author | Dan Fuhry <dan@enanocms.org> |
Tue, 16 Nov 2010 12:42:36 -0500 | |
changeset 340 | b3ffcc800def |
parent 336 | 4fb4b6647e96 |
child 343 | 7e6537fd4730 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
3 |
Plugin Name: Special user/login-related pages |
|
23
320acf077276
At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents:
0
diff
changeset
|
4 |
Plugin URI: http://enanocms.org/ |
0 | 5 |
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences. |
6 |
Author: Dan Fuhry |
|
318 | 7 |
Version: 1.0.6 |
23
320acf077276
At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents:
0
diff
changeset
|
8 |
Author URI: http://enanocms.org/ |
0 | 9 |
*/ |
10 |
||
11 |
/* |
|
12 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
285 | 13 |
* Version 1.0.4 |
0 | 14 |
* Copyright (C) 2006-2007 Dan Fuhry |
15 |
* |
|
16 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 |
* |
|
19 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 |
*/ |
|
22 |
||
23 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
24 |
||
25 |
$plugins->attachHook('base_classes_initted', ' |
|
26 |
global $paths; |
|
27 |
$paths->add_page(Array( |
|
28 |
\'name\'=>\'Log in\', |
|
29 |
\'urlname\'=>\'Login\', |
|
30 |
\'namespace\'=>\'Special\', |
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
32 |
)); |
|
33 |
$paths->add_page(Array( |
|
34 |
\'name\'=>\'Log out\', |
|
35 |
\'urlname\'=>\'Logout\', |
|
36 |
\'namespace\'=>\'Special\', |
|
37 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
38 |
)); |
|
39 |
$paths->add_page(Array( |
|
40 |
\'name\'=>\'Register\', |
|
41 |
\'urlname\'=>\'Register\', |
|
42 |
\'namespace\'=>\'Special\', |
|
43 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
44 |
)); |
|
45 |
$paths->add_page(Array( |
|
46 |
\'name\'=>\'Edit Profile\', |
|
47 |
\'urlname\'=>\'Preferences\', |
|
48 |
\'namespace\'=>\'Special\', |
|
49 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
50 |
)); |
|
51 |
||
52 |
$paths->add_page(Array( |
|
53 |
\'name\'=>\'Contributions\', |
|
54 |
\'urlname\'=>\'Contributions\', |
|
55 |
\'namespace\'=>\'Special\', |
|
56 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
57 |
)); |
|
58 |
||
59 |
$paths->add_page(Array( |
|
60 |
\'name\'=>\'Change style\', |
|
61 |
\'urlname\'=>\'ChangeStyle\', |
|
62 |
\'namespace\'=>\'Special\', |
|
63 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
64 |
)); |
|
65 |
||
66 |
$paths->add_page(Array( |
|
67 |
\'name\'=>\'Activate user account\', |
|
68 |
\'urlname\'=>\'ActivateAccount\', |
|
69 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
115
diff
changeset
|
70 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 71 |
)); |
72 |
||
73 |
$paths->add_page(Array( |
|
74 |
\'name\'=>\'Captcha\', |
|
75 |
\'urlname\'=>\'Captcha\', |
|
76 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
115
diff
changeset
|
77 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 78 |
)); |
79 |
||
80 |
$paths->add_page(Array( |
|
81 |
\'name\'=>\'Forgot password\', |
|
82 |
\'urlname\'=>\'PasswordReset\', |
|
83 |
\'namespace\'=>\'Special\', |
|
84 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
85 |
)); |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
86 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
87 |
$paths->add_page(Array( |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
88 |
\'name\'=>\'Member list\', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
89 |
\'urlname\'=>\'Memberlist\', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
90 |
\'namespace\'=>\'Special\', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
91 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
92 |
)); |
0 | 93 |
'); |
94 |
||
95 |
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
|
96 |
||
97 |
$__login_status = ''; |
|
98 |
||
99 |
function page_Special_Login() |
|
100 |
{ |
|
101 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
102 |
global $__login_status; |
|
103 |
||
104 |
$pubkey = $session->rijndael_genkey(); |
|
105 |
$challenge = $session->dss_rand(); |
|
106 |
||
107 |
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) |
|
108 |
{ |
|
260
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents:
256
diff
changeset
|
109 |
header('Content-type: application/json'); |
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
110 |
$username = ( $session->user_logged_in ) ? $session->username : false; |
0 | 111 |
$response = Array( |
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
57
diff
changeset
|
112 |
'username' => $username, |
0 | 113 |
'key' => $pubkey, |
114 |
'challenge' => $challenge |
|
115 |
); |
|
116 |
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
117 |
$response = $json->encode($response); |
|
118 |
echo $response; |
|
119 |
return null; |
|
120 |
} |
|
121 |
||
122 |
$level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER; |
|
123 |
if ( isset($_POST['login']) ) |
|
124 |
{ |
|
125 |
if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) |
|
126 |
{ |
|
127 |
$level = intval($_POST['auth_level']); |
|
128 |
} |
|
129 |
} |
|
130 |
||
131 |
if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) |
|
132 |
{ |
|
133 |
$level = USER_LEVEL_MEMBER; |
|
134 |
} |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
135 |
if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
136 |
$paths->main_page(); |
0 | 137 |
$template->header(); |
138 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">'; |
|
139 |
$header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.'; |
|
140 |
if ( isset($_POST['login']) ) |
|
141 |
{ |
|
142 |
echo '<p>'.$__login_status.'</p>'; |
|
143 |
} |
|
144 |
if ( $p = $paths->getAllParams() ) |
|
145 |
{ |
|
146 |
echo '<input type="hidden" name="return_to" value="'.$p.'" />'; |
|
147 |
} |
|
148 |
else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
|
149 |
{ |
|
150 |
echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />'; |
|
151 |
} |
|
152 |
?> |
|
153 |
<div class="tblholder"> |
|
154 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
155 |
<tr> |
|
156 |
<th colspan="3"><?php echo $header; ?></th> |
|
157 |
</tr> |
|
158 |
<tr> |
|
159 |
<td colspan="3" class="row1"> |
|
160 |
<?php |
|
161 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
162 |
{ |
|
163 |
echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>'; |
|
164 |
} |
|
165 |
else |
|
166 |
{ |
|
167 |
echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>'; |
|
168 |
} |
|
169 |
?> |
|
170 |
</td> |
|
171 |
</tr> |
|
172 |
<tr> |
|
173 |
<td class="row2"> |
|
174 |
Username: |
|
175 |
</td> |
|
176 |
<td class="row1"> |
|
177 |
<input name="username" size="25" type="text" <?php |
|
178 |
if ( $level <= USER_LEVEL_MEMBER ) |
|
179 |
{ |
|
180 |
echo 'tabindex="1" '; |
|
181 |
} |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
182 |
else |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
183 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
184 |
echo 'tabindex="3" '; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
185 |
} |
0 | 186 |
if ( $session->user_logged_in ) |
187 |
{ |
|
188 |
echo 'value="' . $session->username . '"'; |
|
189 |
} |
|
190 |
?> /> |
|
191 |
</td> |
|
192 |
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?> |
|
193 |
<td rowspan="2" class="row3"> |
|
194 |
<small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br /> |
|
195 |
Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small> |
|
196 |
</td> |
|
197 |
<?php } ?> |
|
198 |
</tr> |
|
199 |
<tr> |
|
200 |
<td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td> |
|
201 |
</tr> |
|
235
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
202 |
<?php if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt'] != '0' ) ) ) { ?> |
0 | 203 |
<tr> |
204 |
<td class="row3" colspan="3"> |
|
205 |
<p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p> |
|
206 |
<p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p> |
|
207 |
</td> |
|
208 |
</tr> |
|
235
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
209 |
<?php } else if ( isset($_GET['use_crypt']) && $_GET['use_crypt'] == '0' && $level <= USER_LEVEL_MEMBER ) { ?> |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
210 |
<tr> |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
211 |
<td class="row3" colspan="3"> |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
212 |
<p><b>Encrypted logon has been disabled.</b> Unless you live in a country where encryption technology is illegal, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=1', true); ?>">use encryption when you log on</a> to help protect against password sniffing.</p> |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
213 |
</td> |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
229
diff
changeset
|
214 |
</tr> |
0 | 215 |
<?php } ?> |
216 |
<tr> |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
217 |
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th> |
0 | 218 |
</tr> |
219 |
</table> |
|
220 |
</div> |
|
221 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
|
222 |
<input type="hidden" name="use_crypt" value="no" /> |
|
223 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
224 |
<input type="hidden" name="crypt_data" value="" /> |
|
225 |
<input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" /> |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
226 |
<?php if ( $level <= USER_LEVEL_MEMBER ): ?> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
227 |
<script type="text/javascript"> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
228 |
document.forms.loginform.username.focus(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
229 |
</script> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
230 |
<?php else: ?> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
231 |
<script type="text/javascript"> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
232 |
document.forms.loginform.pass.focus(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
233 |
</script> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
234 |
<?php endif; ?> |
0 | 235 |
</form> |
236 |
<?php |
|
237 |
echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data'); |
|
238 |
?> |
|
239 |
<?php |
|
240 |
$template->footer(); |
|
241 |
} |
|
242 |
||
243 |
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called |
|
244 |
{ |
|
245 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
246 |
global $__login_status; |
|
247 |
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) |
|
248 |
{ |
|
249 |
$plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);'); |
|
250 |
