[Customisation Database Commits] r606 - in /trunk/titania: ./ authors/ contributions/ includes/core/ includes/objects/ manage/ styles/default/template/
Nathan Guse
exreaction at phpbb.com
Mon Feb 15 03:57:23 GMT 2010
Author: exreaction
Date: Mon Feb 15 03:57:23 2010
New Revision: 606
Log:
Nicer handling of NO_AUTH
Better login handling
Added:
trunk/titania/styles/default/template/login_body.html
Modified:
trunk/titania/ariel_convert.php
trunk/titania/authors/create.php
trunk/titania/common.php
trunk/titania/config.example.php
trunk/titania/contributions/faq.php
trunk/titania/contributions/manage.php
trunk/titania/contributions/support.php
trunk/titania/includes/core/phpbb.php
trunk/titania/includes/core/titania.php
trunk/titania/includes/objects/post.php
trunk/titania/index.php
trunk/titania/manage/queue.php
Modified: trunk/titania/ariel_convert.php
==============================================================================
*** trunk/titania/ariel_convert.php (original)
--- trunk/titania/ariel_convert.php Mon Feb 15 03:57:23 2010
***************
*** 29,35 ****
if (!phpbb::$user->data['user_type'] == USER_FOUNDER)
{
! trigger_error('NO_AUTH');
}
// Hopefully this helps
--- 29,35 ----
if (!phpbb::$user->data['user_type'] == USER_FOUNDER)
{
! titania::needs_auth();
}
// Hopefully this helps
Modified: trunk/titania/authors/create.php
==============================================================================
*** trunk/titania/authors/create.php (original)
--- trunk/titania/authors/create.php Mon Feb 15 03:57:23 2010
***************
*** 23,29 ****
if (!phpbb::$auth->acl_get('u_titania_contrib_submit'))
{
! trigger_error('NO_AUTH');
}
titania::add_lang('contributions');
--- 23,29 ----
if (!phpbb::$auth->acl_get('u_titania_contrib_submit'))
{
! titania::needs_auth();
}
titania::add_lang('contributions');
Modified: trunk/titania/common.php
==============================================================================
*** trunk/titania/common.php (original)
--- trunk/titania/common.php Mon Feb 15 03:57:23 2010
***************
*** 59,64 ****
--- 59,70 ----
// Initialise Titania
titania::initialise();
+ // Allow login attempts from any page (mini login box)
+ if (isset($_POST['login']))
+ {
+ phpbb::login_box();
+ }
+
// admin requested the cache to be purged, ensure they have permission and purge the cache.
if (isset($_GET['cache']) && $_GET['cache'] == 'purge' && phpbb::$auth->acl_get('a_'))
{
Modified: trunk/titania/config.example.php
==============================================================================
*** trunk/titania/config.example.php (original)
--- trunk/titania/config.example.php Mon Feb 15 03:57:23 2010
***************
*** 52,55 ****
--- 52,60 ----
* Style Path (titania/style/ *path* /)
*/
'style' => 'default',
+
+ /**
+ * Team groups (members will get TITANIA_TEAMS_ACCESS)
+ */
+ 'team_groups' => array(5),
);
Modified: trunk/titania/contributions/faq.php
==============================================================================
*** trunk/titania/contributions/faq.php (original)
--- trunk/titania/contributions/faq.php Mon Feb 15 03:57:23 2010
***************
*** 48,54 ****
case 'edit':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !phpbb::$auth->acl_get('u_titania_faq_' . $action) && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! trigger_error('NO_AUTH');
}
// Load the message object
--- 48,54 ----
case 'edit':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !phpbb::$auth->acl_get('u_titania_faq_' . $action) && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! titania::needs_auth();
}
// Load the message object
***************
*** 103,109 ****
case 'delete':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !phpbb::$auth->acl_get('u_titania_faq_delete') && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! trigger_error('NO_AUTH');
}
if (titania::confirm_box(true))
--- 103,109 ----
case 'delete':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !phpbb::$auth->acl_get('u_titania_faq_delete') && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! titania::needs_auth();
}
if (titania::confirm_box(true))
***************
*** 128,134 ****
case 'move_down':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! trigger_error('NO_AUTH');
}
$faq->move($action);
--- 128,134 ----
case 'move_down':
if (!phpbb::$auth->acl_get('m_titania_faq_mod') && !titania::$contrib->is_author && !titania::$contrib->is_active_coauthor)
{
! titania::needs_auth();
}
$faq->move($action);
Modified: trunk/titania/contributions/manage.php
==============================================================================
*** trunk/titania/contributions/manage.php (original)
--- trunk/titania/contributions/manage.php Mon Feb 15 03:57:23 2010
***************
*** 22,33 ****
if (!titania::$contrib->is_author && !titania::$contrib->is_active_coauthor && !phpbb::$auth->acl_get('m_titania_contrib_mod') && !titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate'))
{
! trigger_error('NO_AUTH');
}
else if (titania::$contrib->contrib_status == TITANIA_CONTRIB_CLEANED && !(phpbb::$auth->acl_get('m_titania_contrib_mod') || titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate')))
{
// Editing cleaned contribs requires moderation permissions
! trigger_error('NO_AUTH');
}
// Catch the U_NEW_REVISION link and start creating the new revision...
