Trouble logging in? Try the full login form.
'; @@ -383,8 +467,21 @@ { $('ajaxlogin_user').object.focus(); } - $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; - $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + if ( ajax_auth_show_captcha ) + { + $('ajaxlogin_captcha_code').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; + $('ajaxlogin_captcha_code').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + } + else + { + $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); }; + $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); }; + } + if ( disable_controls ) + { + var panel = document.getElementById('messageBoxButtons'); + panel.firstChild.disabled = true; + } /* ## This causes the background image to disappear under Fx 2 if ( shown_error ) @@ -398,6 +495,11 @@ fader.start(); } */ + if ( ajax_auth_show_captcha ) + { + ajaxShowCaptcha(ajax_auth_show_captcha); + ajax_auth_show_captcha = false; + } } }); } @@ -412,6 +514,15 @@ password = document.getElementById('ajaxlogin_pass').value; auth_enabled = false; + if ( document.getElementById('autoCaptcha') ) + { + var to = fly_out_top(document.getElementById('autoCaptcha'), false, true); + setTimeout(function() { + var d = document.getElementById('autoCaptcha'); + d.parentNode.removeChild(d); + }, to); + } + disableJSONExts(); // @@ -467,6 +578,12 @@ 'level' : ajax_auth_level_cache }; + if ( document.getElementById('ajaxlogin_captcha_hash') ) + { + json_data.captcha_hash = document.getElementById('ajaxlogin_captcha_hash').value; + json_data.captcha_code = document.getElementById('ajaxlogin_captcha_code').value; + } + json_data = toJSONString(json_data); json_data = encodeURIComponent(json_data); @@ -509,18 +626,23 @@ } break; case 'error': - if ( response.error == 'The username and/or password is incorrect.' ) + if ( response.data.error == 'invalid_credentials' || response.data.error == 'locked_out' ) { - ajax_auth_error_string = response.error; + ajax_auth_error_string = ajaxAuthErrorToString(response.data); mb_current_obj.updateContent(''); document.getElementById('messageBox').style.backgroundColor = '#C0C0C0'; var mb_parent = document.getElementById('messageBox').parentNode; new Spry.Effect.Shake(mb_parent, {duration: 1500}).start(); setTimeout("document.getElementById('messageBox').style.backgroundColor = '#FFF'; ajaxAuthLoginInnerSetup();", 2500); + + if ( response.data.lockout_policy == 'captcha' && response.data.error == 'locked_out' ) + { + ajax_auth_show_captcha = response.captcha; + } } else { - alert(response.error); + ajax_auth_error_string = ajaxAuthErrorToString(response.data); ajaxAuthLoginInnerSetup(); } break; diff -r b796208d050d -r 9dbbec5e6096 includes/comment.php --- a/includes/comment.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/comment.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License diff -r b796208d050d -r 9dbbec5e6096 includes/common.php --- a/includes/common.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/common.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -23,7 +23,7 @@ exit; } -$version = '1.0.2'; +$version = '1.1.1'; function microtime_float() { diff -r b796208d050d -r 9dbbec5e6096 includes/constants.php --- a/includes/constants.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/constants.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * constants.php - important defines used Enano-wide * @@ -70,7 +70,7 @@ define('MAX_PMS_PER_BATCH', 7); // The maximum number of users that users can send PMs to in one go; restriction does not apply to users with mod_misc rights define('SEARCH_RESULTS_PER_PAGE', 10); define('MYSQL_MAX_PACKET_SIZE', 1048576); // 1MB; this is the default in MySQL 4.x I think -define('SEARCH_MODE', 'FULLTEXT'); // Can be FULLTEXT or BUILTIN +define('SEARCH_MODE', 'BUILTIN'); // Can be FULLTEXT or BUILTIN // Sidebar diff -r b796208d050d -r 9dbbec5e6096 includes/dbal.php --- a/includes/dbal.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/dbal.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License diff -r b796208d050d -r 9dbbec5e6096 includes/email.php --- a/includes/email.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/email.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License diff -r b796208d050d -r 9dbbec5e6096 includes/functions.php --- a/includes/functions.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/functions.php Sun Oct 14 20:51:15 2007 -0400 @@ -2796,7 +2796,7 @@ $strip_tags = implode('|', $strip_tags); // Strip out the tags and replace with placeholders - preg_match_all("#<($strip_tags)([ ]+.*?)?>(.*?)#is", $html, $matches); + preg_match_all("#<($strip_tags)(.*?)>(.*?)#is", $html, $matches); $seed = md5(microtime() . mt_rand()); // Random value used for placeholders for ($i = 0;$i < sizeof($matches[1]); $i++) { @@ -2804,7 +2804,7 @@ } // Optimize (but don't obfuscate) Javascript - preg_match_all('/
' . "-----------------------------------------------------------------------------\n" . htmlspecialchars($js) . ''); - // for line optimization, explode it $particles = explode("\n", $js); diff -r b796208d050d -r 9dbbec5e6096 includes/graphs.php --- a/includes/graphs.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/graphs.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License diff -r b796208d050d -r 9dbbec5e6096 includes/js-compressor.php --- a/includes/js-compressor.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/js-compressor.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * Copyright (C) 2006-2007 Dan Fuhry * Javascript compression library - used to compact the client-side Javascript code (all 72KB of it!) to save some bandwidth * diff -r b796208d050d -r 9dbbec5e6096 includes/pageprocess.php --- a/includes/pageprocess.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/pageprocess.php Sun Oct 14 20:51:15 2007 -0400 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0.2 (Coblynau) + * Version 1.1.1 * pageprocess.php - intelligent retrieval of pages * Copyright (C) 2006-2007 Dan Fuhry * diff -r b796208d050d -r 9dbbec5e6096 includes/pageutils.php --- a/includes/pageutils.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/pageutils.php Sun Oct 14 20:51:15 2007 -0400 @@ -1,7 +1,8 @@ private_key; + + if ( !defined('IN_ENANO_INSTALL') ) + { + // Lockout stuff + $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5; + $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; + // convert to minutes + $duration = $duration * 60; + $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; + if ( $policy == 'captcha' && $captcha_hash && $captcha_code ) + { + // policy is captcha -- check if it's correct, and if so, bypass lockout check + $real_code = $this->get_captcha($captcha_hash); + } + if ( $policy != 'disable' && !( $policy == 'captcha' && isset($real_code) && $real_code == $captcha_code ) ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + $timestamp_cutoff = time() - $duration; + $q = $this->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); + $fails = $db->numrows(); + if ( $fails >= $threshold ) + { + // ooh boy, somebody's in trouble ;-) + $row = $db->fetchrow(); + $db->free_result(); + return array( + 'success' => false, + 'error' => 'locked_out', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy, + 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ), + 'lockout_last_time' => $row['timestamp'] + ); + } + $db->free_result(); + } + } // Instanciate the Rijndael encryption object $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); @@ -563,13 +604,19 @@ $aes_key = $this->fetch_public_key($aes_key); if(!$aes_key) - return 'Couldn\'t look up public key "'.$aes_key.'" for decryption'; + return array( + 'success' => false, + 'error' => 'key_not_found' + ); // Convert the key to a binary string $bin_key = hexdecode($aes_key); if(strlen($bin_key) != AES_BITS / 8) - return 'The decryption key is the wrong length'; + return array( + 'success' => false, + 'error' => 'key_wrong_length' + ); // Decrypt our password $password = $aes->decrypt($aes_data, $bin_key, ENC_HEX); @@ -585,13 +632,34 @@ $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';'); if($db->numrows() < 1) { - return "The username and/or password is incorrect."; // This wasn't logged in <1.0.2, dunno how it slipped through if($level > USER_LEVEL_MEMBER) $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); else $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); - + + if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + // increment fail count + $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');'); + $fails++; + // ooh boy, somebody's in trouble ;-) + return array( + 'success' => false, + 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'time_rem' => ( $duration / 60 ), + 'lockout_policy' => $policy + ); + } + + return array( + 'success' => false, + 'error' => 'invalid_credentials' + ); } $row = $db->fetchrow(); @@ -642,7 +710,10 @@ if($success) { if($level > $row['user_level']) - return 'You are not authorized for this level of access.'; + return array( + 'success' => false, + 'error' => 'too_big_for_britches' + ); $sess = $this->register_session(intval($row['user_id']), $username, $password, $level); if($sess) @@ -662,10 +733,15 @@ { eval($cmd); } - return 'success'; + return array( + 'success' => true + ); } else - return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.'; + return array( + 'success' => false, + 'error' => 'backend_fail' + ); } else { @@ -674,7 +750,28 @@ else $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); - return 'The username and/or password is incorrect.'; + // Do we also need to increment the lockout countdown? + if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + // increment fail count + $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');'); + $fails++; + return array( + 'success' => false, + 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'time_rem' => ( $duration / 60 ), + 'lockout_policy' => $policy + ); + } + + return array( + 'success' => false, + 'error' => 'invalid_credentials' + ); } } @@ -700,6 +797,45 @@ return $this->login_compat($username, $pass_hashed, $level); } + if ( !defined('IN_ENANO_INSTALL') ) + { + // Lockout stuff + $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5; + $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15; + // convert to minutes + $duration = $duration * 60; + $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout'; + if ( $policy == 'captcha' && $captcha_hash && $captcha_code ) + { + // policy is captcha -- check if it's correct, and if so, bypass lockout check + $real_code = $this->get_captcha($captcha_hash); + } + if ( $policy != 'disable' && !( $policy == 'captcha' && isset($real_code) && $real_code == $captcha_code ) ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + $timestamp_cutoff = time() - $duration; + $q = $this->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;'); + $fails = $db->numrows(); + if ( $fails > $threshold ) + { + // ooh boy, somebody's in trouble ;-) + $row = $db->fetchrow(); + $db->free_result(); + return array( + 'success' => false, + 'error' => 'locked_out', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy, + 'time_rem' => $duration - round( ( time() - $row['timestamp'] ) / 60 ), + 'lockout_last_time' => $row['timestamp'] + ); + } + $db->free_result(); + } + } + // Instanciate the Rijndael encryption object $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); @@ -709,7 +845,35 @@ // Retrieve the real password from the database $this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';'); if($db->numrows() < 1) - return 'The username and/or password is incorrect.'; + { + // This wasn't logged in <1.0.2, dunno how it slipped through + if($level > USER_LEVEL_MEMBER) + $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); + else + $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); + + // Do we also need to increment the lockout countdown? + if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + // increment fail count + $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');'); + $fails++; + return array( + 'success' => false, + 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy + ); + } + + return array( + 'success' => false, + 'error' => 'invalid_credentials' + ); + } $row = $db->fetchrow(); // Check to see if we're logging in using a temporary password @@ -758,7 +922,10 @@ if($success) { if((int)$level > (int)$row['user_level']) - return 'You are not authorized for this level of access.'; + return array( + 'success' => false, + 'error' => 'too_big_for_britches' + ); $sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level); if($sess) { @@ -773,10 +940,15 @@ eval($cmd); } - return 'success'; + return array( + 'success' => true + ); } else - return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.'; + return array( + 'success' => false, + 'error' => 'backend_fail' + ); } else { @@ -785,7 +957,27 @@ else $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')'); - return 'The username and/or password is incorrect.'; + // Do we also need to increment the lockout countdown? + if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') ) + { + $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']); + // increment fail count + $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');'); + $fails++; + return array( + 'success' => false, + 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials', + 'lockout_threshold' => $threshold, + 'lockout_duration' => ( $duration / 60 ), + 'lockout_fails' => $fails, + 'lockout_policy' => $policy + ); + } + + return array( + 'success' => false, + 'error' => 'invalid_credentials' + ); } } diff -r b796208d050d -r 9dbbec5e6096 includes/stats.php --- a/includes/stats.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/stats.php Sun Oct 14 20:51:15 2007 -0400 @@ -1,7 +1,8 @@ '; return $text; diff -r b796208d050d -r 9dbbec5e6096 includes/wikiengine/Tables.php --- a/includes/wikiengine/Tables.php Sun Oct 14 20:47:01 2007 -0400 +++ b/includes/wikiengine/Tables.php Sun Oct 14 20:51:15 2007 -0400 @@ -1,8 +1,8 @@ load_theme('oxygen', 'bleu', false); +$template->load_theme('stpatty', 'shamrock', false); $modestrings = Array( 'welcome' => 'Welcome', @@ -313,10 +313,9 @@ case 'welcome': ?>
- ![[ Enano CMS Project logo ]](images/enano-artwork/installer-greeting-blue.png)
+ ![[ Enano CMS Project logo ]](images/enano-artwork/installer-greeting-green.png)
version 1.0.2 – stable
+
+
Welcome to Enano
-version 1.0.2 – stable
- also affectionately known as "coblynau" :)
+ version 1.1.1 – unstable
Your changes to the site configuration have been saved.'; } @@ -351,6 +361,43 @@
+ How many times can a user enter wrong credentials before a lockout goes into effect? +
+ This is how long an account lockout should last, in minutes. +
+ What should be done when a lockout goes into effect? +
+
+ +
Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.
';
+ echo '';
}
?>
@@ -3158,8 +3205,6 @@
$parser = $template->makeParserText($vars['sidebar_section']);
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
$c = preg_replace('#(.*?)#is', '\\2', $c);
- // fix for the "Administration" link that somehow didn't get rendered properly
- $c = preg_replace("/(^|\n)([ ]*)'.$__login_status.'
'; + $errstring = $__login_status['error']; + switch($__login_status['error']) + { + case 'key_not_found': + $errstring = 'Enano couldn\'t look up the encryption key used to encrypt your password. This most often happens if a cache rotation occurred during your login attempt, or if you refreshed the login page.'; + break; + case 'key_wrong_length': + $errstring = 'The encryption key was the wrong length.'; + break; + case 'too_big_for_britches': + $errstring = 'You are trying to authenticate at a level that your user account does not permit.'; + break; + case 'invalid_credentials': + $errstring = 'You have entered an invalid username or password. Please enter your login details again.'; + if ( $__login_status['lockout_policy'] == 'lockout' ) + { + $errstring .= ' You have used up '.$__login_status['lockout_fails'].' out of '.$__login_status['lockout_threshold'].' login attempts. After you have used up all '.$data['lockout_threshold'].' login attempts, you will be locked out from logging in for '.$__login_status['lockout_duration'].' minutes.'; + } + else if ( $__login_status['lockout_policy'] == 'captcha' ) + { + $errstring .= ' You have used up '.$__login_status['lockout_fails'].' out of '.$__login_status['lockout_threshold'].' login attempts. After you have used up all '.$data['lockout_threshold'].' login attempts, you will have to enter a visual confirmation code before logging in, effective for '.$__login_status['lockout_duration'].' minutes.'; + } + break; + case 'backend_fail': + $errstring = 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.'; + break; + case 'locked_out': + $attempts = intval($__login_status['lockout_fails']); + if ( $attempts > $__login_status['lockout_threshold']) + $attempts = $__login_status['lockout_threshold']; + + $server_time = time(); + $time_rem = $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 ); + + $s = ( $time_rem == 1 ) ? '' : 's'; + $errstring = "You have used up all {$__login_status['lockout_threshold']} allowed login attempts. Please wait {$time_rem} minute$s before attempting to log in again"; + if ( $__login_status['lockout_policy'] == 'captcha' ) + $errstring .= ', or enter the visual confirmation code shown above in the appropriate box'; + $errstring .= '.'; + break; + } + echo ''.$errstring.'
';
}
if ( $p = $paths->getAllParams() )
{
@@ -189,7 +276,7 @@
?> />
- Maybe you need to create an account.
The affecting tag was updated.
';
}
}
- else if ( $_POST['pg_type'] == PAGE_GRP_REGEX )
- {
- $target = $_POST['pg_target'];
- if ( empty($target) )
- {
- echo 'Please enter an expression to match against..
';
- }
- else
- {
- $target = $db->escape($target);
- $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- else
- echo 'The expression to match against was updated.
';
- }
- }
else if ( $_POST['pg_type'] == PAGE_GRP_CATLINK )
{
$target = $_POST['pg_target'];
@@ -877,22 +860,6 @@
- Be sure to include the starting and ending delimiters and any flags you might need.
- These pages might help: Pattern modifiers • - Pattern syntax
- Examples: /^(Special|Admin):/i • /^Image:([0-9]+)$/
- Developers, remember that this will be matched against the full page identifier string. This means that /^About_Enano$/ - will NOT match the page Special:About_Enano. -
Login failed. Bad password?
Login failed: '. $result['error'] . '