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
251 |
$data = $json->decode($_POST['params']); |
|
252 |
$level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; |
|
253 |
$result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level); |
|
254 |
$session->start(); |
|
255 |
//echo "$result\n$session->sid_super"; |
|
256 |
//exit; |
|
257 |
if ( $result == 'success' ) |
|
258 |
{ |
|
259 |
$response = Array( |
|
260 |
'result' => 'success', |
|
261 |
'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid ) |
|
262 |
); |
|
263 |
} |
|
264 |
else |
|
265 |
{ |
|
266 |
$response = Array( |
|
267 |
'result' => 'error', |
|
268 |
'error' => $result |
|
269 |
); |
|
270 |
} |
|
271 |
$response = $json->encode($response); |
|
272 |
echo $response; |
|
273 |
$db->close(); |
|
274 |
exit; |
|
275 |
} |
|
276 |
if(isset($_POST['login'])) { |
|
277 |
if($_POST['use_crypt'] == 'yes') |
|
278 |
{ |
|
279 |
$result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level'])); |
|
280 |
} |
|
281 |
else |
|
282 |
{ |
|
283 |
$result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level'])); |
|
284 |
} |
|
285 |
$session->start(); |
|
286 |
$paths->init(); |
|
287 |
if($result == 'success') |
|
288 |
{ |
|
289 |
$template->load_theme($session->theme, $session->style); |
|
290 |
if(isset($_POST['return_to'])) |
|
291 |
{ |
|
292 |
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
293 |
redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); |
0 | 294 |
} |
295 |
else |
|
296 |
{ |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
297 |
redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' ); |
0 | 298 |
} |
299 |
} |
|
300 |
else |
|
301 |
{ |
|
302 |
$GLOBALS['__login_status'] = $result; |
|
303 |
} |
|
304 |
} |
|
305 |
} |
|
306 |
||
307 |
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey) |
|
308 |
{ |
|
309 |
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
310 |
||
311 |
$response = Array( |
|
312 |
'result' => 'success_reset', |
|
313 |
'user_id' => $user_id, |
|
314 |
'temppass' => $passkey |
|
315 |
); |
|
316 |
||
317 |
$response = $json->encode($response); |
|
318 |
echo $response; |
|
319 |
||
320 |
$db->close(); |
|
321 |
||
322 |
exit; |
|
323 |
} |
|
324 |
||
325 |
function page_Special_Logout() { |
|
326 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
327 |
if ( !$session->user_logged_in ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
328 |
$paths->main_page(); |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
329 |
|
0 | 330 |
$l = $session->logout(); |
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
331 |
if ( $l == 'success' ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
332 |
{ |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
333 |
redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
334 |
} |
0 | 335 |
$template->header(); |
336 |
echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>'; |
|
337 |
$template->footer(); |
|
338 |
} |
|
339 |
||
30 | 340 |
function page_Special_Register() |
341 |
{ |
|
0 | 342 |
global $db, $session, $paths, $template, $plugins; // Common objects |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
343 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
344 |
// form field trackers |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
345 |
$username = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
346 |
$email = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
347 |
$realname = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
348 |
|
0 | 349 |
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) |
350 |
{ |
|
351 |
$s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : ''; |
|
352 |
die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s); |
|
353 |
} |
|
93
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
354 |
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in ) |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
355 |
{ |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
356 |
$paths->main_page(); |
95c4d91bd954
Redirections to the main page use the redirect() function now
Dan
parents:
85
diff
changeset
|
357 |
} |
30 | 358 |
if(isset($_POST['submit'])) |
359 |
{ |
|
360 |
$_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x'; |
|
361 |
||
0 | 362 |
$captcharesult = $session->get_captcha($_POST['captchahash']); |
212
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
363 |
$session->kill_captcha(); |
283
e133d321fce4
Made all captcha fields case-insensitive (thanks pkeating)
Dan
parents:
274
diff
changeset
|
364 |
if(strtolower($captcharesult) != strtolower($_POST['captchacode'])) |
30 | 365 |
{ |
0 | 366 |
$s = 'The confirmation code you entered was incorrect.'; |
30 | 367 |
} |
0 | 368 |
else |
30 | 369 |
{ |
370 |
if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) ) |
|
371 |
{ |
|
372 |
$s = 'Invalid COPPA input'; |
|
373 |
} |
|
374 |
else |
|
375 |
{ |
|
376 |
$coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' ); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
377 |
$s = false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
378 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
379 |
// decrypt password |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
380 |
// as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
381 |
// and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
382 |
// forgot his password, that's his problem. |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
383 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
384 |
if ( $_POST['use_crypt'] == 'yes' ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
385 |
{ |
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
217
diff
changeset
|
386 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
387 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
388 |
if ( !$crypt_key ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
389 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
390 |
$s = 'Couldn\'t look up public encryption key'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
391 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
392 |
else |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
393 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
394 |
$data = $_POST['crypt_data']; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
395 |
$bin_key = hexdecode($crypt_key); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
396 |
//die("Decrypting with params: key $crypt_key, data $data"); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
397 |
$password = $aes->decrypt($data, $bin_key, ENC_HEX); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
398 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
399 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
400 |
else |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
401 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
402 |
$password = $_POST['password']; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
403 |
} |
30 | 404 |
|
405 |
// CAPTCHA code was correct, create the account |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
406 |
// ... and check for errors returned from the crypto API |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
407 |
if ( !$s ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
408 |
$s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa); |
30 | 409 |
} |
410 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
411 |
if($s == 'success' && !$coppa) |
0 | 412 |
{ |
413 |
switch(getConfig('account_activation')) |
|
414 |
{ |
|
415 |
case "none": |
|
416 |
default: |
|
417 |
$str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.'; |
|
418 |
break; |
|
419 |
case "user": |
|
420 |
$str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.'; |
|
421 |
break; |
|
422 |
case "admin": |
|
423 |
$str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.'; |
|
424 |
break; |
|
425 |
} |
|
426 |
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>'); |
|
427 |
} |
|
30 | 428 |
else if ( $s == 'success' && $coppa ) |
429 |
{ |
|
430 |
$str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.'; |
|
431 |
die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>'); |
|
432 |
} |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
433 |
$username = htmlspecialchars($_POST['username']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
434 |
$email = htmlspecialchars($_POST['email']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
435 |
$realname = htmlspecialchars($_POST['real_name']); |
0 | 436 |
} |
437 |
$template->header(); |
|
438 |
echo 'A user account enables you to have greater control over your browsing experience.'; |
|
30 | 439 |
|
440 |
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) ) |
|
441 |
{ |
|
442 |
$coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' ); |
|
443 |
$session->kill_captcha(); |
|
444 |
$captchacode = $session->make_captcha(); |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
445 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
446 |
$pubkey = $session->rijndael_genkey(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
447 |
$challenge = $session->dss_rand(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
448 |
|
30 | 449 |
?> |
450 |
<h3>Create a user account</h3> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
451 |
<form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="runEncryption();"> |
30 | 452 |
<div class="tblholder"> |
453 |
<table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
454 |
<tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr> |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
455 |
|
30 | 456 |
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
457 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
458 |
<!-- FIELD: Username --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
459 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
460 |
<td class="row1" style="width: 50%;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
461 |
Preferred username: |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
462 |
<span id="e_username"></span> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
463 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
464 |
<td class="row1" style="width: 50%;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
465 |
<input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
466 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
467 |
<td class="row1" style="max-width: 24px;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
468 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
