plugins/SpecialUserFuncs.php
author Dan
Thu, 16 Apr 2009 22:48:59 -0400
changeset 935 9e124177c9a4
parent 912 95d0d8596c87
child 953 323c4cd1aa37
permissions -rw-r--r--
Cleared up a few discrepancies in page handling, template var init, and how NewsBoy works.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
519
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     2
/**!info**
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     3
{
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     4
  "Plugin Name"  : "plugin_specialuserfuncs_title",
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     5
  "Plugin URI"   : "http://enanocms.org/",
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     6
  "Description"  : "plugin_specialuserfuncs_desc",
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     7
  "Author"       : "Dan Fuhry",
685
17ebe24cdf85 Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Dan
parents: 684
diff changeset
     8
  "Version"      : "1.1.5",
519
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
     9
  "Author URI"   : "http://enanocms.org/"
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
    10
}
94214ec0871c Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents: 517
diff changeset
    11
**!*/
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    13
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
    15
 * Version 1.1.6 (Caoineag beta 1)
536
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 525
diff changeset
    16
 * Copyright (C) 2006-2008 Dan Fuhry
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    18
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
 */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
593
4f9bec0d65c1 More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents: 591
diff changeset
    27
// $plugins->attachHook('session_started', 'SpecialUserFuncs_paths_init();');
590
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    28
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    29
function SpecialUserFuncs_paths_init()
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    30
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    31
  global $paths;
590
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    32
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    33
    'name'=>'specialpage_log_in',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    34
    'urlname'=>'Login',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    35
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    36
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    37
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    38
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    39
    'name'=>'specialpage_log_out',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    40
    'urlname'=>'Logout',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    41
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    42
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    43
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    44
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    45
    'name'=>'specialpage_register',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    46
    'urlname'=>'Register',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    47
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    48
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    49
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    50
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    51
    'name'=>'specialpage_preferences',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    52
    'urlname'=>'Preferences',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    53
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    54
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    55
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    56
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    57
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    58
    'name'=>'specialpage_contributions',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    59
    'urlname'=>'Contributions',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    60
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    61
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    62
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    63
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    64
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    65
    'name'=>'specialpage_change_theme',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    66
    'urlname'=>'ChangeStyle',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    67
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    68
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    69
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    70
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    71
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    72
    'name'=>'specialpage_activate_account',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    73
    'urlname'=>'ActivateAccount',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    74
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    75
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    76
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    77
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    78
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    79
    'name'=>'specialpage_captcha',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    80
    'urlname'=>'Captcha',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    81
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    82
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    83
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    84
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    85
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    86
    'name'=>'specialpage_password_reset',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    87
    'urlname'=>'PasswordReset',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    88
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    89
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    90
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    91
  
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    92
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    93
    'name'=>'specialpage_member_list',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    94
    'urlname'=>'Memberlist',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    95
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    96
    'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    97
    ));
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
    
590
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
    99
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   100
    'name'=>'specialpage_language_export',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   101
    'urlname'=>'LangExportJSON',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   102
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   103
    'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   104
    ));
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
   105
    
590
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   106
  $paths->add_page(Array(
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   107
    'name'=>'specialpage_avatar',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   108
    'urlname'=>'Avatar',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   109
    'namespace'=>'Special',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   110
    'special'=>0,'visible'=>0,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   111
    ));
03a60844c7c5 Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents: 586
diff changeset
   112
}
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   114
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
$__login_status = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   117
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   118
function page_Special_Login()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   119
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   120
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
  global $__login_status;
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   122
  global $lang;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
  
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   124
  $locked_out = false;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   125
  // are we locked out?
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   126
  $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   127
  $duration  = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   128
  // convert to minutes
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   129
  $duration  = $duration * 60;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   130
  $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   131
  if ( $policy != 'disable' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   132
  {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   133
    $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   134
    $timestamp_cutoff = time() - $duration;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   135
    $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   136
    $fails = $db->numrows();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   137
    if ( $fails >= $threshold )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   138
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   139
      $row = $db->fetchrow();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   140
      $locked_out = true;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   141
      $lockdata = array(
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   142
          'locked_out' => true,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   143
          'lockout_threshold' => $threshold,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   144
          'lockout_duration' => ( $duration / 60 ),
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   145
          'lockout_fails' => $fails,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   146
          'lockout_policy' => $policy,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   147
          'lockout_last_time' => $row['timestamp'],
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   148
          'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   149
          'captcha' => ''
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   150
        );
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   151
      if ( $policy == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   152
      {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   153
        $lockdata['captcha'] = $session->make_captcha();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   154
      }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   155
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   156
    $db->free_result();
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   157
  }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   158
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   159
  if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
  {
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   161
    header('Content-type: text/javascript');
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   162
    $username = ( $session->user_logged_in ) ? $session->username : false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   163
    $response = Array(
60
71b50f8c8f85 Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents: 57
diff changeset
   164
      'username' => $username,
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   165
      'key' => $pubkey,
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   166
      'challenge' => $challenge,
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   167
      'locked_out' => false
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   168
      );
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   169
    
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   170
    if ( $locked_out )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   171
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   172
      foreach ( $lockdata as $x => $y )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   173
      {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   174
        $response[$x] = $y;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   175
      }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   176
      unset($x, $y);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   177
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   178
    
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   179
    // 1.1.3: generate diffie hellman key
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   180
    $response['dh_supported'] = $dh_supported;
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   181
    if ( $dh_supported )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   182
    {
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   183
      $dh_key_priv = dh_gen_private();
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   184
      $dh_key_pub = dh_gen_public($dh_key_priv);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   185
      $dh_key_priv = $_math->str($dh_key_priv);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   186
      $dh_key_pub = $_math->str($dh_key_pub);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   187
      $response['dh_public_key'] = $dh_key_pub;
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   188
      // store the keys in the DB
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   189
      $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   190
      if ( !$q )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   191
        $db->die_json();
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   192
    }
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   193
    
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   194
    $response = enano_json_encode($response);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
    echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
    return null;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   198
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   199
  $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   200
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   201
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   202
    if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   203
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   204
      $level = intval($_POST['auth_level']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   205
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   206
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   207
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   208
  if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   209
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   210
    $level = USER_LEVEL_MEMBER;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   211
  }
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   212
  if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   213
    $paths->main_page();
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   214
  $template->header();
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   215
  echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="try{runEncryption();}catch(e){};">';
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   216
  $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   217
  if ( isset($_POST['login']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
  {
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   219
    $errstring = $__login_status['error'];
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   220
    switch($__login_status['error'])
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   221
    {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   222
      case 'key_not_found':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   223
        $errstring = $lang->get('user_err_key_not_found');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   224
        break;
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   225
      case 'ERR_DH_KEY_NOT_FOUND':
586
234ddd896555 Made encryption work in form-based logon again; modified load_component() to fetch compressed versions when possible
Dan
parents: 573
diff changeset
   226
        $errstring = $lang->get('user_err_dh_key_not_found'); // . " -- {$__login_status['debug']}";
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   227
        break;
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   228
      case 'ERR_DH_KEY_NOT_INTEGER':
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   229
        $errstring = $lang->get('user_err_dh_key_not_numeric');
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   230
        break;
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   231
      case 'key_wrong_length':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   232
        $errstring = $lang->get('user_err_key_wrong_length');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   233
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   234
      case 'too_big_for_britches':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   235
        $errstring = $lang->get('user_err_too_big_for_britches');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   236
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   237
      case 'invalid_credentials':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   238
        $errstring = $lang->get('user_err_invalid_credentials');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   239
        if ( $__login_status['lockout_policy'] == 'lockout' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   240
        {
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   241
          $errstring .= $lang->get('err_invalid_credentials_lockout', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   242
        }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   243
        else if ( $__login_status['lockout_policy'] == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   244
        {
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   245
          $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('fails' => $__login_status['lockout_fails']));
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   246
        }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   247
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   248
      case 'backend_fail':
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   249
        $errstring = $lang->get('user_err_backend_fail');
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   250
        break;
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   251
      case 'locked_out':
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   252
        $attempts = intval($__login_status['lockout_fails']);
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   253
        if ( $attempts > $__login_status['lockout_threshold'])
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   254
          $attempts = $__login_status['lockout_threshold'];
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   255
        
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   256
        $server_time = time();
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   257
        $time_rem = ( intval(@$__login_status['lockout_last_time']) == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   258
        if ( $time_rem < 1 )
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   259
          $time_rem = $__login_status['lockout_duration'];
182
c69730750be3 Fixed the security hole (really, I'm a moron - used $failed > $threshold instead of $failed >= $threashold) and patched up some...erm... math issues
Dan
parents: 179
diff changeset
   260
        
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   261
        $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   262
        
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   263
        $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('user_err_locked_out_captcha_blurb') : '';
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   264
        $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   265
        
