mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-23 01:55:01 +00:00
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki
This commit is contained in:
commit
dc7183b11e
5 changed files with 52 additions and 39 deletions
|
@ -20,9 +20,12 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
- Normalise utf8 text to avoid duplicate ids and missing search results.
|
||||
- Improved handling of mime types in some places in the API.
|
||||
- Added `minified` option to `status` action to reduce data usage slightly
|
||||
- [Rest API] Fix `checklogin` action documentation
|
||||
|
||||
### Changed
|
||||
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
||||
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
|
||||
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
|
||||
|
||||
## v0.15.1
|
||||
|
||||
|
|
|
@ -1962,6 +1962,7 @@ if($settings->require_login_view === true && // If this site requires a login in
|
|||
{
|
||||
// Redirect the user to the login page
|
||||
http_response_code(307);
|
||||
header("x-login-required: yes");
|
||||
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
|
||||
header("location: $url");
|
||||
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
|
||||
|
@ -7243,21 +7244,23 @@ register_module([
|
|||
add_action("checklogin", function() {
|
||||
global $settings, $env;
|
||||
|
||||
//actually do the login
|
||||
// Actually do the login
|
||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||
{
|
||||
//the user wants to log in
|
||||
// The user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
// Success! :D
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
// Redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
header("x-login-success: yes");
|
||||
if(isset($_GET["returnto"]))
|
||||
header("location: " . $_GET["returnto"]);
|
||||
else
|
||||
|
@ -7266,7 +7269,9 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
// Login failed :-(
|
||||
http_response_code(302);
|
||||
header("x-login-success: no");
|
||||
$nextUrl = "index.php?action=login&failed=yes";
|
||||
if(!empty($_GET["returnto"]))
|
||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||
|
|
1
core.php
1
core.php
|
@ -1585,6 +1585,7 @@ if($settings->require_login_view === true && // If this site requires a login in
|
|||
{
|
||||
// Redirect the user to the login page
|
||||
http_response_code(307);
|
||||
header("x-login-required: yes");
|
||||
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
|
||||
header("location: $url");
|
||||
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
|
||||
"id": "action-hash",
|
||||
"lastupdate": 1465757909,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -14,7 +14,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Exposes Pepperminty Wiki's new page protection mechanism and makes the protect button in the 'More...' menu on the top bar work.",
|
||||
"id": "action-protect",
|
||||
"lastupdate": 1465751051,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -23,7 +23,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds an action called 'random' that redirects you to a random page.",
|
||||
"id": "action-random",
|
||||
"lastupdate": 1518648324,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -32,7 +32,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a 'raw' action that shows you the raw source of a page.",
|
||||
"id": "action-raw",
|
||||
"lastupdate": 1507993763,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -41,7 +41,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Provides a basic JSON status action that provices a few useful bits of information for API consumption.",
|
||||
"id": "api-status",
|
||||
"lastupdate": 1522167607,
|
||||
"lastupdate": 1522411212,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -50,7 +50,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a sidebar to the left hand side of every page. Add '$settings->sidebar_show = true;' to your configuration, or append '&sidebar=yes' to the url to enable. Adding to the url sets a cookie to remember your setting.",
|
||||
"id": "extra-sidebar",
|
||||
"lastupdate": 1505768813,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -59,7 +59,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds threaded comments to the bottom of every page.",
|
||||
"id": "feature-comments",
|
||||
"lastupdate": 1511450038,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -68,7 +68,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
|
||||
"id": "feature-guiconfig",
|
||||
"lastupdate": 1499800843,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -77,7 +77,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds the ability to keep unlimited page history, limited only by your disk space. Note that this doesn't store file history (yet). Currently depends on feature-recent-changes for rendering of the history page.",
|
||||
"id": "feature-history",
|
||||
"lastupdate": 1518645062,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -86,7 +86,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds recent changes. Access through the 'recent-changes' action.",
|
||||
"id": "feature-recent-changes",
|
||||
"lastupdate": 1521408644,
|
||||
"lastupdate": 1522411212,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -95,7 +95,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds support for redirect pages. Uses the same syntax that Mediawiki does.",
|
||||
"id": "feature-redirect",
|
||||
"lastupdate": 1498646092,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -104,7 +104,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.",
|
||||
"id": "feature-search",
|
||||
"lastupdate": 1521391886,
|
||||
"lastupdate": 1522411212,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -113,7 +113,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
|
||||
"id": "feature-stats",
|
||||
"lastupdate": 1505768903,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -122,7 +122,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
|
||||
"id": "feature-upload",
|
||||
"lastupdate": 1518645569,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -131,7 +131,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a user preferences page, letting pople do things like change their email address and password.",