469 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
470 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
471 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
472 |
<!-- FIELD: Password --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
473 |
<tr> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
474 |
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>"> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
475 |
Password: |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
476 |
<span id="e_password"></span> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
477 |
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
478 |
<small>It needs to score at least <b><?php echo getConfig('pw_strength_minimum'); ?></b> for your registration to be accepted.</small> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
479 |
<?php endif; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
480 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
481 |
<td class="row3" style="width: 50%;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
482 |
<input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm();" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
483 |
</td> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
484 |
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;"> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
485 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
486 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
487 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
488 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
489 |
<!-- FIELD: Password confirmation --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
490 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
491 |
<td class="row3" style="width: 50%;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
492 |
<input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
493 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
494 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
495 |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
496 |
<!-- FIELD: Password strength meter --> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
497 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
498 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
499 |
<tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
500 |
<td class="row3" style="width: 50%;"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
501 |
<div id="pwmeter"></div> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
502 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
503 |
</tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
504 |
<?php endif; ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
505 |
|
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
506 |
<!-- FIELD: E-mail address --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
507 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
508 |
<td class="row1" style="width: 50%;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
509 |
<?php |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
510 |
if ( $coppa ) echo 'Your parent or guardian\'s e'; |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
511 |
else echo 'E'; |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
512 |
?>-mail address: |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
513 |
<?php |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
514 |
if ( ( $x = getConfig('account_activation') ) == 'user' ) |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
515 |
{ |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
516 |
echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small>'; |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
517 |
} |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
518 |
?> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
519 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
520 |
<td class="row1" style="width: 50%;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
521 |
<input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm();" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
522 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
523 |
<td class="row1" style="max-width: 24px;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
524 |
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
525 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
526 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
527 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
528 |
<!-- FIELD: Real name --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
529 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
530 |
<td class="row3" style="width: 50%;"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
531 |
Real name:<br /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
532 |
<small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
533 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
534 |
<td class="row3" style="width: 50%;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
535 |
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;"> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
536 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
537 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
538 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
539 |
<!-- FIELD: CAPTCHA image --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
540 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
541 |
<td class="row1" style="width: 50%;" rowspan="2"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
542 |
Visual confirmation<br /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
543 |
<small> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
544 |
Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
545 |
<br /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
546 |
If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you. |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
547 |
</small> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
548 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
549 |
<td colspan="2" class="row1"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
550 |
<img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
551 |
<span id="b_username"></span> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
552 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
553 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
554 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
555 |
<!-- FIELD: CAPTCHA input field --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
556 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
557 |
<td class="row1" colspan="2"> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
558 |
Code: |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
559 |
<input tabindex="6" name="captchacode" type="text" size="10" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
560 |
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
561 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
562 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
563 |
|
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
564 |
<!-- FIELD: submit button --> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
565 |
<tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
566 |
<th class="subhead" colspan="3" style="text-align: center;"> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
567 |
<input tabindex="7" type="submit" name="submit" value="Create my account" /> |
101
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
568 |
</td> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
569 |
</tr> |
bb4e677a4da9
Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents:
93
diff
changeset
|
570 |
|
30 | 571 |
</table> |
572 |
</div> |
|
573 |
<?php |
|
574 |
$val = ( $coppa ) ? 'yes' : 'no'; |
|
575 |
echo '<input type="hidden" name="coppa" value="' . $val . '" />'; |
|
576 |
?> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
577 |
<input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
578 |
<input type="hidden" name="use_crypt" value="no" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
579 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
580 |
<input type="hidden" name="crypt_data" value="" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
581 |
<script type="text/javascript"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
582 |
// ENCRYPTION CODE |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
583 |
disableJSONExts(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
584 |
str = ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
585 |
for(i=0;i<keySizeInBits/4;i++) str+='0'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
586 |
var key = hexToByteArray(str); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
587 |
var pt = hexToByteArray(str); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
588 |
var ct = rijndaelEncrypt(pt, key, "ECB"); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
589 |
var ct = byteArrayToHex(ct); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
590 |
switch(keySizeInBits) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
591 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
592 |
case 128: |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
593 |
v = '66e94bd4ef8a2c3b884cfa59ca342b2e'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
594 |
break; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
595 |
case 192: |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
596 |
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
597 |
break; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
598 |
case 256: |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
599 |
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
600 |
break; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
601 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
602 |
var aes_testpassed = ( ct == v && md5_vm_test() ); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
603 |
function runEncryption() |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
604 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
605 |
var frm = document.forms.regform; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
606 |
if ( frm.password.value.length < 1 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
607 |
return true; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
608 |
if(aes_testpassed) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