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   266
        break;
843
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   267
      default:
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   268
        $errstring = $lang->get($errstring);
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   269
        break;
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   270
    }
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   271
    echo '<div class="error-box-mini">'.$errstring.'</div>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   272
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   273
  if ( $p = $paths->getAllParams() )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
    echo '<input type="hidden" name="return_to" value="'.$p.'" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   277
  else if ( isset($_POST['login']) && isset($_POST['return_to']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
    echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   280
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   281
  ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
    <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   283
      <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   284
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   285
          <th colspan="3"><?php echo $header; ?></th>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   286
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   288
          <td colspan="3" class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   289
            <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   290
            if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   291
            {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   292
              echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   293
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   294
            else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   295
            {
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   296
              echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   297
            }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   298
            ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   299
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   300
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   301
        <tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   302
          <td class="row2">
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   303
            <?php echo $lang->get('user_login_field_username'); ?>:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   304
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   305
          <td class="row1">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   306
            <input name="username" size="25" type="text" <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   307
              if ( $level <= USER_LEVEL_MEMBER )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   308
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   309
                echo 'tabindex="1" ';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   310
              }
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   311
              else
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   312
              {
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   313
                echo 'tabindex="3" ';
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   314
              }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   315
              if ( $session->user_logged_in )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   316
              {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   317
                echo 'value="' . $session->username . '"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   318
              }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   319
              ?> />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   320
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   321
          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   322
          <td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   323
            <small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   324
            <?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   325
          </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   326
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   327
        </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   328
        <tr>
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   329
          <td class="row2">
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   330
            <?php echo $lang->get('user_login_field_password'); ?>:
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   331
          </td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   332
         </tr>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   333
         <?php
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   334
         if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   335
         {
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   336
           ?>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   337
           <tr>
209
8a00247d1dee Login page mostly localized
Dan
parents: 193
diff changeset
   338
             <td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   339
           </tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   340
           <tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   341
             <td class="row3">
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   342
               <img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   343
             </td>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   344
           </tr>
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   345
           <?php
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   346
         }
843
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   347
         $code = $plugins->setHook('login_form_html');
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   348
         foreach ( $code as $cmd )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   349
         {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   350
           eval($cmd);
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   351
         }
688
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   352
         if ( $level <= USER_LEVEL_MEMBER )
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   353
         {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   354
           // "remember me" switch
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   355
           // first order of business is to determine what the checkbox should say
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   356
           $session_time = intval(getConfig('session_remember_time', '30'));
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   357
           if ( $session_time === 0 )
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   358
           {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   359
             // sessions are infinite
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   360
             $text_remember = $lang->get('user_login_check_remember_infinite');
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   361
           }
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   362
           else
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   363
           {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   364
             // is the number of days evenly divisible by 7? if so, use weeks
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   365
             if ( $session_time % 7 == 0 )
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   366
             {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   367
               $session_time = $session_time / 7;
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   368
               $unit = 'week';
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   369
             }
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   370
             else
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   371
             {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   372
               $unit = 'day';
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   373
             }
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   374
             // if it's not equal to 1, pluralize it
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   375
             if ( $session_time != 1 )
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   376
             {
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   377
               $unit .= 's';
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   378
             }
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   379
             $text_remember = $lang->get('user_login_check_remember', array(
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   380
                 'session_length' => $session_time,
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   381
                 'length_units' => $lang->get("etc_unit_$unit")
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   382
               ));
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   383
           }
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   384
           ?>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   385
           <tr>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   386
             <td class="row2">
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   387
               <?php echo $lang->get('user_login_field_remember'); ?>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   388
             </td>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   389
             <td class="row1" colspan="2">
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   390
               <label>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   391
                 <input type="checkbox" name="remember" tabindex="3" />
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   392
                 <?php echo $text_remember; ?>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   393
               </label>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   394
             </td>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   395
           </tr>
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   396
           <?php
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   397
         }
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   398
         if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   399
         {
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   400
           echo '<tr>
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   401
             <td class="row3" colspan="3">';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   402
             
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   403
           $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   404
           $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   405
           echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   406
           echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   407
           
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   408
           echo '  </td>
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   409
           </tr>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   410
         }
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   411
         else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   412
         {
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   413
           echo '<tr>
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   414
             <td class="row3" colspan="3">';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   415
             
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   416
           $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   417
           $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   418
           echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   419
           echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   420
           
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   421
           echo '  </td>
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   422
           </tr>';
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   423
         }
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   424
         else if ( $level > USER_LEVEL_MEMBER && !strstr($_SERVER['HTTP_USER_AGENT'], 'iPhone') && $dh_supported )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   425
         {
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   426
           echo '<tr>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   427
           echo '<td class="row3" colspan="3">';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   428
           echo '<p>' . $lang->get('user_login_dh_notice') . '</p>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   429
           echo '</td>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   430
           echo '</tr>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   431
         }
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   432
         ?>
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   433
         
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   434
         <tr>
688
f2a824ce5f18 Added customizable parameters for session length and the long-missing "remember me" option (or rather, the ability to turn it off and make sessions temporary)
Dan
parents: 685
diff changeset
   435
           <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '4' : '2'; ?>" /></th>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   436
         </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   437
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   438
    </div>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   439
      <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   440
      <?php if ( $level <= USER_LEVEL_MEMBER ): ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   441
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   442
        document.forms.loginform.username.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   443
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   444
      <?php else: ?>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   445
      <script type="text/javascript">
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   446
        document.forms.loginform.pass.focus();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   447
      </script>
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 30
diff changeset
   448
      <?php endif; ?>
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   449
      <?php
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   450
      echo $session->generate_aes_form();
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   451
      
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   452
      // Any additional parameters that need to be passed back?
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   453
      if ( $p = $paths->getAllParams() )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   454
      {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   455
        // ... only if we have a return_to destination.
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   456
        $get_fwd = $_GET;
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   457
        unset($get_fwd['do']);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   458
        if ( isset($get_fwd['target_do']) )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   459
        {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   460
          $get_fwd['do'] = $get_fwd['target_do'];
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   461
          unset($get_fwd['target_do']);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   462
        }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   463
        if ( isset($get_fwd['level']) )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   464
          unset($get_fwd['level']);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   465
        if ( isset($get_fwd['title']) )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   466
          unset($get_fwd['title']);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   467
        
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   468
        if ( !empty($get_fwd) )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   469
        {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   470
          $get_string = htmlspecialchars(enano_json_encode($get_fwd));
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   471
          echo '<input type="hidden" name="get_fwd" value="' . $get_string . '" />';
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   472
        }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   473
      }
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   474
      ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   475
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   476
    <?php
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   477
      echo $session->aes_javascript('loginform', 'pass');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   478
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   479
  <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   480
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   481
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   482
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   483
function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   484
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   485
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   486
  global $__login_status;
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   487
  global $lang;
604
6a90893622f0 Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents: 593
diff changeset
   488
  require_once( ENANO_ROOT . '/includes/math.php' );
6a90893622f0 Fixed missing require() on math.php in SpecialUserFuncs
Dan
parents: 593
diff changeset
   489
  
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   490
  if ( $paths->getParam(0) === 'action.json' )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   491
  {
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   492
    if ( !isset($_POST['r']) )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   493
      die('No request.');
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   494
    
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   495
    $request = $_POST['r'];
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   496
    try
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   497
    {
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   498
      $request = enano_json_decode($request);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   499
    }
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   500
    catch ( Exception $e )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   501
    {
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   502
      die(enano_json_encode(array(
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   503
          'mode' => 'error',
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   504
          'error' => 'ERR_JSON_PARSE_FAILED'
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   505
        )));
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   506
    }
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   507
    
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   508
    echo enano_json_encode($session->process_login_request($request));
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   509
    
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   510
    $db->close();
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   511
    exit;
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   512
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   513
  if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   514
  {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   515
    echo 'This version of the Enano LoginAPI is deprecated. Please clear your browser\'s cache and try your login again. Developers, please use the action.json method instead.';
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   516
    return true;
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   517
  }
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   518
  if(isset($_POST['login']))
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   519
  {
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   520
    $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   521
    $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   522
    
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   523
    try
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   524
    {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   525
      $password = $session->get_aes_post('pass');
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   526
    }
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   527
    catch ( Exception $e )
507
586fd7d3202d Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
parents: 504
diff changeset
   528
    {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   529
      $__login_status = array(
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   530
        'mode' => 'error',
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   531
        'error' => $e->getMessage()
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   532
      );
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   533
      return false;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   534
    }
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
   535
    
843
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   536
    // These are to allow auth plugins to work universally between JSON and HTML login forms
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   537
    $userinfo =& $_POST;
845
a4460ba8ada2 Set password in userinfo to allow auth plugins to see it (some really do need it)
Dan
parents: 843
diff changeset
   538
    $userinfo['password'] =& $password;
843
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   539
    $req = array(
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   540
      'level' => intval($_POST['auth_level']),
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   541
      'remember' => isset($_POST['remember'])
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   542
    );
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   543
    
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   544
    // At this point if any extra fields were injected into the login form, we need to let plugins process it
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   545
    
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   546
    /**
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   547
     * Called upon processing an incoming login request from the plain HTML login form.. If you added anything to the form,
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   548
     * that will be in the $userinfo array here and on $_POST. Expected return values are: true if your plugin has
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   549
     * not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   550
     * with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   551
     * than these will be ignored.
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   552
     * @hook login_process_userdata_json
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   553
     */
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   554
     
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   555
    $skip_normal_login = false;
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   556
    
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   557
    $code = $plugins->setHook('login_process_userdata_json');
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   558
    foreach ( $code as $cmd )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   559
    {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   560
      $result = eval($cmd);
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   561
      if ( $result === true )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   562
      {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   563
        $skip_normal_login = true;
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   564
        $result = array('success' => true);
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   565
        break;
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   566
      }
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   567
      else if ( is_array($result) )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   568
      {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   569
        if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   570
        {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   571
          $__login_status = array(
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   572
            'mode' => 'error',
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   573
            'error' => $result['error']
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   574
          );
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   575
          return false;
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   576
        }
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   577
      }
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   578
    }
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   579
    
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   580
    if ( !$skip_normal_login )
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   581
    {
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   582
      $result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code, isset($_POST['remember']));
4415e50e4e84 Added possibility for auth plugins, which can log a user in using non-standard authentication methods.
Dan
parents: 832
diff changeset
   583
    }
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   584
    
179
36b287f1d85c [F] Added support for account lockouts. User is locked out or required to complete a CAPTCHA after specified threshold for specified period.
Dan
parents: 133
diff changeset
   585
    if($result['success'])
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   586
    {
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 371
diff changeset
   587
      $session->start();
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 371
diff changeset
   588
      
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   589
      $get_add = false;
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   590
      if ( isset($_POST['get_fwd']) )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   591
      {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   592
        try
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   593
        {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   594
          $get_fwd = enano_json_decode($_POST['get_fwd']);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   595
          $get_add = '';
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   596
          foreach ( $get_fwd as $key => $value )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   597
          {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   598
            $get_add .= "&{$key}=" . urlencode($value);
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   599
          }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   600
          $get_add = ltrim($get_add, '&');
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   601
        }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   602
        catch ( Exception $e )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   603
        {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   604
        }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   605
      }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   606
      
