From 1f51d663a0d651cfc8ff172357ce1b57823f8480 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 3 Feb 2010 08:18:53 -0800 Subject: Correct missing function name. --- modules/gallery/helpers/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 717cf40a..45561861 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -102,7 +102,7 @@ class auth_Core { /** * Clear any failed logins for this user */ - static function clear_failed_logins($user) { + static function clear_failed_auth_attempts($user) { db::build() ->delete("failed_logins") ->where("name", "=", $user->name) -- cgit v1.2.3 From 5c0c33782d7dd3556adecb9593f25f2cff06401a Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 6 Feb 2010 12:19:55 -0800 Subject: Fix for ticket 892: Avoid double escaping of HTML entities, instead use Unicode in the source code for the locale names (as we do in other places already). Note: Also fixing the localized name of Ukrainian. For some reason it was garbled before. --- modules/gallery/helpers/locales.php | 88 ++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 44 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index dc32b12f..d209d414 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -63,50 +63,50 @@ class locales_Core { // @todo Might want to add a localizable language name as well. private static function _init_language_data() { - $l["af_ZA"] = "Afrikaans"; // Afrikaans - $l["ar_SA"] = "العربية"; // Arabic - $l["be_BY"] = "Беларускі"; // Belarusian - $l["bg_BG"] = "Български"; // Bulgarian - $l["ca_ES"] = "Catalan"; // Catalan - $l["cs_CZ"] = "Česky"; // Czech - $l["da_DK"] = "Dansk"; // Danish - $l["de_DE"] = "Deutsch"; // German - $l["el_GR"] = "Greek"; // Greek - $l["en_GB"] = "English (UK)"; // English (UK) - $l["en_US"] = "English (US)"; // English (US) - $l["es_AR"] = "Español (AR)"; // Spanish (AR) - $l["es_ES"] = "Español"; // Spanish (ES) - $l["es_MX"] = "Español (MX)"; // Spanish (MX) - $l["et_EE"] = "Eesti"; // Estonian - $l["eu_ES"] = "Euskara"; // Basque - $l["fa_IR"] = "فارسي"; // Farsi - $l["fi_FI"] = "Suomi"; // Finnish - $l["fr_FR"] = "Français"; // French - $l["ga_IE"] = "Gaeilge"; // Irish - $l["he_IL"] = "עברית"; // Hebrew - $l["hu_HU"] = "Magyar"; // Hungarian - $l["is_IS"] = "Icelandic"; // Icelandic - $l["it_IT"] = "Italiano"; // Italian - $l["ja_JP"] = "日本語"; // Japanese - $l["ko_KR"] = "한국말"; // Korean - $l["lt_LT"] = "Lietuvių"; // Lithuanian - $l["lv_LV"] = "Latviešu"; // Latvian - $l["nl_NL"] = "Nederlands"; // Dutch - $l["no_NO"] = "Norsk bokmål"; // Norwegian - $l["pl_PL"] = "Polski"; // Polish - $l["pt_BR"] = "Português Brasileiro"; // Portuguese (BR) - $l["pt_PT"] = "Português"; // Portuguese (PT) - $l["ro_RO"] = "Română"; // Romanian - $l["ru_RU"] = "Русский"; // Russian - $l["sk_SK"] = "Slovenčina"; // Slovak - $l["sl_SI"] = "Slovenščina"; // Slovenian - $l["sr_CS"] = "Srpski"; // Serbian - $l["sv_SE"] = "Svenska"; // Swedish - $l["tr_TR"] = "Türkçe"; // Turkish - $l["uk_UA"] = "Українська"; // Ukrainian - $l["vi_VN"] = "Tiếng Việt"; // Vietnamese - $l["zh_CN"] = "简体中文"; // Chinese (CN) - $l["zh_TW"] = "繁體中文"; // Chinese (TW) + $l["af_ZA"] = "Afrikaans"; // Afrikaans + $l["ar_SA"] = "العربي"; // Arabic + $l["be_BY"] = "Беларускі"; // Belarusian + $l["bg_BG"] = "български"; // Bulgarian + $l["ca_ES"] = "Catalan"; // Catalan + $l["cs_CZ"] = "čeština"; // Czech + $l["da_DK"] = "Dansk"; // Danish + $l["de_DE"] = "Deutsch"; // German + $l["el_GR"] = "Greek"; // Greek + $l["en_GB"] = "English (UK)"; // English (UK) + $l["en_US"] = "English (US)"; // English (US) + $l["es_AR"] = "Español (AR)"; // Spanish (AR) + $l["es_ES"] = "Español"; // Spanish (ES) + $l["es_MX"] = "Español (MX)"; // Spanish (MX) + $l["et_EE"] = "Eesti"; // Estonian + $l["eu_ES"] = "Euskara"; // Basque + $l["fa_IR"] = "فارس"; // Farsi + $l["fi_FI"] = "Suomi"; // Finnish + $l["fr_FR"] = "Français"; // French + $l["ga_IE"] = "Gaeilge"; // Irish + $l["he_IL"] = "עברית"; // Hebrew + $l["hu_HU"] = "Magyar"; // Hungarian + $l["is_IS"] = "Icelandic"; // Icelandic + $l["it_IT"] = "Italiano"; // Italian + $l["ja_JP"] = "日本語"; // Japanese + $l["ko_KR"] = "한국어"; // Korean + $l["lt_LT"] = "Lietuvių"; // Lithuanian + $l["lv_LV"] = "Latviešu"; // Latvian + $l["nl_NL"] = "Nederlands"; // Dutch + $l["no_NO"] = "Norsk bokmål"; // Norwegian + $l["pl_PL"] = "Polski"; // Polish + $l["pt_BR"] = "Português do Brasil"; // Portuguese (BR) + $l["pt_PT"] = "Português ibérico"; // Portuguese (PT) + $l["ro_RO"] = "Română"; // Romanian + $l["ru_RU"] = "Русский"; // Russian + $l["sk_SK"] = "Slovenčina"; // Slovak + $l["sl_SI"] = "Slovenščina"; // Slovenian + $l["sr_CS"] = "Srpski"; // Serbian + $l["sv_SE"] = "Svenska"; // Swedish + $l["tr_TR"] = "Türkçe"; // Turkish + $l["uk_UA"] = "українська"; // Ukrainian + $l["vi_VN"] = "Tiếng Việt"; // Vietnamese + $l["zh_CN"] = "简体中文"; // Chinese (CN) + $l["zh_TW"] = "繁體中文"; // Chinese (TW) asort($l, SORT_LOCALE_STRING); self::$locales = $l; -- cgit v1.2.3 From 2c3c126aafaa4d7ed86075927887636042117a1c Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 6 Feb 2010 20:07:58 -0800 Subject: Fix ticket 930: Use the first frame as video thumbnail if the video is shorter than 3 seconds. And fall back to the default thumbnail if that operation fails. Thanks to lsowen for providing a patch! --- modules/gallery/helpers/movie.