0
+ − 1 <?php
+ − 2 /*
+ − 3 Plugin Name: Special user/login-related pages
23
+ − 4 Plugin URI: http://enanocms.org/
0
+ − 5 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
+ − 6 Author: Dan Fuhry
+ − 7 Version: 1.0
23
+ − 8 Author URI: http://enanocms.org/
0
+ − 9 */
+ − 10
+ − 11 /*
+ − 12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13 * Version 1.0 release candidate 2
+ − 14 * Copyright (C) 2006-2007 Dan Fuhry
+ − 15 *
+ − 16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18 *
+ − 19 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21 */
+ − 22
+ − 23 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25 $plugins->attachHook('base_classes_initted', '
+ − 26 global $paths;
+ − 27 $paths->add_page(Array(
+ − 28 \'name\'=>\'Log in\',
+ − 29 \'urlname\'=>\'Login\',
+ − 30 \'namespace\'=>\'Special\',
+ − 31 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32 ));
+ − 33 $paths->add_page(Array(
+ − 34 \'name\'=>\'Log out\',
+ − 35 \'urlname\'=>\'Logout\',
+ − 36 \'namespace\'=>\'Special\',
+ − 37 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 38 ));
+ − 39 $paths->add_page(Array(
+ − 40 \'name\'=>\'Register\',
+ − 41 \'urlname\'=>\'Register\',
+ − 42 \'namespace\'=>\'Special\',
+ − 43 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 44 ));
+ − 45 $paths->add_page(Array(
+ − 46 \'name\'=>\'Edit Profile\',
+ − 47 \'urlname\'=>\'Preferences\',
+ − 48 \'namespace\'=>\'Special\',
+ − 49 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 50 ));
+ − 51
+ − 52 $paths->add_page(Array(
+ − 53 \'name\'=>\'Contributions\',
+ − 54 \'urlname\'=>\'Contributions\',
+ − 55 \'namespace\'=>\'Special\',
+ − 56 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 57 ));
+ − 58
+ − 59 $paths->add_page(Array(
+ − 60 \'name\'=>\'Change style\',
+ − 61 \'urlname\'=>\'ChangeStyle\',
+ − 62 \'namespace\'=>\'Special\',
+ − 63 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 64 ));
+ − 65
+ − 66 $paths->add_page(Array(
+ − 67 \'name\'=>\'Activate user account\',
+ − 68 \'urlname\'=>\'ActivateAccount\',
+ − 69 \'namespace\'=>\'Special\',
+ − 70 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 71 ));
+ − 72
+ − 73 $paths->add_page(Array(
+ − 74 \'name\'=>\'Captcha\',
+ − 75 \'urlname\'=>\'Captcha\',
+ − 76 \'namespace\'=>\'Special\',
+ − 77 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 78 ));
+ − 79
+ − 80 $paths->add_page(Array(
+ − 81 \'name\'=>\'Forgot password\',
+ − 82 \'urlname\'=>\'PasswordReset\',
+ − 83 \'namespace\'=>\'Special\',
+ − 84 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 85 ));
+ − 86 ');
+ − 87
+ − 88 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 89
+ − 90 $__login_status = '';
+ − 91
+ − 92 function page_Special_Login()
+ − 93 {
+ − 94 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95 global $__login_status;
+ − 96
+ − 97 $pubkey = $session->rijndael_genkey();
+ − 98 $challenge = $session->dss_rand();
+ − 99
+ − 100 if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
+ − 101 {
+ − 102 $response = Array(
+ − 103 'key' => $pubkey,
+ − 104 'challenge' => $challenge
+ − 105 );
+ − 106 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 107 $response = $json->encode($response);
+ − 108 echo $response;
+ − 109 return null;
+ − 110 }
+ − 111
+ − 112 $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
+ − 113 if ( isset($_POST['login']) )
+ − 114 {
+ − 115 if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
+ − 116 {
+ − 117 $level = intval($_POST['auth_level']);
+ − 118 }
+ − 119 }
+ − 120
+ − 121 if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
+ − 122 {
+ − 123 $level = USER_LEVEL_MEMBER;
+ − 124 }
+ − 125 $template->header();
+ − 126 echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
+ − 127 $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ − 128 if ( isset($_POST['login']) )
+ − 129 {
+ − 130 echo '<p>'.$__login_status.'</p>';
+ − 131 }
+ − 132 if ( $p = $paths->getAllParams() )
+ − 133 {
+ − 134 echo '<input type="hidden" name="return_to" value="'.$p.'" />';
+ − 135 }
+ − 136 else if ( isset($_POST['login']) && isset($_POST['return_to']) )
+ − 137 {
+ − 138 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
+ − 139 }
+ − 140 ?>
+ − 141 <div class="tblholder">
+ − 142 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 143 <tr>
+ − 144 <th colspan="3"><?php echo $header; ?></th>
+ − 145 </tr>
+ − 146 <tr>
+ − 147 <td colspan="3" class="row1">
+ − 148 <?php