609 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
610 |
frm.use_crypt.value = 'yes'; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
611 |
var cryptkey = frm.crypt_key.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
612 |
frm.crypt_key.value = hex_md5(cryptkey); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
613 |
cryptkey = hexToByteArray(cryptkey); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
614 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
615 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
616 |
frm.submit.disabled = true; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
617 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
618 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
619 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
620 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
621 |
pass1 = frm.password.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
622 |
pass2 = frm.password_confirm.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
623 |
if ( pass1 != pass2 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
624 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
625 |
alert('The passwords you entered do not match.'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
626 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
627 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
628 |
if ( pass1.length < 6 && pass1.length > 0 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
629 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
630 |
alert('The new password must be 6 characters or greater in length.'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
631 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
632 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
633 |
if(aes_testpassed) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
634 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
635 |
pass = frm.password.value; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
636 |
pass = stringToByteArray(pass); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
637 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
638 |
if(!cryptstring) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
639 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
640 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
641 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
642 |
cryptstring = byteArrayToHex(cryptstring); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
643 |
frm.crypt_data.value = cryptstring; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
644 |
frm.password.value = ""; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
645 |
frm.password_confirm.value = ""; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
646 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
647 |
return true; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
648 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
649 |
</script> |
30 | 650 |
</form> |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
651 |
<!-- Don't optimize this script, it fails when compressed --> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
652 |
<enano:no-opt> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
653 |
<script type="text/javascript"> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
654 |
// <![CDATA[ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
655 |
var namegood = false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
656 |
function validateForm() |
0 | 657 |
{ |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
658 |
var frm = document.forms.regform; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
659 |
failed = false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
660 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
661 |
// Username |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
662 |
if(!namegood) |
30 | 663 |
{ |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
664 |
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig)) |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
212
diff
changeset
|
665 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig'); |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
666 |
if ( frm.username.value.match(regex) ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
667 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
668 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
669 |
document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
670 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
671 |
failed = true; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
672 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
673 |
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
674 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
675 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
676 |
document.getElementById('b_username').innerHTML = ''; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
677 |
if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1') |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
678 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
679 |
document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
680 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
681 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
682 |
// Password |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
683 |
if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
684 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
685 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
686 |
document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>'; |
30 | 687 |
} else { |
688 |
failed = true; |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
689 |
if(frm.password.value.length < 6) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
690 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
691 |
document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
692 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
693 |
else if(frm.password.value != frm.password_confirm.value) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
694 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
695 |
document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
696 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
697 |
else |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
698 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
699 |
document.getElementById('e_password').innerHTML = ''; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
700 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
701 |
document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
702 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
703 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
704 |
// E-mail address |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
705 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
706 |
// workaround for idiot jEdit bug |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
707 |
if ( validateEmail(frm.email.value) ) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
708 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
709 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
710 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
711 |
failed = true; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
712 |
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
713 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
714 |
if(failed) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
715 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
716 |
frm.submit.disabled = 'disabled'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
717 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
718 |
frm.submit.disabled = false; |
30 | 719 |
} |
720 |
} |
|
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
721 |
function checkUsername() |
30 | 722 |
{ |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
723 |
var frm = document.forms.regform; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
724 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
725 |
if(!namegood) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
726 |
{ |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
212
diff
changeset
|
727 |
var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig'); |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
212
diff
changeset
|
728 |
if ( frm.username.value.match(regex) ) |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
729 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
730 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
731 |
document.getElementById('e_username').innerHTML = ''; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
732 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
733 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
734 |
document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
735 |
return false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
736 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
737 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
738 |
|
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
739 |
document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
740 |
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
741 |
if(ajax.readyState == 4) |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
742 |
if(ajax.responseText == 'good') |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
743 |
{ |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
744 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
745 |
document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
746 |
namegood = true; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
747 |
} else if(ajax.responseText == 'bad') { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
748 |
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
749 |
document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>'; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
750 |
namegood = false; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
751 |
} else { |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
752 |
document.getElementById('e_username').innerHTML = ajax.responseText; |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
753 |
} |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
754 |
}); |
0 | 755 |
} |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
756 |
function regenCaptcha() |
30 | 757 |
{ |
274 | 758 |