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 7033b7da..3c494e96 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -84,6 +84,20 @@ class movie_Core { " -an -ss 00:00:03 -an -r 1 -vframes 1" . " -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1"; exec($cmd); + + clearstatcache(); // use $filename parameter when PHP_version is 5.3+ + if (filesize($output_file) == 0) { + // Maybe the movie is shorter, fall back to the first frame. + $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($input_file) . + " -an -an -r 1 -vframes 1" . + " -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1"; + exec($cmd); + + clearstatcache(); + if (filesize($output_file) == 0) { + throw new Exception("@todo FFMPEG_FAILED"); + } + } } static function find_ffmpeg() { -- cgit v1.2.3 From aff5d1cef4cc2514fe6d714788fffcf418d8fc5b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 7 Feb 2010 08:45:10 -0800 Subject: Create the concept of a "failed authentication" as semantically separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts --- modules/gallery/controllers/login.php | 2 +- modules/gallery/helpers/auth.php | 41 +++++++++++++-------------- modules/gallery/helpers/gallery_event.php | 14 ++++----- modules/gallery/helpers/gallery_installer.php | 9 ++++-- modules/gallery/models/failed_auth.php | 20 +++++++++++++ modules/gallery/models/failed_login.php | 20 ------------- modules/gallery/module.info | 2 +- modules/rest/controllers/rest.php | 2 +- modules/user/controllers/users.php | 7 +++-- 9 files changed, 59 insertions(+), 58 deletions(-) create mode 100644 modules/gallery/models/failed_auth.php delete mode 100644 modules/gallery/models/failed_login.php (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 1426f0d8..fa175ac8 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -65,7 +65,7 @@ class Login_Controller extends Controller { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); - module::event("user_login_failed", $name); + module::event("user_authenticate_failed", $name); $valid = false; } } diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 45561861..2c1e3f67 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -20,7 +20,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); - $form->set_attr('class', "g-narrow"); + $form->set_attr("class", "g-narrow"); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") @@ -60,52 +60,51 @@ class auth_Core { } /** - * After there have been 5 failed login attempts, any failure leads to getting locked out for a + * After there have been 5 failed auth attempts, any failure leads to getting locked out for a * minute. */ - static function too_many_failed_logins($name) { - $failed_login = ORM::factory("failed_login") + static function too_many_failures($name) { + $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); - return ($failed_login->loaded() && - $failed_login->count > 5 && - (time() - $failed_login->time < 60)); + return ($failed->loaded() && + $failed->count > 5 && + (time() - $failed->time < 60)); } static function validate_too_many_failed_logins($name_input) { - if (self::too_many_failed_logins($name_input->value)) { + if (self::too_many_failures($name_input->value)) { $name_input->add_error("too_many_failed_logins", 1); } } static function validate_too_many_failed_password_changes($password_input) { - if (self::too_many_failed_logins(identity::active_user()->name)) { + if (self::too_many_failures(identity::active_user()->name)) { $password_input->add_error("too_many_failed_password_changes", 1); } } /** - * Record a failed login for this user + * Record a failed authentication for this user */ - static function record_failed_auth_attempts($name) { - $failed_login = ORM::factory("failed_login") + static function record_failed_attempt($name) { + $failed = ORM::factory("failed_auth") ->where("name", "=", $name) ->find(); - if (!$failed_login->loaded()) { - $failed_login->name = $name; + if (!