+ − 149 if ( $level <= USER_LEVEL_MEMBER )
+ − 150 {
+ − 151 echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ − 152 }
+ − 153 else
+ − 154 {
+ − 155 echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ − 156 }
+ − 157 ?>
+ − 158 </td>
+ − 159 </tr>
+ − 160 <tr>
+ − 161 <td class="row2">
+ − 162 Username:
+ − 163 </td>
+ − 164 <td class="row1">
+ − 165 <input name="username" size="25" type="text" <?php
+ − 166 if ( $level <= USER_LEVEL_MEMBER )
+ − 167 {
+ − 168 echo 'tabindex="1" ';
+ − 169 }
+ − 170 if ( $session->user_logged_in )
+ − 171 {
+ − 172 echo 'value="' . $session->username . '"';
+ − 173 }
+ − 174 ?> />
+ − 175 </td>
+ − 176 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 177 <td rowspan="2" class="row3">
+ − 178 <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
+ − 179 Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ − 180 </td>
+ − 181 <?php } ?>
+ − 182 </tr>
+ − 183 <tr>
+ − 184 <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ − 185 </tr>
+ − 186 <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ − 187 <tr>
+ − 188 <td class="row3" colspan="3">
+ − 189 <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
+ − 190 <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ − 191 </td>
+ − 192 </tr>
+ − 193 <?php } ?>
+ − 194 <tr>
+ − 195 <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="3" /></th>
+ − 196 </tr>
+ − 197 </table>
+ − 198 </div>
+ − 199 <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
+ − 200 <input type="hidden" name="use_crypt" value="no" />
+ − 201 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 202 <input type="hidden" name="crypt_data" value="" />
+ − 203 <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
+ − 204 </form>
+ − 205 <?php
+ − 206 echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
+ − 207 ?>
+ − 208 <?php
+ − 209 $template->footer();
+ − 210 }
+ − 211
+ − 212 function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
+ − 213 {
+ − 214 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 215 global $__login_status;
+ − 216 if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
+ − 217 {
+ − 218 $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
+ − 219 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 220 $data = $json->decode($_POST['params']);
+ − 221 $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
+ − 222 $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ − 223 $session->start();
+ − 224 //echo "$result\n$session->sid_super";
+ − 225 //exit;
+ − 226 if ( $result == 'success' )
+ − 227 {
+ − 228 $response = Array(
+ − 229 'result' => 'success',
+ − 230 'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )
+ − 231 );
+ − 232 }
+ − 233 else
+ − 234 {
+ − 235 $response = Array(
+ − 236 'result' => 'error',
+ − 237 'error' => $result
+ − 238 );
+ − 239 }
+ − 240 $response = $json->encode($response);
+ − 241 echo $response;
+ − 242 $db->close();
+ − 243 exit;
+ − 244 }
+ − 245 if(isset($_POST['login'])) {
+ − 246 if($_POST['use_crypt'] == 'yes')
+ − 247 {
+ − 248 $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ − 249 }
+ − 250 else
+ − 251 {
+ − 252 $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ − 253 }
+ − 254 $session->start();
+ − 255 $paths->init();
+ − 256 if($result == 'success')
+ − 257 {
+ − 258 $template->load_theme($session->theme, $session->style);
+ − 259 if(isset($_POST['return_to']))
+ − 260 {
+ − 261 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
+ − 262 redirect( makeUrl($_POST['return_to']), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ − 263 }
+ − 264 else
+ − 265 {
+ − 266 $paths->main_page();
+ − 267 }
+ − 268 }
+ − 269 else
+ − 270 {
+ − 271 $GLOBALS['__login_status'] = $result;
+ − 272 }
+ − 273 }
+ − 274 }
+ − 275
+ − 276 function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
+ − 277 {
+ − 278 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 279
+ − 280 $response = Array(
+ − 281 'result' => 'success_reset',
+ − 282 'user_id' => $user_id,
+ − 283 'temppass' => $passkey
+ − 284 );
+ − 285
+ − 286 $response = $json->encode($response);
+ − 287 echo $response;
+ − 288
+ − 289 $db->close();
+ − 290
+ − 291 exit;
+ − 292 }
+ − 293
+ − 294 function page_Special_Logout() {
+ − 295 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 296 $l = $session->logout();
+ − 297 if($l == 'success') $paths->main_page();
+ − 298 $template->header();
+ − 299 echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ − 300 $template->footer();