var frm = document.forms.regform; |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
759 |
document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000); |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
760 |
return false; |
30 | 761 |
} |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
762 |
<?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
763 |
var frm = document.forms.regform; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
764 |
password_score_field(frm.password); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
765 |
<?php endif; ?> |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
766 |
validateForm(); |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
767 |
setTimeout('checkUsername();', 1000); |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
768 |
// ]]> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
769 |
</script> |
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
116
diff
changeset
|
770 |
</enano:no-opt> |
30 | 771 |
<?php |
772 |
} |
|
773 |
else |
|
774 |
{ |
|
775 |
$year = intval( date('Y') ); |
|
776 |
$year = $year - 13; |
|
777 |
$month = date('F'); |
|
778 |
$day = date('d'); |
|
779 |
||
780 |
$yo13_date = "$month $day, $year"; |
|
781 |
$link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true); |
|
782 |
$link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true); |
|
783 |
||
784 |
// COPPA enabled, ask age |
|
785 |
echo '<div class="tblholder">'; |
|
786 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
787 |
echo '<tr> |
|
788 |
<td class="row1"> |
|
789 |
Before you can register, please tell us your age. |
|
790 |
</td> |
|
791 |
</tr> |
|
792 |
<tr> |
|
793 |
<td class="row3"> |
|
794 |
<a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br /> |
|
795 |
<a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a> |
|
796 |
</td> |
|
797 |
</tr>'; |
|
798 |
echo '</table>'; |
|
799 |
echo '</div>'; |
|
800 |
} |
|
0 | 801 |
$template->footer(); |
802 |
} |
|
803 |
||
804 |
/* |
|
805 |
If you want the old preferences page back, be my guest. |
|
806 |
function page_Special_Preferences() { |
|
807 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
808 |
$template->header(); |
|
809 |
if(isset($_POST['submit'])) { |
|
810 |
$data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']); |
|
811 |
if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>'; |
|
812 |
else echo $data; |
|
813 |
} else { |
|
814 |
echo ' |
|
815 |
<h3>Edit your profile</h3> |
|
816 |
<form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post"> |
|
817 |
<table border="0" style="margin-left: 0.2in;"> |
|
818 |
<tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr> |
|
819 |
<tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr> |
|
820 |
<tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr> |
|
821 |
<tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr> |
|
822 |
<tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr> |
|
823 |
<tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr> |
|
824 |
<tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr> |
|
825 |
<tr><td colspan="2"> |
|
826 |
<input type="submit" name="submit" value="Save Changes" /></td></tr> |
|
827 |
</table> |
|
828 |
</form> |
|
829 |
'; |
|
830 |
} |
|
831 |
$template->footer(); |
|
832 |
} |
|
833 |
*/ |
|
834 |
||
835 |
function page_Special_Contributions() { |
|
836 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
837 |
$template->header(); |
|
838 |
$user = $paths->getParam(); |
|
839 |
if(!$user && isset($_GET['user'])) |
|
840 |
{ |
|
841 |
$user = $_GET['user']; |
|
842 |
} |
|
843 |
elseif(!$user && !isset($_GET['user'])) |
|
844 |
{ |
|
845 |
echo 'No user selected!'; |
|
846 |
$template->footer(); |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
847 |
return; |
0 | 848 |
} |
849 |
||
850 |
$user = $db->escape($user); |
|
851 |
||
852 |
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;'; |
|
853 |
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); |
|
854 |
echo 'History of edits and actions<h3>Edits:</h3>'; |
|
855 |
if($db->numrows() < 1) echo 'No history entries in this category.'; |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
856 |
while($r = $db->fetchrow()) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
857 |
{ |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
858 |
$title = get_page_title($r['page_id'], $r['namespace']); |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
859 |
echo '<a href="' . makeUrlNS($r['namespace'], $r['page_id'], "oldid={$r['time_id']}", true) . '" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert to</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '.$r['edit_summary']; |
0 | 860 |
if($r['minor_edit']) echo '<b> - minor edit</b>'; |
861 |
echo '<br />'; |
|
862 |
} |
|
863 |
$db->free_result(); |
|
864 |
echo '<h3>Other changes:</h3>'; |
|
865 |
$q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;'; |
|
866 |
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); |
|
867 |
if($db->numrows() < 1) echo 'No history entries in this category.'; |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
868 |
while($r = $db->fetchrow()) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
869 |
{ |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
870 |
if ( $r['log_type'] == 'page' ) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
871 |
{ |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
872 |
$title = get_page_title($r['page_id'], $r['namespace']); |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
873 |
echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.htmlspecialchars($title).'</a>: '; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
874 |
if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary']; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
875 |
else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary']; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
876 |
else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']); |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
877 |
else if ( $r['action'] == 'create' ) echo 'Created page'; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
878 |
else if ( $r['action'] == 'delete' ) echo 'Deleted page'; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
879 |
if ( $r['minor_edit'] ) echo '<b> - minor edit</b>'; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
880 |
echo '<br />'; |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
881 |
} |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
882 |
else if($r['log_type']=='security') |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
883 |
{ |
0 | 884 |
// Not implemented, and when it is, it won't be public |
885 |
} |
|
886 |
} |
|
887 |
$db->free_result(); |
|
888 |
$template->footer(); |
|
889 |
} |
|
890 |
||
891 |
function page_Special_ChangeStyle() |
|
892 |
{ |
|
893 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
894 |
if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>'); |
|
895 |
if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) |
|
896 |
{ |
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
897 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
898 |
die('Hacking attempt'); |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
899 |
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) |
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
60
diff
changeset
|
900 |
die('Hacking attempt'); |
0 | 901 |
$d = ENANO_ROOT . '/themes/' . $_POST['theme']; |
902 |
$f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; |
|
903 |
if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.'); |
|
904 |
if(!file_exists($f)) die('The file "'.$f.'" does not exist.'); |
|
905 |
$d = $db->escape($_POST['theme']); |
|
906 |
$f = $db->escape($_POST['style']); |
|
907 |
$q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; |
|
908 |
if(!$db->sql_query($q)) |
|
909 |
{ |
|
910 |
$db->_die('Your theme/style preferences were not updated.'); |
|
911 |
} |
|
912 |
else |
|
913 |
{ |
|
914 |
redirect(makeUrl($_POST['return_to']), '', '', 0); |
|
915 |
} |
|
916 |
} |
|
917 |
else |
|
918 |
{ |
|
919 |
$template->header(); |
|
920 |
$ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); |
|
921 |
if(!$ret) $ret = getConfig('main_page'); |
|
922 |
?> |
|
923 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
924 |
<?php if(!isset($_POST['themeselected'])) { ?> |
|
925 |
<h3>Please select a new theme:</h3> |
|
926 |
<p> |
|
927 |
<select name="theme"> |
|
928 |
<?php |
|
929 |
foreach($template->theme_list as $t) { |
|
930 |
if($t['enabled']) |
|
931 |
{ |
|
336
4fb4b6647e96
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents:
318
diff
changeset
|
932 |
echo '<option value="'.htmlspecialchars($t['theme_id']).'"'; |
0 | 933 |
if($t['theme_id'] == $session->theme) echo ' selected="selected"'; |
336
4fb4b6647e96
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents:
318
diff
changeset
|
934 |
echo '>'.htmlspecialchars($t['theme_name']).'</option>'; |
0 | 935 |
} |
936 |
} |
|
937 |
?> |
|
938 |
</select> |
|
939 |
</p> |
|
336
4fb4b6647e96
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents:
318
diff
changeset
|
940 |
<p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" /> |
0 | 941 |
<input type="submit" name="themeselected" value="Continue" /></p> |
942 |
<?php } else { |
|
943 |
$theme = $_POST['theme']; |
|
944 |
if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) ) |
|
945 |
die('Hacking attempt'); |
|
946 |
?> |
|
947 |
<h3>Please select a stylesheet:</h3> |
|
948 |
<p> |
|
949 |
<select name="style"> |
|
950 |
<?php |
|
951 |
$dir = './themes/'.$theme.'/css/'; |
|
952 |
$list = Array(); |
|
953 |
// Open a known directory, and proceed to read its contents |
|
954 |
if (is_dir($dir)) { |
|
955 |
if ($dh = opendir($dir)) { |
|
956 |
while (($file = readdir($dh)) !== false) { |
|
957 |
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { |
|
958 |
$list[] = substr($file, 0, strlen($file)-4); |
|
959 |
} |
|
960 |
} |
|
961 |
closedir($dh); |
|
962 |
} |
|
963 |
} else die($dir.' is not a dir'); |
|
964 |
foreach ( $list as $l ) |
|
965 |
{ |
|
966 |
echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>'; |
|
967 |
} |
|
968 |
?> |
|
969 |
</select> |
|
970 |
</p> |
|
336
4fb4b6647e96
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents:
318
diff
changeset
|
971 |
<p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" /> |
4fb4b6647e96
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks!
Dan Fuhry <dan@enanocms.org>
parents:
318
diff
changeset
|