$failed->loaded()) { + $failed->name = $name; } - $failed_login->time = time(); - $failed_login->count++; - $failed_login->save(); + $failed->time = time(); + $failed->count++; + $failed->save(); } /** * Clear any failed logins for this user */ - static function clear_failed_auth_attempts($user) { - db::build() - ->delete("failed_logins") + static function clear_failed_attempts($user) { + ORM::factory("failed_auth") ->where("name", "=", $user->name) - ->execute(); + ->delete_all(); } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 7b538c49..9ce30929 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -110,19 +110,15 @@ class gallery_event_Core { graphics::choose_default_toolkit(); module::clear_var("gallery", "choose_default_tookit"); } - auth::clear_failed_auth_attempts($user); + auth::clear_failed_attempts($user); } - static function user_login_failed($name) { - auth::record_failed_auth_attempts($name); + static function user_authenticate_failed($name) { + auth::record_failed_attempt($name); } - static function user_password_changed($user) { - auth::clear_failed_auth_attempts($user); - } - - static function user_password_change_failed($name) { - auth::record_failed_auth_attempts($name); + static function user_authenticate($user) { + auth::clear_failed_attempts($user); } static function item_index_data($item, $data) { diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 761843b0..05354f81 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -42,7 +42,7 @@ class gallery_installer { KEY (`tags`)) DEFAULT CHARSET=utf8;"); - $db->query("CREATE TABLE {failed_logins} ( + $db->query("CREATE TABLE {failed_auth} ( `id` int(9) NOT NULL auto_increment, `count` int(9) NOT NULL, `name` varchar(255) NOT NULL, @@ -526,6 +526,11 @@ class gallery_installer { ->execute(); module::set_version("gallery", $version = 26); } + + if ($version == 26) { + $db->query("RENAME TABLE {failed_logins} TO {failed_auths}"); + module::set_version("gallery", $version = 27); + } } static function uninstall() { @@ -534,7 +539,7 @@ class gallery_installer { $db->query("DROP TABLE IF EXISTS {access_intents}"); $db->query("DROP TABLE IF EXISTS {graphics_rules}"); $db->query("DROP TABLE IF EXISTS {incoming_translations}"); - $db->query("DROP TABLE IF EXISTS {failed_logins}"); + $db->query("DROP TABLE IF EXISTS {failed_auths}"); $db->query("DROP TABLE IF EXISTS {items}"); $db->query("DROP TABLE IF EXISTS {logs}"); $db->query("DROP TABLE IF EXISTS {modules}"); diff --git a/modules/gallery/models/failed_auth.php b/modules/gallery/models/failed_auth.php new file mode 100644 index 00000000..3c25f9d8 --- /dev/null +++ b/modules/gallery/models/failed_auth.php @@ -0,0 +1,20 @@ +post("user"); $password = Input::instance()->post("password"); - if (empty($username) || auth::too_many_failed_logins($username)) { + if (empty($username) || auth::too_many_failures($username)) { throw new Rest_Exception("Forbidden", 403); } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 83adc354..2675d918 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -84,6 +84,7 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_password_form_completed", $user, $form); message::success(t("Password changed")); + module::event("user_authenticate", $user); module::event("user_password_change", $user); print json_encode( array("result" => "success", @@ -91,7 +92,7 @@ class Users_Controller extends Controller { } else { log::warning("user", t("Failed password change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_password_change_failed", $name); + module::event("user_authenticate_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -119,14 +120,14 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_email_form_completed", $user, $form); message::success(t("Email address changed")); - module::event("user_login", $user); // since there's no user_authenticated event + module::event("user_authenticate", $user); print json_encode( array("result" => "success", "resource" => url::site("users/{$user->id}"))); } else { log::warning("user", t("Failed email change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_login_failed", $name); + module::event("user_authenticate_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } -- cgit v1.2.3 From eda6e3af06aa51281e614ae9a5e7b4ad4fbbae17 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 7 Feb 2010 08:49:37 -0800 Subject: Rename user_authenticate_xxx events to user_auth_xxx for brevity. --- modules/gallery/controllers/login.php | 2 +- modules/gallery/helpers/gallery_event.php | 4 ++-- modules/user/controllers/users.php | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index fa175ac8..5a08b693 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -65,7 +65,7 @@ class Login_Controller