?'),
+ − 1631
array('%', '_'),
+ − 1632
$finduser);
+ − 1633
$finduser = $db->escape($finduser);
322
+ − 1634
$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
105
+ − 1635
$finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
+ − 1636
}
+ − 1637
else
+ − 1638
{
322
+ − 1639
if ( ENANO_DBLAYER == 'MYSQL' )
+ − 1640
$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
+ − 1641
else if ( ENANO_DBLAYER == 'PGSQL' )
+ − 1642
$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
105
+ − 1643
$finduser_url = '';
+ − 1644
}
+ − 1645
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1646
// Column markers
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1647
$headings = '<tr>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1648
<th style="max-width: 50px;">
105
+ − 1649
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
+ − 1650
</th>
+ − 1651
<th>
342
+ − 1652
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1653
</th>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1654
<th>
342
+ − 1655
' . $lang->get('userfuncs_ml_column_userlevel') . '
111
+ − 1656
</th>
+ − 1657
<th>
342
+ − 1658
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1659
</th>
111
+ − 1660
<th>
342
+ − 1661
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a>
111
+ − 1662
</th>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1663
</tr>';
105
+ − 1664
+ − 1665
// determine number of rows
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1666
$q = $db->sql_query('SELECT COUNT(u.user_id) FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
105
+ − 1667
if ( !$q )
+ − 1668
$db->_die();
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1669
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1670
list($num_rows) = $db->fetchrow_num();
105
+ − 1671
$db->free_result();
+ − 1672
+ − 1673
if ( !empty($finduser_url) )
+ − 1674
{
342
+ − 1675
switch ( $num_rows )
+ − 1676
{
+ − 1677
case 0:
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1678
$str = ''; /* $lang->get('userfuncs_ml_msg_matches_zero'); */ break;
342
+ − 1679
case 1:
+ − 1680
$str = $lang->get('userfuncs_ml_msg_matches_one'); break;
+ − 1681
default:
+ − 1682
$str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break;
+ − 1683
}
+ − 1684
echo "<h3>$str</h3>";
105
+ − 1685
}
+ − 1686
+ − 1687
// main selector
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1688
$pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : '';
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1689
$q = $db->sql_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1690
LEFT JOIN '.table_prefix.'users_extra AS x
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1691
ON ( u.user_id = x.user_id )
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1692
LEFT JOIN ' . table_prefix . 'comments AS c
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1693
ON ( u.user_id = c.user_id )
322
+ − 1694
WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1695
GROUP BY u.user_id' . $pgsql_additional_group_by . '
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1696
ORDER BY ' . $sort_sqllet . ' ' . $target_order . '
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1697
LIMIT ' . $perpage . ' OFFSET ' . $offset . ';');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1698
if ( !$q )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1699
$db->_die();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1700
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1701
// formatter parameters
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1702
$formatter = new MemberlistFormatter();
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1703
$formatters = array(
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1704
'username' => array($formatter, 'username'),
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1705
'user_level' => array($formatter, 'user_level'),
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1706
'email' => array($formatter, 'email'),
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1707
'reg_time' => array($formatter, 'reg_time'),
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1708
'infobit' => array($formatter, 'infobit')
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1709
);
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1710
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1711
$result_url = makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order );
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1712
$paginator = generate_paginator($page, ceil($num_rows / $perpage), $result_url);
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1713
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1714
if ( $num_rows > 0 )
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1715
{
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1716
if ( $num_rows > $perpage )
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1717
echo $paginator;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1718
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1719
echo '<div class="tblholder">
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1720
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1721
' . $headings;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1722
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1723
$i = 0;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1724
while ( $row = $db->fetchrow($q) )
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1725
{
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1726
$i++;
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1727
$cls = ( $i % 2 == 0 ) ? 'row2' : 'row1';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1728
echo '<tr>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1729
echo '<td class="' . $cls . '">' . $row['user_id'] . '</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1730
echo '<td class="' . $cls . '" style="text-align: left;">' . $formatter->username($row['username'], $row) . '</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1731
echo '<td class="' . $cls . '">' . $formatter->user_level($row['user_level'], $row) . '</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1732
echo '<td class="' . $cls . '">' . $formatter->email($row['email'], $row) . '</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1733
echo '<td class="' . $cls . '">' . $formatter->reg_time($row['reg_time'], $row) . '</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1734
echo '</tr>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1735
echo '<tr>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1736
echo '<td colspan="5" class="row3" style="text-align: left;">
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1737
<div id="ml_moreinfo_' . $row['user_id'] . '" style="display: none;">
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1738
' . $formatter->infobit(true, $row) . '
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1739
</div>
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1740
</td>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1741
echo '</tr>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1742
}
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1743
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1744
echo ' ' . $headings . '
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1745
</table>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1746
</div>
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1747
';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1748
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1749
if ( $num_rows > $perpage )
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1750
echo $paginator;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1751
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1752
else
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1753
{
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1754
echo '<h2 class="emptymessage">' . $lang->get('log_msg_no_results') . '</h2>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1755
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1756
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1757
echo '<div style="float: left;">
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1758
<form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1759
. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1760
. ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '')
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1761
. '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br />
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1762
<small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>'
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1763
. '</form>
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1764
</div>';
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 1765
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1766
$template->footer();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1767
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1768
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1769
/**
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1770
* Class for formatting results for the memberlist.
