r20151022

Signed-off-by: Flashwave <me@flash.moe>
This commit is contained in:
Pachira 2015-10-22 16:24:18 +02:00
parent d73b73c026
commit 0c77fa438e
7 changed files with 150 additions and 5 deletions

View file

@ -137,6 +137,17 @@ class Users
return [0, 'AUTH_LOCKED'];
}
// Check if we haven't hit the rate limit
$rates = Database::fetch('login_attempts', true, [
'attempt_ip' => [Main::getRemoteIP(), '='],
'attempt_timestamp' => [time() - 1800, '>'],
'attempt_success' => [0, '='],
]);
if (count($rates) > 4) {
return [0, 'RATE_LIMIT'];
}
// Check if the user that's trying to log in actually exists
if (!$uid = self::userExists($username, false)) {
return [0, 'USER_NOT_EXIST'];
@ -159,14 +170,14 @@ class Users
$user['password_salt'],
$user['password_hash'],
])) {
return [0, 'INCORRECT_PASSWORD', $user['password_chan']];
return [0, 'INCORRECT_PASSWORD', $user['user_id'], $user['password_chan']];
}
}
// Check if the user has the required privs to log in
if (Permissions::check('SITE', 'DEACTIVATED', $user['user_id'], 1)) {
return [0, 'NOT_ALLOWED'];
return [0, 'NOT_ALLOWED', $user['user_id']];
}
// Create a new session

View file

@ -8,7 +8,7 @@
namespace Sakura;
// Define Sakura version
define('SAKURA_VERSION', '20151020');
define('SAKURA_VERSION', '20151022');
define('SAKURA_VLABEL', 'Eminence');
define('SAKURA_COLOUR', '#6C3082');
define('SAKURA_STABLE', false);
@ -161,6 +161,7 @@ if (!defined('SAKURA_NO_TPL')) {
'siteTags' => implode(", ", json_decode(Configuration::getConfig('sitetags'), true)),
'dateFormat' => Configuration::getConfig('date_format'),
'currentPage' => '//' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
'referrer' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null),
'recaptchaPublic' => Configuration::getConfig('recaptcha_public'),
'recaptchaEnabled' => Configuration::getConfig('recaptcha'),

View file

@ -58,6 +58,11 @@
<input class="inputStyling" type="submit" name="post" value="Post" />
<input class="inputStyling" type="button" onclick="history.go(-1);" value="Cancel" />
</div>
{% if posting.id %}
<input type="hidden" name="id" value="posting.id" />
{% endif %}
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
<input type="hidden" name="timestamp" value="{{ php.time }}" />
</form>
</div>
</div>

View file

@ -0,0 +1,22 @@
{% extends 'global/master.tpl' %}
{% block title %}Confirmation{% endblock %}
{% block content %}
<div class="content standalone">
<div>
<h1>{% block header %}Confirmation{% endblock %}</h1>
<hr class="default" />
{{ message }}
<form method="post" action="{{ sakura.currentPage }}" id="confirmationForm">
<input type="hidden" name="sessionid" value="{{ php.sessionid }}" />
<input type="hidden" name="timestamp" value="{{ php.time }}" />
{% for key,value in conditions %}
<input type="hidden" name="{{ key }}" value="{{ value }}" />
{% endfor %}
<input type="submit" class="inputStyling" name="yes" value="Yes" />
<input type="submit" class="inputStyling" name="no" value="No" />
</form>
</div>
</div>
{% endblock %}

View file

@ -178,10 +178,22 @@ if (isset($_REQUEST['mode'])) {
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'NOT_ALLOWED' => 'Your account does not have the required permissions to log in.',
'NO_LOGIN' => 'Logging into this account is disabled.',
'RATE_LIMIT' => 'Your IP has hit the login rate limit, try again later.',
'LOGIN_SUCCESS' => 'Login successful!',
];
// Check if we're not RATE_LIMIT
if ($login[1] != 'RATE_LIMIT') {
// Add to database
Database::insert('login_attempts', [
'attempt_success' => $login[0],
'attempt_timestamp' => time(),
'attempt_ip' => Main::getRemoteIP(),
'user_id' => isset($login[2]) ? $login[2] : 0,
]);
}
// Add page specific things
$renderData['page'] = [

