Commit a2e40e00 authored by Martyn Smith's avatar Martyn Smith Committed by Martyn Smith
Browse files
parents feecd8bd eb8070d3
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage admin
* @author Richard Mansfield <richard@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
$pagename = clean_requestdata('pagename', PARAM_ALPHAEXT, REQUEST_EITHER);
$data['pagename'] = $pagename;
try {
$page = get_record('site_content','name',$pagename);
$data['content'] = $page->content;
$data['success'] = 1;
}
catch (Exception $e) {
$data['success'] = 0;
$data['errormessage'] = $e->getMessage();
}
echo json_encode($data);
?>
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage admin
* @author Richard Mansfield <richard.mansfield@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL',1);
require(dirname(dirname(__FILE__)).'/init.php');
require_once('form.php');
$sitepages = get_records('site_content');
$pageoptions = array();
foreach ($sitepages as $page) {
$pageoptions[$page->name] = get_string($page->name);
}
asort($pageoptions);
$f = array(
'name' => 'editsitepage',
'method' => 'post',
'onsubmit' => 'return submitForm(\'editsitepage\',\'savesitepage.json.php\');',
'action' => '',
'elements' => array(
'pagename' => array(
'type' => 'select',
'title' => get_string('pagename'),
'value' => 'home',
'options' => $pageoptions
),
'pagetext' => array(
'name' => 'pagetext',
'type' => 'wysiwyg',
'rows' => 25,
'cols' => 85,
'title' => get_string('pagecontent'),
'description' => get_string('textdesc'),
'value' => 'blah',
'rules' => array(
'required' => true
)
),
'submit' => array(
'value' => get_string('savechanges'),
'type' => 'submit',
)
)
);
$form = form($f);
$js = array('mochikit','mahara');
if (use_html_editor()) {
array_unshift($js,'tinymce');
}
$ijs = <<< EOJS
setEditorContent = function(content) { $('pagetext').innerHTML = content; };
function onLoad() {
requestPageText();
connect('pagename', 'onchange', requestPageText);
if (typeof(tinyMCE) != 'undefined') {
setEditorContent = tinyMCE.setContent;
}
}
function requestPageText() {
var d = loadJSONDoc('editchangepage.json.php',{'pagename':$('pagename').value});
d.addCallback(function(data) {
if (data.success) {
setEditorContent(data.content);
}
else {
displayMessage({'message':get_string('failedloadingpagecontent', $('pagename').value),
'type':'error'});
}
});
}
addLoadEvent(onLoad);
EOJS;
$jsstrings = array('requiredfieldempty','noresponse');
$smarty = smarty($js,array(),$jsstrings);
$smarty->assign('pageeditform', $form);
$smarty->assign('INLINEJAVASCRIPT', $ijs);
$smarty->display('admin/editsitepage.tpl');
?>
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage admin
* @author Richard Mansfield <richard.mansfield@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
$pagename = clean_requestdata('pagename', PARAM_ALPHAEXT, REQUEST_EITHER);
$pagetext = clean_requestdata('pagetext', PARAM_CLEANHTML, REQUEST_EITHER);
$result = array();
global $USER;
$data = new StdClass;
$data->name = $pagename;
$data->content = $pagetext;
$data->mtime = db_format_timestamp(time());
try {
$user = get_record('usr','username',$USER->username);
$data->muser = $user->id;
update_record('site_content',$data,'name');
$result['success'] = 'ok';
$result['message'] = get_string('savedsuccessfully');
}
catch (Exception $e) {
$result['success'] = 'error';
$result['message'] = $e->getMessage();
}
echo json_encode($result);
?>
......@@ -101,7 +101,19 @@ class AuthInternal extends Auth {
* @return bool Whether the password is valid
*/
public static function is_password_valid($password) {
return preg_match('/^[a-zA-Z0-9 ~!#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{6,}$/', $password);
if (!preg_match('/^[a-zA-Z0-9 ~!#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{6,}$/', $password)) {
return false;
}
// The password must have at least one digit and two letters in it
if (!preg_match('/[0-9]/', $password)) {
return false;
}
$password = preg_replace('/[a-zA-Z]/', "\0", $password);
if (substr_count($password, "\0") < 2) {
return false;
}
return true;
}
/*
......
......@@ -312,7 +312,12 @@ function auth_check_password_change() {
*
* This only applies to the internal authentication plugin.
*
* @todo check that the password isn't something simple, like 'mahara'.