972 |
<input type="hidden" name="theme" value="<?php echo htmlspecialchars($theme); ?>" /> |
0 | 973 |
<input type="submit" name="allclear" value="Change style" /></p> |
974 |
<?php } ?> |
|
975 |
</form> |
|
976 |
<?php |
|
977 |
$template->footer(); |
|
978 |
} |
|
979 |
} |
|
980 |
||
981 |
function page_Special_ActivateAccount() |
|
982 |
{ |
|
983 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
984 |
$user = $paths->getParam(0); |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
115
diff
changeset
|
985 |
if(!$user) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>'); |
0 | 986 |
$key = $paths->getParam(1); |
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
115
diff
changeset
|
987 |
if(!$key) die_friendly('Account activation error', '<p>This page can only be accessed using links sent to users via e-mail.</p>'); |
0 | 988 |
$s = $session->activate_account(str_replace('_', ' ', $user), $key); |
989 |
if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>'); |
|
990 |
else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>'); |
|
991 |
} |
|
992 |
||
993 |
function page_Special_Captcha() |
|
994 |
{ |
|
995 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
212
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
996 |
if ( $paths->getParam(0) == 'make' ) |
0 | 997 |
{ |
998 |
$session->kill_captcha(); |
|
999 |
echo $session->make_captcha(); |
|
1000 |
return; |
|
1001 |
} |
|
212
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1002 |
|
0 | 1003 |
$hash = $paths->getParam(0); |
212
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1004 |
if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1005 |
{ |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1006 |
$paths->main_page(); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1007 |
} |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1008 |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1009 |
// Determine code length |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1010 |
$ip = ip2hex($_SERVER['REMOTE_ADDR']); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1011 |
if ( !$ip ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1012 |
die('(very desperate) Hacking attempt'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1013 |
$q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1014 |
if ( !$q ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1015 |
$db->_die('SpecialUserFuncs selecting CAPTCHA code'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1016 |
if ( $db->numrows() < 1 ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1017 |
die('Invalid hash or hacking attempt by IP'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1018 |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1019 |
// Generate code |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1020 |
$row = $db->fetchrow(); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1021 |
$db->free_result(); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1022 |
$len = intval($row['len']); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1023 |
if ( $len < 4 ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1024 |
$len = 7; |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1025 |
$code = $session->generate_captcha_code($len); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1026 |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1027 |
// Update database with new code |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1028 |
$q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1029 |
if ( !$q ) |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1030 |
$db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code'); |
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1031 |
|
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents:
181
diff
changeset
|
1032 |
require ( ENANO_ROOT.'/includes/captcha.php' ); |
0 | 1033 |
$captcha = new captcha($code); |
1034 |
$captcha->make_image(); |
|
1035 |
exit; |
|
1036 |
} |
|
1037 |
||
1038 |
function page_Special_PasswordReset() |
|
1039 |
{ |
|
1040 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1041 |
$template->header(); |
|
1042 |
if($paths->getParam(0) == 'stage2') |
|
1043 |
{ |
|
1044 |
$user_id = intval($paths->getParam(1)); |
|
1045 |
$encpass = $paths->getParam(2); |
|
1046 |
if ( $user_id < 2 ) |
|
1047 |
{ |
|
1048 |
echo '<p>Hacking attempt</p>'; |
|
1049 |
$template->footer(); |
|
1050 |
return false; |
|
1051 |
} |
|
1052 |
if(!preg_match('#^([a-f0-9]+)$#i', $encpass)) |
|
1053 |
{ |
|
1054 |
echo '<p>Hacking attempt</p>'; |
|
1055 |
$template->footer(); |
|
1056 |
return false; |
|
1057 |
} |
|
1058 |
||
1059 |
$q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';'); |
|
1060 |
if($db->numrows() < 1) |
|
1061 |
{ |
|
1062 |
echo '<p>Invalid credentials</p>'; |
|
1063 |
$template->footer(); |
|
1064 |
return false; |
|
1065 |
} |
|
1066 |
$row = $db->fetchrow(); |
|
1067 |
$db->free_result(); |
|
1068 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1069 |
if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() ) |
0 | 1070 |
{ |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1071 |
echo '<p>Your temporary password has expired. Please <a href="' . makeUrlNS('Special', 'PasswordReset') . '">request another one</a>.</p>'; |
0 | 1072 |
$template->footer(); |
1073 |
return false; |
|
1074 |
} |
|
1075 |
||
1076 |
if ( isset($_POST['do_stage2']) ) |
|
1077 |
{ |
|
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
217
diff
changeset
|
1078 |
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
0 | 1079 |
if($_POST['use_crypt'] == 'yes') |
1080 |
{ |
|
1081 |
$crypt_key = $session->fetch_public_key($_POST['crypt_key']); |
|
1082 |
if(!$crypt_key) |
|
1083 |
{ |
|
1084 |
echo 'ERROR: Couldn\'t look up public key for decryption.'; |
|
1085 |
$template->footer(); |
|
1086 |
return false; |
|
1087 |
} |
|
1088 |
$crypt_key = hexdecode($crypt_key); |
|
1089 |
$data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX); |
|
1090 |
if(strlen($data) < 6) |
|
1091 |
{ |
|
1092 |
echo 'ERROR: Your password must be six characters or greater in length.'; |
|
1093 |
$template->footer(); |
|
1094 |
return false; |
|
1095 |
} |
|
1096 |
} |
|
1097 |
else |
|
1098 |
{ |
|
1099 |
$data = $_POST['pass']; |
|
1100 |
$conf = $_POST['pass_confirm']; |
|
1101 |
if($data != $conf) |
|
1102 |
{ |
|
1103 |
echo 'ERROR: The passwords you entered do not match.'; |
|
1104 |
$template->footer(); |
|
1105 |
return false; |
|
1106 |
} |
|
1107 |
if(strlen($data) < 6) |
|
1108 |
{ |
|
1109 |
echo 'ERROR: Your password must be six characters or greater in length.'; |
|
1110 |
$template->footer(); |
|
1111 |
return false; |
|
1112 |
} |
|
1113 |
} |
|
1114 |
if(empty($data)) |
|
1115 |
{ |
|
1116 |
echo 'ERROR: Sanity check failed!'; |
|
1117 |
$template->footer(); |
|
1118 |
return false; |
|
1119 |
} |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1120 |
if ( getConfig('pw_strength_enable') == '1' ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1121 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1122 |
$min_score = intval(getConfig('pw_strength_minimum')); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1123 |
$inp_score = password_score($data); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1124 |
if ( $inp_score < $min_score ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1125 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1126 |
$url = makeUrl($paths->fullpage); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1127 |
echo "<p>ERROR: Your password did not pass the complexity score requirement. You need $min_score points to pass; your password received a score of $inp_score. <a href=\"$url\">Go back</a></p>"; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1128 |
$template->footer(); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1129 |
return false; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1130 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1131 |
} |
0 | 1132 |
$encpass = $aes->encrypt($data, $session->private_key, ENC_HEX); |
1133 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';'); |
|
1134 |
||
1135 |
if($q) |
|
1136 |
{ |
|
1137 |
$session->login_without_crypto($row['username'], $data); |
|
1138 |
echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>'; |
|
1139 |
} |
|
1140 |
else |
|
1141 |
{ |
|
1142 |
echo $db->get_error(); |
|
1143 |
} |
|
1144 |
||
1145 |
$template->footer(); |
|
1146 |
return false; |
|
1147 |
} |
|
1148 |
||
1149 |
// Password reset form |
|
1150 |
$pubkey = $session->rijndael_genkey(); |
|
1151 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1152 |
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1153 |
$pw_meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">Password strength rating:</td><td class="row1"><div id="pwmeter"></div><script type="text/javascript">password_score_field(document.forms.resetform.pass);</script></td></tr>' : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1154 |
$pw_blurb = ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>Your password needs to have a score of at least <b>'.getConfig('pw_strength_minimum').'</b>.</small>' : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1155 |
|
0 | 1156 |
?> |
1157 |
<form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();"> |
|
1158 |
<br /> |
|
1159 |
<div class="tblholder"> |
|
1160 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
1161 |
<tr><th colspan="2">Reset password</th></tr> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1162 |
<tr><td class="row1">Password:<?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr> |
0 | 1163 |
<tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr> |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
126
diff
changeset
|
1164 |
<?php echo $pw_meter; ?> |
0 | 1165 |
<tr> |
1166 |
<td colspan="2" class="row1" style="text-align: center;"> |
|
1167 |
<input type="hidden" name="use_crypt" value="no" /> |
|
1168 |
<input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" /> |
|
1169 |
<input type="hidden" name="crypt_data" value="" /> |
|
1170 |
<input type="submit" name="do_stage2" value="Reset password" /> |
|
1171 |
</td> |
|
1172 |
</tr> |
|
1173 |
</table> |
|
1174 |
</div> |
|
1175 |
</form> |
|
1176 |
<script type="text/javascript"> |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1177 |
if ( !KILL_SWITCH ) |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1178 |
{ |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1179 |
disableJSONExts(); |
0 | 1180 |
str = ''; |
1181 |
