mylesmarkevich/ops-Gazelle
1
0
Fork 0
mirror of https://github.com/OPSnet/Gazelle.git synced 2026-01-16 18:04:34 -05:00
Code Issues Projects Releases Wiki Activity

allow toggling of cloaked password fields

Browse Source
This commit is contained in:
Spine
2022-12-22 21:06:04 +00:00
parent 669a416496
commit 6a3b46c05e
12 changed files with 68 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
classes/view.class.php
View File

@@ -17,36 +17,36 @@ class View {
}
$pageTitle .= SITE_NAME;
$js = [
'jquery',
'script_start',
'ajax.class',
'global',
];
if (DEBUG_MODE || $Viewer?->permitted('site_debug')) {
array_push($js, 'jquery-migrate', 'debug');
}
if (!empty($option['js'])) {
array_push($js, ...explode(',', $option['js']));
}
if (!isset($Viewer) || $pageTitle == 'Recover Password :: ' . SITE_NAME) {
array_push($js, 'cookie.class', 'storage.class');
echo $Twig->render('index/public-header.twig', [
'page_title' => html_entity_decode($pageTitle),
'script' => array_map(fn($s) => "$s.js", $js),
]);
return;
}
array_push($js, 'autocomplete', 'jquery.autocomplete', 'jquery.countdown.min');
$Style = [
'global.css',
];
if (!empty($option['css'])) {
array_push($Style, ...array_map(fn($s) => "$s/style.css", explode(',', $option['css'])));
}
$Scripts = [
'jquery',
'jquery.autocomplete',
'jquery.countdown.min',
'script_start',
'ajax.class',
'global',
'autocomplete',
];
if (!empty($option['js'])) {
array_push($Scripts, ...explode(',', $option['js']));
}
if (DEBUG_MODE || $Viewer->permitted('site_debug')) {
array_push($Scripts, 'jquery-migrate', 'debug');
}
if ($Viewer->option('Tooltipster') ?? 1) {
array_push($Scripts, 'tooltipster', 'tooltipster_settings');
array_push($js, 'tooltipster', 'tooltipster_settings');
$Style[] = 'tooltipster/style.css';
}
if ($Viewer->option('UseOpenDyslexic')) {
@@ -65,7 +65,7 @@ class View {
}
}
if ($notifier->useNoty()) {
array_push($Scripts, 'noty/noty', 'noty/layouts/bottomRight', 'noty/themes/default', 'user_notifications');
array_push($js, 'noty/noty', 'noty/layouts/bottomRight', 'noty/themes/default', 'user_notifications');
}
$payMan = new Gazelle\Manager\Payment;
@@ -138,7 +138,7 @@ class View {
echo $Twig->render('index/private-header.twig', [
'auth_args' => '&user=' . $Viewer->id() . '&passkey=' . $Viewer->announceKey() . '&authkey=' . $Viewer->auth() . '&auth=' . $Viewer->rssAuth(),
'page_title' => html_entity_decode($pageTitle),
'script' => array_map(fn($s) => "$s.js", $Scripts),
'script' => array_map(fn($s) => "$s.js", $js),
'style' => new Gazelle\User\Stylesheet($Viewer),
'style_extra' => $Style,
'viewer' => $Viewer,

2
gazelle.php
View File

@@ -155,7 +155,7 @@ $Cache->cache_value('php_' . getmypid(), [
'get' => $_GET,
'post' => array_diff_key(
$_POST,
array_fill_keys(['password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'], true)
array_fill_keys(['password', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'], true)
)
], 600);

16
public/static/functions/password.js Normal file
View File

@@ -0,0 +1,16 @@
document.addEventListener('DOMContentLoaded', function() {
$('#password_toggle').click(function () {
for (name of ['password', 'new_pass_1', 'new_pass_2']) {
if (document.getElementById(name)) {
field = document.getElementById(name);
if (field.getAttribute("type") === "password") {
field.setAttribute("type", "text");
$('#password_toggle').raw().innerHTML ='😮';
} else {
field.setAttribute("type", "password");
$('#password_toggle').raw().innerHTML = '🫣';
}
}
}
});
});

2
public/static/functions/password_validate.js
View File

@@ -99,7 +99,7 @@ function calculateComplexity(password) {
if (isUserPage()) {
irckey = $("#irckey").val();
oldPassword =$("#cur_pass").val();
oldPassword =$("#password").val();
}
if (length >= 8 && length < 20) {

8
sections/user/take_edit.php
View File

@@ -135,18 +135,18 @@ if (isset($_POST['p_donor_stats'])) {
$NewEmail = false;
if ($user->email() != $_POST['email']) {
if (!$Viewer->permitted('users_edit_profiles') && !$user->validatePassword($_POST['cur_pass'])) {
if (!$Viewer->permitted('users_edit_profiles') && !$user->validatePassword($_POST['password'])) {
error('You must enter your current password when changing your email address.');
}
$NewEmail = $_POST['email'];
}
$ResetPassword = false;
if (!empty($_POST['cur_pass']) && !empty($_POST['new_pass_1']) && !empty($_POST['new_pass_2'])) {
if (!$user->validatePassword($_POST['cur_pass'])) {
if (!empty($_POST['password']) && !empty($_POST['new_pass_1']) && !empty($_POST['new_pass_2'])) {
if (!$user->validatePassword($_POST['password'])) {
error('You did not enter the correct password.');
} else {
if ($_POST['cur_pass'] == $_POST['new_pass_1']) {
if ($_POST['password'] == $_POST['new_pass_1']) {
error('Your new password cannot be the same as your old password.');
} else if ($_POST['new_pass_1'] !== $_POST['new_pass_2']) {
error('You did not enter the same password twice.');