* @todo As far as I can tell, the change password and registration forms will
* only be used for internal authentication. And so, by proxy, will the
* username/password valid methods for the Auth class. I think this means they
* can be removed from the Auth class, and instead just be part of AuthInternal
* since they don't need to be specified for other types.
*
* @param Form $form The form to check
* @param array $values The values to check
*/
......@@ -340,6 +345,7 @@ function change_password_validate(Form $form, $values) {
}
// The password cannot be the same as the old one
// @todo Use $USER to get the old password (if $USER has the password...)
if (!$form->get_error('password1') && $values['password1'] == get_field('usr', 'password', 'username', $SESSION->get('username'))) {
$form->set_error('password1', 'Your did not change your password!');
}
......
......@@ -57,8 +57,8 @@ foreach (array('docroot', 'dataroot') as $path) {
}
if (!isset($CFG->wwwroot) && isset($_SERVER['HTTP_HOST'])) {
$proto = (isset($_SERVER['HTTPS'])) ? 'https://' : 'http://';
$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
$path = substr(dirname(__FILE__), strlen($_SERVER['DOCUMENT_ROOT']));
$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
$path = substr(dirname(__FILE__), strlen($_SERVER['DOCUMENT_ROOT']));
if ($path) {
$path .= '/';
}
......@@ -100,6 +100,7 @@ try {
$db->SetFetchMode(ADODB_FETCH_ASSOC);
configure_dbconnection();
ensure_internal_plugins_exist();
ob_end_clean();
}
......
// Expects strings array
function get_string(s) {
// @todo Still need to sprintf these strings.
var flatargs = flattenArguments(arguments);
if (arguments.length > 1) {
argstr = '(' + flatargs.slice(1).join(',') + ')';
} else {
argstr = '';
}
if (typeof(strings) == 'undefined' || typeof(strings[s]) == 'undefined') {
return '[[[' + s + argstr + ']]]';
}
return strings[s] + argstr;
}
// Expects strings array
function get_string(s) {
// @todo Still need to sprintf these strings.
var flatargs = flattenArguments(arguments);
if (arguments.length > 1) {
argstr = '(' + flatargs.slice(1).join(',') + ')';
} else {
argstr = '';
}
if (typeof(strings) == 'undefined' || typeof(strings[s]) == 'undefined') {
return '[[[' + s + argstr + ']]]';
}
return strings[s] + argstr;
}
// Appends a status message to the end of elemid
function displayMessage(m, /* optional */ elemid) {
var color = 'red';
if (m.type == 'ok') {
color = 'green';
}
else if (m.type == 'info') {
color = '#aa6;';
}
if (typeof(elemid) == 'undefined') {
elemid = 'messages';
}
$(elemid).appendChild(DIV({'style':'color:'+color+';'},m.message));
}
// Tests if elements with the 'required' class have content and
// displays the appropriate message.
// Uses the html output from form.php to find the title of required
// fields: <label for="elementid">Element title</label>
function testRequired(e,formid) {
if (hasElementClass(e,'required') && e.value == '') {
var labels = getElementsByTagAndClassName('label',null,formid);
for (var j = 0; j < labels.length; j++) {
if (getNodeAttribute(labels[j],'for') == e.name) {
displayMessage({'message':get_string('requiredfieldempty',scrapeText(labels[j])),
'type':'error'});
return false;
}
}
displayMessage({'message':get_string('requiredfieldempty'),'type':'error'});
return false;
}
return true;
}
// Gets form elements, submits them to a url via post, and waits for a
// JSON response containing the result of the submission.
function submitForm(formid,url) {
if (typeof(tinyMCE) != 'undefined') {
tinyMCE.triggerSave();
}
var formelements = getElementsByTagAndClassName(null,formid,formid);
var data = {};
for (var i = 0; i < formelements.length; i++) {
if (testRequired(formelements[i])) {
data[formelements[i].name] = formelements[i].value;
}
else {
return false;
}
}
var req = getXMLHttpRequest();
req.open('POST',url);
req.setRequestHeader('Content-type','application/x-www-form-urlencoded');
var d = sendXMLHttpRequest(req,queryString(data));
d.addCallback(function (result) {
var data = evalJSONRequest(result);
displayMessage({'message':data.message,'type':data.success});
});
d.addErrback(function() { displayMessage(get_string('unknownerror'),'error'); });
displayMessage({'message':get_string('processingform'),'type':'info'});
return false;
}
function displayMessage(m) {
var color = 'red';
if (m.type == 'ok') {
color = 'green';
}
else if (m.type == 'info') {
color = '#aa6;';
}
var elemid = 'messages';
if (arguments.length > 1 && typeof(arguments[1]) == 'string') {
elemid = arguments[1];
}
$(elemid).appendChild(DIV({'style':'color:'+color+';'},m.message));
}
......@@ -24,18 +24,24 @@
*
*/
$string['dbconnfailed'] = 'Failed to connect to database, error message was %s';
$string['configsanityexception'] = '<p>It appears that your server\'s PHP configuration contains a setting that will prevent Mahara from working, or make your installation insecure.'