+ − 301 }
+ − 302
30
+ − 303 function page_Special_Register()
+ − 304 {
0
+ − 305 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 306 if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
+ − 307 {
+ − 308 $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
+ − 309 die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ − 310 }
30
+ − 311 if(isset($_POST['submit']))
+ − 312 {
+ − 313 $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
+ − 314
0
+ − 315 $captcharesult = $session->get_captcha($_POST['captchahash']);
+ − 316 if($captcharesult != $_POST['captchacode'])
30
+ − 317 {
0
+ − 318 $s = 'The confirmation code you entered was incorrect.';
30
+ − 319 }
0
+ − 320 else
30
+ − 321 {
+ − 322 if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
+ − 323 {
+ − 324 $s = 'Invalid COPPA input';
+ − 325 }
+ − 326 else
+ − 327 {
+ − 328 $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
+ − 329
+ − 330 // CAPTCHA code was correct, create the account
+ − 331 $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);
+ − 332 }
+ − 333 }
+ − 334 if($s == 'success' && !isset($coppa))
0
+ − 335 {
+ − 336 switch(getConfig('account_activation'))
+ − 337 {
+ − 338 case "none":
+ − 339 default:
+ − 340 $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ − 341 break;
+ − 342 case "user":
+ − 343 $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ − 344 break;
+ − 345 case "admin":
+ − 346 $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ − 347 break;
+ − 348 }
+ − 349 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 350 }
30
+ − 351 else if ( $s == 'success' && $coppa )
+ − 352 {
+ − 353 $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
+ − 354 die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ − 355 }
0
+ − 356 }
+ − 357 $template->header();
+ − 358 echo 'A user account enables you to have greater control over your browsing experience.';
30
+ − 359
+ − 360 if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
+ − 361 {
+ − 362 $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
+ − 363 $session->kill_captcha();
+ − 364 $captchacode = $session->make_captcha();
+ − 365 ?>
+ − 366 <h3>Create a user account</h3>
+ − 367 <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 368 <div class="tblholder">
+ − 369 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 370 <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ − 371 <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
+ − 372 <tr><td class="row1" style="width: 50%;">Preferred username:<span id="e_username"></span></td><td class="row1" style="width: 50%;"><input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" /></td></tr>
+ − 373 <tr><td class="row3" style="width: 50%;" rowspan="2">Password:<span id="e_password"></span></td><td class="row3" style="width: 50%;"><input type="password" name="password" size="30" onkeyup="validateForm();" /></td><td rowspan="2" class="row3" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" /></td></tr>
+ − 374 <tr><td class="row3" style="width: 50%;"><input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small></td></tr>
+ − 375 <tr><td class="row1" style="width: 50%;"><?php if ( $coppa ) echo 'Your parent or guardian\'s e'; else echo 'E'; ?>-mail address:<?php if(getConfig('account_activation')=='user') echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small></td>'; ?><td class="row1" style="width: 50%;"><input type="text" name="email" size="30" onkeyup="validateForm();" /></td><td class="row1" style="max-width: 24px;"><img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" /></td></tr>
+ − 376 <tr><td class="row3" style="width: 50%;">Real name:<br /><small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small><td class="row3" style="width: 50%;"><input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;"></td></tr>
+ − 377 <tr><td class="row1" style="width: 50%;" rowspan="2">Visual confirmation<br /><small>Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br /><br />If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.</small></td><td colspan="2" class="row1"><img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><span id="b_username"></span></td></tr>
+ − 378 <tr><td class="row1" colspan="2">Code: <input name="captchacode" type="text" size="10" /><input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" /></td></tr>
+ − 379 <tr><td class="row2" colspan="3" style="text-align: center;"><input type="submit" name="submit" value="Create my account" /></td></tr>
+ − 380 </table>
+ − 381 </div>
+ − 382 <?php
+ − 383 $val = ( $coppa ) ? 'yes' : 'no';
+ − 384 echo '<input type="hidden" name="coppa" value="' . $val . '" />';
+ − 385 ?>
+ − 386 </form>
+ − 387 <script type="text/javascript">
+ − 388 // <![CDATA[
+ − 389 var namegood = false;
+ − 390 function validateForm()
0
+ − 391 {
30
+ − 392 var frm = document.forms.regform;
+ − 393 failed = false;
+ − 394
+ − 395 // Username
+ − 396 if(!namegood)
0
+ − 397 {
30
+ − 398 if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
+ − 399 {
+ − 400 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 401 document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ − 402 } else {
+ − 403 failed = true;
+ − 404 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 405 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 406 }
+ − 407 }
+ − 408 document.getElementById('b_username').innerHTML = '';
+ − 409 if(hex_md5(frm.real_name.value) == 'fa8e397ae0f6cd5b0f90a3f48178cd7e')
+ − 410 {
+ − 411 document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
+ − 412 }
+ − 413
+ − 414 // Password
+ − 415 if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ − 416 {
+ − 417 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 418 document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
0
+ − 419 } else {
+ − 420 failed = true;
30
+ − 421 if(frm.password.value.length < 6)
+ − 422 document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ − 423 else if(frm.password.value != frm.password_confirm.value)
+ − 424 document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
+ − 425 else
+ − 426 document.getElementById('e_password').innerHTML = '';
+ − 427 document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 428 }
+ − 429
+ − 430 // E-mail address
+ − 431 if(frm.email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ − 432 {
+ − 433 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 434 } else {
+ − 435 failed = true;
+ − 436 document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 437 }
+ − 438 if(failed)
+ − 439 {
+ − 440 frm.submit.disabled = 'disabled';
+ − 441 } else {
+ − 442 frm.submit.disabled = false;
0
+ − 443 }
+ − 444 }
30
+ − 445 function checkUsername()
0
+ − 446 {
30
+ − 447 var frm = document.forms.regform;
+ − 448
+ − 449 if(!namegood)
+ − 450 {
+ − 451 if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ − 452 {
+ − 453 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
+ − 454 document.getElementById('e_username').innerHTML = '';
+ − 455 } else {
+ − 456 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 457 document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ − 458 return false;
+ − 459 }
+ − 460 }
+ − 461
+ − 462 document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ − 463 ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
+ − 464 if(ajax.readyState == 4)
+ − 465 if(ajax.responseText == 'good')
+ − 466 {
+ − 467 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
+ − 468 document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ − 469 namegood = true;
+ − 470 } else if(ajax.responseText == 'bad') {
+ − 471 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
+ − 472 document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ − 473 namegood = false;
+ − 474 } else {
+ − 475 document.getElementById('e_username').innerHTML = ajax.responseText;
+ − 476 }
+ − 477 });
0
+ − 478 }
30
+ − 479 function regenCaptcha()
0
+ − 480 {
30
+ − 481 var frm = document.forms.regform;
+ − 482 document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/"); ?>'+frm.captchahash.value+'/'+Math.floor(Math.random() * 100000);
+ − 483 return false;
0
+ − 484 }
30
+ − 485 validateForm();
+ − 486 setTimeout('checkUsername();', 1000);
+ − 487 // ]]>
+ − 488 </script>
+ − 489 <?php
+ − 490 }
+ − 491 else
+ − 492 {
+ − 493 $year = intval( date('Y') );
+ − 494 $year = $year - 13;
+ − 495 $month = date('F');
+ − 496 $day = date('d');
+ − 497
+ − 498 $yo13_date = "$month $day, $year";
+ − 499 $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
+ − 500 $link_coppa_no = makeUrlNS('Special', 'Register', 'coppa=no', true);
+ − 501
+ − 502 // COPPA enabled, ask age
+ − 503 echo '<div class="tblholder">';
+ − 504 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 505 echo '<tr>
+ − 506 <td class="row1">
+ − 507 Before you can register, please tell us your age.