extends Controller { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); $valid = false; } } diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 9ce30929..5fa82160 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -113,11 +113,11 @@ class gallery_event_Core { auth::clear_failed_attempts($user); } - static function user_authenticate_failed($name) { + static function user_auth_failed($name) { auth::record_failed_attempt($name); } - static function user_authenticate($user) { + static function user_auth($user) { auth::clear_failed_attempts($user); } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 2675d918..1130852b 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -84,7 +84,7 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_password_form_completed", $user, $form); message::success(t("Password changed")); - module::event("user_authenticate", $user); + module::event("user_auth", $user); module::event("user_password_change", $user); print json_encode( array("result" => "success", @@ -92,7 +92,7 @@ class Users_Controller extends Controller { } else { log::warning("user", t("Failed password change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -120,14 +120,14 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_email_form_completed", $user, $form); message::success(t("Email address changed")); - module::event("user_authenticate", $user); + module::event("user_auth", $user); print json_encode( array("result" => "success", "resource" => url::site("users/{$user->id}"))); } else { log::warning("user", t("Failed email change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } -- cgit v1.2.3 From b6c0d3a48ca4fa9296b23a1c4d73fb0573f1b92f Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 7 Feb 2010 13:55:17 -0800 Subject: Refactor the is_rtl() helper into the Gallery_I18n class. This allows checking for a config value "force_rtl" which will layout the gallery pages in rtl mode without having to change to an language that is no longer understandable to the developer. Adding the line "$config['force_rtl'] = true;" to the config/locales.php file will make it happen. --- modules/gallery/helpers/locales.php | 4 +--- modules/gallery/libraries/Gallery_I18n.php | 10 ++++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index d209d414..4af750a3 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -131,9 +131,7 @@ class locales_Core { } static function is_rtl($locale=null) { - $locale or $locale = Gallery_I18n::instance()->locale(); - list ($language, $territory) = explode('_', $locale . "_"); - return in_array($language, array("he", "fa", "ar")); + return Gallery_I18n::instance()->is_rtl($locale); } /** diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php index 4e0c1f82..1eacad5b 100644 --- a/modules/gallery/libraries/Gallery_I18n.php +++ b/modules/gallery/libraries/Gallery_I18n.php @@ -87,6 +87,16 @@ class Gallery_I18n_Core { return $this->_config['default_locale']; } + public function is_rtl($locale=null) { + $is_rtl = !empty($this->_config["force_rtl"]) and $this->_config["force_rtl"]; + if (empty($is_rtl)) { + $locale or $locale = $this->locale(); + list ($language, $territory) = explode('_', $locale . "_"); + $is_rtl = in_array($language, array("he", "fa", "ar")); + } + return $is_rtl; + } + /** * Translates a localizable message. * -- cgit v1.2.3 From 370e0e2f32e5092e1655116edbea9a607c6ed85a Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 7 Feb 2010 15:02:41 -0800 Subject: Fix installer code for version 27, and introduce new module variable in version 28 as a preparation for admin area compartmentalization. --- installer/install.sql | 11 ++++++----- modules/gallery/helpers/gallery_installer.php | 11 +++++++++-- modules/gallery/module.info | 2 +- 3 files changed, 16 insertions(+), 8 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/installer/install.sql b/installer/install.sql index 20b632fa..1f21ad4e 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -74,10 +74,10 @@ CREATE TABLE {comments} ( PRIMARY KEY (`id`) ) DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -DROP TABLE IF EXISTS {failed_logins}; +DROP TABLE IF EXISTS {failed_auths}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; -CREATE TABLE {failed_logins} ( +CREATE TABLE {failed_auths} ( `id` int(9) NOT NULL auto_increment, `count` int(9) NOT NULL, `name` varchar(255) NOT NULL, @@ -239,8 +239,8 @@ CREATE TABLE {modules} ( UNIQUE KEY `name` (`name`) ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {modules} VALUES (1,1,'gallery',25); -INSERT INTO {modules} VALUES (2,1,'user',2); +INSERT INTO {modules} VALUES (1,1,'gallery',28); +INSERT INTO {modules} VALUES (2,1,'user',3); INSERT