11
templates/email/email-address-change.twig
View File

@@ -1,7 +1,6 @@
Dear {{ username }},
At {{ now }} UTC, a request from {{ ipaddr }} was received
to change your email address for {{ constant('SITE_NAME') }}.
At {{ now }} UTC, your email address was changed for {{ constant('SITE_NAME') }}.
The new address is {{ new_email }} . Please take a moment to
verify that you did not made a mistake when entering it.
@@ -13,9 +12,13 @@ address, then either someone has guessed your password or you left a
session logged in somewhere. In either case, you should contact us
immediately. Come to {{ constant('BOT_SERVER') }} and join the {{ constant('BOT_DISABLED_CHAN') }} channel.
If you receive another email saying your password was changed
If you receive another message saying your password was changed
and you did not request it, you account has almost certainly
been taken over by a third party.
The useragent string sent by the browser was:
The change was initiated from {{ ipaddr }} and the useragent string
sent by the browser was:
{{ user_agent }}
Take care,
{{ constant('SITE_NAME') }} staff

11
templates/email/password-change.twig
View File

@@ -1,7 +1,6 @@
Dear {{ username }},
At {{ now }} UTC, a request from {{ ipaddr }} was received
to change your password for {{ constant('SITE_NAME') }}.
At {{ now }} UTC, your password was changed for {{ constant('SITE_NAME') }}.
If you made this change then you may safely ignore this message.
@@ -10,9 +9,13 @@ guessed your existing password or you left a session logged in
somewhere. In either case, you should contact us immediately.
Come to {{ constant('BOT_SERVER') }} and join the {{ constant('BOT_DISABLED_CHAN') }} channel.
If you receive another email saying your email address was
If you receive another message saying your email address was
changed and you did not request it, you account has almost
certainly been taken over by a third party.
The useragent string sent by the browser was:
The change was initiated from {{ ipaddr }} and the useragent string
sent by the browser was:
{{ user_agent }}
Take care,
{{ constant('SITE_NAME') }} staff

12
templates/index/public-header.twig
View File

@@ -9,15 +9,9 @@
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="apple-touch-icon" href="/apple-touch-icon.png" />
{{ css('public/style.css') }}
{{ script('jquery.js') }}
{% if constant('DEBUG_MODE') %}
{{ script('jquery-migrate.js') }}
{% endif %}
{{ script('script_start.js') }}
{{ script('ajax.class.js') }}
{{ script('cookie.class.js') }}
{{ script('storage.class.js') }}
{{ script('global.js') }}
{% for js in script %}
{{ script(js) }}
{% endfor %}
</head>
<body>
<div id="maincontent">

3
templates/login/login.twig
View File

@@ -1,5 +1,5 @@
{% from 'macro/form.twig' import checked %}
{{ header('Login') }}
{{ header('Login', {'js': 'password'}) }}
<span id="no-cookies" class="hidden warning-login">You appear to have cookies disabled.<br /><br /></span>
<noscript><span class="warning-login">{{ constant('SITE_NAME') }} requires JavaScript to function properly.
@@ -56,6 +56,7 @@ Please enable JavaScript in your browser.</span><br /><br /></noscript>
<div>
<label for="password">Password</label>
<input type="password" name="password" id="password" class="inputtext" required="required" pattern=".{6,}" placeholder="Password" />
<span id="password_toggle">&#x1FAE3;</span>
</div>
<div>
<label title="2FA key (or recovery key), if configured" for="keeplogged">2FA Key</label>

7
templates/login/new-password.twig
View File

@@ -1,4 +1,4 @@
{{ header('Recover Password') }}
{{ header('Recover Password', {'js': 'password'}) }}
{% include 'logo.twig' %}
<div id="main">
@@ -19,7 +19,10 @@
<table class="layout" cellpadding="2" cellspacing="1" border="0" align="center" width="100%">
<tr valign="top">
<td align="right" style="width: 140px;">Password&nbsp;</td>
<td align="left"><input type="password" name="password" id="new_pass_1" class="inputtext" /> <strong id="pass_strength"></strong></td>
<td align="left"><input type="password" name="password" id="new_pass_1" class="inputtext" />
<span id="password_toggle">&#x1FAE3;</span>
<strong id="pass_strength"></strong>
</td>
</tr>
<tr valign="top">
<td align="right">Confirm Password&nbsp;</td>

3
templates/user/setting.twig
View File

@@ -1,5 +1,4 @@
{{ header(user.username ~ " &rsaquo; Settings",
{'js': 'user,jquery-ui,release_sort,password_validate,validate,cssgallery,preview_paranoia,bbcode,user_settings,donor_titles'}) }}
{{ header(user.username ~ " &rsaquo; Settings", {'js': 'bbcode,cssgallery,donor_titles,jquery-ui,password,password_validate,preview_paranoia,release_sort,user,user_settings,validate'}) }}
{{ js|raw }}
<div class="thin">
<div class="header">

3
templates/user/setting/access.twig
View File

@@ -55,7 +55,8 @@
<td>
<div class="field_div">
<label>Current password:<br />
<input type="password" size="40" name="cur_pass" id="cur_pass" value="" /></label>
<input type="password" size="40" name="password" id="password" value="" /></label>
<span id="password_toggle">&#x1FAE3;</span>
</div>
<div class="field_div">
<label>New password:<br />