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1771
* @access private
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1772
*/
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1773
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1774
class MemberlistFormatter
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1775
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1776
function username($username, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1777
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1778
global $db, $session, $paths, $template, $plugins; // Common objects
342
+ − 1779
global $lang;
+ − 1780
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1781
$userpage = $paths->nslist['User'] . sanitize_page_id($username);
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1782
$class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"';
743
+ − 1783
$anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . ' onclick="load_component(\'jquery\'); load_component(\'jquery-ui\'); var el = document.getElementById(\'ml_moreinfo_' . $row['user_id'] . '\'); $(el).toggle(\'blind\'); return false;">' . htmlspecialchars($username) . '</a>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1784
if ( $session->user_level >= USER_LEVEL_ADMIN )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1785
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1786
$anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
342
+ − 1787
onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1788
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1789
return $anchor;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1790
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1791
function user_level($level, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1792
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1793
global $db, $session, $paths, $template, $plugins; // Common objects
342
+ − 1794
global $lang;
908
+ − 1795
/*
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1796
switch ( $level )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1797
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1798
case USER_LEVEL_GUEST:
342
+ − 1799
$s_level = $lang->get('userfuncs_ml_level_guest'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1800
case USER_LEVEL_MEMBER:
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1801
case USER_LEVEL_CHPREF:
342
+ − 1802
$s_level = $lang->get('userfuncs_ml_level_member'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1803
case USER_LEVEL_MOD:
342
+ − 1804
$s_level = $lang->get('userfuncs_ml_level_mod'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1805
case USER_LEVEL_ADMIN:
342
+ − 1806
$s_level = $lang->get('userfuncs_ml_level_admin'); break;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1807
default:
342
+ − 1808
$s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level ));
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1809
}
908
+ − 1810
*/
+ − 1811
+ − 1812
// TODO: Requested by mm3. Is this too CPU-intensive? Optimize?
+ − 1813
// Performance yield =/= about the same (but only 4 users under testing conditions)
+ − 1814
$rankdata = $session->get_user_rank($row['user_id']);
+ − 1815
$s_level = '<span style="' . $rankdata['rank_style'] . '">' . $lang->get($rankdata['rank_title']) . '</span>';
+ − 1816
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1817
return $s_level;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1818
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1819
function email($addy, $row)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1820
{
342
+ − 1821
global $lang;
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1822
if ( $row['email_public'] == '1' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1823
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1824
global $email;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1825
$addy = $email->encryptEmail($addy);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1826
return $addy;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1827
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1828
else
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1829
{
342
+ − 1830
return '<small><' . $lang->get('userfuncs_ml_email_nonpublic') . '></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1831
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1832
}
111
+ − 1833
/**
+ − 1834
* Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant.