--- 22,33 ----
if (!titania::$contrib->is_author && !titania::$contrib->is_active_coauthor && !phpbb::$auth->acl_get('m_titania_contrib_mod') && !titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate'))
{
! titania::needs_auth();
}
else if (titania::$contrib->contrib_status == TITANIA_CONTRIB_CLEANED && !(phpbb::$auth->acl_get('m_titania_contrib_mod') || titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate')))
{
// Editing cleaned contribs requires moderation permissions
! titania::needs_auth();
}
// Catch the U_NEW_REVISION link and start creating the new revision...
***************
*** 144,150 ****
{
if (!titania::$contrib->is_author && !phpbb::$auth->acl_get('m_titania_contrib_mod') && !titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate'))
{
! trigger_error('NO_AUTH');
}
$change_owner_id = request_var('change_owner_id', 0);
--- 144,150 ----
{
if (!titania::$contrib->is_author && !phpbb::$auth->acl_get('m_titania_contrib_mod') && !titania_types::$types[titania::$contrib->contrib_type]->acl_get('moderate'))
{
! titania::needs_auth();
}
$change_owner_id = request_var('change_owner_id', 0);
Modified: trunk/titania/contributions/support.php
==============================================================================
*** trunk/titania/contributions/support.php (original)
--- trunk/titania/contributions/support.php Mon Feb 15 03:57:23 2010
***************
*** 80,86 ****
if ($action != 'edit' && (($action == 'post' && !phpbb::$auth->acl_get('u_titania_topic')) || ($action == 'reply' && (!$topic_id || !phpbb::$auth->acl_get('u_titania_post')))))
{
! trigger_error('NO_AUTH');
}
if ($action == 'post')
--- 80,86 ----
if ($action != 'edit' && (($action == 'post' && !phpbb::$auth->acl_get('u_titania_topic')) || ($action == 'reply' && (!$topic_id || !phpbb::$auth->acl_get('u_titania_post')))))
{
! titania::needs_auth();
}
if ($action == 'post')
Modified: trunk/titania/includes/core/phpbb.php
==============================================================================
*** trunk/titania/includes/core/phpbb.php (original)
--- trunk/titania/includes/core/phpbb.php Mon Feb 15 03:57:23 2010
***************
*** 146,152 ****
'SITE_LOGO_IMG' => self::$user->img('site_logo'),
'U_REGISTER' => self::append_sid('ucp', 'mode=register'),
! 'S_LOGIN_ACTION' => self::append_sid('ucp', 'mode=login'),
'U_LOGIN_LOGOUT' => $u_login_logout,
'L_LOGIN_LOGOUT' => $l_login_logout,
'LOGIN_REDIRECT' => $l_login_redirect,
--- 146,152 ----
'SITE_LOGO_IMG' => self::$user->img('site_logo'),
'U_REGISTER' => self::append_sid('ucp', 'mode=register'),
! 'S_LOGIN_ACTION' => titania_url::$current_page_url,
'U_LOGIN_LOGOUT' => $u_login_logout,
'L_LOGIN_LOGOUT' => $l_login_logout,
'LOGIN_REDIRECT' => $l_login_redirect,
***************
*** 230,233 ****
--- 230,411 ----
garbage_collection();
exit_handler();
}
+
+
+ /**
+ * Generate login box or verify password
+ */
+ function login_box($l_explain = '', $l_success = '', $admin = false, $s_display = true)
+ {
+ self::_include('captcha/captcha_factory', 'phpbb_captcha_factory');
+ self::$user->add_lang('ucp');
+
+ $err = '';
+
+ // Make sure user->setup() has been called
+ if (empty(self::$user->lang))
+ {
+ self::$user->setup();
+ }
+
+ // Print out error if user tries to authenticate as an administrator without having the privileges...