for(i=0;i<keySizeInBits/4;i++) str+='0'; |
|
1182 |
var key = hexToByteArray(str); |
|
1183 |
var pt = hexToByteArray(str); |
|
1184 |
var ct = rijndaelEncrypt(pt, key, "ECB"); |
|
1185 |
var ct = byteArrayToHex(ct); |
|
1186 |
switch(keySizeInBits) |
|
1187 |
{ |
|
1188 |
case 128: |
|
1189 |
v = '66e94bd4ef8a2c3b884cfa59ca342b2e'; |
|
1190 |
break; |
|
1191 |
case 192: |
|
1192 |
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7'; |
|
1193 |
break; |
|
1194 |
case 256: |
|
1195 |
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087'; |
|
1196 |
break; |
|
1197 |
} |
|
1198 |
var testpassed = ( ct == v && md5_vm_test() ); |
|
1199 |
var frm = document.forms.resetform; |
|
1200 |
if(testpassed) |
|
1201 |
{ |
|
1202 |
frm.use_crypt.value = 'yes'; |
|
1203 |
var cryptkey = frm.crypt_key.value; |
|
1204 |
frm.crypt_key.value = hex_md5(cryptkey); |
|
1205 |
cryptkey = hexToByteArray(cryptkey); |
|
1206 |
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
1207 |
{ |
|
1208 |
frm._login.disabled = true; |
|
1209 |
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
|
1210 |
alert('The key is messed up\nType: '+typeof(cryptkey)+len); |
|
1211 |
} |
|
1212 |
} |
|
1213 |
function runEncryption() |
|
1214 |
{ |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1215 |
var frm = document.forms.resetform; |
0 | 1216 |
pass1 = frm.pass.value; |
1217 |
pass2 = frm.pass_confirm.value; |
|
1218 |
if ( pass1 != pass2 ) |
|
1219 |
{ |
|
1220 |
alert('The passwords you entered do not match.'); |
|
1221 |
return false; |
|
1222 |
} |
|
1223 |
if ( pass1.length < 6 ) |
|
1224 |
{ |
|
1225 |
alert('The new password must be 6 characters or greater in length.'); |
|
1226 |
return false; |
|
1227 |
} |
|
1228 |
if(testpassed) |
|
1229 |
{ |
|
1230 |
pass = frm.pass.value; |
|
1231 |
pass = stringToByteArray(pass); |
|
1232 |
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
|
1233 |
if(!cryptstring) |
|
1234 |
{ |
|
1235 |
return false; |
|
1236 |
} |
|
1237 |
cryptstring = byteArrayToHex(cryptstring); |
|
1238 |
frm.crypt_data.value = cryptstring; |
|
1239 |
frm.pass.value = ""; |
|
1240 |
frm.pass_confirm.value = ""; |
|
1241 |
} |
|
1242 |
return true; |
|
1243 |
} |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
32
diff
changeset
|
1244 |
} |
0 | 1245 |
</script> |
1246 |
<?php |
|
1247 |
$template->footer(); |
|
1248 |
return true; |
|
1249 |
} |
|
1250 |
if(isset($_POST['do_reset'])) |
|
1251 |
{ |
|
1252 |
if($session->mail_password_reset($_POST['username'])) |
|
1253 |
{ |
|
1254 |
echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>'; |
|
1255 |
} |
|
1256 |
else |
|
1257 |
{ |
|
1258 |
echo '<p>Error occured, your new password was not sent.</p>'; |
|
1259 |
} |
|
1260 |
$template->footer(); |
|
1261 |
return true; |
|
1262 |
} |
|
1263 |
echo '<p>Don\'t worry, it happens to the best of us.</p> |
|
1264 |
<p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p> |
|
1265 |
<form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
1266 |
<p>Username: '.$template->username_field('username').'</p> |
|
1267 |
<p><input type="submit" name="do_reset" value="Mail new password" /></p> |
|
1268 |
</form>'; |
|
1269 |
$template->footer(); |
|
1270 |
} |
|
1271 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1272 |
function page_Special_Memberlist() |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1273 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1274 |
global $db, $session, $paths, $template, $plugins; // Common objects |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1275 |
$template->header(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1276 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1277 |
$startletters = 'abcdefghijklmnopqrstuvwxyz'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1278 |
$startletters = enano_str_split($startletters); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1279 |
$startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : ''; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1280 |
if ( !in_array($startletter, $startletters) && $startletter != 'chr' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1281 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1282 |
$startletter = ''; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1283 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1284 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1285 |
$startletter_sql = $startletter; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1286 |
if ( $startletter == 'chr' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1287 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1288 |
$startletter_sql = '([^a-z])'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1289 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1290 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1291 |
// offset |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1292 |
$offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1293 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1294 |
// sort order |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1295 |
$sortkeys = array( |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1296 |
'uid' => 'u.user_id', |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1297 |
'username' => 'u.username', |
111 | 1298 |
'email' => 'u.email', |
1299 |
'regist' => 'u.reg_time' |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1300 |
); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1301 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1302 |
$sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1303 |
$sort_sqllet = $sortkeys[$sortby]; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1304 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1305 |
$target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1306 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1307 |
$sortorders = array(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1308 |
foreach ( $sortkeys as $k => $_unused ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1309 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1310 |
$sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1311 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1312 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1313 |
// Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1314 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1315 |
echo '<div class="tblholder"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1316 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1317 |
<tr>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1318 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1319 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1320 |
foreach ( $startletters as $letter ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1321 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1322 |
echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1323 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1324 |
echo ' </tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1325 |
</table> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1326 |
</div>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1327 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1328 |
// formatter parameters |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1329 |
$formatter = new MemberlistFormatter(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1330 |
$formatters = array( |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1331 |
'username' => array($formatter, 'username'), |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1332 |
'user_level' => array($formatter, 'user_level'), |
111 | 1333 |
'email' => array($formatter, 'email'), |
1334 |
'reg_time' => array($formatter, 'reg_time') |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1335 |
); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1336 |
|
105 | 1337 |
// User search |
1338 |
if ( isset($_GET['finduser']) ) |
|
1339 |
{ |
|
1340 |
$finduser = str_replace(array( '%', '_'), |
|
1341 |
array('\\%', '\\_'), |
|
1342 |
$_GET['finduser']); |
|
1343 |
$finduser = str_replace(array('*', '?'), |
|
1344 |
array('%', '_'), |
|
1345 |
$finduser); |
|
1346 |
$finduser = $db->escape($finduser); |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1347 |
$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\''; |
105 | 1348 |
$finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&'; |
1349 |
} |
|
1350 |
else |
|
1351 |
{ |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1352 |
if ( ENANO_DBLAYER == 'MYSQL' ) |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1353 |
$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")'; |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1354 |
else if ( ENANO_DBLAYER == 'PGSQL' ) |
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1355 |
$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')'; |
105 | 1356 |
$finduser_url = ''; |
1357 |
} |
|
1358 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1359 |
// Column markers |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1360 |
$headings = '<tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1361 |
<th style="max-width: 50px;"> |
105 | 1362 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a> |
1363 |
</th> |
|
1364 |
<th> |
|
1365 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">Username</a> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1366 |
</th> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1367 |
<th> |
111 | 1368 |
Title |
1369 |
</th> |
|
1370 |
<th> |
|
105 | 1371 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">E-mail</a> |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1372 |
</th> |
111 | 1373 |
<th> |
1374 |
<a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">Registered</a> |
|
1375 |
</th> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1376 |
</tr>'; |
105 | 1377 |
|
1378 |
// determine number of rows |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1379 |
$q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';'); |
105 | 1380 |
if ( !$q ) |
1381 |
$db->_die(); |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1382 |
|
105 | 1383 |
$num_rows = $db->numrows(); |
1384 |
$db->free_result(); |
|
1385 |
||
1386 |
if ( !empty($finduser_url) ) |
|
1387 |
{ |
|
1388 |
$s = ( $num_rows == 1 ) ? '' : 'es'; |
|
1389 |
echo "<h3 style='float: left;'>Search returned $num_rows match$s</h3>"; |
|
1390 |
} |
|
1391 |
||
1392 |
// main selector |
|
111 | 1393 |
