diff -r 000000000000 -r 902822492a68 plugins/SpecialUserFuncs.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/SpecialUserFuncs.php Wed Jun 13 16:03:00 2007 -0400 @@ -0,0 +1,875 @@ +attachHook('base_classes_initted', ' + global $paths; + $paths->add_page(Array( + \'name\'=>\'Log in\', + \'urlname\'=>\'Login\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->add_page(Array( + \'name\'=>\'Log out\', + \'urlname\'=>\'Logout\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->add_page(Array( + \'name\'=>\'Register\', + \'urlname\'=>\'Register\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->add_page(Array( + \'name\'=>\'Edit Profile\', + \'urlname\'=>\'Preferences\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + + $paths->add_page(Array( + \'name\'=>\'Contributions\', + \'urlname\'=>\'Contributions\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + + $paths->add_page(Array( + \'name\'=>\'Change style\', + \'urlname\'=>\'ChangeStyle\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + + $paths->add_page(Array( + \'name\'=>\'Activate user account\', + \'urlname\'=>\'ActivateAccount\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + + $paths->add_page(Array( + \'name\'=>\'Captcha\', + \'urlname\'=>\'Captcha\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + + $paths->add_page(Array( + \'name\'=>\'Forgot password\', + \'urlname\'=>\'PasswordReset\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + '); + +// function names are IMPORTANT!!! The name pattern is: page__ + +$__login_status = ''; + +function page_Special_Login() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + global $__login_status; + + $pubkey = $session->rijndael_genkey(); + $challenge = $session->dss_rand(); + + if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) + { + $response = Array( + 'key' => $pubkey, + 'challenge' => $challenge + ); + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + $response = $json->encode($response); + echo $response; + return null; + } + + $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER; + if ( isset($_POST['login']) ) + { + if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) + { + $level = intval($_POST['auth_level']); + } + } + + if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in ) + { + $level = USER_LEVEL_MEMBER; + } + $template->header(); + echo '
'; + $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.'; + if ( isset($_POST['login']) ) + { + echo '

'.$__login_status.'

'; + } + if ( $p = $paths->getAllParams() ) + { + echo ''; + } + else if ( isset($_POST['login']) && isset($_POST['return_to']) ) + { + echo ''; + } + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can create an account.

'; + } + else + { + echo '

You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.

'; + } + ?> +
+ Username: + + user_logged_in ) + { + echo 'value="' . $session->username . '"'; + } + ?> /> + + Forgot your password? No problem.
+ Maybe you need to create an account.
+
Password:
+

Important note regarding cryptography: Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should log in without using encryption.

+

This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.

+
+
+ + + + + +
+ aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data'); + ?> + footer(); +} + +function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called +{ + global $db, $session, $paths, $template, $plugins; // Common objects + global $__login_status; + if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) + { + $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);'); + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + $data = $json->decode($_POST['params']); + $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; + $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level); + $session->start(); + //echo "$result\n$session->sid_super"; + //exit; + if ( $result == 'success' ) + { + $response = Array( + 'result' => 'success', + 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid ) + ); + } + else + { + $response = Array( + 'result' => 'error', + 'error' => $result + ); + } + $response = $json->encode($response); + echo $response; + $db->close(); + exit; + } + if(isset($_POST['login'])) { + if($_POST['use_crypt'] == 'yes') + { + $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level'])); + } + else + { + $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level'])); + } + $session->start(); + $paths->init(); + if($result == 'success') + { + $template->load_theme($session->theme, $session->style); + if(isset($_POST['return_to'])) + { + $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; + redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); + } + else + { + $paths->main_page(); + } + } + else + { + $GLOBALS['__login_status'] = $result; + } + } +} + +function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey) +{ + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + + $response = Array( + 'result' => 'success_reset', + 'user_id' => $user_id, + 'temppass' => $passkey + ); + + $response = $json->encode($response); + echo $response; + + $db->close(); + + exit; +} + +function page_Special_Logout() { + global $db, $session, $paths, $template, $plugins; // Common objects + $l = $session->logout(); + if($l == 'success') $paths->main_page(); + $template->header(); + echo '

An error occurred during the logout process.

'.$l.'

