Commit e04958c6 authored by Martyn Smith's avatar Martyn Smith Committed by Martyn Smith
Browse files
parents d544acbe 3c7e6aa1
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage auth/internal
* @subpackage auth-internal
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......@@ -27,5 +27,10 @@
defined('INTERNAL') || die();
$string['internal'] = 'Internal';
$string['passwordinvalidform'] = 'Your password must be at least six characters long and contain at least one digit and two letters';
$string['passwordtooeasy'] = 'Your password is too easy! Please choose a harder password';
$string['passwordnotchanged'] = 'You did not change your password, please choose a new password';
$string['passwordsaved'] = 'Your new password has been saved';
$string['passwordsdonotmatch'] = 'The passwords do not match';
?>
......@@ -218,6 +218,12 @@ function auth_setup () {
return $USER;
}
else if ($sessionlogouttime > 0) {
if (isset($_GET['logout'])) {
log_debug('logging user ' . $SESSION->get('username') . ' out');
$SESSION->logout();
$SESSION->add_ok_msg(get_string('loggedoutok'));
redirect(get_config('wwwroot'));
}
// The session timed out
log_debug('session timed out');
$SESSION->logout();
......@@ -231,7 +237,8 @@ function auth_setup () {
// There is no session, so we check to see if one needs to be started.
// Build login form. If the form is submitted it will be handled here,
// and set $USER for us.
// and set $USER for us (this will happen when users hit a page and
// specify login data immediately
require_once('form.php');
$form = new Form(auth_get_login_form());
if ($USER) {
......@@ -270,9 +277,8 @@ function auth_get_authtype_for_institution($institution) {
* via the internal form difficult.
*/
function auth_check_password_change($user) {
global $SESSION;
log_debug('checking if the user needs to change their password');// @todo change this to $user instead of $SESSION, as long as it's safe
if (auth_get_authtype_for_institution($SESSION->get('institution')) == 'internal' && $SESSION->get('passwordchange')) {
log_debug('checking if the user needs to change their password');
if (auth_get_authtype_for_institution($user->institution) == 'internal' && $user->passwordchange) {
log_debug('user DOES need to change their password');
require_once('form.php');
$form = array(
......@@ -311,27 +317,36 @@ function auth_check_password_change($user) {
/**
* Check if the given user's account has expired
*
* @param object $user The user to check for the expired password.
* @todo maybe later, just use $USER because that's all we are actually checking...
* @private
*/
function auth_check_user_expired($user) {
log_debug('Checking to see if the user has expired');
if ($user->expiry > 0 && time() > $user->expiry) {
// Trash the $USER object, used for checking if the user is logged in
// Trash the $USER object, used for checking if the user is logged in.
// Smarty uses it otherwise...
global $USER;
$USER = null;
die_info('Sorry, your account has expired');
die_info(get_string('accountexpired'));
}
}
function auth_check_user_suspended() {
/**
* Check if the given user's account has been suspended
*
* @param object $user The user to check for the suspended account.
* @private
*/
function auth_check_user_suspended($user) {
global $USER;
log_debug('Checking to see if the user is suspended');
$suspend = get_record('usr_suspension', 'usr', $USER->id);
log_debug($suspend);
$suspend = get_record('usr_suspension', 'usr', $user->id);
if ($suspend) {
global $USER;
$USER = null;
die_info('Sorry, your account has been SUSPENDED!');
die_info(get_string('accountsuspended', 'mahara', $suspend->ctime, $suspend->reason));
}
}
......@@ -346,6 +361,10 @@ function auth_check_user_suspended() {
* can be removed from the Auth class, and instead just be part of AuthInternal
* since they don't need to be specified for other types.
*
* Furthermore, I think that the change_password stuff (as well as suspended
* and expired) are also quite possibly related to internal only. This will
* require a lot of thought about how to best structure it.
*
* @param Form $form The form to check
* @param array $values The values to check
*/
......@@ -361,7 +380,7 @@ function change_password_validate(Form $form, $values) {
// Check that the password is in valid form
if (!$form->get_error('password1')
&& !call_static_method('AuthInternal', 'is_password_valid', $values['password1'])) {
$form->set_error('password1', 'Your password is not in a valid form');
$form->set_error('password1', get_string('passwordinvalidform', 'auth.internal'));
}
// The password must not be too easy :)
......@@ -369,18 +388,17 @@ function change_password_validate(Form $form, $values) {
'mahara', 'password', $SESSION->get('username')
);
if (!$form->get_error('password1') && in_array($values['password1'], $suckypasswords)) {
$form->set_error('password1', 'Your password is too easy! Please choose a harder password');
$form->set_error('password1', get_string('passwordtooeasy', 'auth.internal'));
}
// The password cannot be the same as the old one
// @todo Use $USER to get the old password (if $USER has the password...)