INTO {modules} VALUES (3,1,'comment',2); INSERT INTO {modules} VALUES (4,1,'organize',1); INSERT INTO {modules} VALUES (5,1,'info',1); @@ -377,7 +377,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=39 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=40 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -391,6 +391,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','time_format','H:i:s'); INSERT INTO {vars} VALUES (NULL,'gallery','show_credits','1'); INSERT INTO {vars} VALUES (NULL,'gallery','credits','Powered by Gallery %version'); INSERT INTO {vars} VALUES (NULL,'gallery','simultaneous_upload_limit','5'); +INSERT INTO {vars} VALUES (NULL,'gallery','admin_area_timeout','1200'); INSERT INTO {vars} VALUES (NULL,'gallery','blocks_dashboard_sidebar','a:4:{i:2;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:3;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:4;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:5;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}'); INSERT INTO {vars} VALUES (NULL,'gallery','date_time_format','Y-M-d H:i:s'); INSERT INTO {vars} VALUES (NULL,'gallery','date_format','Y-M-d'); diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 05354f81..ed4a62a5 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -42,7 +42,7 @@ class gallery_installer { KEY (`tags`)) DEFAULT CHARSET=utf8;"); - $db->query("CREATE TABLE {failed_auth} ( + $db->query("CREATE TABLE {failed_auths} ( `id` int(9) NOT NULL auto_increment, `count` int(9) NOT NULL, `name` varchar(255) NOT NULL, @@ -287,7 +287,8 @@ class gallery_installer { // @todo this string needs to be picked up by l10n_scanner module::set_var("gallery", "credits", "Powered by Gallery %version"); module::set_var("gallery", "simultaneous_upload_limit", 5); - module::set_version("gallery", 26); + module::set_var("gallery", "admin_area_timeout", 20 * 60); + module::set_version("gallery", 28); } static function upgrade($version) { @@ -531,6 +532,12 @@ class gallery_installer { $db->query("RENAME TABLE {failed_logins} TO {failed_auths}"); module::set_version("gallery", $version = 27); } + + if ($version == 27) { + // Set the admin area timeout to 20 minutes + module::set_var("gallery", "admin_area_timeout", 20 * 60); + module::set_version("gallery", $version = 28); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index dac9e6ed..ae300399 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 27 +version = 28 -- cgit v1.2.3 From f93528ffab19b7a733fc8fb21c22853d8ec0d2f5 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 7 Feb 2010 15:37:32 -0800 Subject: Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. --- modules/gallery/controllers/admin.php | 6 ++- modules/gallery/controllers/reauthenticate.php | 72 ++++++++++++++++++++++++++ modules/gallery/helpers/auth.php | 27 +++++++++- modules/gallery/helpers/gallery_event.php | 2 + modules/gallery/views/reauthenticate.html.php | 10 ++++ modules/user/controllers/users.php | 8 +-- 6 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 modules/gallery/controllers/reauthenticate.php create mode 100644 modules/gallery/views/reauthenticate.html.php (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index e4216991..b5f3db39 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(identity::active_user()->admin)) { + if (!identity::active_user()->admin) { access::forbidden(); } @@ -29,6 +29,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (auth::must_reauth_for_admin_area()) { + return url::redirect("reauthenticate"); + } + if (request::method() == "post") { access::verify_csrf(); } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php new file mode 100644 index 00000000..4b88a9cc --- /dev/null +++ b/modules/gallery/controllers/reauthenticate.php @@ -0,0 +1,72 @@ +admin) { + access::forbidden(); + } + return self::_show_form(self::_form()); + } + + public function auth() { + if (!identity::active_user()->admin) { + access::forbidden(); + } + access::verify_csrf(); + + $form = self::_form(); + $valid = $form->validate(); + $user = identity::active_user(); + if ($valid) { + message::success(t("Successfully re-authenticated!")); + module::event("user_auth", $user); + url::redirect("admin"); + } else { + $name = $user->name; + log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); + module::event("user_auth_failed", $name); + return self::_show_form($form); + } + } + + private static function _show_form($form) { + $view = new Theme_View("page.html", "other", "reauthenticate"); + $view->page_title = t("Re-authenticate"); + $view->content = new View("reauthenticate.html"); + $view->content->form = $form; + $view->content->user_name = identity::active_user()->name; + print $view; + } + + private static function _form() { + $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } +} diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 2c1e3f67..c3e9e6e9 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -78,9 +78,9 @@ class auth_Core { } } - static function validate_too_many_failed_password_changes($password_input) { + static function validate_too_many_failed_auth_attempts($form_input) { if (self::too_many_failures(identity::active_user()->name)) { - $password_input->add_error("too_many_failed_password_changes", 1); + $form_input->add_error("too_many_failed_auth_attempts", 1); } } @@ -107,4 +107,27 @@ class auth_Core { ->where("name", "=", $user->name) ->delete_all(); } + + /** + * Checks whether the current user (= admin) must + * actively re-authenticate before access is given + * to the admin area. + */ + static function must_reauth_for_admin_area() { + if (!identity::active_user()->admin) { + access::forbidden(); + } + + $session = Session::instance(); + $last_active_auth = $session->get("active_auth_timestamp", 0); + $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0); + $admin_area_timeout = module::get_var("gallery", "admin_area_timeout"); + + if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) { + return true; + } + + $session->set("admin_area_activity_timestamp", time()); + return false; + } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5fa82160..63f33c12 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -110,6 +110,7 @@ class gallery_event_Core { graphics::choose_default_toolkit(); module::clear_var("gallery", "choose_default_tookit"); } + Session::instance()->set("active_auth_timestamp", time()); auth::clear_failed_attempts($user); } @@ -119,6 +120,7 @@ class gallery_event_Core { static function user_auth($user) { auth::clear_failed_attempts($user); + Session::instance()->set("active_auth_timestamp", time()); } static function item_index_data($item, $data) { diff --git a/modules/gallery/views/reauthenticate.html.php b/modules/gallery/views/reauthenticate.html.php new file mode 100644 index 00000000..8611d0f7 --- /dev/null +++ b/modules/gallery/views/reauthenticate.html.php @@ -0,0 +1,10 @@ + +
+

+ +

+

+ $user_name)) ?> +

+ +
\ No newline at end of file diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 1130852b..0730f391 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -164,11 +164,11 @@ class Users_Controller extends Controller { "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form")); $group = $form->group("change_password")->label(t("Change your password")); $group->password("old_password")->label(t("Old password"))->id("g-password") - ->callback("auth::validate_too_many_failed_password_changes") + ->callback("auth::validate_too_many_failed_auth_attempts") ->callback("user::valid_password") ->error_messages("invalid", t("Incorrect password")) ->error_messages( - "too_many_failed_password_changes", + "too_many_failed_auth_attempts", t("Too many incorrect passwords. Try again later")); $group->password("password")->label(t("New password"))->id("g-password") ->error_messages("min_length", t("Your new password is too short")); @@ -189,11 +189,11 @@ class Users_Controller extends Controller { "users/change_email/$user->id", "", "post", array("id" => "g-change-email-user-form")); $group = $form->group("change_email")->label(t("Change your email address")); $group->password("password")->label(t("Current password"))->id("g-password") - ->callback("auth::validate_too_many_failed_password_changes") + ->callback("auth::validate_too_many_failed_auth_attempts") ->callback("user::valid_password") ->error_messages("invalid", t("Incorrect password")) ->error_messages( - "too_many_failed_password_changes", + "too_many_failed_auth_attempts", t("Too many incorrect passwords. Try again later")); $group->input("email")->label(t("New email address"))->id("g-email")->value($user->email) ->error_messages("email", t("You must enter a valid email address")) -- cgit v1.2.3 From 8fc346e9b67204c31e2bfeb59a5cbaa49e308085 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 7 Feb 2010 16:44:07 -0800 Subject: Addendum for ticket 585: Handle case C), redirect the admin to a non-admin page when the admin area session expires, before the admin has a chance to send an XHR admin request, for which we wouldn't have a good answer. --- modules/gallery/helpers/gallery_theme.