sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki

This commit is contained in:
Starbeamrainbowlabs 2018-04-01 16:34:16 +01:00
parent 9341e3885e 0f2986703e
commit dc7183b11e
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
5 changed files with 52 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Changelog.md
View File

@ -20,9 +20,12 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
- Normalise utf8 text to avoid duplicate ids and missing search results.
- Improved handling of mime types in some places in the API.
- Added `minified` option to `status` action to reduce data usage slightly
- [Rest API] Fix `checklogin` action documentation
### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
## v0.15.1

13
build/index.php
View File

@ -1962,6 +1962,7 @@ if($settings->require_login_view === true && // If this site requires a login in
{
// Redirect the user to the login page
http_response_code(307);
header("x-login-required: yes");
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
@ -7243,21 +7244,23 @@ register_module([
add_action("checklogin", function() {
global $settings, $env;
//actually do the login
// Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
//the user wants to log in
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass))
{
// Success! :D
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now
$expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
@ -7266,7 +7269,9 @@ register_module([
}
else
{
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);

1
core.php
View File

@ -1585,6 +1585,7 @@ if($settings->require_login_view === true && // If this site requires a login in
{
// Redirect the user to the login page
http_response_code(307);
header("x-login-required: yes");
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>

60
module_index.json
View File

@ -5,7 +5,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
"id": "action-hash",
"lastupdate": 1465757909,
"lastupdate": 1511518191,
"optional": false
},
{
@ -14,7 +14,7 @@
"author": "Starbeamrainbowlabs",
"description": "Exposes Pepperminty Wiki's new page protection mechanism and makes the protect button in the 'More...' menu on the top bar work.",
"id": "action-protect",
"lastupdate": 1465751051,
"lastupdate": 1511518191,
"optional": false
},
{
@ -23,7 +23,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds an action called 'random' that redirects you to a random page.",
"id": "action-random",
"lastupdate": 1518648324,
"lastupdate": 1518719583,
"optional": false
},
{
@ -32,7 +32,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a 'raw' action that shows you the raw source of a page.",
"id": "action-raw",
"lastupdate": 1507993763,
"lastupdate": 1511518191,
"optional": false
},
{
@ -41,7 +41,7 @@
"author": "Starbeamrainbowlabs",
"description": "Provides a basic JSON status action that provices a few useful bits of information for API consumption.",
"id": "api-status",
"lastupdate": 1522167607,
"lastupdate": 1522411212,
"optional": false
},
{
@ -50,7 +50,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a sidebar to the left hand side of every page. Add '$settings->sidebar_show = true;' to your configuration, or append '&sidebar=yes' to the url to enable. Adding to the url sets a cookie to remember your setting.",
"id": "extra-sidebar",
"lastupdate": 1505768813,
"lastupdate": 1511518191,
"optional": false
},
{
@ -59,7 +59,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds threaded comments to the bottom of every page.",
"id": "feature-comments",
"lastupdate": 1511450038,
"lastupdate": 1511518191,
"optional": false
},
{
@ -68,7 +68,7 @@
"author": "Starbeamrainbowlabs",
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id": "feature-guiconfig",
"lastupdate": 1499800843,
"lastupdate": 1511518191,
"optional": false
},
{
@ -77,7 +77,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds the ability to keep unlimited page history, limited only by your disk space. Note that this doesn't store file history (yet). Currently depends on feature-recent-changes for rendering of the history page.",
"id": "feature-history",
"lastupdate": 1518645062,
"lastupdate": 1518719583,
"optional": false
},
{
@ -86,7 +86,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds recent changes. Access through the 'recent-changes' action.",
"id": "feature-recent-changes",
"lastupdate": 1521408644,
"lastupdate": 1522411212,
"optional": false
},
{
@ -95,7 +95,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds support for redirect pages. Uses the same syntax that Mediawiki does.",
"id": "feature-redirect",
"lastupdate": 1498646092,
"lastupdate": 1511518191,
"optional": false
},
{
@ -104,7 +104,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.",
"id": "feature-search",
"lastupdate": 1521391886,
"lastupdate": 1522411212,
"optional": false
},
{
@ -113,7 +113,7 @@
"author": "Starbeamrainbowlabs",
"description": "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
"id": "feature-stats",
"lastupdate": 1505768903,
"lastupdate": 1511518191,
"optional": false
},
{
@ -122,7 +122,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload",
"lastupdate": 1518645569,
"lastupdate": 1518719583,
"optional": false
},
{
@ -131,7 +131,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a user preferences page, letting pople do things like change their email address and password.",
"id": "feature-user-preferences",
"lastupdate": 1497799247,
"lastupdate": 1511518191,
"optional": false
},
{
@ -140,7 +140,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds the credits page. You *must* have this module :D",
"id": "page-credits",
"lastupdate": 1513196998,
"lastupdate": 1514040637,
"optional": false
},
{
@ -149,7 +149,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"id": "page-debug-info",
"lastupdate": 1483389558,
"lastupdate": 1511518191,
"optional": false
},
{
@ -158,7 +158,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds an action to allow administrators to delete pages.",
"id": "page-delete",
"lastupdate": 1501009581,
"lastupdate": 1511518191,
"optional": false
},
{
@ -167,7 +167,7 @@
"author": "Starbeamrainbowlabs",
"description": "Allows you to edit pages by adding the edit and save actions. You should probably include this one.",
"id": "page-edit",
"lastupdate": 1521390769,
"lastupdate": 1522411212,
"optional": false
},
{
@ -176,7 +176,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a page that you can use to export your wiki as a .zip file. Uses $settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
"id": "page-export",
"lastupdate": 1472230366,
"lastupdate": 1511518191,
"optional": false
},
{
@ -185,7 +185,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a rather useful help page. Access through the 'help' action. This module also exposes help content added to Pepperminty Wiki's inbuilt invisible help section system.",
"id": "page-help",
"lastupdate": 1492433537,
"lastupdate": 1511518191,
"optional": false
},
{
@ -194,7 +194,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a page that lists all the pages in the index along with their metadata.",
"id": "page-list",
"lastupdate": 1518645476,
"lastupdate": 1518719583,
"optional": false
},
{
@ -203,7 +203,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login",
"lastupdate": 1505512966,
"lastupdate": 1522412068,
"optional": false
},
{
@ -212,7 +212,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds an action to let users user out. For security reasons it is wise to add this module since logging in automatically opens a session that is valid for 30 days.",
"id": "page-logout",
"lastupdate": 1466011660,
"lastupdate": 1511518191,
"optional": false
},
{
@ -221,7 +221,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds an action to allow administrators to move pages.",
"id": "page-move",
"lastupdate": 1521408303,
"lastupdate": 1522411212,
"optional": false
},
{
@ -230,7 +230,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds an update page that downloads the latest stable version of Pepperminty Wiki. This module is currently outdated as it doesn't save your module preferences.",
"id": "page-update",
"lastupdate": 1476906745,
"lastupdate": 1511518191,
"optional": false
},
{
@ -239,7 +239,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a 'user-list' action that generates a list of users. Supports json output with 'format=json' in the queyr string.",
"id": "page-user-list",
"lastupdate": 1487454626,
"lastupdate": 1511518191,
"optional": false
},
{
@ -248,7 +248,7 @@
"author": "Starbeamrainbowlabs",
"description": "Allows you to view pages. You really should include this one.",
"id": "page-view",
"lastupdate": 1518647294,
"lastupdate": 1518719583,
"optional": false
},
{
@ -257,7 +257,7 @@
"author": "Johnny Broadway & Starbeamrainbowlabs",
"description": "The *old* default parser for Pepperminty Wiki. Based on Johnny Broadway's Slimdown (with more than a few modifications). This parser's features are documented in the help page. Superceded by a customised extension of parsedown extra.",
"id": "parser-default-old",
"lastupdate": 1458824880,
"lastupdate": 1511518191,
"optional": true
},
{
@ -266,7 +266,7 @@
"author": "Emanuil Rusev & Starbeamrainbowlabs",
"description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation, and also *requires* write access to the disk on first load.",
"id": "parser-parsedown",
"lastupdate": 1517750660,
"lastupdate": 1518719583,
"optional": false
}
]

14
modules/page-login.php
View File

@ -64,7 +64,7 @@ register_module([
* @apiPermission Anonymous
*
* @apiParam {string} user The user name to login with.
* @apiParam {string} password The password to login with.
* @apiParam {string} pass The password to login with.
* @apiParam {string} returnto The URL to redirect to upon a successful login.
*
* @apiError InvalidCredentialsError The supplied credentials were invalid. Note that this error is actually a redirect to ?action=login&failed=yes (with the returnto parameter appended if you supplied one)
@ -86,21 +86,23 @@ register_module([
add_action("checklogin", function() {
global $settings, $env;
//actually do the login
// Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
//the user wants to log in
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass))
{
// Success! :D
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now
$expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
@ -109,7 +111,9 @@ register_module([
}
else
{
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);