if (!$form->get_error('password1') && $values['password1'] == get_field('usr', 'password', 'username', $SESSION->get('username'))) {
$form->set_error('password1', 'Your did not change your password!');
if (!$form->get_error('password1') && $values['password1'] == $USER->password) {
$form->set_error('password1', get_string('passwordnotchanged', 'auth.internal'));
}
// The passwords must match
if (!$form->get_error('password1') && !$form->get_error('password2') && $values['password1'] != $values['password2']) {
$form->set_error('password2', 'Your passwords do not match');
$form->set_error('password2', get_string('passwordsdonotmatch', 'auth.internal'));
}
}
else {
......@@ -414,7 +432,7 @@ function change_password_submit($values) {
update_record('usr', $user, $where);
$SESSION->set('passwordchange', 0);
$SESSION->add_ok_msg('Your new password has been saved');
$SESSION->add_ok_msg(get_string('passwordsaved', 'auth.internal'));
redirect(get_config('wwwroot'));
exit;
}
......@@ -448,9 +466,11 @@ function auth_draw_login_page($message=null, Form $form=null) {
else {
require_once('form.php');
$loginform = form(auth_get_login_form());
// If this is true, the form was submitted even before being built.
// This happens when a user's session times out and they resend post
// data. The request should just continue if so.
/*
* If $USER is set, the form was submitted even before being built.
* This happens when a user's session times out and they resend post
* data. The request should just continue if so.
*/
if ($USER) {
return;
}
......
......@@ -59,6 +59,7 @@ class Session {
'logout_time' => 0,
'id' => 0,
'username' => '',
'password' => '',
'passwordchange' => false,
'institution' => 'mahara'
);
......
// Expects strings array
function get_string(s) {
// @todo Still need to sprintf these strings.
var flatargs = flattenArguments(arguments);
if (arguments.length > 1) {
argstr = '(' + flatargs.slice(1).join(',') + ')';
} else {
argstr = '';
}
var args = flattenArguments(arguments).slice(1);
if (typeof(strings) == 'undefined' || typeof(strings[s]) == 'undefined') {
return '[[[' + s + argstr + ']]]';
return '[[[' + s + ((args.length > 0) ? ('(' + args.join(',') + ')') : '') + ']]]';
}
var str = strings[s];
// @todo Need to sprintf these strings properly.
for (var i = 0; i < args.length; i++) {
str = str.replace('%s',args[i]);
}
return strings[s] + argstr;
return str;
}
// Appends a status message to the end of elemid
......@@ -39,7 +38,7 @@ function testRequired(e,formid) {
var labels = getElementsByTagAndClassName('label',null,formid);
for (var j = 0; j < labels.length; j++) {
if (getNodeAttribute(labels[j],'for') == e.name) {
displayMessage({'message':get_string('requiredfieldempty',scrapeText(labels[j])),
displayMessage({'message':get_string('namedfieldempty',scrapeText(labels[j])),
'type':'error'});
return false;
}
......
......@@ -29,20 +29,24 @@ defined('INTERNAL') || die();
$string['about'] = 'About';
$string['home'] = 'Home';
$string['loggedouthome'] = 'Logged out Home';
$string['privacy'] = 'Privacy';
$string['sessiontimedout'] = 'Your session has timed out, please enter your login details to continue';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright';
$string['cancel'] = 'Cancel';
// auth
$string['accountexpired'] = 'Sorry, your account has expired';
$string['accountsuspended'] = 'Your account has been suspeneded as of %s. The reason for your suspension is:<blockquote>%s</blockquote>';
$string['loggedoutok'] = 'You have been logged out successfully';
$string['login'] = 'Log In';
$string['loginfailed'] = 'You have not provided the correct credentials to log in. Please check your username and password are correct.';
$string['password'] = 'Password';
$string['passworddesc'] = 'Your password';
$string['passwordhelp'] = 'The password you use to access the system.';
$string['privacy'] = 'Privacy';
$string['sessiontimedout'] = 'Your session has timed out, please enter your login details to continue';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright';
$string['username'] = 'Username';
$string['usernamedesc'] = 'Your username';
$string['usernamehelp'] = 'The username you have been given to access this system.';
$string['cancel'] = 'Cancel';
// Admin site page editor
$string['discardchanges'] = 'Discard your changes to this page?';
......@@ -51,6 +55,7 @@ $string['pagename'] = 'Page name';
$string['pagetext'] = 'Page text';
// mahara.js
$string['namedfieldempty'] = 'The required field "%s" is empty';
$string['processingform'] = 'Processing form';
$string['requiredfieldempty'] = 'A required field is empty';
$string['unknownerror'] = 'An unknown error occurred (0x20f91a0)';
......