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index 0018fd9a..9ffeb911 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -90,6 +90,17 @@ class gallery_theme_Core { $profiler = new Profiler(); $profiler->render(); } + + // Redirect to the root album when the admin session expires. + $redirect_url = url::abs_site(""); + $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout"); + $admin_session_redirect_check = ''; + print $admin_session_redirect_check; + if ($session->get("l10n_mode", false)) { return L10n_Client_Controller::l10n_form(); } -- cgit v1.2.3 From d0f6839c25c328c1bc0baff87974a8b268933361 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 8 Feb 2010 00:05:17 -0800 Subject: Fix Arabic language name. Thanks shaibn for reporting the issue. Verified with CLDR data. --- modules/gallery/helpers/locales.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index 4af750a3..883d2f9a 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -64,7 +64,7 @@ class locales_Core { // @todo Might want to add a localizable language name as well. private static function _init_language_data() { $l["af_ZA"] = "Afrikaans"; // Afrikaans - $l["ar_SA"] = "العربي"; // Arabic + $l["ar_SA"] = "العربية"; // Arabic $l["be_BY"] = "Беларускі"; // Belarusian $l["bg_BG"] = "български"; // Bulgarian $l["ca_ES"] = "Catalan"; // Catalan -- cgit v1.2.3 From f9377bcbd37886f09cfcf72a89f73629825e63dc Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 8 Feb 2010 13:05:18 -0800 Subject: Suppress errors when checking for readability of /proc/loadavg. Often this file will be protected by openbasedir, and is_readable will trigger an open basedir warning. --- modules/gallery/helpers/gallery_block.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php index be0f11b8..46742743 100644 --- a/modules/gallery/helpers/gallery_block.php +++ b/modules/gallery/helpers/gallery_block.php @@ -70,7 +70,7 @@ class gallery_block_Core { $block->css_id = "g-platform"; $block->title = t("Platform information"); $block->content = new View("admin_block_platform.html"); - if (is_readable("/proc/loadavg")) { + if (@is_readable("/proc/loadavg")) { $block->content->load_average = join(" ", array_slice(explode(" ", current(file("/proc/loadavg"))), 0, 3)); } else { -- cgit v1.2.3 From 13cfe2d61d379c5b203582b3f9d8312c7791b3ae Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 8 Feb 2010 22:15:38 -0800 Subject: Change admin area timeout from 20 to 90 minutes --- modules/gallery/helpers/gallery_installer.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index ed4a62a5..dd53cf43 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -287,7 +287,7 @@ class gallery_installer { // @todo this string needs to be picked up by l10n_scanner module::set_var("gallery", "credits", "Powered by Gallery %version"); module::set_var("gallery", "simultaneous_upload_limit", 5); - module::set_var("gallery", "admin_area_timeout", 20 * 60); + module::set_var("gallery", "admin_area_timeout", 90 * 60); module::set_version("gallery", 28); } @@ -534,8 +534,8 @@ class gallery_installer { } if ($version == 27) { - // Set the admin area timeout to 20 minutes - module::set_var("gallery", "admin_area_timeout", 20 * 60); + // Set the admin area timeout to 90 minutes + module::set_var("gallery", "admin_area_timeout", 90 * 60); module::set_version("gallery", $version = 28); } } -- cgit v1.2.3 From 86721ce280f02dbf4127c83bb03372e09e616519 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 9 Feb 2010 15:21:40 -0800 Subject: Whitespace. --- modules/gallery/helpers/locales.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index 883d2f9a..e72d7ed9 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -131,7 +131,7 @@ class locales_Core { } static function is_rtl($locale=null) { - return Gallery_I18n::instance()->is_rtl($locale); + return Gallery_I18n::instance()->is_rtl($locale); } /** -- cgit v1.2.3 From 8a8d8b4bc4425bddb4661df3bf081d131f369171 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 9 Feb 2010 15:49:43 -0800 Subject: Rename item name and slug if necessary to avoid a conflict when we move photos. Fixes ticket #957. --- modules/gallery/helpers/item.php | 51 +++++++++++++++++++++++++++++- modules/gallery/tests/Item_Helper_Test.php | 28 +++++++++++++--- 2 files changed, 73 insertions(+), 6 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 41d49ce9..36193071 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -40,7 +40,56 @@ class item_Core { } $source->parent_id = $target->id; - $source->save(); + + // Moving may result in name or slug conflicts. If that happens, try up to 5 times to pick a + // random name (or slug) to avoid the conflict. + $orig_name = $source->name; + $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME); + $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION); + $orig_slug = $source->slug; + for ($i = 0; $i < 5; $i++) { + try { + $source->save(); + if ($orig_name != $source->name) { + switch ($source->type) { + case "album": + message::info( + t("Album %old_name renamed to %new_name to avoid a conflict", + array("old_name" => $orig_name, "new_name" => $source->name))); + break; + + case "photo": + message::info( + t("Photo %old_name renamed to %new_name to avoid a conflict", + array("old_name" => $orig_name, "new_name" => $source->name))); + break; + + case "movie": + message::info( + t("Movie %old_name renamed to %new_name to avoid a conflict", + array("old_name" => $orig_name, "new_name" => $source->name))); + break; + } + } + break; + } catch (ORM_Validation_Exception $e) { + $rand = rand(10, 99); + $errors = $e->validation->errors(); + if (isset($errors["name"])) { + $source->name = $orig_name_filename . "-{$rand}." . $orig_name_extension; + unset($errors["name"]); + } + if (isset($errors["slug"])) { + $source->slug = $orig_slug . "-{$rand}"; + unset($errors["slug"]); + } + + if ($errors) { + // There were other validation issues-- we don't know how to handle those + throw $e; + } + } + } // If the target has no cover item, make this it. if ($target->album_cover_item_id == null) { diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index d6817ef9..50587702 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -19,6 +19,10 @@ */ class Item_Helper_Test extends Gallery_Unit_Test_Case { + public function setup() { + identity::set_active_user(identity::admin_user()); + } + public function viewable_test() { $album = test::random_album(); $item = test::random_photo($album); @@ -44,7 +48,6 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_test() { - identity::set_active_user(identity::admin_user()); $photo = test::random_photo(item::root()); $dst_album = test::random_album(); @@ -54,8 +57,6 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { public function move_updates_album_covers_test() { - identity::set_active_user(identity::admin_user()); - // 2 photos in the source album $src_album = test::random_album(); $photo1 = test::random_photo($src_album); @@ -78,8 +79,6 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { } public function move_leaves_empty_album_with_no_album_cover_test() { - identity::set_active_user(identity::admin_user()); - $src_album = test::random_album(); $photo = test::random_photo($src_album); @@ -89,4 +88,23 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_false($src_album->album_cover_item_id); } + public function move_conflicts_result_in_a_rename_test() { + $rand = rand(); + $photo1 = test::random_photo_unsaved(item::root()); + $photo1->name = "{$rand}.jpg"; + $photo1->slug = (string)$rand; + $photo1->save(); + + $src_album = test::random_album(); + $photo2 = test::random_photo_unsaved($src_album); + $photo2->name = "{$rand}.jpg"; + $photo2->slug = (string)$rand; + $photo2->save(); + + item::move($photo2, item::root()); + + $this->assert_same(item::root()->id, $photo2->parent_id); + $this->assert_not_same("{$rand}.jpg", $photo2->name); + $this->assert_not_same($rand, $photo2->slug); + } } -- cgit v1.2.3 From 8ef08d20883d9b9aa0b7560ce3bf6da8a6632149 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 10 Feb 2010 08:53:39 -0800 Subject: Refactor the code to display the login page if the user does not have view permission into the common auth::require_login() method. --- modules/gallery/controllers/albums.php | 8 +------- modules/gallery/controllers/movies.php | 7 +------ modules/gallery/controllers/photos.php | 6 +----- modules/gallery/helpers/auth.php | 13 +++++++++++++ 4 files changed, 16 insertions(+), 18 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 1d369b95..e1985cfb 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -30,13 +30,7 @@ class Albums_Controller extends Items_Controller { } if (!access::can("view", $album)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 9e882ef4..8041066e 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -26,12 +26,7 @@ class Movies_Controller extends Items_Controller { } if (!access::can("view", $movie)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8beae207..778e9ae7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -26,11 +26,7 @@ class Photos_Controller extends Items_Controller { } if (!access::can("view", $photo)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index c3e9e6e9..f5454f85 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -130,4 +130,17 @@ class auth_Core { $session->set("admin_area_activity_timestamp", time()); return false; } + + /** + * Redirect to the login page. + */ + static function require_login() { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + return $view; + } } \ No newline at end of file -- cgit v1.2.3