+ − 508 </td>
+ − 509 </tr>
+ − 510 <tr>
+ − 511 <td class="row3">
+ − 512 <a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
+ − 513 <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ − 514 </td>
+ − 515 </tr>';
+ − 516 echo '</table>';
+ − 517 echo '</div>';
+ − 518 }
0
+ − 519 $template->footer();
+ − 520 }
+ − 521
+ − 522 /*
+ − 523 If you want the old preferences page back, be my guest.
+ − 524 function page_Special_Preferences() {
+ − 525 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 526 $template->header();
+ − 527 if(isset($_POST['submit'])) {
+ − 528 $data = $session->update_user($session->user_id, $_POST['username'], $_POST['current_pass'], $_POST['new_pass'], $_POST['email'], $_POST['real_name'], $_POST['sig']);
+ − 529 if($data == 'success') echo '<h3>Information</h3><p>Your profile has been updated. <a href="'.scriptPath.'/">Return to the index page</a>.</p>';
+ − 530 else echo $data;
+ − 531 } else {
+ − 532 echo '
+ − 533 <h3>Edit your profile</h3>
+ − 534 <form action="'.makeUrl($paths->nslist['Special'].'Preferences').'" method="post">
+ − 535 <table border="0" style="margin-left: 0.2in;">
+ − 536 <tr><td>Username:</td><td><input type="text" name="username" value="'.$session->username.'" /></td></tr>
+ − 537 <tr><td>Current Password:</td><td><input type="password" name="current_pass" /></td></tr>
+ − 538 <tr><td colspan="2"><small>You only need to enter your current password if you are changing your e-mail address or changing your password.</small></td></tr>
+ − 539 <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr>
+ − 540 <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$session->email.'" /></td></tr>
+ − 541 <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$session->real_name.'" /></td></tr>
+ − 542 <tr><td>Signature:<br /><small>Your signature appears<br />below your comment posts.</small></td><td><textarea rows="10" cols="40" name="sig">'.$session->signature.'</textarea></td></tr>
+ − 543 <tr><td colspan="2">
+ − 544 <input type="submit" name="submit" value="Save Changes" /></td></tr>
+ − 545 </table>
+ − 546 </form>
+ − 547 ';
+ − 548 }
+ − 549 $template->footer();
+ − 550 }
+ − 551 */
+ − 552
+ − 553 function page_Special_Contributions() {
+ − 554 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 555 $template->header();
+ − 556 $user = $paths->getParam();
+ − 557 if(!$user && isset($_GET['user']))
+ − 558 {
+ − 559 $user = $_GET['user'];
+ − 560 }
+ − 561 elseif(!$user && !isset($_GET['user']))
+ − 562 {
+ − 563 echo 'No user selected!';
+ − 564 $template->footer();
+ − 565 $db->close();
+ − 566 exit;
+ − 567 }
+ − 568
+ − 569 $user = $db->escape($user);
+ − 570
+ − 571 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action=\'edit\' ORDER BY time_id DESC;';
+ − 572 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 573 echo 'History of edits and actions<h3>Edits:</h3>';
+ − 574 if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 575 while($r = $db->fetchrow()) {
+ − 576 echo '<a href="#" onclick="ajaxHistView(\''.$r['time_id'].'\', \''.$paths->nslist[$r['namespace']].$r['page_id'].'\'); return false;"><i>'.$r['date_string'].'</i></a> (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: '.$r['edit_summary'];
+ − 577 if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 578 echo '<br />';
+ − 579 }
+ − 580 $db->free_result();
+ − 581 echo '<h3>Other changes:</h3>';
+ − 582 $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;';
+ − 583 if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 584 if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 585 while($r = $db->fetchrow()) {
+ − 586 if($r['log_type']=='page') {
+ − 587 echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> <a href="'.makeUrl($paths->nslist[$r['namespace']].$r['page_id']).'">'.$paths->nslist[$r['namespace']].$r['page_id'].'</a>: ';
+ − 588 if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary'];