......@@ -82,7 +82,7 @@ function form_renderer_table($builtelement, $rawelement) {
}
if (!empty($rawelement['error'])) {
$result .= "\t<tr>\n\t\t<td class=\"errmsg\">";
$result .= "\t<tr>\n\t\t<td colspan=\"2\" class=\"errmsg\">";
$result .= hsc($rawelement['error']);
$result .= "</td>\n\t</tr>\n";
}
......
......@@ -142,15 +142,6 @@ function ensure_internal_plugins_exist() {
function get_string($identifier, $section='mahara') {
$langconfigstrs = array('parentlanguage', 'strftimedate', 'strftimedateshort', 'strftimedatetime',
'strftimedaydate', 'strftimedaydatetime', 'strftimedayshort', 'strftimedaytime',
'strftimemonthyear', 'strftimerecent', 'strftimerecentfull', 'strftimetime',
'thislanguage');
if (in_array($identifier, $langconfigstrs)) {
$section = 'langconfig';
}
$variables = func_get_args();
if (count($variables) > 2) { // we have some stuff we need to sprintf
array_shift($variables);
......@@ -160,6 +151,40 @@ function get_string($identifier, $section='mahara') {
$variables = array();
}
return get_string_location($identifier, $section, $variables);
}
// get a string without sprintfing it.
function get_raw_string($identifier, $section='mahara') {
// For a raw string we don't want to format any arguments using
// sprintf, so the replace function passed to get_string_location
// should just return the first argument and ignore the second.
return get_string_location($identifier, $section, array(), create_function('$a,$b','return $a;'));
}
/**
* This function gets a language string identified by $identifier from
* an appropriate location, and formats the string and any arguments
* in $variables using the function $replacefunc.
*
* @param string $identifier
* @param string $section
* @param array $variables
* @param function $replacefunc
* @return string
*/
function get_string_location($identifier, $section, $variables, $replacefunc='format_langstring') {
$langconfigstrs = array('parentlanguage', 'strftimedate', 'strftimedateshort', 'strftimedatetime',
'strftimedaydate', 'strftimedaydatetime', 'strftimedayshort', 'strftimedaytime',
'strftimemonthyear', 'strftimerecent', 'strftimerecentfull', 'strftimetime',
'thislanguage');
if (in_array($identifier, $langconfigstrs)) {
$section = 'langconfig';
}
$lang = current_language();
// Define the locations of language strings for this section
......@@ -173,7 +198,7 @@ function get_string($identifier, $section='mahara') {
$extras = plugin_types(); // more later..
foreach ($extras as $tocheck) {
if (strpos($section,$tocheck . '.') === 0) {
$pluginname = substr($section,strlen($tocheck) + 1);
$pluginname = substr($section ,strlen($tocheck) + 1);
$locations[] = $docroot . $tocheck . '/' . $pluginname . '/lang/';
}
}
......@@ -185,7 +210,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . $lang . '/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -197,7 +222,6 @@ function get_string($identifier, $section='mahara') {
}
// Is a parent language defined? If so, try to find this string in a parent language file
foreach ($locations as $location) {
$langfile = $location . $lang . '/langconfig.php';
if (is_readable($langfile)) {
......@@ -205,7 +229,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . $parentlang . '/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -218,7 +242,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . 'en.utf8/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -227,7 +251,6 @@ function get_string($identifier, $section='mahara') {
}
/**
* This function is only used from {@link get_string()}.
*
......
......@@ -87,7 +87,7 @@ function &smarty($javascript = array(), $headers = array(), $strings = array())
}
if (!empty($strings)) {
foreach ($strings as &$string) {
$string = '"' . $string . '":"' . addslashes(get_string($string)) . '"';
$string = '"' . $string . '":"' . addslashes(get_raw_string($string)) . '"';
}
$stringjs = '<script language="javascript" type="text/javascript">';
$stringjs .= 'var strings={' . implode(',', $strings) . '};';
......@@ -123,7 +123,8 @@ function &smarty($javascript = array(), $headers = array(), $strings = array())
}
function maharajsstrings() {
return array('processingform',
return array('namedfieldempty',
'processingform',
'requiredfieldempty',
'unknownerror');
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment