From 5ded9e8ac5935e41c08d1766974ce31890efd7f0 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 1 Feb 2010 16:31:24 -0800 Subject: Refactor starting a task into the task helper so we can call it multiple times. --- modules/gallery/helpers/task.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php index 645850d1..aa0eb94d 100644 --- a/modules/gallery/helpers/task.php +++ b/modules/gallery/helpers/task.php @@ -35,6 +35,15 @@ class task_Core { return $tasks; } + static function start($task_callback, $context=array()) { + $tasks = task::get_definitions(); + $task = task::create($tasks[$task_callback], array()); + + $task->log(t("Task %task_name started (task id %task_id)", + array("task_name" => $task->name, "task_id" => $task->id))); + return $task; + } + static function create($task_def, $context) { $task = ORM::factory("task"); $task->callback = $task_def->callback; -- cgit v1.2.3 From 81a1df4a504fdd7cdbef2b92e2b1257a65da98f9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 1 Feb 2010 21:41:16 -0800 Subject: Localize the name "conflict" validation error when creating a new album. --- modules/gallery/helpers/album.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 389f6e48..15e0c3ca 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -36,7 +36,8 @@ class album_Core { $group->input("name")->label(t("Directory name")) ->error_messages("no_slashes", t("The directory name can't contain the \"/\" character")) ->error_messages("required", t("You must provide a directory name")) - ->error_messages("length", t("Your directory name is too long")); + ->error_messages("length", t("Your directory name is too long")) + ->error_messages("conflict", t("There is already a movie, photo or album with this name")); $group->input("slug")->label(t("Internet Address")) ->error_messages( "not_url_safe", @@ -51,7 +52,8 @@ class album_Core { } static function get_edit_form($parent) { - $form = new Forge("albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form")); + $form = new Forge( + "albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form")); $form->hidden("from_id"); $group = $form->group("edit_item")->label(t("Edit Album")); @@ -61,8 +63,7 @@ class album_Core { $group->textarea("description")->label(t("Description"))->value($parent->description); if ($parent->id != 1) { $group->input("name")->label(t("Directory Name"))->value($parent->name) - ->error_messages( - "conflict", t("There is already a movie, photo or album with this name")) + ->error_messages("conflict", t("There is already a movie, photo or album with this name")) ->error_messages("no_slashes", t("The directory name can't contain a \"/\"")) ->error_messages("no_trailing_period", t("The directory name can't end in \".\"")) ->error_messages("required", t("You must provide a directory name")) -- cgit v1.2.3 From 225fe81ce0121176dc11a646d78b3c3dcc479fa9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 2 Feb 2010 20:50:34 -0800 Subject: Add an upgrade path to prevent the item title field from being empty. --- modules/gallery/helpers/gallery_installer.php | 14 +++++++++++++- modules/gallery/module.info | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index bffef8e6..761843b0 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -287,7 +287,7 @@ class gallery_installer { // @todo this string needs to be picked up by l10n_scanner module::set_var("gallery", "credits", "Powered by Gallery %version"); module::set_var("gallery", "simultaneous_upload_limit", 5); - module::set_version("gallery", 25); + module::set_version("gallery", 26); } static function upgrade($version) { @@ -514,6 +514,18 @@ class gallery_installer { } module::set_version("gallery", $version = 25); } + + if ($version == 25) { + db::build() + ->update("items") + ->set("title", new Database_Expression("`name`")) + ->and_open() + ->where("title", "IS", null) + ->or_where("title", "=", "") + ->close() + ->execute(); + module::set_version("gallery", $version = 26); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index 50a1505f..fd241066 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 25 +version = 26 -- cgit v1.2.3 From 99a7f470b93d35717f8d5979d05da6cf05a1dd20 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 2 Feb 2010 21:48:01 -0800 Subject: Protect password changes against brute force attacks. --- modules/gallery/helpers/auth.php | 10 ++++++++-- modules/gallery/helpers/gallery_event.php | 12 ++++++++++-- modules/user/controllers/users.php | 12 ++++++++++-- 3 files changed, 28 insertions(+), 6 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 16f8915a..717cf40a 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -78,10 +78,16 @@ class auth_Core { } } + static function validate_too_many_failed_password_changes($password_input) { + if (self::too_many_failed_logins(identity::active_user()->name)) { + $password_input->add_error("too_many_failed_password_changes", 1); + } + } + /** * Record a failed login for this user */ - static function record_failed_login($name) { + static function record_failed_auth_attempts($name) { $failed_login = ORM::factory("failed_login") ->where("name", "=", $name) ->find(); @@ -96,7 +102,7 @@ class auth_Core { /** * Clear any failed logins for this user */ - static function record_successful_login($user) { + static function clear_failed_logins($user) { db::build() ->delete("failed_logins") ->where("name", "=", $user->name) diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 6479e2c3..7b538c49 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -110,11 +110,19 @@ class gallery_event_Core { graphics::choose_default_toolkit(); module::clear_var("gallery", "choose_default_tookit"); } - auth::record_successful_login($user); + auth::clear_failed_auth_attempts($user); } static function user_login_failed($name) { - auth::record_failed_login($name); + auth::record_failed_auth_attempts($name); + } + + static function user_password_changed($user) { + auth::clear_failed_auth_attempts($user); + } + + static function user_password_change_failed($name) { + auth::record_failed_auth_attempts($name); } static function item_index_data($item, $data) { diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index c11f22ff..166ff8b2 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -77,7 +77,7 @@ class Users_Controller extends Controller { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { $form->change_password->inputs[$key]->add_error($error, 1); - } + } $valid = false; } @@ -85,10 +85,14 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_password_form_completed", $user, $form); message::success(t("Password changed")); + module::event("user_password_change", $user); print json_encode( array("result" => "success", "resource" => url::site("users/{$user->id}"))); } else { + log::warning("user", t("Failed password change for %name", array("name" => $user->name))); + $name = $user->name; + module::event("user_password_change_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -116,8 +120,12 @@ class Users_Controller extends Controller { "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form")); $group = $form->group("change_password")->label(t("Change your password")); $group->password("old_password")->label(t("Old password"))->id("g-password") + ->callback("auth::validate_too_many_failed_password_changes") ->callback("user::valid_password") - ->error_messages("invalid", t("Incorrect password")); + ->error_messages("invalid", t("Incorrect password")) + ->error_messages( + "too_many_failed_password_changes", + t("Too many incorrect passwords. Try again later")); $group->password("password")->label(t("New password"))->id("g-password") ->error_messages("min_length", t("Your new password is too short")); $group->script("") -- cgit v1.2.3 From 1f51d663a0d651cfc8ff172357ce1b57823f8480 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 3 Feb 2010 08:18:53 -0800 Subject: Correct missing function name. --- modules/gallery/helpers/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 717cf40a..45561861 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -102,7 +102,7 @@ class auth_Core { /** * Clear any failed logins for this user */ - static function clear_failed_logins($user) { + static function clear_failed_auth_attempts($user) { db::build() ->delete("failed_logins") ->where("name", "=", $user->name) -- cgit v1.2.3