+ − 589 elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary'];
+ − 590 elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary'];
+ − 591 elseif($r['action']=='create') echo 'Created page';
+ − 592 elseif($r['action']=='delete') echo 'Deleted page';
+ − 593 if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 594 echo '<br />';
+ − 595 } elseif($r['log_type']=='security') {
+ − 596 // Not implemented, and when it is, it won't be public
+ − 597 }
+ − 598 }
+ − 599 $db->free_result();
+ − 600 $template->footer();
+ − 601 }
+ − 602
+ − 603 function page_Special_ChangeStyle()
+ − 604 {
+ − 605 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 606 if(!$session->user_logged_in) die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
+ − 607 if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
+ − 608 {
+ − 609 $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
+ − 610 $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
+ − 611 if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');
+ − 612 if(!file_exists($f)) die('The file "'.$f.'" does not exist.');
+ − 613 $d = $db->escape($_POST['theme']);
+ − 614 $f = $db->escape($_POST['style']);
+ − 615 $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
+ − 616 if(!$db->sql_query($q))
+ − 617 {
+ − 618 $db->_die('Your theme/style preferences were not updated.');
+ − 619 }
+ − 620 else
+ − 621 {
+ − 622 redirect(makeUrl($_POST['return_to']), '', '', 0);
+ − 623 }
+ − 624 }
+ − 625 else
+ − 626 {
+ − 627 $template->header();
+ − 628 $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
+ − 629 if(!$ret) $ret = getConfig('main_page');
+ − 630 ?>
+ − 631 <form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 632 <?php if(!isset($_POST['themeselected'])) { ?>
+ − 633 <h3>Please select a new theme:</h3>
+ − 634 <p>
+ − 635 <select name="theme">
+ − 636 <?php
+ − 637 foreach($template->theme_list as $t) {
+ − 638 if($t['enabled'])
+ − 639 {
+ − 640 echo '<option value="'.$t['theme_id'].'"';
+ − 641 if($t['theme_id'] == $session->theme) echo ' selected="selected"';
+ − 642 echo '>'.$t['theme_name'].'</option>';
+ − 643 }
+ − 644 }
+ − 645 ?>
+ − 646 </select>
+ − 647 </p>
+ − 648 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 649 <input type="submit" name="themeselected" value="Continue" /></p>
+ − 650 <?php } else {
+ − 651 $theme = $_POST['theme'];
+ − 652 if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
+ − 653 die('Hacking attempt');
+ − 654 ?>
+ − 655 <h3>Please select a stylesheet:</h3>
+ − 656 <p>
+ − 657 <select name="style">
+ − 658 <?php
+ − 659 $dir = './themes/'.$theme.'/css/';
+ − 660 $list = Array();
+ − 661 // Open a known directory, and proceed to read its contents
+ − 662 if (is_dir($dir)) {
+ − 663 if ($dh = opendir($dir)) {
+ − 664 while (($file = readdir($dh)) !== false) {
+ − 665 if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 666 $list[] = substr($file, 0, strlen($file)-4);
+ − 667 }
+ − 668 }
+ − 669 closedir($dh);
+ − 670 }
+ − 671 } else die($dir.' is not a dir');
+ − 672 foreach ( $list as $l )
+ − 673 {
+ − 674 echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+ − 675 }
+ − 676 ?>
+ − 677 </select>
+ − 678 </p>
+ − 679 <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+ − 680 <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+ − 681 <input type="submit" name="allclear" value="Change style" /></p>
+ − 682 <?php } ?>
+ − 683 </form>
+ − 684 <?php
+ − 685 $template->footer();
+ − 686 }
+ − 687 }
+ − 688
+ − 689 function page_Special_ActivateAccount()
+ − 690 {
+ − 691 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 692 $user = $paths->getParam(0);
+ − 693 if(!$user) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 694 $key = $paths->getParam(1);
+ − 695 if(!$key) die_friendly('Account activation error', '<p>The URL was incorrect.</p>');
+ − 696 $s = $session->activate_account(str_replace('_', ' ', $user), $key);