. ' More details follow:</p><div id="reason">%s</div><p>Once you have made the appropriate changes, reload this page.</p>';
// @todo<nigel>: most likely need much better descriptions here for these environment issues
$string['phpversion'] = 'Mahara will not run on PHP < 5.1.0. Please upgrade your PHP version, or move Mahara to a different host.';
$string['jsonextensionnotloaded'] = 'Your server configuration does not include the JSON extension. Mahara requires this in order to send some data to and from the browser. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['dbextensionnotloaded'] = 'Your server configuration does not include either the pgsql or mysqli extension. Mahara requires one of these in order to store data in a relational database. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['libxmlextensionnotloaded'] = 'Your server configuration does not include the libxml extension. Mahara requires this in order to parse XML data for the installer and for backups. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['gdextensionnotloaded'] = 'Your server configuration does not include the gd extension. Mahara requires this in order to perform resizes and other operations on uploaded images. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['sessionextensionnotloaded'] = 'Your server configuration does not include the session extension. Mahara requires this in order to support users logging in. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['registerglobals'] = 'You have dangerous PHP settings, register_globals is on. Mahara is trying to work around this, but you should really fix it';
$string['magicquotesgpc'] = 'You have dangerous PHP settings, magic_quotes_gpc is on. Mahara is trying to work around this, but you should really fix it';
$string['magicquotesruntime'] = 'You have dangerous PHP settings, magic_quotes_runtime is on. Mahara is trying to work around this, but you should really fix it';
$string['magicquotessybase'] = 'You have dangerous PHP settings, magic_quotes_sybase is on. Mahara is trying to work around this, but you should really fix it';
$string['configsanityexception'] = '<p>It appears that your server\'s PHP configuration contains a setting that will prevent $projectname from working, or make your installation insecure.'
. ' More details follow:</p><div id="reason">%s</div><p>Once you have made the appropriate changes, reload this page.</p>';
$string['safemodeon'] = '<p>Your server appears to be running safe mode. $projectname does not support running in safe mode. You must turn this off in either the php.ini file, or in your apache config for the site.</p><p>If you are on shared hosting, it is likely that there is little you can do to get safe_mode turned off, other than ask your hosting provider. Perhaps you could consider moving to a different host.</p>';
$string['safemodeon'] = '<p>Your server appears to be running safe mode. Mahara does not support running in safe mode. You must turn this off in either the php.ini file, or in your apache config for the site.</p><p>If you are on shared hosting, it is likely that there is little you can do to get safe_mode turned off, other than ask your hosting provider. Perhaps you could consider moving to a different host.</p>';
$string['datarootinsidedocroot'] = 'You have set up your data root to be inside your document root. This is a large security problem, as then anyone can directly request session data (in order to hijack other peoples\' sessions), or files that they are not allowed to access that other people have uploaded. Please configure the data root to be outside of the document root.';
$string['datarootnotwritable'] = 'Your defined data root directory, %s, is not writable. This means that neither session data, user files nor anything else that needs to be uploaded can be saved on your server. Please make the directory if it does not exist, or give ownership of the directory to the web server user if it does';
$string['jsonextensionnotloaded'] = 'Your server configuration does not include the JSON extension. $projectname requires this in order to send some data to and from the browser. Please make sure that it is loaded in php.ini, or install it if it is not installed.';
$string['dbconnfailed'] = 'Failed to connect to database, error message was %s';
?>
......@@ -17,8 +17,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage core or plugintype/pluginname
* @author Your Name <you@example.org>
* @subpackage lang
* @author Richard Mansfield <richard.mansfield@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
......