+ if ($admin && !self::$auth->acl_get('a_'))
+ {
+ // Not authd
+ // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
+ if (self::$user->data['is_registered'])
+ {
+ add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+ }
+ trigger_error('NO_AUTH_ADMIN');
+ }
+
+ if (isset($_POST['login']))
+ {
+ // Get credential
+ if ($admin)
+ {
+ $credential = request_var('credential', '');
+
+ if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32)
+ {
+ if (self::$user->data['is_registered'])
+ {
+ add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+ }
+ trigger_error('NO_AUTH_ADMIN');
+ }
+
+ $password = request_var('password_' . $credential, '', true);
+ }
+ else
+ {
+ $password = request_var('password', '', true);
+ }
+
+ $username = request_var('username', '', true);
+ $autologin = (!empty($_POST['autologin'])) ? true : false;
+ $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
+ $admin = ($admin) ? 1 : 0;
+ $viewonline = ($admin) ? self::$user->data['session_viewonline'] : $viewonline;
+
+ // Check if the supplied username is equal to the one stored within the database if re-authenticating
+ if ($admin && utf8_clean_string(self::$username) != utf8_clean_string(self::$user->data['username']))
+ {
+ // We log the attempt to use a different username...
+ add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+ trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
+ }
+
+ // If authentication is successful we redirect user to previous page
+ $result = self::$auth->login($username, $password, $autologin, $viewonline, $admin);
+
+ // If admin authentication and login, we will log if it was a success or not...
+ // We also break the operation on the first non-success login - it could be argued that the user already knows
+ if ($admin)
+ {
+ if ($result['status'] == LOGIN_SUCCESS)
+ {
+ add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
+ }
+ else
+ {
+ // Only log the failed attempt if a real user tried to.
+ // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
+ if (self::$user->data['is_registered'])
+ {
+ add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
+ }
+ }
+ }
+
+ // The result parameter is always an array, holding the relevant information...
+ if ($result['status'] == LOGIN_SUCCESS)
+ {
+ redirect(titania_url::$current_page_url);
+ }
+
+ // Something failed, determine what...
+ if ($result['status'] == LOGIN_BREAK)
+ {
+ trigger_error($result['error_msg']);
+ }
+
+ // Special cases... determine
+ switch ($result['status'])
+ {
+ case LOGIN_ERROR_ATTEMPTS:
+
+ $captcha = phpbb_captcha_factory::get_instance(self::$config['captcha_plugin']);
+ $captcha->init(CONFIRM_LOGIN);
+ // $captcha->reset();
+
+ self::$template->assign_vars(array(
+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
+ ));
+
+ $err = self::$user->lang[$result['error_msg']];
+ break;
+
+ case LOGIN_ERROR_PASSWORD_CONVERT:
+ $err = sprintf(
+ self::$user->lang[$result['error_msg']],
+ (self::$config['email_enable']) ? '<a href="' . self::append_sid('ucp', 'mode=sendpassword') . '">' : '',
+ (self::$config['email_enable']) ? '</a>' : '',
+ (self::$config['board_contact']) ? '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">' : '',
+ (self::$config['board_contact']) ? '</a>' : ''
+ );
+ break;
+
+ // Username, password, etc...