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   607
      $template->load_theme($session->theme, $session->style);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   608
      if(isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   609
      {
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   610
        $name = ( isPage($_POST['return_to']['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   611
        $subst = array(
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   612
            'username' => $session->username,
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   613
            'redir_target' => $name
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   614
          );
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   615
        redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   616
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   617
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   618
      {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   619
        $subst = array(
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   620
            'username' => $session->username,
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   621
            'redir_target' => $lang->get('user_login_success_body_mainpage')
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   622
          );
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 845
diff changeset
   623
        redirect( makeUrl(get_main_page(), $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   624
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   625
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   626
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   627
    {
521
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   628
      if ( $result['error'] === 'valid_reset' )
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   629
      {
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   630
        header('HTTP/1.1 302 Temporary Redirect');
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   631
        header('Location: ' . $result['redirect_url']);
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   632
        
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   633
        $db->close();
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   634
        exit();
d264784355e5 Implemented the password-reset redirect _properly_ instead of the hackish direct header() call in sessions.php
Dan
parents: 517
diff changeset
   635
      }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   636
      $GLOBALS['__login_status'] = $result;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   637
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   638
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   639
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   640
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   641
function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   642
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   643
  $response = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   644
      'result' => 'success_reset',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   645
      'user_id' => $user_id,
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   646
      'temppass' => $passkey
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   647
    );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   648
  
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   649
  $response = enano_json_encode($response);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   650
  echo $response;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   651
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   652
  $db->close();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   653
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   654
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   655
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   656
function page_Special_Logout()
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   657
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   658
  global $db, $session, $paths, $template, $plugins; // Common objects
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
   659
  global $lang;
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   660
  
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   661
  if ( !$session->user_logged_in )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   662
    $paths->main_page();
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   663
  
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   664
  $token = $paths->getParam(0);
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   665
  if ( $token !== $session->csrf_token )
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   666
  {
573
43e7254afdb4 Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
parents: 562
diff changeset
   667
    csrf_request_confirm();
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   668
  }
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   669
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   670
  $l = $session->logout();
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   671
  if ( $l == 'success' )
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   672
  {
741
a216e412c439 Added ability to have alternate main page for members
Dan
parents: 701
diff changeset
   673
    $url = makeUrl(get_main_page(), false, true);
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   674
    if ( $paths->getParam(1) )
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   675
    {
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   676
      $pi = explode('/', $paths->getAllParams());
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   677
      $pi = implode('/', array_values(array_slice($pi, 1)));
436
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   678
      list($pid, $ns) = RenderMan::strToPageID($pi);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   679
      $perms = $session->fetch_page_acl($pid, $ns);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   680
      if ( $perms->get_permissions('read') )
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   681
      {
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   682
        $url = makeUrl($pi, false, true);
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   683
      }
242353360e37 Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents: 430
diff changeset
   684
    }
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
   685
    redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 3);
93
95c4d91bd954 Redirections to the main page use the redirect() function now
Dan
parents: 85
diff changeset
   686
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   687
  $template->header();
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   688
  echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   689
  echo '<p>' . $l . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   690
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   691
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   692
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   693
function page_Special_Register()
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   694
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   695
  global $db, $session, $paths, $template, $plugins; // Common objects
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   696
  global $lang;
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   697
  
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   698
  if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
701
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
   699
  {
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
   700
    $paths->main_page();
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
   701
  }
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
   702
  
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   703
  // form field trackers
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   704
  $username = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   705
  $email = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   706
  $realname = '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   707
  
348
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   708
  $terms = getConfig('register_tou');
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   709
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   710
  if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   711
  {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   712
    $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   713
    die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   714
  }
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   715
  // are we locked out from logging in? if so, also lock out registration
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   716
  if ( getConfig('lockout_policy') === 'lockout' )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   717
  {
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   718
    $ip = $db->escape($_SERVER['REMOTE_ADDR']);
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   719
    $threshold = time() - ( 60 * intval(getConfig('lockout_duration')) );
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   720
    $limit = intval(getConfig('lockout_threshold'));
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   721
    $q = $db->sql_query('SELECT * FROM ' . table_prefix . "lockout WHERE timestamp >= $threshold ORDER BY timestamp DESC;");
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   722
    if ( !$q )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   723
      $db->_die();
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   724
    if ( $db->numrows() >= $limit )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   725
    {
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   726
      $row = $db->fetchrow();
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   727
      $db->free_result();
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   728
      $time_rem = intval(getConfig('lockout_duration')) - round((time() - $row['timestamp']) / 60);
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   729
      die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_locked_out', array('time' => $time_rem)) . '</p>');
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   730
    }
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   731
    $db->free_result();
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
   732
  }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   733
  if(isset($_POST['submit'])) 
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   734
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   735
    $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   736
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   737
    $captcharesult = $session->get_captcha($_POST['captchahash']);
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
   738
    $session->kill_captcha();
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   739
    // bypass captcha if logged in (at this point, if logged in, we're admin)
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   740
    if ( !$session->user_logged_in && strtolower($captcharesult) != strtolower($_POST['captchacode']) )
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   741
    {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   742
      $s = $lang->get('user_reg_err_captcha');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   743
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   744
    else
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   745
    {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   746
      if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   747
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   748
        $s = 'Invalid COPPA input';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   749
      }
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   750
      else if ( !$session->user_logged_in && !empty($terms) && !isset($_POST['tou_agreed']) )
348
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   751
      {
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   752
        $s = $lang->get('user_reg_err_accept_tou');
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   753
      }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   754
      else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   755
      {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   756
        $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   757
        $s = false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   758
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   759
        // decrypt password
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   760
        // as with the change pass form, we aren't going to bother checking the confirmation code because if the passwords didn't match
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   761
        // and yet the password got encrypted, that means the user screwed with the code, and if the user screwed with the code and thus
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   762
        // forgot his password, that's his problem.
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   763
        
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   764
        if ( $_POST['use_crypt'] == 'yes' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   765
        {
286
b2f985e4cef3 Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents: 270
diff changeset
   766
          $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   767
          $crypt_key = $session->fetch_public_key($_POST['crypt_key']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   768
          if ( !$crypt_key )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   769
          {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   770
            $s = $lang->get('user_reg_err_missing_key');
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   771
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   772
          else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   773
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   774
            $data = $_POST['crypt_data'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   775
            $bin_key = hexdecode($crypt_key);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   776
            //die("Decrypting with params: key $crypt_key, data $data");
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   777
            $password = $aes->decrypt($data, $bin_key, ENC_HEX);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   778
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   779
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   780
        else
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   781
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   782
          $password = $_POST['password'];
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   783
        }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   784
        
799
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   785
        $error =& $s;
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   786
        
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   787
        /**
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   788
         * Validation of POST data coming from registration. Put an error message in the variable $error to stop registration.
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   789
         * @hook ucp_register_validate
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   790
         */
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   791
        
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   792
        $code = $plugins->setHook('ucp_register_validate');
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   793
        foreach ( $code as $cmd )
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   794
        {
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   795
          eval($cmd);
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   796
        }
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   797
        
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   798
        // All things verified, create account
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   799
        if ( !$s )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   800
          $s = $session->create_user($_POST['username'], $password, $_POST['email'], $_POST['real_name'], $coppa);
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   801
      }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   802
    }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
   803
    if($s == 'success' && !$coppa)
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   804
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   805
      switch(getConfig('account_activation'))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   806
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   807
        case "none":
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   808
        default:
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   809
          $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   810
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   811
        case "user":
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   812
          $str = $lang->get('user_reg_msg_success_activ_user');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   813
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   814
        case "admin":
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   815
          $str = $lang->get('user_reg_msg_success_activ_admin');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   816
          break;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   817
      }
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   818
      die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   819
    }
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   820
    else if ( $s == 'success' && $coppa )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   821
    {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   822
      $str = $lang->get('user_reg_msg_success_activ_coppa');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   823
      die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   824
    }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   825
    $username = htmlspecialchars($_POST['username']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   826
    $email    = htmlspecialchars($_POST['email']);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   827
    $realname = htmlspecialchars($_POST['real_name']);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   828
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   829
  $template->header();
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   830
  echo $lang->get('user_reg_msg_greatercontrol');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   831
  
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   832
  if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   833
  {
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   834
    $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   835
    $session->kill_captcha();
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   836
    $captchacode = $session->make_captcha();
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   837
    
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   838
    $pubkey = $session->rijndael_genkey();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   839
    $challenge = $session->dss_rand();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   840
    
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   841
    ?>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   842
      <h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   843
      <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   844
        <div class="tblholder">
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   845
          <table border="0" width="100%" cellspacing="1" cellpadding="4">
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   846
            <tr><th colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   847
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
   848
            <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   849
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   850
            <!-- FIELD: Username -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   851
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   852
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   853
                <?php echo $lang->get('user_reg_lbl_field_username'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   854
                <span id="e_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   855
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   856
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   857
                <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   858
              </td>
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
   859
              <td class="row1" style="width: 1px;">
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
   860
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_username" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   861
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   862
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   863
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   864
            <!-- FIELD: Password -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   865
            <tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   866
              <td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   867
                <?php echo $lang->get('user_reg_lbl_field_password'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   868
                <span id="e_password"></span>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   869
                <?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   870
                <small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   871
                <?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   872
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   873
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   874
                <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   875
              </td>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   876
              <td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
   877
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_password" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   878
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   879
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   880
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   881
            <!-- FIELD: Password confirmation -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   882
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   883
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   884
                <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   885
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   886
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   887
            
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   888
            <!-- FIELD: Password strength meter -->
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   889
            
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   890
            <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   891
            <tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   892
              <td class="row3" style="width: 50%;">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   893
                <div id="pwmeter"></div>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   894
              </td>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   895
            </tr>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   896
            <?php endif; ?>
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   897
            