'; + $template->footer(); +} + +function page_Special_Register() { + global $db, $session, $paths, $template, $plugins; // Common objects + if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in )) + { + $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '

Oops...it seems that you are the administrator...hehe...you can also force account registration to work.

' : ''; + die_friendly('Registration disabled', '

The administrator has disabled new user registration on this site.

' . $s); + } + if(isset($_POST['submit'])) { + $captcharesult = $session->get_captcha($_POST['captchahash']); + if($captcharesult != $_POST['captchacode']) + $s = 'The confirmation code you entered was incorrect.'; + else + // CAPTCHA code was correct, create the account + $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name']); + if($s == 'success') + { + switch(getConfig('account_activation')) + { + case "none": + default: + $str = 'You may now log in with the username and password that you created.'; + break; + case "user": + $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.'; + break; + case "admin": + $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.'; + break; + } + die_friendly('Registration successful', '

Thank you for registering, your user account has been created. '.$str.'

'); + } + } + $template->header(); + echo 'A user account enables you to have greater control over your browsing experience.'; + $session->kill_captcha(); + $captchacode = $session->make_captcha(); + ?> +

Create a user account

+
+
+ + + '; ?> + + + + '; ?> + + + + +
Please tell us a little bit about yourself.
'.$s.'
Preferred username:Good/bad icon
Password:Good/bad icon
Enter your password again to confirm.
E-mail address:An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.Good/bad icon
Real name:
Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.
Visual confirmation
Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can generate a new image.

If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.
CAPTCHA image
Code:
+
+
+ + footer(); +} + +/* +If you want the old preferences page back, be my guest. +function page_Special_Preferences() { + global $db, $session, $paths, $template, $plugins; // Common objects + $template->header(); + if(isset($_POST['submit'])) { + $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']); + if($data == 'success') echo '

Information

Your profile has been updated. Return to the index page.

'; + else echo $data; + } else { + echo ' +

Edit your profile

+
+ + + + + + + + + +
Username:
Current Password:
You only need to enter your current password if you are changing your e-mail address or changing your password.
New Password:
E-mail:
Real Name:
Signature:
Your signature appears
below your comment posts.
+
+
+ '; + } + $template->footer(); +} +*/ + +function page_Special_Contributions() { + global $db, $session, $paths, $template, $plugins; // Common objects + $template->header(); + $user = $paths->getParam(); + if(!$user && isset($_GET['user'])) + { + $user = $_GET['user']; + } + elseif(!$user && !isset($_GET['user'])) + { + echo 'No user selected!'; + $template->footer(); + $db->close(); + exit; + } + + $user = $db->escape($user); + + $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;'; + if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); + echo 'History of edits and actions

Edits:

'; + if($db->numrows() < 1) echo 'No history entries in this category.'; + while($r = $db->fetchrow()) { + echo ''.$r['date_string'].' (revert) '.$paths->nslist[$r['namespace']].$r['page_id'].': '.$r['edit_summary']; + if($r['minor_edit']) echo ' - minor edit'; + echo '
'; + } + $db->free_result(); + echo '

Other changes:

'; + $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;'; + if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); + if($db->numrows() < 1) echo 'No history entries in this category.'; + while($r = $db->fetchrow()) { + if($r['log_type']=='page') { + echo '(rollback) '.$r['date_string'].' '.$paths->nslist[$r['namespace']].$r['page_id'].': '; + if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary']; + elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary']; + elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary']; + elseif($r['action']=='create') echo 'Created page'; + elseif($r['action']=='delete') echo 'Deleted page'; + if($r['minor_edit']) echo ' - minor edit'; + echo '
'; + } elseif($r['log_type']=='security') { + // Not implemented, and when it is, it won't be public + } + } + $db->free_result(); + $template->footer(); +} + +function page_Special_ChangeStyle() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if(!$session->user_logged_in) die_friendly('Access denied', '

You must be logged in to change your style. Spoofer.