View file

@ -1824,6 +1824,12 @@ textarea.inputStyling {
padding-left: 5px;
}
@media (max-width: 512px) {
.forum .forumList .forumForum .forumLastColumn {
display: none;
}
}
.forum .topicList {
width: 100%;
border-spacing: 0;

View file

@ -40,7 +40,7 @@ if ($mode != 'f') {
// Add page specific things
$renderData['page'] = [
'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')),
'message' => 'The requested thread does not exist.',
'message' => 'The requested post does not exist.',
];
// Render information page
@ -55,10 +55,98 @@ if ($mode != 'f') {
// Add subject to render data
$posting['text'] = '[quote]' . $post['post_text'] . '[/quote]';
// Post editing
} elseif ($mode == 'p' && isset($_GET['edit']) && $_GET['edit'] == $_GET['p'] && array_key_exists($_GET['p'], $topic['posts'])) {
// Checks
if ($topic['posts'][$_GET['p']]['poster_id'] != $currentUser->data['user_id']) {
// Add page specific things
$renderData['page'] = [
'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')),
'message' => 'You can only edit your own posts!',
];
// Render information page
print Templates::render('global/information.tpl', $renderData);
exit;
}
// Reassign post for ease
$post = $topic['posts'][$_GET['p']];
// Set variables
$posting = array_merge($posting, [
'subject' => $post['post_subject'],
'text' => $post['post_text'],
'id' => $post['post_id']
]);
// Post deletion
} elseif ($mode == 'p' && isset($_GET['delete']) && $_GET['delete'] == $_GET['p'] && array_key_exists($_GET['p'], $topic['posts'])) {
// Checks
if ($topic['posts'][$_GET['p']]['poster_id'] != $currentUser->data['user_id']) {
// Add page specific things
$renderData['page'] = [
'redirect' => (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('FORUM_INDEX')),
'message' => 'You can only delete your own posts!',
];
// Render information page
print Templates::render('global/information.tpl', $renderData);
exit;
}
// Submit mode
if (isset($_POST['timestamp'], $_POST['sessionid'], $_POST['post_id'])) {
// Post deletion code
if (isset($_POST['yes'])) {
// Delete the post
Database::delete('posts', [
'post_id' => [$_POST['post_id'], '='],
]);
// Reload the topic
$topic = Forum::getTopic($topicId, true);
// If there's no more posts left in the topic delete it as well
if (!count($topic['posts'])) {
Database::delete('topics', [
'topic_id' => [$topic['topic']['topic_id'], '='],
]);
}
// Add page specific things
$renderData['page'] = [
'redirect' => (count($topic['posts']) ? $urls->format('FORUM_THREAD', [$topic['topic']['topic_id']]) : $urls->format('FORUM_INDEX')),
'message' => 'Your post has been deleted!',
];
// Render information page
print Templates::render('global/information.tpl', $renderData);
exit;
// Return to previous page
} else {
header('Location: '. $urls->format('FORUM_POST', [$_POST['post_id']]));
exit;
}
}
// Form mode
$renderData = array_merge($renderData, [
'message' => 'Are you sure you want to delete your reply to ' . $topic['topic']['topic_title'] . '?',
'conditions' => [
'post_id' => $topic['posts'][$_GET['p']]['post_id']
]
]);
// Render confirmation form
print Templates::render('global/confirm.tpl', $renderData);
exit;
}
// Add subject to render data
$posting['subject'] = 'Re: '. $topic['topic']['topic_title'];
if(!isset($posting['subject'])) {
$posting['subject'] = 'Re: ' . $topic['topic']['topic_title'];
}
}
// Check if a post is being made