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   898
            <!-- FIELD: E-mail address -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   899
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   900
              <td class="row1" style="width: 50%;">
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   901
                <?php
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   902
                  if ( $coppa )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   903
                  {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   904
                    echo $lang->get('user_reg_lbl_field_email_coppa');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   905
                  }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   906
                  else
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   907
                  {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   908
                    echo $lang->get('user_reg_lbl_field_email');
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   909
                  }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   910
                ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   911
                <?php
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   912
                  if ( ( $x = getConfig('account_activation') ) == 'user' )
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   913
                  {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   914
                    echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   915
                  }
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   916
                ?>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   917
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   918
              <td class="row1" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   919
                <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   920
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   921
              <td class="row1" style="max-width: 24px;">
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
   922
                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_email" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   923
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   924
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   925
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   926
            <!-- FIELD: Real name -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   927
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   928
              <td class="row3" style="width: 50%;">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   929
                <?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   930
                <small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   931
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   932
              <td class="row3" style="width: 50%;">
799
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   933
                <input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" />
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   934
              </td>
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   935
              <td class="row3" style="max-width: 24px;">
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   936
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   937
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   938
            
799
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   939
            <?php
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   940
            /**
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   941
             * Allows adding fields to the user registration form. Form is built with Enano tables, 3 columns. (Rightmost can be left empty or if you're using Javascript validation an image you can update with your own Javascript code)
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   942
             * @hook ucp_register_form
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   943
             */
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   944
            
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   945
            $code = $plugins->setHook('ucp_register_form');
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   946
            foreach ( $code as $cmd )
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   947
            {
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   948
              eval($cmd);
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   949
            }
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   950
            ?>
4629ad98ee88 Added a couple of hooks for the registration form.
Dan
parents: 782
diff changeset
   951
            
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   952
            <!-- FIELD: CAPTCHA image -->
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   953
            <?php
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   954
            if ( !$session->user_logged_in ):
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   955
            ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   956
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   957
              <td class="row1" style="width: 50%;" rowspan="2">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   958
                <?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   959
                <small>
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   960
                  <?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   961
                  <br />
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   962
                  <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   963
                </small>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   964
              </td>
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   965
              <td class="row1">
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   966
                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><br />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   967
                <span id="b_username"></span>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   968
              </td>
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   969
              <td class="row1">
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   970
              </td>
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   971
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   972
            
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   973
            <!-- FIELD: CAPTCHA input field -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   974
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   975
              <td class="row1" colspan="2">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
   976
                <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
   977
                <input tabindex="6" name="captchacode" type="text" size="10" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   978
                <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   979
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   980
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
   981
            
348
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   982
            <!-- FIELD: TOU -->
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   983
            
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   984
            <?php
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   985
            if ( !empty($terms) ):
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   986
            ?>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   987
            
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   988
            <tr>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   989
              <td class="row1" colspan="3">
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   990
                <?php
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   991
                echo $lang->get('user_reg_msg_please_read_tou');
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   992
                ?>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   993
              </td>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   994
            </tr>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   995
            
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   996
            <tr>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   997
              <td class="row3" colspan="3">
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   998
                <div style="border: 1px solid #000000; height: 75px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;">
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
   999
                  <?php
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1000
                  echo RenderMan::render($terms);
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1001
                  ?>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1002
                </div>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1003
                <p style="text-align: center;">
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1004
                  <label>
371
dc6026376919 Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents: 359
diff changeset
  1005
                    <input tabindex="7" type="checkbox" name="tou_agreed" />
348
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1006
                    <b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1007
                  </label>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1008
                </p>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1009
              </td>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1010
            </tr>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1011
            
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1012
            <?php
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1013
            endif; // !empty($terms)
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1014
            endif; // $session->user_logged_in
348
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1015
            ?>
87e08a6e4fec Welcome to the new Enano installer. Much distance still to be covered but the basics are there.
Dan
parents: 345
diff changeset
  1016
            
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1017
            <!-- FIELD: submit button -->
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1018
            <tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1019
              <th class="subhead" colspan="3" style="text-align: center;">
371
dc6026376919 Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents: 359
diff changeset
  1020
                <input tabindex="8" type="submit" name="submit" value="<?php echo $lang->get('user_reg_btn_create_account'); ?>" />
101
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1021
              </td>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1022
            </tr>
bb4e677a4da9 Dramatically cleaned up HTML in registration form; cheat code to activate Bill Gates easter egg is now "William Henry Gates III"... OOPS!! hehe
Dan
parents: 93
diff changeset
  1023
            
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1024
          </table>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1025
        </div>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1026
        <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1027
          $val = ( $coppa ) ? 'yes' : 'no';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1028
          echo '<input type="hidden" name="coppa" value="' . $val . '" />';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1029
        ?>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1030
        <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1031
        <input type="hidden" name="use_crypt" value="no" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1032
        <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1033
        <input type="hidden" name="crypt_data" value="" />
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1034
      <script type="text/javascript">
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1035
        // ENCRYPTION CODE
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1036
        function runEncryption()
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1037
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1038
          var frm = document.forms.regform;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1039
          if ( frm.password.value.length < 1 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1040
            return true;
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1041
          pass1 = frm.password.value;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1042
          pass2 = frm.password_confirm.value;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1043
          if ( pass1 != pass2 )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1044
          {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1045
            alert($lang.get('user_reg_err_alert_password_nomatch'));
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1046
            return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1047
          }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1048
          if ( pass1.length < 6 && pass1.length > 0 )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1049
          {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1050
            alert($lang.get('user_reg_err_alert_password_tooshort'));
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1051
            return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1052
          }
614
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1053
          if(aes_self_test())
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1054
          {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1055
            frm.use_crypt.value = 'yes';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1056
            var cryptkey = frm.crypt_key.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1057
            frm.crypt_key.value = hex_md5(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1058
            cryptkey = hexToByteArray(cryptkey);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1059
            if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1060
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1061
              frm.submit.disabled = true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1062
              len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1063
              alert('The key is messed up\nType: '+typeof(cryptkey)+len);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1064
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1065
            pass = frm.password.value;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1066
            pass = stringToByteArray(pass);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1067
            cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1068
            if(!cryptstring)
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1069
            {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1070
              return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1071
            }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1072
            cryptstring = byteArrayToHex(cryptstring);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1073
            frm.crypt_data.value = cryptstring;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1074
            frm.password.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1075
            frm.password_confirm.value = "";
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1076
          }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1077
          return true;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1078
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1079
        </script>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1080
      </form>
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1081
      <!-- Don't optimize this script, it fails when compressed -->
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1082
      <enano:no-opt>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1083
        <script type="text/javascript">
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1084
          // <![CDATA[
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1085
          var namegood = false;
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1086
          function validateForm(field)
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1087
          {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1088
            if ( typeof(field) != 'object' )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1089
            {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1090
              field = {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1091
                name: '_nil',
459
31c23016ab62 Upgraded tinyMCE to 3.0.1 in hopes of fixing IE race conditions. Fixed a couple minor syntax errors in Javascript objects declared in various places.
Dan
parents: 458
diff changeset
  1092
                value: '_nil'
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1093
              }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1094
            }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1095
            // wait until $lang is initted
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1096
            if ( typeof($lang) != 'object' )
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1097
            {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1098
              setTimeout('validateForm();', 200);
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1099
              return false;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1100
            }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1101
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1102
            failed = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1103
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1104
            // Username
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1105
            if(!namegood && ( field.name == 'username' || field.name == '_nil' ) ) 
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1106
            {
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1107
              //if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
  1108
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1109
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1110
              {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1111
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1112
                document.getElementById('e_username').innerHTML = '&nbsp;';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1113
              } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1114
                failed = true;
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1115
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1116
                document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1117
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1118
            }
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1119
            if ( document.getElementById('b_username') )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1120
            {
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1121
              document.getElementById('b_username').innerHTML = '';
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1122
              if(hex_md5(frm.real_name.value) == '5a397df72678128cf0e8147a2befd5f1')
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1123
              {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1124
                document.getElementById('b_username').innerHTML = '<br /><br />Hey...I know you!<br /><img alt="" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/7f/Bill_Gates_2004_cr.jpg/220px-Bill_Gates_2004_cr.jpg" />';
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
  1125
              }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1126
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1127
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1128
            // Password
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1129
            if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1130
            {
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1131
              if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1132
              {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1133
                document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/check.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1134
                document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1135
              } else {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1136
                failed = true;
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1137
                if(frm.password.value.length < 6)
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1138
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1139
                  document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1140
                }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1141
                else if(frm.password.value != frm.password_confirm.value)
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1142
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1143
                  document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1144
                }
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1145
                else
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1146
                {
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1147
                  document.getElementById('e_password').innerHTML = '';
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1148
                }
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1149
                document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1150
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1151
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1152
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1153
            // E-mail address
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1154
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1155
            // workaround for idiot jEdit bug
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1156
            if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1157
            {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1158
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/check.png';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1159
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1160
              failed = true;
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1161
              document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/checkbad.png';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1162
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1163
            if(failed)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1164
            {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1165
              frm.submit.disabled = 'disabled';
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1166
            } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1167
              frm.submit.disabled = false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1168
            }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1169
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1170
          function checkUsername()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1171
          {
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1172
            var frm = document.forms.regform;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1173
            
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1174
            if(!namegood)
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1175
            {
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
  1176
              var regex = new RegExp('^([^<>&\?]+){2,}$', 'ig');
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 263
diff changeset
  1177
              if ( frm.username.value.match(regex) )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1178
              {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1179
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkunk.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1180
                document.getElementById('e_username').innerHTML = '&nbsp;';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1181
              } else {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1182
                document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1183
                document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1184
                return false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1185
              }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1186
            }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1187
            
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1188
            document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1189
            ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
407
35d94240a197 Mass-fixed all AJAX functions to also check the HTTP status code before parsing the response
Dan
parents: 404
diff changeset
  1190
              if ( ajax.readyState == 4 && ajax.status == 200 )
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1191
                if(ajax.responseText == 'good')
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1192
                {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1193
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/check.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1194
                  document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1195
                  namegood = true;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1196
                } else if(ajax.responseText == 'bad') {
404
fb4f9e6f378f Made the form validation icons (check/X/?) more visually appealing. IE-friendliness is still on the TODO list.
Dan
parents: 402
diff changeset
  1197
                  document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/checkbad.png';
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1198
                  document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1199
                  namegood = false;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1200
                } else {
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1201
                  document.getElementById('e_username').innerHTML = ajax.responseText;
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1202
                }
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1203
            });
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1204
          }
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1205
          function regenCaptcha()
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1206
          {
448
f725a16e4a20 Fixed broken regenCaptcha() in Special:Register
Dan
parents: 324
diff changeset
  1207
            var frm = document.forms.regform;
517
c6118b9e13bd Fixed bad captcha refresh code on registration page
Dan
parents: 507
diff changeset
  1208
            document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1209
            return false;
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1210
          }
614
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1211
          addOnloadHook(function()
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1212
            {
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1213
              <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1214
              var frm = document.forms.regform;
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1215
              load_component('pwstrength');
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1216
              password_score_field(frm.password);
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1217
              <?php endif; ?>
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1218
              load_component('crypto');
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1219
              validateForm();
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1220
              setTimeout('checkUsername();', 1000);
78d1e71dc720 Got user registration working with the new componentized JS framework
Dan
parents: 604
diff changeset
  1221
            });
125
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1222
          // ]]>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1223
        </script>
fb31c951d3a2 Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents: 116
diff changeset
  1224
      </enano:no-opt>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1225
    <?php
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1226
  }
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1227
  else
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1228
  {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1229
    $year = intval( enano_date('Y') );
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1230
    $year = $year - 13;
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1231
    $month = enano_date('F');
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1232
    $day = enano_date('d');
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1233
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1234
    $yo13_date = "$month $day, $year";
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1235
    $link_coppa_yes = makeUrlNS('Special', 'Register', 'coppa=yes', true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1236
    $link_coppa_no  = makeUrlNS('Special', 'Register', 'coppa=no',  true);
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1237
    
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1238
    // COPPA enabled, ask age
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1239
    echo '<div class="tblholder">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1240
    echo '<table border="0" cellspacing="1" cellpadding="4">';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1241
    echo '<tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1242
            <td class="row1">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1243
              ' . $lang->get('user_reg_coppa_title') . '
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1244
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1245
          </tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1246
          <tr>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1247
            <td class="row3">
221
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1248
              <a href="' . $link_coppa_no  . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
e5302cb1945c Localized a good part, if not all, of the registration page and a couple other things.
Dan
parents: 210
diff changeset
  1249
              <a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
30
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1250
            </td>
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1251
          </tr>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1252
    echo '</table>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1253
    echo '</div>';
7e8fd44b36b0 COPPA support added
Dan
parents: 23
diff changeset
  1254
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1255
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1256
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1257
909
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 908
diff changeset
  1258
function page_Special_Contributions()
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 908
diff changeset
  1259
{
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1260
  global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1261
  global $lang;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1262
  
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1263
  // This is a vast improvement over the old Special:Contributions in 1.0.x.
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1264
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1265
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1266
  $user = $paths->getParam();
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1267
  if ( !$user && isset($_GET['user']) )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1268
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1269
    $user = $_GET['user'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1270
  }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1271
  else if ( !$user && !isset($_GET['user']) )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1272
  {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1273
    echo '<p>' . $lang->get('userfuncs_contribs_err_no_user') . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1274
    $template->footer();
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1275
    return;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1276
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1277
  
909
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 908
diff changeset
  1278
  $url = makeUrlNS("Special", "Log/user={$user}");
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 908
diff changeset
  1279
  redirect($url, '', '', 0);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1280
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1281
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1282
function page_Special_ChangeStyle()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1283
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1284
  global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1285
  global $lang;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1286
  
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1287
  if ( !$session->user_logged_in )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1288
  {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1289
    die_friendly('Access denied', '<p>You must be logged in to change your style. Spoofer.</p>');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1290
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1291
  if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1292
  {
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1293
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1294
      die('Hacking attempt');
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1295
    if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) )
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 60
diff changeset
  1296
      die('Hacking attempt');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1297
    $d = ENANO_ROOT . '/themes/' . $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1298
    $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css';
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1299
    if ( !file_exists($d) || !is_dir($d) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1300
    {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1301
      die('The directory "'.$d.'" does not exist.');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1302
    }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1303
    if ( !file_exists($f) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1304
    {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1305
      die('The file "'.$f.'" does not exist.');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1306
    }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1307
    $d = $db->escape($_POST['theme']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1308
    $f = $db->escape($_POST['style']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1309
    $q = 'UPDATE '.table_prefix.'users SET theme=\''.$d.'\',style=\''.$f.'\' WHERE username=\''.$session->username.'\'';
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1310
    if ( !$db->sql_query($q) )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1311
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1312
      $db->_die('Your theme/style preferences were not updated.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1313
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1314
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1315
    {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1316
      redirect(makeUrl($_POST['return_to']), $lang->get('userfuncs_changetheme_success_title'), $lang->get('userfuncs_changetheme_success_body'), 3);
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1317
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1318
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1319
  else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1320
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1321
    $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1322
      $ret = ( isset($_POST['return_to']) ) ? $_POST['return_to'] : $paths->getParam(0);
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1323
      if ( !$ret )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1324
      {
741
a216e412c439 Added ability to have alternate main page for members
Dan
parents: 701
diff changeset
  1325
        $ret = get_main_page();
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1326
      }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1327
      ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1328
        <form action="<?php echo makeUrl($paths->page); ?>" method="post">
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1329
          <?php if ( !isset($_POST['themeselected']) ) { ?>
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1330
            <h3><?php echo $lang->get('userfuncs_changetheme_heading_theme'); ?></h3>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1331
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1332
              <select name="theme">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1333
               <?php
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1334
                foreach ( $template->theme_list as $t )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1335
                {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1336
                  if ( $t['enabled'] )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1337
                  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1338
                    echo '<option value="'.$t['theme_id'].'"';
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1339
                    if ( $t['theme_id'] == $session->theme )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1340
                    {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1341
                      echo ' selected="selected"';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1342
                    }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1343
                    echo '>' . $t['theme_name'] . '</option>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1344
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1345
                }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1346
               ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1347
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1348
            </p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1349
            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1350
               <input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1351
          <?php } else { 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1352
            $theme = $_POST['theme'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1353
            if ( !preg_match('/^([0-9A-z_-]+)$/i', $theme ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1354
              die('Hacking attempt');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1355
            ?>
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1356
            <h3><?php echo $lang->get('userfuncs_changetheme_heading_style'); ?></h3>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1357
            <p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1358
              <select name="style">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1359
                <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1360
                  $dir = './themes/'.$theme.'/css/';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1361
                  $list = Array();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1362
                  // Open a known directory, and proceed to read its contents
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1363
                  if (is_dir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1364
                    if ($dh = opendir($dir)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1365
                      while (($file = readdir($dh)) !== false) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1366
                        if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1367
                          $list[] = substr($file, 0, strlen($file)-4);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1368
                        }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1369
                      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1370
                      closedir($dh);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1371
                    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1372
                  } else die($dir.' is not a dir');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1373
                  foreach ( $list as $l )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1374
                  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1375
                    echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1376
                  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1377
                ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1378
              </select>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1379
            </p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1380
            <p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1381
               <input type="hidden" name="theme" value="<?php echo $theme; ?>" />
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1382
               <input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1383
          <?php } ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1384
        </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1385
      <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1386
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1387
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1388
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1389
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1390
function page_Special_ActivateAccount()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1391
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1392
  global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1393
  global $lang;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1394
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1395
  $user = $paths->getParam(0);
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1396
  if ( !$user )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1397
  {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1398
    die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1399
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1400
  $key = $paths->getParam(1);
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1401
  if ( !$key )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1402
  {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1403
    die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_badlink_body') . '</p>');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1404
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1405
  $s = $session->activate_account(str_replace('_', ' ', $user), $key);
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1406
  if ( $s > 0 )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1407
  {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1408
    die_friendly($lang->get('userfuncs_activate_success_title'), '<p>' . $lang->get('userfuncs_activate_success_body') . '</p>');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1409
  }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1410
  else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1411
  {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1412
    die_friendly($lang->get('userfuncs_activate_err_badlink_title'), '<p>' . $lang->get('userfuncs_activate_err_bad_key') . '</p>');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1413
  }
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1414
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1415
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1416
function page_Special_Captcha()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1417
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1418
  global $db, $session, $paths, $template, $plugins; // Common objects
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1419
  if ( $paths->getParam(0) == 'make' )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1420
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1421
    $session->kill_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1422
    echo $session->make_captcha();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1423
    return;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1424
  }
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1425
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1426
  $hash = $paths->getParam(0);
401
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1427
  if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1428
  {
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1429
    $paths->main_page();
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1430
  }
402
d907601ccad2 Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents: 401
diff changeset
  1431
d907601ccad2 Fixed some captcha bugs and made all captcha fields case-insensitive
Dan
parents: 401
diff changeset
  1432
  $session->make_captcha(7, $hash);  
401
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1433
  $code = $session->generate_captcha_code();
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1434
  $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1435
  if ( !$q )
401
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1436
    $db->_die();
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1437
  
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 192
diff changeset
  1438
  require ( ENANO_ROOT.'/includes/captcha.php' );
401
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1439
  $captcha = captcha_object($hash, 'freecap');
472
bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents: 459
diff changeset
  1440
  // $captcha->debug = true;
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1441
  $captcha->make_image();
401
6ae6e387a0e3 Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
parents: 387
diff changeset
  1442
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1443
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1444
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1445
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1446
function page_Special_PasswordReset()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1447
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1448
  global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1449
  global $lang;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1450
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1451
  $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1452
  if($paths->getParam(0) == 'stage2')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1453
  {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1454
    require_once(ENANO_ROOT . '/includes/math.php');
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1455
    require_once(ENANO_ROOT . '/includes/diffiehellman.php');
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1456
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1457
    $user_id = intval($paths->getParam(1));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1458
    $encpass = $paths->getParam(2);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1459
    if ( $user_id < 2 )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1460
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1461
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1462
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1463
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1464
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1465
    if(!preg_match('#^([a-f0-9]+)$#i', $encpass))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1466
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1467
      echo '<p>Hacking attempt</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1468
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1469
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1470
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1471
    
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1472
    $q = $db->sql_query('SELECT username,temp_password_time,temp_password,password_salt FROM '.table_prefix.'users WHERE user_id='.$user_id.';');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1473
    if($db->numrows() < 1)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1474
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1475
      echo '<p>Invalid credentials</p>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1476
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1477
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1478
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1479
    $row = $db->fetchrow();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1480
    $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1481
    
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1482
    $temp_pass = $session->pk_decrypt($encpass);
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1483
    $temp_hmac = hmac_sha1($temp_pass, $row['password_salt']);
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1484
    
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1485
    if ( $temp_hmac !== $row['temp_password'] )
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1486
    {
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1487
      echo '<p>Invalid credentials</p>';
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1488
      $template->footer();
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1489
      return false;
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1490
    }
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1491
    
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1492
    if ( ( intval($row['temp_password_time']) + ( 3600 * 24 ) ) < time() )
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1493
    {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1494
      echo '<p>' . $lang->get('userfuncs_passreset_err_pass_expired', array('reset_url' => makeUrlNS('Special', 'PasswordReset'))) . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1495
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1496
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1497
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1498
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1499
    if ( isset($_POST['do_stage2']) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1500
    {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1501
      $data = $session->get_aes_post('pass');
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1502
      
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1503
      if(empty($data))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1504
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1505
        echo 'ERROR: Sanity check failed!';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1506
        $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1507
        return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1508
      }
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1509
      if ( strlen($data) < 6 )
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1510
      {
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1511
        echo '<p>' . $lang->get('userfuncs_passreset_err_too_short') . '</p>';
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1512
        $template->footer();
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1513
        return false;
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1514
      }
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1515
      if ( $_POST['use_crypt'] == 'no' )
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1516
      {
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1517
        if ( $_POST['pass'] !== $_POST['pass_confirm'] )
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1518
        {
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1519
          echo '<p>' . $lang->get('userfuncs_passreset_err_no_match') . '</p>';
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1520
          $template->footer();
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1521
          return false;
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1522
        }
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1523
      }
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1524
      if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1525
      {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1526
        $min_score = intval(getConfig('pw_strength_minimum'));
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1527
        $inp_score = password_score($data);
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1528
        if ( $inp_score < $min_score )
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1529
        {
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1530
          $url = makeUrl($paths->fullpage);
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1531
          echo "<p>" . $lang->get('userfuncs_passreset_err_failed_score', array('inp_score' => $inp_score, 'url' => $url)) . "</p>";
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1532
          $template->footer();
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1533
          return false;
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1534
        }
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1535
      }
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1536
      
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1537
      $session->set_password($user_id, $data);
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1538
      
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1539
      $q = $db->sql_query('UPDATE '.table_prefix.'users SET temp_password=\'\',temp_password_time=0 WHERE user_id = '.$user_id.';');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1540
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1541
      if($q)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1542
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1543
        $session->login_without_crypto($row['username'], $data);
741
a216e412c439 Added ability to have alternate main page for members
Dan
parents: 701
diff changeset
  1544
        echo '<p>' . $lang->get('userfuncs_passreset_stage2_success', array('url_mainpage' => makeUrl(get_main_page()))) . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1545
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1546
      else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1547
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1548
        echo $db->get_error();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1549
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1550
      
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1551
      $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1552
      return false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1553
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1554
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1555
    // Password reset form
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1556
    $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" ' : '';
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1557
    $pw_meter =      ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td class="row1">' . $lang->get('userfuncs_passreset_stage2_lbl_strength') . '</td><td class="row1"><div id="pwmeter"></div></td></tr>' : '';
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1558
    $pw_blurb =      ( getConfig('pw_strength_enable') == '1' && intval(getConfig('pw_strength_minimum')) > -10 ) ? '<br /><small>' . $lang->get('userfuncs_passreset_stage2_blurb_strength') . '</small>' : '';
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1559
    
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1560
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1561
    <form action="<?php echo makeUrl($paths->fullpage); ?>" method="post" name="resetform" onsubmit="return runEncryption();">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1562
      <br />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1563
      <div class="tblholder">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1564
        <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1565
          <tr><th colspan="2"><?php echo $lang->get('userfuncs_passreset_stage2_th'); ?></th></tr>
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1566
          <tr><td class="row1"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_password'); ?> <?php echo $pw_blurb; ?></td><td class="row1"><input name="pass" type="password" <?php echo $evt_get_score; ?>/></td></tr>
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1567
          <tr><td class="row2"><?php echo $lang->get('userfuncs_passreset_stage2_lbl_confirm'); ?> </td><td class="row2"><input name="pass_confirm" type="password" /></td></tr>
133
af0f6ec48de3 Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents: 126
diff changeset
  1568
          <?php echo $pw_meter; ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1569
          <tr>
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1570
            <td colspan="2" class="row3" style="text-align: center;">
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1571
              
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1572
              <input type="submit" name="do_stage2" value="<?php echo $lang->get('userfuncs_passreset_stage2_btn_submit'); ?>" />
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1573
            </td>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1574
          </tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1575
        </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1576
      </div>
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1577
      <?php echo $session->generate_aes_form(); ?>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1578
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1579
    <script type="text/javascript">
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1580
    addOnloadHook(function()
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1581
      {
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1582
        load_component('pwstrength');
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1583
        password_score_field(document.forms.resetform.pass);
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1584
      });
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1585
    </script>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1586
    <?php
801
eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents: 799
diff changeset
  1587
    echo $session->aes_javascript('resetform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public_key', 'dh_client_public_key');
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1588
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1589
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1590
  }
701
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
  1591
  if ( $session->user_logged_in )
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
  1592
  {
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
  1593
    $paths->main_page();
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
  1594
  }
dd80cde96a6c Autocomplete further stabilized. Made Special:PasswordReset and Special:Register prevent use if logged in.
Dan
parents: 688
diff changeset
  1595
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1596
  if(isset($_POST['do_reset']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1597
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1598
    if($session->mail_password_reset($_POST['username']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1599
    {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1600
      echo '<p>' . $lang->get('userfuncs_passreset_stage1_success') . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1601
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1602
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1603
    {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1604
      echo '<p>' . $lang->get('userfuncs_passreset_stage1_error') . '</p>';
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1605
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1606
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1607
    return true;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1608
  }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1609
  echo '<p>' . $lang->get('userfuncs_passreset_blurb_line1') . '</p>
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1610
        <p>' . $lang->get('userfuncs_passreset_blurb_line2') . '</p>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1611
        <form action="'.makeUrl($paths->page).'" method="post" onsubmit="if(!submitAuthorized) return false;">
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1612
          <p>' . $lang->get('userfuncs_passreset_lbl_username') . '  '.$template->username_field('username').'</p>
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1613
          <p><input type="submit" name="do_reset" value="' . $lang->get('userfuncs_passreset_btn_mailpasswd') . '" /></p>
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1614
        </form>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1615
  $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1616
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1617
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1618
function page_Special_Memberlist()
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1619
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1620
  global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1621
  global $lang;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1622
  
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1623
  $template->header();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1624
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1625
  $startletters = 'abcdefghijklmnopqrstuvwxyz';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1626
  $startletters = enano_str_split($startletters);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1627
  $startletter = ( isset($_GET['letter']) ) ? strtolower($_GET['letter']) : '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1628
  if ( !in_array($startletter, $startletters) && $startletter != 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1629
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1630
    $startletter = '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1631
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1632
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1633
  $startletter_sql = $startletter;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1634
  if ( $startletter == 'chr' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1635
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1636
    $startletter_sql = '([^a-z])';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1637
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1638
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1639
  // offset
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1640
  $offset = ( isset($_GET['offset']) && strval(intval($_GET['offset'])) === $_GET['offset']) ? intval($_GET['offset']) : 0;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1641
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1642
  // sort order
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1643
  $sortkeys = array(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1644
      'uid' => 'u.user_id',
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1645
      'username' => 'u.username',
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1646
      'email' => 'u.email',
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1647
      'regist' => 'u.reg_time'
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1648
    );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1649
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1650
  $sortby = ( isset($_GET['sort']) && isset($sortkeys[$_GET['sort']]) ) ? $_GET['sort'] : 'username';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1651
  $sort_sqllet = $sortkeys[$sortby];
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1652
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1653
  $target_order = ( isset($_GET['orderby']) && in_array($_GET['orderby'], array('ASC', 'DESC')) )? $_GET['orderby'] : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1654
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1655
  $sortorders = array();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1656
  foreach ( $sortkeys as $k => $_unused )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1657
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1658
    $sortorders[$k] = ( $sortby == $k ) ? ( $target_order == 'ASC' ? 'DESC' : 'ASC' ) : 'ASC';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1659
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1660
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1661
  // Why 3.3714%? 100 percent / 28 cells, minus a little (0.2% / cell) to account for cell spacing
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1662
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1663
  echo '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1664
          <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1665
            <tr>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1666
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=&sort=' . $sortby . '&orderby=' . $target_order, true) . '">All</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1667
  echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=chr&sort=' . $sortby . '&orderby=' . $target_order, true) . '">#</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1668
  foreach ( $startletters as $letter )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1669
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1670
    echo '<td class="row1" style="width: 3.3714%;"><a href="' . makeUrlNS('Special', 'Memberlist', 'letter=' . $letter . '&sort=' . $sortby . '&orderby=' . $target_order, true) . '">' . strtoupper($letter) . '</a></td>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1671
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1672
  echo '    </tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1673
          </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1674
        </div>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1675
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1676
  // User search             
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1677
  if ( isset($_GET['finduser']) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1678
  {
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1679
    $finduser = str_replace(array(  '%',   '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1680
                            array('\\%', '\\_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1681
                            $_GET['finduser']);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1682
    $finduser = str_replace(array('*', '?'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1683
                            array('%', '_'),
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1684
                            $finduser);
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1685
    $finduser = $db->escape($finduser);
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1686
    $username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1687
    $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1688
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1689
  else
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1690
  {
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1691
    if ( ENANO_DBLAYER == 'MYSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1692
      $username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1693
    else if ( ENANO_DBLAYER == 'PGSQL' )
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1694
      $username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1695
    $finduser_url = '';
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1696
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1697
  