|
||||
"id": "feature-user-preferences",
|
||||
"lastupdate": 1497799247,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -140,7 +140,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds the credits page. You *must* have this module :D",
|
||||
"id": "page-credits",
|
||||
"lastupdate": 1513196998,
|
||||
"lastupdate": 1514040637,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -149,7 +149,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
|
||||
"id": "page-debug-info",
|
||||
"lastupdate": 1483389558,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -158,7 +158,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds an action to allow administrators to delete pages.",
|
||||
"id": "page-delete",
|
||||
"lastupdate": 1501009581,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -167,7 +167,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Allows you to edit pages by adding the edit and save actions. You should probably include this one.",
|
||||
"id": "page-edit",
|
||||
"lastupdate": 1521390769,
|
||||
"lastupdate": 1522411212,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -176,7 +176,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a page that you can use to export your wiki as a .zip file. Uses $settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
|
||||
"id": "page-export",
|
||||
"lastupdate": 1472230366,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -185,7 +185,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a rather useful help page. Access through the 'help' action. This module also exposes help content added to Pepperminty Wiki's inbuilt invisible help section system.",
|
||||
"id": "page-help",
|
||||
"lastupdate": 1492433537,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -194,7 +194,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a page that lists all the pages in the index along with their metadata.",
|
||||
"id": "page-list",
|
||||
"lastupdate": 1518645476,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -203,7 +203,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id": "page-login",
|
||||
"lastupdate": 1505512966,
|
||||
"lastupdate": 1522412068,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -212,7 +212,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds an action to let users user out. For security reasons it is wise to add this module since logging in automatically opens a session that is valid for 30 days.",
|
||||
"id": "page-logout",
|
||||
"lastupdate": 1466011660,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -221,7 +221,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds an action to allow administrators to move pages.",
|
||||
"id": "page-move",
|
||||
"lastupdate": 1521408303,
|
||||
"lastupdate": 1522411212,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -230,7 +230,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds an update page that downloads the latest stable version of Pepperminty Wiki. This module is currently outdated as it doesn't save your module preferences.",
|
||||
"id": "page-update",
|
||||
"lastupdate": 1476906745,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -239,7 +239,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a 'user-list' action that generates a list of users. Supports json output with 'format=json' in the queyr string.",
|
||||
"id": "page-user-list",
|
||||
"lastupdate": 1487454626,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -248,7 +248,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Allows you to view pages. You really should include this one.",
|
||||
"id": "page-view",
|
||||
"lastupdate": 1518647294,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -257,7 +257,7 @@
|
|||
"author": "Johnny Broadway & Starbeamrainbowlabs",
|
||||
"description": "The *old* default parser for Pepperminty Wiki. Based on Johnny Broadway's Slimdown (with more than a few modifications). This parser's features are documented in the help page. Superceded by a customised extension of parsedown extra.",
|
||||
"id": "parser-default-old",
|
||||
"lastupdate": 1458824880,
|
||||
"lastupdate": 1511518191,
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
|
@ -266,7 +266,7 @@
|
|||
"author": "Emanuil Rusev & Starbeamrainbowlabs",
|
||||
"description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation, and also *requires* write access to the disk on first load.",
|
||||
"id": "parser-parsedown",
|
||||
"lastupdate": 1517750660,
|
||||
"lastupdate": 1518719583,
|
||||
"optional": false
|
||||
}
|
||||
]
|
|
@ -64,7 +64,7 @@ register_module([
|
|||
* @apiPermission Anonymous
|
||||
*
|
||||
* @apiParam {string} user The user name to login with.
|
||||
* @apiParam {string} password The password to login with.
|
||||
* @apiParam {string} pass The password to login with.
|
||||
* @apiParam {string} returnto The URL to redirect to upon a successful login.
|
||||
*
|
||||
* @apiError InvalidCredentialsError The supplied credentials were invalid. Note that this error is actually a redirect to ?action=login&failed=yes (with the returnto parameter appended if you supplied one)
|
||||
|
@ -86,21 +86,23 @@ register_module([
|
|||
add_action("checklogin", function() {
|
||||
global $settings, $env;
|
||||
|
||||
//actually do the login
|
||||
// Actually do the login
|
||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||
{
|
||||
//the user wants to log in
|
||||
// The user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
// Success! :D
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
// Redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
header("x-login-success: yes");
|
||||
if(isset($_GET["returnto"]))
|
||||
header("location: " . $_GET["returnto"]);
|
||||
else
|
||||
|
@ -109,7 +111,9 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
// Login failed :-(
|
||||
http_response_code(302);
|
||||
header("x-login-success: no");
|
||||
$nextUrl = "index.php?action=login&failed=yes";
|
||||
if(!empty($_GET["returnto"]))
|
||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||
|
|
Loading…
Reference in a new issue