$q = $db->sql_unbuffered_query('SELECT u.user_id, u.username, u.reg_time, u.email, u.user_level, u.reg_time, x.email_public FROM '.table_prefix.'users AS u |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1394 |
LEFT JOIN '.table_prefix.'users_extra AS x |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1395 |
ON ( u.user_id = x.user_id ) |
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1396 |
WHERE ' . $username_where . ' AND u.username != \'Anonymous\' |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1397 |
ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';'); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1398 |
if ( !$q ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1399 |
$db->_die(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1400 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1401 |
$html = paginate( |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1402 |
$q, // MySQL result resource |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1403 |
'<tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1404 |
<td class="{_css_class}">{user_id}</td> |
111 | 1405 |
<td class="{_css_class}" style="text-align: left;">{username}</td> |
1406 |
<td class="{_css_class}">{user_level}</td> |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1407 |
<td class="{_css_class}">{email}</small></td> |
111 | 1408 |
<td class="{_css_class}">{reg_time}</td> |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1409 |
</tr> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1410 |
', // TPL code for rows |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1411 |
$num_rows, // Number of results |
105 | 1412 |
makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1413 |
$offset, // Start at this number |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1414 |
25, // Results per page |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1415 |
$formatters, // Formatting hooks |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1416 |
'<div class="tblholder"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1417 |
<table border="0" cellspacing="1" cellpadding="4" style="text-align: center;"> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1418 |
' . $headings . ' |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1419 |
', // Header (printed before rows) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1420 |
' ' . $headings . ' |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1421 |
</table> |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1422 |
</div> |
105 | 1423 |
' . |
1424 |
'<div style="float: left;"> |
|
1425 |
<form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">' |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
1426 |
. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' ) |
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents:
111
diff
changeset
|
1427 |
. ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') |
105 | 1428 |
. '<p>Find a member: ' . $template->username_field('finduser') . ' <input type="submit" value="Go" /><br /><small>You may use the following wildcards: * to match multiple characters, ? to match a single character.</small></p>' |
1429 |
. '</form> |
|
1430 |
</div>' // Footer (printed after rows) |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1431 |
); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1432 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1433 |
if ( $num_rows < 1 ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1434 |
{ |
105 | 1435 |
echo ( isset($_GET['finduser']) ) ? '<p>Sorry - no users that matched your query could be found. Please try some different search terms.</p>' : '<p>Sorry - no users with usernames that start with that letter could be found.</p>'; |
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1436 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1437 |
else |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1438 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1439 |
echo $html; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1440 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1441 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1442 |
$template->footer(); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1443 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1444 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1445 |
/** |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1446 |
* Class for formatting results for the memberlist. |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1447 |
* @access private |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1448 |
*/ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1449 |
|
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1450 |
class MemberlistFormatter |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1451 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1452 |
function username($username, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1453 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1454 |
global $db, $session, $paths, $template, $plugins; // Common objects |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1455 |
$userpage = $paths->nslist['User'] . sanitize_page_id($username); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1456 |
$class = ( isPage($userpage) ) ? ' title="Click to view this user\'s userpage"' : ' class="wikilink-nonexistent" title="This user hasn\'t created a userpage yet, but you can still view profile details by clicking this link."'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1457 |
$anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . '>' . htmlspecialchars($username) . '</a>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1458 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1459 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1460 |
$anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '" |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1461 |
onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">Administer user</a></small>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1462 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1463 |
return $anchor; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1464 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1465 |
function user_level($level, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1466 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1467 |
global $db, $session, $paths, $template, $plugins; // Common objects |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1468 |
switch ( $level ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1469 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1470 |
case USER_LEVEL_GUEST: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1471 |
$s_level = 'Guest'; break; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1472 |
case USER_LEVEL_MEMBER: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1473 |
case USER_LEVEL_CHPREF: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1474 |
$s_level = 'Member'; break; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1475 |
case USER_LEVEL_MOD: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1476 |
$s_level = 'Moderator'; break; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1477 |
case USER_LEVEL_ADMIN: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1478 |
$s_level = 'Site administrator'; break; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1479 |
default: |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1480 |
$s_level = 'Unknown (level ' . $level . ')'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1481 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1482 |
return $s_level; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1483 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1484 |
function email($addy, $row) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1485 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1486 |
if ( $row['email_public'] == '1' ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1487 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1488 |
global $email; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1489 |
$addy = $email->encryptEmail($addy); |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1490 |
return $addy; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1491 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1492 |
else |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1493 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1494 |
return '<small><Non-public></small>'; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1495 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1496 |
} |
111 | 1497 |
/** |
1498 |
* Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant. |
|
1499 |
* @param int UNIX timestamp |
|
1500 |
* @return string |
|
1501 |
*/ |
|
1502 |
||
1503 |
function format_date($time) |
|
1504 |
{ |
|
1505 |
// Our formattting string to pass to date() |
|
1506 |
// This should not include minute/second info, only today's date in whatever format suits your fancy |
|
1507 |
$formatstring = 'F j, Y'; |
|
1508 |
// Today's date |
|
1509 |
$today = date($formatstring); |
|
1510 |
// Yesterday's date |
|
1511 |
$yesterday = date($formatstring, (time() - (24*60*60))); |
|
1512 |
// Date on the input |
|
1513 |
$then = date($formatstring, $time); |
|
1514 |
// "X days ago" logic |
|
1515 |
for ( $i = 2; $i <= 6; $i++ ) |
|
1516 |
{ |
|
1517 |
// hours_in_day * minutes_in_hour * seconds_in_minute * num_days |
|
1518 |
$offset = 24 * 60 * 60 * $i; |
|
1519 |
$days_ago = date($formatstring, (time() - $offset)); |
|
1520 |
// so does the input timestamp match the date from $i days ago? |
|
1521 |
if ( $then == $days_ago ) |
|
1522 |
{ |
|
1523 |
// yes, return $i |
|
1524 |
return "$i days ago"; |
|
1525 |
} |
|
1526 |
} |
|
1527 |
// either yesterday, today, or before 6 days ago |
|
1528 |
switch($then) |
|
1529 |
{ |
|
1530 |
case $today: |
|
1531 |
return 'Today'; |
|
1532 |
case $yesterday: |
|
1533 |
return 'Yesterday'; |
|
1534 |
default: |
|
1535 |
return $then; |
|
1536 |
} |
|
1537 |
// .--. |
|
1538 |
// |o_o | |
|
1539 |
// |!_/ | |
|
1540 |
// // \ \ |
|
1541 |
// (| | ) |
|
1542 |
// /'\_ _/`\ |
|
1543 |
// \___)=(___/ |
|
1544 |
return 'Linux rocks!'; |
|
1545 |
} |
|
1546 |
function reg_time($time, $row) |
|
1547 |
{ |
|
1548 |
return $this->format_date($time); |
|
1549 |
} |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1550 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
101
diff
changeset
|
1551 |
|
0 | 1552 |
?> |