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1698
  // Column markers
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1699
  $headings = '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1700
                 <th style="max-width: 50px;">
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1701
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=uid&orderby=' . $sortorders['uid'], true) . '">#</a>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1702
                 </th>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1703
                 <th>
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1704
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=username&orderby=' . $sortorders['username'], true) . '">' . $lang->get('userfuncs_ml_column_username') . '</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1705
                 </th>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1706
                 <th>
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1707
                   ' . $lang->get('userfuncs_ml_column_userlevel') . '
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1708
                 </th>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1709
                 <th>
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1710
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=email&orderby=' . $sortorders['email'], true) . '">' . $lang->get('userfuncs_ml_column_email') . '</a>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1711
                 </th>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1712
                 <th>
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1713
                   <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">' . $lang->get('userfuncs_ml_column_regtime') . '</a>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1714
                 </th>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1715
               </tr>';
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1716
               
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1717
  // determine number of rows
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1718
  $q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1719
  if ( !$q )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1720
    $db->_die();
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1721
  
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1722
  $num_rows = $db->numrows();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1723
  $db->free_result();
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1724
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1725
  if ( !empty($finduser_url) )
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1726
  {
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1727
    switch ( $num_rows )
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1728
    {
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1729
      case 0:
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1730
        $str = $lang->get('userfuncs_ml_msg_matches_zero'); break;
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1731
      case 1:
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1732
        $str = $lang->get('userfuncs_ml_msg_matches_one'); break;
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1733
      default:
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1734
        $str = $lang->get('userfuncs_ml_msg_matches', array('matches' => $num_rows)); break;
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1735
    }
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1736
    echo "<h3>$str</h3>";
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1737
  }
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1738
  
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1739
  // main selector
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1740
  $pgsql_additional_group_by = ( ENANO_DBLAYER == 'PGSQL' ) ? ', u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public' : '';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1741
  $q = $db->sql_unbuffered_query('SELECT \'\' AS infobit, u.user_id, u.username, u.reg_time, u.email, u.user_level, u.user_has_avatar, u.avatar_type, x.email_public, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1742
                                    LEFT JOIN '.table_prefix.'users_extra AS x
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1743
                                      ON ( u.user_id = x.user_id )
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1744
                                    LEFT JOIN ' . table_prefix . 'comments AS c
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1745
                                      ON ( u.user_id = c.user_id )
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1746
                                    WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1747
                                    GROUP BY u.user_id' . $pgsql_additional_group_by . '
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1748
                                    ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';');
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1749
  if ( !$q )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1750
    $db->_die();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1751
  
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1752
  // formatter parameters
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1753
  $formatter = new MemberlistFormatter();
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1754
  $formatters = array(
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1755
    'username' => array($formatter, 'username'),
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1756
    'user_level' => array($formatter, 'user_level'),
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1757
    'email' => array($formatter, 'email'),
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1758
    'reg_time' => array($formatter, 'reg_time'),
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1759
    'infobit' => array($formatter, 'infobit')
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1760
    );
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1761
  
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1762
  $html = paginate(
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1763
            $q,                                                                                                       // MySQL result resource
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1764
            '<tr>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1765
               <td class="{_css_class}">{user_id}</td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1766
               <td class="{_css_class}" style="text-align: left;">{username}</td>
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1767
               <td class="{_css_class}">{user_level}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1768
               <td class="{_css_class}">{email}</small></td>
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1769
               <td class="{_css_class}">{reg_time}</td>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1770
             </tr>
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1771
             <tr>
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1772
               <td colspan="5" class="row3" style="text-align: left;">
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1773
                 <div id="ml_moreinfo_{user_id}" style="display: none;">
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1774
                   {infobit}
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1775
                 </div>
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1776
               </td>
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1777
             </tr>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1778
             ',                                                                                                       // TPL code for rows
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1779
             $num_rows,                                                                                               // Number of results
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1780
             makeUrlNS('Special', 'Memberlist', ( str_replace('%', '%%', $finduser_url) ) . 'letter=' . $startletter . '&offset=%s&sort=' . $sortby . '&orderby=' . $target_order ), // Result URL
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1781
             $offset,                                                                                                 // Start at this number
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1782
             25,                                                                                                      // Results per page
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1783
             $formatters,                                                                                             // Formatting hooks
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1784
             '<div class="tblholder">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1785
                <table border="0" cellspacing="1" cellpadding="4" style="text-align: center;">
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1786
                  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1787
                 ',                                                                                                   // Header (printed before rows)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1788
             '  ' . $headings . '
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1789
                 </table>
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1790
              </div>
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1791
              ' .
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1792
              '<div style="float: left;">
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1793
                <form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 317
diff changeset
  1794
               . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
115
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 111
diff changeset
  1795
               . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '')
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1796
               . '<p>' . $lang->get('userfuncs_ml_lbl_finduser') . ' ' . $template->username_field('finduser') . ' <input type="submit" value="' . $lang->get('userfuncs_ml_btn_go') . '" /><br />
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1797
                  <small>' . $lang->get('userfuncs_ml_tip_wildcard') . '</small></p>'
105
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1798
               . '</form>
f7750e454168 Added search function for memberlist
Dan
parents: 103
diff changeset
  1799
               </div>'                                                                                                // Footer (printed after rows)
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1800
          );
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1801
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1802
  if ( $num_rows < 1 )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1803
  {
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1804
    echo ( isset($_GET['finduser']) ) ? '<p>' . $lang->get('userfuncs_ml_err_nousers_find') . '</p>' :
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1805
                                        '<p>' . $lang->get('userfuncs_ml_err_nousers') . '</p>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1806
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1807
  else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1808
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1809
    echo $html;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1810
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1811
  
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1812
  $template->footer();
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1813
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1814
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1815
/**
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1816
 * Class for formatting results for the memberlist.
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1817
 * @access private
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1818
 */
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1819
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1820
class MemberlistFormatter
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1821
{
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1822
  function username($username, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1823
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1824
    global $db, $session, $paths, $template, $plugins; // Common objects
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1825
    global $lang;
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1826
    
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1827
    $userpage = $paths->nslist['User'] . sanitize_page_id($username);
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1828
    $class = ( isPage($userpage) ) ? '' : ' class="wikilink-nonexistent"';
743
0acb5d0f8328 Fixed: Special:Memberlist still used SpryEffects
Dan
parents: 741
diff changeset
  1829
    $anchor = '<a href="' . makeUrlNS('User', sanitize_page_id($username)) . '"' . $class . ' onclick="load_component(\'jquery\'); load_component(\'jquery-ui\'); var el = document.getElementById(\'ml_moreinfo_' . $row['user_id'] . '\'); $(el).toggle(\'blind\'); return false;">' . htmlspecialchars($username) . '</a>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1830
    if ( $session->user_level >= USER_LEVEL_ADMIN )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1831
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1832
      $anchor .= ' <small>- <a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&username=' . urlencode($username), true) . '"
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1833
                               onclick="ajaxAdminUser(\'' . addslashes(htmlspecialchars($username)) . '\'); return false;">' . $lang->get('userfuncs_ml_btn_adminuser') . '</a></small>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1834
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1835
    return $anchor;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1836
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1837
  function user_level($level, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1838
  {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1839
    global $db, $session, $paths, $template, $plugins; // Common objects
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1840
    global $lang;
908
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1841
    /*
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1842
    switch ( $level )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1843
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1844
      case USER_LEVEL_GUEST:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1845
        $s_level = $lang->get('userfuncs_ml_level_guest'); break;
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1846
      case USER_LEVEL_MEMBER:
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1847
      case USER_LEVEL_CHPREF:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1848
        $s_level = $lang->get('userfuncs_ml_level_member'); break;
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1849
      case USER_LEVEL_MOD:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1850
        $s_level = $lang->get('userfuncs_ml_level_mod'); break;
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1851
      case USER_LEVEL_ADMIN:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1852
        $s_level = $lang->get('userfuncs_ml_level_admin'); break;
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1853
      default:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1854
        $s_level = $lang->get('userfuncs_ml_level_unknown', array( 'level' => $level ));
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1855
    }
908
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1856
    */
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1857
    
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1858
    // TODO: Requested by mm3. Is this too CPU-intensive? Optimize?
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1859
    //       Performance yield =/= about the same (but only 4 users under testing conditions)
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1860
    $rankdata = $session->get_user_rank($row['user_id']);
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1861
    $s_level = '<span style="' . $rankdata['rank_style'] . '">' . $lang->get($rankdata['rank_title']) . '</span>';
44302dd20d62 Memberlist now shows rank instead of user level in "Title" column. (thanks mm3)
Dan
parents: 907
diff changeset
  1862
    
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1863
    return $s_level;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1864
  }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1865
  function email($addy, $row)
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1866
  {
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1867
    global $lang;
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1868
    if ( $row['email_public'] == '1' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1869
    {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1870
      global $email;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1871
      $addy = $email->encryptEmail($addy);
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1872
      return $addy;
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1873
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1874
    else
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1875
    {
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1876
      return '<small>&lt;' . $lang->get('userfuncs_ml_email_nonpublic') . '&gt;</small>';
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1877
    }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1878
  }
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1879
  /**
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1880
   * Format a time as a reference to a day, with user-friendly "X days ago"/"Today"/"Yesterday" returned when relevant.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1881
   * @param int UNIX timestamp
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1882
   * @return string
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1883
   */
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1884
  