+ − 1835
* @param int UNIX timestamp
+ − 1836
* @return string
+ − 1837
*/
+ − 1838
912
+ − 1839
public static function format_date($time)
111
+ − 1840
{
342
+ − 1841
global $lang;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1842
// Our formattting string to pass to enano_date()
111
+ − 1843
// This should not include minute/second info, only today's date in whatever format suits your fancy
+ − 1844
$formatstring = 'F j, Y';
+ − 1845
// Today's date
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1846
$today = enano_date($formatstring);
111
+ − 1847
// Yesterday's date
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1848
$yesterday = enano_date($formatstring, (time() - (24*60*60)));
111
+ − 1849
// Date on the input
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1850
$then = enano_date($formatstring, $time);
111
+ − 1851
// "X days ago" logic
+ − 1852
for ( $i = 2; $i <= 6; $i++ )
+ − 1853
{
+ − 1854
// hours_in_day * minutes_in_hour * seconds_in_minute * num_days
+ − 1855
$offset = 24 * 60 * 60 * $i;
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1856
$days_ago = enano_date($formatstring, (time() - $offset));
111
+ − 1857
// so does the input timestamp match the date from $i days ago?
+ − 1858
if ( $then == $days_ago )
+ − 1859
{
+ − 1860
// yes, return $i
342
+ − 1861
return $lang->get('userfuncs_ml_date_daysago', array('days_ago' => $i));
111
+ − 1862
}
+ − 1863
}
+ − 1864
// either yesterday, today, or before 6 days ago
+ − 1865
switch($then)
+ − 1866
{
+ − 1867
case $today:
342
+ − 1868
return $lang->get('userfuncs_ml_date_today');
111
+ − 1869
case $yesterday:
342
+ − 1870
return $lang->get('userfuncs_ml_date_yesterday');
111
+ − 1871
default:
+ − 1872
return $then;
+ − 1873
}
+ − 1874
// .--.
+ − 1875
// |o_o |
+ − 1876
// |!_/ |
+ − 1877
// // \ \
+ − 1878
// (| | )
+ − 1879
// /'\_ _/`\
+ − 1880
// \___)=(___/
+ − 1881
return 'Linux rocks!';
+ − 1882
}
+ − 1883
function reg_time($time, $row)
+ − 1884
{
+ − 1885
return $this->format_date($time);
+ − 1886
}
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1887
function infobit($_, $row)
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1888
{
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1889
global $db, $session, $paths, $template, $plugins; // Common objects
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1890
global $lang;
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1891
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1892
$bit = '';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1893
if ( $row['user_has_avatar'] == 1 )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1894
{
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1895
$bit .= '<div style="float: left; margin-right: 10px;">
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1896
<img alt=" " src="' . make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']) . '" />
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1897
</div>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1898
}
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1899
$rank_data = $session->get_user_rank(intval($row['user_id']));
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1900
$userpage = $paths->nslist['User'] . sanitize_page_id($row['username']);
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1901
$title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1902
$bit .= '<a' . $title . ' href="' . makeUrlNS('User', $row['username'], false, true) . '" style="font-size: x-large; ' . $rank_data['rank_style'] . '">' . htmlspecialchars($row['username']) . '</a><br />';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1903
if ( $rank_data['user_title'] )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1904
$bit .= htmlspecialchars($rank_data['user_title']) . '<br />';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1905
if ( $rank_data['rank_title'] )
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1906
$bit .= '<small>' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '</small><br />';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1907
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1908
$bit .= '<div style="text-align: right;">
969
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
diff
changeset
+ − 1909
<a href="' . makeUrlNS('Special', "PrivateMessages/Compose/To/{$row['username']}", false, true) . '" class="abutton icon abutton_blue" style="background-image: url(' . cdnPath . '/images/icons/send_pm.png);">' . $lang->get('comment_btn_send_privmsg') . '</a>
0506adb8eb6c
Comment UI / Special:Memberlist: UI consistency for Send PM/Add Buddy links in Memberlist and comment display UI
Dan
diff
changeset
+ − 1910
<a href="' . makeUrlNS('Special', "PrivateMessages/FriendList/Add/{$row['username']}", false, true) . '" class="abutton icon abutton_green" style="background-image: url(' . cdnPath . '/images/icons/add_buddy.png);">' . $lang->get('comment_btn_add_buddy') . '</a>
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1911
</div>';
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1912
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1913
return $bit;
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 1914
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1915
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1916
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1917
function page_Special_LangExportJSON()
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1918
{
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1919
global $db, $session, $paths, $template, $plugins; // Common objects
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1920
global $lang;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1921
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1922
$lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1923
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1924
if ( $lang->lang_id == $lang_id )
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1925
$lang_local =& $lang;
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1926
else
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1927
$lang_local = new Language($lang_id);
782
+ − 1928
+ − 1929
$lang_local->get('meta_meta');
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1930
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1931
$lang_strings = enano_json_encode($lang_local->strings);
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1932
$etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp);
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1933
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1934
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1935
{
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1936
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1937
{
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1938
header('HTTP/1.1 304 Not Modified');
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1939
exit();
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1940
}
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1941
}
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1942
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1943
$timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 1944
// generate expires header
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 1945
$expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 1946
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1947
header("Last-Modified: $timestamp");
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1948
header("Date: $timestamp");
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1949
header("ETag: \"$etag\"");
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1950
header('Content-type: text/javascript');
562
75df0b2c596c
Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
diff
changeset
+ − 1951
header("Expires: $expires");
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1952
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1953
$lang_local->fetch();
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1954
echo "if ( typeof(enano_lang) != 'object' )
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1955
var enano_lang = new Object();
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1956
782
+ − 1957
enano_lang[{$lang_local->lang_id}] = " . $lang_strings . ";";
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 1958
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 1959
gzip_output();
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1960
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1961
exit(0);
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1962
}
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 1963
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1964
/**
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1965
* Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4.
