------------------------------------------------------------
revno: 1065
committer: Roger Martin <[email protected]>
branch nick: aikiframework
timestamp: Fri 2012-02-03 20:28:23 +0100
message:
bassel captcha added to upgrader
modified:
assets/apps/upgrader/library.php
assets/apps/upgrader/upgrader.css
assets/apps/upgrader/upgrader.php
--
lp:aikiframework
https://code.launchpad.net/~aikiframework-devel/aikiframework/trunk
Your team Aiki Framework Developers is subscribed to branch lp:aikiframework.
To unsubscribe from this branch go to
https://code.launchpad.net/~aikiframework-devel/aikiframework/trunk/+edit-subscription
=== modified file 'assets/apps/upgrader/library.php'
--- assets/apps/upgrader/library.php 2012-02-02 21:09:33 +0000
+++ assets/apps/upgrader/library.php 2012-02-03 19:28:23 +0000
@@ -114,9 +114,13 @@
form_hidden(2 );
case 2:
- return "%s<form method='post'>
+ return "<span class='wrong'>%s</span><form method='post'>
<p><label for='login'>". $t->t("Superuser login") ."</label><input type='text' name='login' id='login' class='user-input'></p>
- <p><label for='pass'>" . $t->t("Password") ."</label><input type='text' name='password' id='password' class='user-input'></p>".
+ <p><label for='pass'>" . $t->t("Password") ."</label><input type='password' name='password' id='password' class='user-input'></p>
+ <p><label for='captcha'>" . $t->t("Security Captcha check") ."</label>
+ <img src='../captcha/captcha.php' class='captcha' alt='Captcha'>
+ <input type='text' name='captcha' id='captcha' class='user-input'>
+ </p>".
form_hidden(3,false)."
</form>";
@@ -165,29 +169,36 @@
}
break;
- case 3:
-
+ case 3:
+
$username = stripslashes($_REQUEST["login"] );
$password = md5(md5(stripslashes($_REQUEST["password"] )));
+
+ if ( md5($_REQUEST["captcha"]) != $_SESSION['captcha_key'] ){
+ $step=2;
+ return $t->t("Wrong captcha");
+ }
+
$get_user = $db->get_row(
"SELECT * FROM aiki_users".
" WHERE username='$username' ".
" AND password='$password' ".
" AND usergroup=1 ".
" AND is_active=1" .
- " LIMIT 1");
+ " LIMIT 1");
+
if (!$get_user) {
$step=2;
- return $t->t("Wrong user name");
+ return $t->t("Wrong user name" );
}
- session_start();
- $_SESSION["is_root"]=1;
+
+ session_start(); // don't remove this line. IT'S NECESSARY
+ $_SESSION["updater_is_root"]=1;
return "";
case 4:
case 5:
- session_start();
- if ( !isset($_SESSION["is_root"])){
+ if ( !isset($_SESSION["updater_is_root"])){
$step=2;
}
}
=== modified file 'assets/apps/upgrader/upgrader.css'
--- assets/apps/upgrader/upgrader.css 2012-02-01 22:40:03 +0000
+++ assets/apps/upgrader/upgrader.css 2012-02-03 19:28:23 +0000
@@ -161,15 +161,28 @@
color: #333;
}
+.user-input {
+ width: 215px;
+}
+
+
+input#captcha {
+width: 5em ;
+margin:7px;
+float:left;}
+
+img.captcha {
+display:block;
+float:left;
+clear:left;
+margin:4px 8px 4px 0px;;
+padding: 3px;
+border: 1px solid #777;}
+
a.button,
input.button {
display:block;}
-
-.user-input {
- width: 215px !important;
-}
-
.user-input:focus {
border-color: #f57900}
@@ -184,6 +197,11 @@
padding: 5px 0px 2px 4px;
color: #888;}
+span.wrong {
+ color: #A00;
+ text-transform: uppercase;
+ font-weight: bold;
+ }
p.required {
clear: both;}
=== modified file 'assets/apps/upgrader/upgrader.php'
--- assets/apps/upgrader/upgrader.php 2012-02-01 22:40:03 +0000
+++ assets/apps/upgrader/upgrader.php 2012-02-03 19:28:23 +0000
@@ -51,7 +51,8 @@
*
*/
-if( !defined('IN_AIKI') ) {
+session_start();
+if ( !defined('IN_AIKI') ) {
// upgrader can be called directly.
include ("../../../bootstrap.php");
}
_______________________________________________
Mailing list: https://launchpad.net/~aikiframework-devel
Post to : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework-devel
More help : https://help.launchpad.net/ListHelp