912
95d0d8596c87 File rollbacks should be all up to date now.
Dan
parents: 909
diff changeset
  1885
  public static function format_date($time)
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1886
  {
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1887
    global $lang;
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1888
    // Our formattting string to pass to enano_date()
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1889
    // This should not include minute/second info, only today's date in whatever format suits your fancy
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1890
    $formatstring = 'F j, Y';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1891
    // Today's date
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1892
    $today = enano_date($formatstring);
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1893
    // Yesterday's date
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1894
    $yesterday = enano_date($formatstring, (time() - (24*60*60)));
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1895
    // Date on the input
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1896
    $then = enano_date($formatstring, $time);
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1897
    // "X days ago" logic
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1898
    for ( $i = 2; $i <= 6; $i++ )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1899
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1900
      // hours_in_day * minutes_in_hour * seconds_in_minute * num_days
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1901
      $offset = 24 * 60 * 60 * $i;
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1902
      $days_ago = enano_date($formatstring, (time() - $offset));
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1903
      // so does the input timestamp match the date from $i days ago?
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1904
      if ( $then == $days_ago )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1905
      {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1906
        // yes, return $i
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1907
        return $lang->get('userfuncs_ml_date_daysago', array('days_ago' => $i));
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1908
      }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1909
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1910
    // either yesterday, today, or before 6 days ago
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1911
    switch($then)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1912
    {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1913
      case $today:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1914
        return $lang->get('userfuncs_ml_date_today');
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1915
      case $yesterday:
342
ac34de920762 Finished localization of SpecialUserFuncs
Dan
parents: 335
diff changeset
  1916
        return $lang->get('userfuncs_ml_date_yesterday');
111
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1917
      default:
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1918
        return $then;
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1919
    }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1920
    //     .--.
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1921
    //    |o_o |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1922
    //    |!_/ |
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1923
    //   //   \ \
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1924
    //  (|     | )
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1925
    // /'\_   _/`\
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1926
    // \___)=(___/
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1927
    return 'Linux rocks!';
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1928
  }
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1929
  function reg_time($time, $row)
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1930
  {
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1931
    return $this->format_date($time);
b348ace50bc7 Added registration date column to members list
Dan
parents: 105
diff changeset
  1932
  }
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1933
  function infobit($_, $row)
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1934
  {
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1935
    global $db, $session, $paths, $template, $plugins; // Common objects
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1936
    global $lang;
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1937
    
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1938
    $bit = '';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1939
    if ( $row['user_has_avatar'] == 1 )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1940
    {
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1941
      $bit .= '<div style="float: left; margin-right: 10px;">
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1942
        <img alt=" " src="' . make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']) . '" />
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1943
      </div>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1944
    }
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1945
    $rank_data = $session->get_user_rank(intval($row['user_id']));
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1946
    $userpage = $paths->nslist['User'] . sanitize_page_id($row['username']);
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1947
    $title = ( isPage($userpage) ) ? ' title="' . $lang->get('userfuncs_ml_tip_userpage') . '"' : ' title="' . $lang->get('userfuncs_ml_tip_nouserpage') . '"';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1948
    $bit .= '<a' . $title . ' href="' . makeUrlNS('User', $row['username'], false, true) . '" style="font-size: x-large; ' . $rank_data['rank_style'] . '">' . htmlspecialchars($row['username']) . '</a><br />';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1949
    if ( $rank_data['user_title'] )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1950
      $bit .= htmlspecialchars($rank_data['user_title']) . '<br />';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1951
    if ( $rank_data['rank_title'] )
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1952
      $bit .= '<small>' . htmlspecialchars($lang->get($rank_data['rank_title'])) . '</small><br />';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1953
    
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1954
    $bit .= '<div style="text-align: right;">
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1955
               <a href="' . makeUrlNS('Special', "PrivateMessages/Compose/To/{$row['username']}", false, true) . '" class="abutton abutton_blue"><img alt=" " src="' . cdnPath . '/images/icons/send_pm.png" /> ' . $lang->get('comment_btn_send_privmsg') . '</a>
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1956
               <a href="' . makeUrlNS('Special', "PrivateMessages/FriendList/Add/{$row['username']}", false, true) . '" class="abutton abutton_green"><img alt=" " src="' . cdnPath . '/images/icons/add_buddy.png" /> ' . $lang->get('comment_btn_add_buddy') . '</a>
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1957
             </div>';
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1958
    
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1959
    return $bit;
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  1960
  }
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1961
}
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 101
diff changeset
  1962
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1963
function page_Special_LangExportJSON()
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1964
{
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1965
  global $db, $session, $paths, $template, $plugins; // Common objects
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1966
  global $lang;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1967
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1968
  $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1969
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1970
  if ( $lang->lang_id == $lang_id )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1971
    $lang_local =& $lang;
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1972
  else
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1973
    $lang_local = new Language($lang_id);
782
96848f04bbba Corrected a few issues with languages and client-side code
Dan
parents: 743
diff changeset
  1974
    
96848f04bbba Corrected a few issues with languages and client-side code
Dan
parents: 743
diff changeset
  1975
  $lang_local->get('meta_meta');
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1976
  
542
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1977
  $lang_strings = enano_json_encode($lang_local->strings);
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1978
  $etag = substr(sha1($lang_strings), 0, 20) . '-' . dechex($lang_local->lang_timestamp);
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1979
  
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1980
  if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1981
  {
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1982
    if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1983
    {
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1984
      header('HTTP/1.1 304 Not Modified');
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1985
      exit();
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1986
    }
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1987
  }
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1988
  
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 343
diff changeset
  1989
  $timestamp = enano_date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
  1990
  // generate expires header
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
  1991
  $expires = date('r', mktime(-1, -1, -1, -1, -1, intval(date('y'))+1));
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
  1992
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1993
  header("Last-Modified: $timestamp");
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1994
  header("Date: $timestamp");
542
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  1995
  header("ETag: \"$etag\"");
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1996
  header('Content-type: text/javascript');
562
75df0b2c596c Got initial CSRF token framework implemented and sample implementation added in Special:Logout; removing Javascript compression engine from aggressive_optimize_html() and instead calling JavascriptCompressor class from js-compressor.php
Dan
parents: 555
diff changeset
  1997
  header("Expires: $expires");
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1998
  
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  1999
  $lang_local->fetch();
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2000
  echo "if ( typeof(enano_lang) != 'object' )
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2001
  var enano_lang = new Object();
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2002
782
96848f04bbba Corrected a few issues with languages and client-side code
Dan
parents: 743
diff changeset
  2003
enano_lang[{$lang_local->lang_id}] = " . $lang_strings . ";";
555
ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents: 542
diff changeset
  2004
ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents: 542
diff changeset
  2005
  gzip_output();
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2006
  
542
5841df0ab575 Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents: 541
diff changeset
  2007
  exit(0);
210
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2008
}
2b283402e4e4 Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents: 209
diff changeset
  2009
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2010
/**
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2011
 * Fetches and displays an avatar from the filesystem. Avatar fetching is abstracted as of 1.1.4.
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2012
 */
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2013
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2014
function page_Special_Avatar()
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2015
{
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2016
  global $db, $session, $paths, $template, $plugins; // Common objects
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2017
  global $aggressive_optimize_html;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2018
  $aggressive_optimize_html = false;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2019
  
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2020
  $img_types = array(
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2021
      IMAGE_TYPE_PNG => 'png',
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2022
      IMAGE_TYPE_GIF => 'gif',
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2023
      IMAGE_TYPE_JPG => 'jpg',
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2024
      IMAGE_TYPE_GRV => 'grv'
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2025
    );
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2026
  
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2027
  $avi_id = $paths->getParam(0);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2028
  if ( !$avi_id || !@preg_match('/^[a-f0-9]+$/', $avi_id) )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2029
  {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2030
    echo 'Doesn\'t match the regexp';
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2031
    return true;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2032
  }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2033
  
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2034
  $avi_id_dec = hexdecode($avi_id);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2035
  $avi_id_dec = @unpack('Vdate/Vuid/vimg_type', $avi_id_dec);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2036
  if ( !$avi_id_dec )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2037
  {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2038
    echo 'Bad unpack';
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2039
    return true;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2040
  }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2041
  
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2042
  // check parameters
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2043
  if ( !isset($img_types[$avi_id_dec['img_type']]) )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2044
  {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2045
    echo 'Invalid image type';
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2046
    return true;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2047
  }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2048
  
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2049
  // build file path
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2050
  $avi_type = $img_types[$avi_id_dec['img_type']];
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2051
  
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2052
  // is this a gravatar?
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2053
  if ( $avi_type == 'grv' )
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2054
  {
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2055
    // yes, we'll have to redirect
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2056
    // sanitize UID
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2057
    $uid = intval($avi_id_dec['uid']);
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2058
    
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2059
    // fetch email
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2060
    $q = $db->sql_query('SELECT email FROM ' . table_prefix . "users WHERE user_id = $uid;");
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2061
    if ( !$q )
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2062
      $db->_die();
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2063
    if ( $db->numrows() < 1 )
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2064
      return false;
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2065
    
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2066
    list($email) = $db->fetchrow_num();
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2067
    $db->free_result();
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2068
    
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2069
    $url = make_gravatar_url($url);
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2070
    
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2071
    // ship out the redirect
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2072
    header('HTTP/1.1 302 Permanent Redirect');
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2073
    header("Location: $url");
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2074
  }
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 614
diff changeset
  2075
  
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2076
  $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $avi_id_dec['uid'] . '.' . $avi_type;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2077
  if ( file_exists($avi_path) )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2078
  {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2079
    $avi_mod_time = @filemtime($avi_path);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2080
    $avi_mod_time = date('r', $avi_mod_time);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2081
    $avi_size = @filesize($avi_path);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2082
    header("Last-Modified: $avi_mod_time");
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2083
    header("Content-Length: $avi_size");
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2084
    header("Content-Type: image/$avi_type");
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2085
    // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2086
    header("Cache-Control: public");
684
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  2087
    // expire it 30 days from now
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  2088
    $expiry_time = time() + ( 86400 * 30 );
15dbbe7e7674 A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Dan
parents: 621
diff changeset
  2089
    header("Expires: " . date('r', $expiry_time));
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2090
    
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2091
    $fh = @fopen($avi_path, 'r');
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2092
    if ( !$fh )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2093
    {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2094
      echo 'Could not open file';
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2095
      return true;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2096
    }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2097
    
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2098
    while ( $fd = @fread($fh, 1024) )
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2099
    {
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2100
      echo $fd;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2101
    }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2102
    fclose($fh);
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2103
    
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2104
  }
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2105
  return true;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2106
}
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
  2107
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2108
?>