+ default:
+ $err = self::$user->lang[$result['error_msg']];
+
+ // Assign admin contact to some error messages
+ if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
+ {
+ $err = (!self::$config['board_contact']) ? sprintf(self::$user->lang[$result['error_msg']], '', '') : sprintf(self::$user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">', '</a>');
+ }
+
+ break;
+ }
+ }
+
+ // Assign credential for username/password pair
+ $credential = ($admin) ? md5(unique_id()) : false;
+
+ $s_hidden_fields = array(
+ 'sid' => self::$user->session_id,
+ );
+
+ if ($admin)
+ {
+ $s_hidden_fields['credential'] = $credential;
+ }
+
+ $s_hidden_fields = build_hidden_fields($s_hidden_fields);
+
+ titania::page_header('LOGIN');
+
+ self::$template->assign_vars(array(
+ 'LOGIN_ERROR' => $err,
+ 'LOGIN_EXPLAIN' => $l_explain,
+
+ 'U_SEND_PASSWORD' => (self::$config['email_enable']) ? self::append_sid('ucp', 'mode=sendpassword') : '',
+ 'U_RESEND_ACTIVATION' => (self::$config['require_activation'] == USER_ACTIVATION_SELF && self::$config['email_enable']) ? self::append_sid('ucp', 'mode=resend_act') : '',
+ 'U_TERMS_USE' => self::append_sid('ucp', 'mode=terms'),
+ 'U_PRIVACY' => self::append_sid('ucp', 'mode=privacy'),
+
+ 'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
+ 'S_HIDDEN_FIELDS' => $s_hidden_fields,
+
+ 'S_ADMIN_AUTH' => $admin,
+ 'USERNAME' => ($admin) ? self::$user->data['username'] : '',
+
+ 'USERNAME_CREDENTIAL' => 'username',
+ 'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',
+ ));
+
+ titania::page_footer(true, 'login_body.html');
+ }
}
Modified: trunk/titania/includes/core/titania.php
==============================================================================
*** trunk/titania/includes/core/titania.php (original)
--- trunk/titania/includes/core/titania.php Mon Feb 15 03:57:23 2010
***************
*** 221,226 ****
--- 221,236 ----
phpbb::$user->set_custom_lang_path($old_path);
}
+ public static function needs_auth()
+ {
+ if (!phpbb::$user->data['is_registered'])
+ {
+ phpbb::login_box();
+ }
+
+ trigger_error('NO_AUTH');
+ }
+
/**
* Titania page_header
*
Modified: trunk/titania/includes/objects/post.php
==============================================================================
*** trunk/titania/includes/objects/post.php (original)
--- trunk/titania/includes/objects/post.php Mon Feb 15 03:57:23 2010
***************
*** 361,367 ****
{
if (!$this->acl_get('post'))
{
! trigger_error('NO_AUTH');
}
// Create the topic if required
--- 361,367 ----
{
if (!$this->acl_get('post'))
{
! titania::needs_auth();
}
// Create the topic if required
***************
*** 433,439 ****
if (!$this->acl_get('edit'))
{
! trigger_error('NO_AUTH');
}
if ($this->post_id == $this->topic->topic_first_post_id)
--- 433,439 ----
if (!$this->acl_get('edit'))
{
! titania::needs_auth();
}
if ($this->post_id == $this->topic->topic_first_post_id)
***************
*** 466,472 ****
{
if (!$this->acl_get('soft_delete'))
{
! trigger_error('NO_AUTH');
}
$this->post_deleted = titania::$time;
--- 466,472 ----
{
if (!$this->acl_get('soft_delete'))
{
! titania::needs_auth();
}
$this->post_deleted = titania::$time;
***************
*** 490,496 ****
{
if (!$this->acl_get('undelete'))
{
! trigger_error('NO_AUTH');
}
// Reverse the hack for soft delete
--- 490,496 ----
{
if (!$this->acl_get('undelete'))
{
! titania::needs_auth();
}
// Reverse the hack for soft delete
***************
*** 511,517 ****
{
if (!$this->acl_get('hard_delete'))
{
! trigger_error('NO_AUTH');
}
$this->topic->update_postcount(false, $this->post_access, false);
--- 511,517 ----
{
if (!$this->acl_get('hard_delete'))
{
! titania::needs_auth();
}
$this->topic->update_postcount(false, $this->post_access, false);
Modified: trunk/titania/index.php
==============================================================================
*** trunk/titania/index.php (original)
--- trunk/titania/index.php Mon Feb 15 03:57:23 2010
***************
*** 92,98 ****
$revision->contrib = $contrib;
if (!titania_types::$types[$contrib->contrib_type]->acl_get('validate'))