......@@ -26,13 +26,19 @@
defined('INTERNAL') || die();
$string['about'] = 'About';
$string['home'] = 'Home';
$string['loggedouthome'] = 'Logged out Home';
$string['loggedoutok'] = 'You have been logged out successfully';
$string['login'] = 'Log In';
$string['loginfailed'] = 'You have not provided the correct credentials to log in. Please check your username and password are correct.';
$string['password'] = 'Password';
$string['passworddesc'] = 'Your password';
$string['passwordhelp'] = 'The password you use to access the system.';
$string['privacy'] = 'Privacy';
$string['sessiontimedout'] = 'Your session has timed out, please enter your login details to continue';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright';
$string['username'] = 'Username';
$string['usernamedesc'] = 'Your username';
$string['usernamehelp'] = 'The username you have been given to access this system.';
......
......@@ -379,9 +379,15 @@ function exception (Exception $e) {
// if $e not Exception
// get language string based on class name
// rather than by switch on class name
$outputmessage =<<<EOF
<p>Sorry, an unrecoverable error occured. Eventually, this page will look nice
and say something that won't make the viewer think that they broke something,
but since at the moment the viewer is a developer, allow me to laugh at you :)</p>
<p><a href="#" onclick="history.go(-1)">back</a></p>
EOF;
switch (get_class($e)) {
case 'ConfigSanityException':
$message = get_string('configsanityexception', 'error', $e->getMessage());
$outputmessage = $message = get_string('configsanityexception', 'error', $e->getMessage());
break;
default:
$message = $e->getMessage();
......@@ -405,11 +411,8 @@ EOF;
echo insert_messages();
}
echo <<<EOF
<h1>OMGWTF</h1>
<p>Sorry, an unrecoverable error occured. Eventually, this page will look nice
and say something that won't make the viewer think that they broke something,
but since at the moment the viewer is a developer, allow me to laugh at you :)</p>
<p><a href="#" onclick="history.go(-1)">back</a></p>
<h1>OMGWTFBBQ</h1>
$outputmessage
<hr>
</body>
</html>
......
......@@ -675,7 +675,7 @@ class Form {
* @return string The attributes for the element
*/
public static function element_attributes($element, $exclude=array()) {
static $attributes = array('accesskey', 'class', 'dir', 'id', 'lang', 'maxlength', 'name', 'onclick', 'size', 'style', 'tabindex');
static $attributes = array('accesskey', 'class', 'dir', 'id', 'lang', 'name', 'onclick', 'size', 'style', 'tabindex');
$elementattributes = array_diff($attributes, $exclude);
$result = '';
foreach ($elementattributes as $attribute) {
......
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage form/element
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
defined('INTERNAL') || die();
/**
* Renders a button. Custom buttons are rendered nearly the same as
* normal submit buttons, only their name is changed (for use by the Form class
* internally).
*
* @param array $element The element to render
* @param Form $form The form to render the element for
* @return string The HTML for the element
*/
function form_render_button($element, $form) {
return '<input type="button"'
. Form::element_attributes($element)
. ' value="' . hsc($form->get_value($element)) . '">';
}
?>
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage form/element
* @subpackage form-element
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage form/element
* @subpackage form-element
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage form/element
* @subpackage form-element
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage form/element
* @subpackage form-element
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......
......@@ -33,10 +33,32 @@ defined('INTERNAL') || die();
*/
function ensure_sanity() {
// PHP version
if (version_compare(phpversion(), '5.1.0') < 0) {
throw new ConfigSanityException(get_string('phpversion', 'error'));
}
// Various required extensions
if (!extension_loaded('json')) {
throw new ConfigSanityException(get_string('jsonextensionnotloaded', 'error'));
}
if (!extension_loaded('pgsql') && !extension_loaded('mysqli')) {
throw new ConfigSanityException(get_string('dbextensionnotloaded', 'error'));
}
if (!extension_loaded('libxml')) {
throw new ConfigSanityException(get_string('libxmlextensionnotloaded', 'error'));
}
if (!extension_loaded('gd')) {
throw new ConfigSanityException(get_string('gdextensionnotloaded', 'error'));
}
if (!extension_loaded('session')) {
throw new ConfigSanityException(get_string('sessionextensionnotloaded', 'error'));
}
// register globals workaround
if (ini_get_bool('register_globals')) {
log_environ(get_string('registerglobals', 'error'));
$massivearray = array_keys(array_merge($_POST,$_GET,$_COOKIE,$_SERVER,$_REQUEST,$_FILES));