+ − 697 if($s > 0) die_friendly('Activation successful', '<p>Your account is now active. Thank you for registering.</p>');
+ − 698 else die_friendly('Activation failed', '<p>The activation key was probably incorrect.</p>');
+ − 699 }
+ − 700
+ − 701 function page_Special_Captcha()
+ − 702 {
+ − 703 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 704 if($paths->getParam(0) == 'make')
+ − 705 {
+ − 706 $session->kill_captcha();
+ − 707 echo $session->make_captcha();
+ − 708 return;
+ − 709 }
+ − 710 $hash = $paths->getParam(0);
+ − 711 if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
+ − 712 $code = $session->get_captcha($hash);
+ − 713 if(!$code) die('Invalid hash or IP address incorrect.');
+ − 714 require(ENANO_ROOT.'/includes/captcha.php');
+ − 715 $captcha = new captcha($code);
+ − 716 //header('Content-disposition: attachment; filename=autocaptcha.png');
+ − 717 $captcha->make_image();
+ − 718 exit;
+ − 719 }
+ − 720
+ − 721 function page_Special_PasswordReset()
+ − 722 {
+ − 723 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 724 $template->header();
+ − 725 if($paths->getParam(0) == 'stage2')
+ − 726 {
+ − 727 $user_id = intval($paths->getParam(1));
+ − 728 $encpass = $paths->getParam(2);
+ − 729 if ( $user_id < 2 )
+ − 730 {
+ − 731 echo '<p>Hacking attempt</p>';
+ − 732 $template->footer();
+ − 733 return false;
+ − 734 }
+ − 735 if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
+ − 736 {
+ − 737 echo '<p>Hacking attempt</p>';
+ − 738 $template->footer();
+ − 739 return false;
+ − 740 }
+ − 741
+ − 742 $q = $db->sql_query('SELECT username,temp_password_time FROM '.table_prefix.'users WHERE user_id='.$user_id.' AND temp_password=\'' . $encpass . '\';');
+ − 743 if($db->numrows() < 1)
+ − 744 {
+ − 745 echo '<p>Invalid credentials</p>';
+ − 746 $template->footer();
+ − 747 return false;
+ − 748 }
+ − 749 $row = $db->fetchrow();
+ − 750 $db->free_result();
+ − 751
+ − 752 if ( ( intval($row['temp_password_time']) + 3600 * 24 ) < time() )
+ − 753 {
+ − 754 echo '<p>Password has expired</p>';
+ − 755 $template->footer();
+ − 756 return false;
+ − 757 }
+ − 758
+ − 759 if ( isset($_POST['do_stage2']) )
+ − 760 {
+ − 761 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 762 if($_POST['use_crypt'] == 'yes')
+ − 763 {
+ − 764 $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
+ − 765 if(!$crypt_key)
+ − 766 {
+ − 767 echo 'ERROR: Couldn\'t look up public key for decryption.';
+ − 768 $template->footer();
+ − 769 return false;
+ − 770 }
+ − 771 $crypt_key = hexdecode($crypt_key);
+ − 772 $data = $aes->decrypt($_POST['crypt_data'], $crypt_key, ENC_HEX);
+ − 773 if(strlen($data) < 6)
+ − 774 {
+ − 775 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 776 $template->footer();
+ − 777 return false;
+ − 778 }
+ − 779 }
+ − 780 else
+ − 781 {
+ − 782 $data = $_POST['pass'];
+ − 783 $conf = $_POST['pass_confirm'];
+ − 784 if($data != $conf)
+ − 785 {
+ − 786 echo 'ERROR: The passwords you entered do not match.';
+ − 787 $template->footer();
+ − 788 return false;
+ − 789 }
+ − 790 if(strlen($data) < 6)
+ − 791 {
+ − 792 echo 'ERROR: Your password must be six characters or greater in length.';
+ − 793 $template->footer();
+ − 794 return false;
+ − 795 }
+ − 796 }
+ − 797 if(empty($data))
+ − 798 {
+ − 799 echo 'ERROR: Sanity check failed!';
+ − 800 $template->footer();
+ − 801 return false;
+ − 802 }
+ − 803 $encpass = $aes->encrypt($data, $session->private_key, ENC_HEX);
+ − 804 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $encpass . '\',temp_password=\'\',temp_password_time=0 WHERE user_id='.$user_id.';');
+ − 805
+ − 806 if($q)
+ − 807 {
+ − 808 $session->login_without_crypto($row['username'], $data);
+ − 809 echo '<p>Your password has been reset. Return to the <a href="' . makeUrl(getConfig('main_page')) . '">main page</a>.</p>';
+ − 810 }
+ − 811 else
+ − 812 {
+ − 813 echo $db->get_error();
+ − 814 }
+ − 815
+ − 816 $template->footer();
+ − 817 return false;
+ − 818 }
+ − 819
+ − 820 // Password reset form