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1966
*/
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1967
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1968
function page_Special_Avatar()
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1969
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1970
global $db, $session, $paths, $template, $plugins; // Common objects
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1971
global $aggressive_optimize_html;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1972
$aggressive_optimize_html = false;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1973
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1974
$img_types = array(
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1975
IMAGE_TYPE_PNG => 'png',
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1976
IMAGE_TYPE_GIF => 'gif',
621
+ − 1977
IMAGE_TYPE_JPG => 'jpg',
+ − 1978
IMAGE_TYPE_GRV => 'grv'
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1979
);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1980
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1981
$avi_id = $paths->getParam(0);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1982
if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1983
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1984
echo 'Doesn\'t match the regexp';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1985
return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1986
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1987
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1988
$avi_id_dec = hexdecode($avi_id);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1989
$avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1990
if ( !$avi_id_dec )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1991
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1992
echo 'Bad unpack';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1993
return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1994
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1995
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1996
// check parameters
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1997
if ( !isset($img_types[$avi_id_dec['img_type']]) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1998
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1999
echo 'Invalid image type';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2000
return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2001
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2002
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2003
// build file path
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2004
$avi_type = $img_types[$avi_id_dec['img_type']];
621
+ − 2005
+ − 2006
// is this a gravatar?
+ − 2007
if ( $avi_type == 'grv' )
+ − 2008
{
+ − 2009
// yes, we'll have to redirect
+ − 2010
// sanitize UID
+ − 2011
$uid = intval($avi_id_dec['uid']);
+ − 2012
+ − 2013
// fetch email
+ − 2014
$q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;");
+ − 2015
if ( !$q )
+ − 2016
$db->_die();
+ − 2017
if ( $db->numrows() < 1 )
+ − 2018
return false;
+ − 2019
+ − 2020
list($email) = $db->fetchrow_num();
+ − 2021
$db->free_result();
+ − 2022
+ − 2023
$url = make_gravatar_url($url);
+ − 2024
+ − 2025
// ship out the redirect
+ − 2026
header('HTTP/1.1 302 Permanent Redirect');
+ − 2027
header("Location: $url");
+ − 2028
}
+ − 2029
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2030
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2031
if ( file_exists($avi_path) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2032
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2033
$avi_mod_time = @filemtime($avi_path);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2034
$avi_mod_time = date('r', $avi_mod_time);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2035
$avi_size = @filesize($avi_path);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2036
header("Last-Modified: $avi_mod_time");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2037
header("Content-Length: $avi_size");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2038
header("Content-Type: image/$avi_type");
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2039
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2040
header("Cache-Control: public");
684
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 2041
// expire it 30 days from now
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 2042
$expiry_time = time() + ( 86400 * 30 );
15dbbe7e7674
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
diff
changeset
+ − 2043
header("Expires: " . date('r', $expiry_time));
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2044
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2045
$fh = @fopen($avi_path, 'r');
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2046
if ( !$fh )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2047
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2048
echo 'Could not open file';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2049
return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2050
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2051
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2052
while ( $fd = @fread($fh, 1024) )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2053
{
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2054
echo $fd;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2055
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2056
fclose($fh);
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2057
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2058
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2059
return true;
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2060
}
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 2061
0
+ − 2062
?>