{
! trigger_error('NO_AUTH');
}
$revision_attachment = new titania_attachment(TITANIA_CONTRIB);
$revision_attachment->attachment_id = $revision->attachment_id;
--- 92,98 ----
$revision->contrib = $contrib;
if (!titania_types::$types[$contrib->contrib_type]->acl_get('validate'))
{
! titania::needs_auth();
}
$revision_attachment = new titania_attachment(TITANIA_CONTRIB);
$revision_attachment->attachment_id = $revision->attachment_id;
Modified: trunk/titania/manage/queue.php
==============================================================================
*** trunk/titania/manage/queue.php (original)
--- trunk/titania/manage/queue.php Mon Feb 15 03:57:23 2010
***************
*** 29,35 ****
if (empty($authed))
{
! trigger_error('NO_AUTH');
}
else if (sizeof($authed) == 1)
{
--- 29,35 ----
if (empty($authed))
{
! titania::needs_auth();
}
else if (sizeof($authed) == 1)
{
***************
*** 57,63 ****
{
if (!titania_types::$types[$queue_type]->acl_get('view'))
{
! trigger_error('NO_AUTH');
}
}
--- 57,63 ----
{
if (!titania_types::$types[$queue_type]->acl_get('view'))
{
! titania::needs_auth();
}
}
Added: trunk/titania/styles/default/template/login_body.html
==============================================================================
*** trunk/titania/styles/default/template/login_body.html (added)
--- trunk/titania/styles/default/template/login_body.html Mon Feb 15 03:57:23 2010
***************
*** 0 ****
--- 1,64 ----
+ <!-- INCLUDE common/overall_header.html -->
+
+ <form action="{S_LOGIN_ACTION}" method="post" id="login">
+ <div class="panel">
+ <div class="inner"><span class="corners-top"><span></span></span>
+
+ <div class="content">
+ <h2><!-- IF LOGIN_EXPLAIN -->{LOGIN_EXPLAIN}<!-- ELSE -->{L_LOGIN}<!-- ENDIF --></h2>
+
+ <fieldset <!-- IF not S_CONFIRM_CODE -->class="fields1"<!-- ELSE -->class="fields2"<!-- ENDIF -->>
+ <!-- IF LOGIN_ERROR --><div class="error">{LOGIN_ERROR}</div><!-- ENDIF -->
+ <dl>
+ <dt><label for="{USERNAME_CREDENTIAL}">{L_USERNAME}:</label></dt>
+ <dd><input type="text" tabindex="1" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{USERNAME}" class="inputbox autowidth" /></dd>
+ </dl>
+ <dl>
+ <dt><label for="{PASSWORD_CREDENTIAL}">{L_PASSWORD}:</label></dt>
+ <dd><input type="password" tabindex="2" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" /></dd>
+ <!-- IF S_DISPLAY_FULL_LOGIN and (U_SEND_PASSWORD or U_RESEND_ACTIVATION) -->
+ <!-- IF U_SEND_PASSWORD --><dd><a href="{U_SEND_PASSWORD}">{L_FORGOT_PASS}</a></dd><!-- ENDIF -->
+ <!-- IF U_RESEND_ACTIVATION --><dd><a href="{U_RESEND_ACTIVATION}">{L_RESEND_ACTIVATION}</a></dd><!-- ENDIF -->
+ <!-- ENDIF -->
+ </dl>
+ <!-- IF CAPTCHA_TEMPLATE and S_CONFIRM_CODE -->
+ <!-- DEFINE $CAPTCHA_TAB_INDEX = 3 -->
+ <!-- INCLUDE {CAPTCHA_TEMPLATE} -->
+ <!-- ENDIF -->
+ <!-- IF S_DISPLAY_FULL_LOGIN -->
+ <dl>
+ <!-- IF S_AUTOLOGIN_ENABLED --><dd><label for="autologin"><input type="checkbox" name="autologin" id="autologin" tabindex="4" /> {L_LOG_ME_IN}</label></dd><!-- ENDIF -->
+ <dd><label for="viewonline"><input type="checkbox" name="viewonline" id="viewonline" tabindex="5" /> {L_HIDE_ME}</label></dd>
+ </dl>
+ <!-- ENDIF -->
+
+ <dl>
+ <dt> </dt>
+ <dd>{S_HIDDEN_FIELDS}<input type="submit" name="login" tabindex="6" value="{L_LOGIN}" class="button1" /></dd>
+ </dl>
+
+ </fieldset>
+ </div>
+ <span class="corners-bottom"><span></span></span></div>
+ </div>
+
+
+ <!-- IF not S_ADMIN_AUTH and S_REGISTER_ENABLED -->
+ <div class="panel">
+ <div class="inner"><span class="corners-top"><span></span></span>
+
+ <div class="content">
+ <h3>{L_REGISTER}</h3>
+ <p>{L_LOGIN_INFO}</p>
+ <p><strong><a href="{U_TERMS_USE}">{L_TERMS_USE}</a> | <a href="{U_PRIVACY}">{L_PRIVACY}</a></strong></p>
+ <hr class="dashed" />
+ <p><a href="{U_REGISTER}" class="button2">{L_REGISTER}</a></p>
+ </div>
+
+ <span class="corners-bottom"><span></span></span></div>
+ </div>
+ <!-- ENDIF -->
+
+ </form>
+
+ <!-- INCLUDE common/overall_footer.html -->
\ No newline at end of file
More information about the customisationdb-commits
mailing list