+ − 821 $pubkey = $session->rijndael_genkey();
+ − 822
+ − 823 ?>
+ − 824 <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
+ − 825 <br />
+ − 826 <div class="tblholder">
+ − 827 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 828 <tr><th colspan="2">Reset password</th></tr>
+ − 829 <tr><td class="row1">Password:</td><td class="row1"><input name="pass" type="password" /></td></tr>
+ − 830 <tr><td class="row2">Confirm: </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
+ − 831 <tr>
+ − 832 <td colspan="2" class="row1" style="text-align: center;">
+ − 833 <input type="hidden" name="use_crypt" value="no" />
+ − 834 <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
+ − 835 <input type="hidden" name="crypt_data" value="" />
+ − 836 <input type="submit" name="do_stage2" value="Reset password" />
+ − 837 </td>
+ − 838 </tr>
+ − 839 </table>
+ − 840 </div>
+ − 841 </form>
+ − 842 <script type="text/javascript">
+ − 843 disableJSONExts();
+ − 844 str = '';
+ − 845 for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 846 var key = hexToByteArray(str);
+ − 847 var pt = hexToByteArray(str);
+ − 848 var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 849 var ct = byteArrayToHex(ct);
+ − 850 switch(keySizeInBits)
+ − 851 {
+ − 852 case 128:
+ − 853 v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 854 break;
+ − 855 case 192:
+ − 856 v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 857 break;
+ − 858 case 256:
+ − 859 v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 860 break;
+ − 861 }
+ − 862 var testpassed = ( ct == v && md5_vm_test() );
+ − 863 var frm = document.forms.resetform;
+ − 864 if(testpassed)
+ − 865 {
+ − 866 frm.use_crypt.value = 'yes';
+ − 867 var cryptkey = frm.crypt_key.value;
+ − 868 frm.crypt_key.value = hex_md5(cryptkey);
+ − 869 cryptkey = hexToByteArray(cryptkey);
+ − 870 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 871 {
+ − 872 frm._login.disabled = true;
+ − 873 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 874 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 875 }
+ − 876 }
+ − 877 function runEncryption()
+ − 878 {
+ − 879 pass1 = frm.pass.value;
+ − 880 pass2 = frm.pass_confirm.value;
+ − 881 if ( pass1 != pass2 )
+ − 882 {
+ − 883 alert('The passwords you entered do not match.');
+ − 884 return false;
+ − 885 }
+ − 886 if ( pass1.length < 6 )
+ − 887 {
+ − 888 alert('The new password must be 6 characters or greater in length.');
+ − 889 return false;
+ − 890 }
+ − 891 if(testpassed)
+ − 892 {
+ − 893 pass = frm.pass.value;
+ − 894 pass = stringToByteArray(pass);
+ − 895 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 896 if(!cryptstring)
+ − 897 {
+ − 898 return false;
+ − 899 }
+ − 900 cryptstring = byteArrayToHex(cryptstring);
+ − 901 frm.crypt_data.value = cryptstring;
+ − 902 frm.pass.value = "";
+ − 903 frm.pass_confirm.value = "";
+ − 904 }
+ − 905 return true;
+ − 906 }
+ − 907 </script>
+ − 908 <?php
+ − 909 $template->footer();
+ − 910 return true;
+ − 911 }
+ − 912 if(isset($_POST['do_reset']))
+ − 913 {
+ − 914 if($session->mail_password_reset($_POST['username']))
+ − 915 {
+ − 916 echo '<p>An e-mail has been sent to the e-mail address on file for your username with a new password in it. Please check your e-mail for further instructions.</p>';
+ − 917 }
+ − 918 else
+ − 919 {
+ − 920 echo '<p>Error occured, your new password was not sent.</p>';
+ − 921 }
+ − 922 $template->footer();
+ − 923 return true;
+ − 924 }
+ − 925 echo '<p>Don\'t worry, it happens to the best of us.</p>
+ − 926 <p>To reset your password, just enter your username below, and a new password will be e-mailed to you.</p>
+ − 927 <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 928 <p>Username: '.$template->username_field('username').'</p>
+ − 929 <p><input type="submit" name="do_reset" value="Mail new password" /></p>
+ − 930 </form>';
+ − 931 $template->footer();
+ − 932 }
+ − 933
+ − 934 ?>