'); + if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) + { + $d = ENANO_ROOT . '/themes/' . $_POST['theme']; + $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; + if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.'); + if(!file_exists($f)) die('The file "'.$f.'" does not exist.'); + $d = $db->escape($_POST['theme']); + $f = $db->escape($_POST['style']); + $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\''; + if(!$db->sql_query($q)) + { + $db->_die('Your theme/style preferences were not updated.'); + } + else + { + redirect(makeUrl($_POST['return_to']), '', '', 0); + } + } + else + { + $template->header(); + $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0); + if(!$ret) $ret = getConfig('main_page'); + ?> +
+ +

Please select a new theme:

+

+ +

+

+

+ +

Please select a stylesheet:

+

+ +

+

+ +

+ +
+ footer(); + } +} + +function page_Special_ActivateAccount() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + $user = $paths->getParam(0); + if(!$user) die_friendly('Account activation error', '

The URL was incorrect.

'); + $key = $paths->getParam(1); + if(!$key) die_friendly('Account activation error', '

The URL was incorrect.

'); + $s = $session->activate_account(str_replace('_', ' ', $user), $key); + if($s > 0) die_friendly('Activation successful', '

Your account is now active. Thank you for registering.

'); + else die_friendly('Activation failed', '

The activation key was probably incorrect.

'); +} + +function page_Special_Captcha() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if($paths->getParam(0) == 'make') + { + $session->kill_captcha(); + echo $session->make_captcha(); + return; + } + $hash = $paths->getParam(0); + if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page(); + $code = $session->get_captcha($hash); + if(!$code) die('Invalid hash or IP address incorrect.'); + require(ENANO_ROOT.'/includes/captcha.php'); + $captcha = new captcha($code); + //header('Content-disposition: attachment; filename=autocaptcha.png'); + $captcha->make_image(); + exit; +} + +function page_Special_PasswordReset() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + $template->header(); + if($paths->getParam(0) == 'stage2') + { + $user_id = intval($paths->getParam(1)); + $encpass = $paths->getParam(2); + if ( $user_id < 2 ) + { + echo '

Hacking attempt

'; + $template->footer(); + return false; + } + if(!preg_match('#^([a-f0-9]+)$#i', $encpass)) + { + echo '

Hacking attempt

'; + $template->footer(); + return false; + } + + $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';'); + if($db->numrows() < 1) + { + echo '

Invalid credentials

'; + $template->footer(); + return false; + } + $row = $db->fetchrow(); + $db->free_result(); + + if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() ) + { + echo '

Password has expired

'; + $template->footer(); + return false; + } + + if ( isset($_POST['do_stage2']) ) + { + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + if($_POST['use_crypt'] == 'yes') + { + $crypt_key = $session->fetch_public_key($_POST['crypt_key']); + if(!$crypt_key) + { + echo 'ERROR: Couldn\'t look up public key for decryption.'; + $template->footer(); + return false; + } + $crypt_key = hexdecode($crypt_key); + $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX); + if(strlen($data) < 6) + { + echo 'ERROR: Your password must be six characters or greater in length.'; + $template->footer(); + return false; + } + } + else + { + $data = $_POST['pass']; + $conf = $_POST['pass_confirm']; + if($data != $conf) + { + echo 'ERROR: The passwords you entered do not match.'; + $template->footer(); + return false; + } + if(strlen($data) < 6) + { + echo 'ERROR: Your password must be six characters or greater in length.'; + $template->footer(); + return false; + } + } + if(empty($data)) + { + echo 'ERROR: Sanity check failed!'; + $template->footer(); + return false; + } + $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX); + $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';'); + + if($q) + { + $session->login_without_crypto($row['username'], $data); + echo '

Your password has been reset. Return to the main page.

'; + } + else + { + echo $db->get_error(); + } + + $template->footer(); + return false; + } + + // Password reset form + $pubkey = $session->rijndael_genkey(); + + ?> +
+
+
+ + + + + + + +
Reset password
Password:
Confirm:
+ + + + +
+
+
+ + footer(); + return true; + } + if(isset($_POST['do_reset'])) + { + if($session->mail_password_reset($_POST['username'])) + { + echo '

An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.

'; + } + else + { + echo '

Error occured, your new password was not sent.

'; + } + $template->footer(); + return true; + } + echo '

Don\'t worry, it happens to the best of us.

+

To reset your password, just enter your username below, and a new password will be e-mailed to you.

+
+

Username: '.$template->username_field('username').'

+

+
'; + $template->footer(); +} + +?> \ No newline at end of file