1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki

This commit is contained in:
Starbeamrainbowlabs 2018-04-01 16:34:16 +01:00
commit dc7183b11e
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
5 changed files with 52 additions and 39 deletions

View file

@ -20,9 +20,12 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
- Normalise utf8 text to avoid duplicate ids and missing search results. - Normalise utf8 text to avoid duplicate ids and missing search results.
- Improved handling of mime types in some places in the API. - Improved handling of mime types in some places in the API.
- Added `minified` option to `status` action to reduce data usage slightly - Added `minified` option to `status` action to reduce data usage slightly
- [Rest API] Fix `checklogin` action documentation
### Changed ### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`. - Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
## v0.15.1 ## v0.15.1

View file

@ -1962,6 +1962,7 @@ if($settings->require_login_view === true && // If this site requires a login in
{ {
// Redirect the user to the login page // Redirect the user to the login page
http_response_code(307); http_response_code(307);
header("x-login-required: yes");
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true"; $url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url"); header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p> exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
@ -7243,21 +7244,23 @@ register_module([
add_action("checklogin", function() { add_action("checklogin", function() {
global $settings, $env; global $settings, $env;
//actually do the login // Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"])) if(isset($_POST["user"]) and isset($_POST["pass"]))
{ {
//the user wants to log in // The user wants to log in
$user = $_POST["user"]; $user = $_POST["user"];
$pass = $_POST["pass"]; $pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass)) if($settings->users->$user->password == hash_password($pass))
{ {
// Success! :D
$env->is_logged_in = true; $env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now $expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user; $_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass); $_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going // Redirect to wherever the user was going
http_response_code(302); http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"])) if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]); header("location: " . $_GET["returnto"]);
else else
@ -7266,7 +7269,9 @@ register_module([
} }
else else
{ {
// Login failed :-(
http_response_code(302); http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes"; $nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"])) if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]); $nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);

View file

@ -1585,6 +1585,7 @@ if($settings->require_login_view === true && // If this site requires a login in
{ {
// Redirect the user to the login page // Redirect the user to the login page
http_response_code(307); http_response_code(307);
header("x-login-required: yes");
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true"; $url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url"); header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p> exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>

View file

@ -5,7 +5,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.", "description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
"id": "action-hash", "id": "action-hash",
"lastupdate": 1465757909, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -14,7 +14,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Exposes Pepperminty Wiki's new page protection mechanism and makes the protect button in the 'More...' menu on the top bar work.", "description": "Exposes Pepperminty Wiki's new page protection mechanism and makes the protect button in the 'More...' menu on the top bar work.",
"id": "action-protect", "id": "action-protect",
"lastupdate": 1465751051, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -23,7 +23,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds an action called 'random' that redirects you to a random page.", "description": "Adds an action called 'random' that redirects you to a random page.",
"id": "action-random", "id": "action-random",
"lastupdate": 1518648324, "lastupdate": 1518719583,
"optional": false "optional": false
}, },
{ {
@ -32,7 +32,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a 'raw' action that shows you the raw source of a page.", "description": "Adds a 'raw' action that shows you the raw source of a page.",
"id": "action-raw", "id": "action-raw",
"lastupdate": 1507993763, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -41,7 +41,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Provides a basic JSON status action that provices a few useful bits of information for API consumption.", "description": "Provides a basic JSON status action that provices a few useful bits of information for API consumption.",
"id": "api-status", "id": "api-status",
"lastupdate": 1522167607, "lastupdate": 1522411212,
"optional": false "optional": false
}, },
{ {
@ -50,7 +50,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a sidebar to the left hand side of every page. Add '$settings->sidebar_show = true;' to your configuration, or append '&sidebar=yes' to the url to enable. Adding to the url sets a cookie to remember your setting.", "description": "Adds a sidebar to the left hand side of every page. Add '$settings->sidebar_show = true;' to your configuration, or append '&sidebar=yes' to the url to enable. Adding to the url sets a cookie to remember your setting.",
"id": "extra-sidebar", "id": "extra-sidebar",
"lastupdate": 1505768813, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -59,7 +59,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds threaded comments to the bottom of every page.", "description": "Adds threaded comments to the bottom of every page.",
"id": "feature-comments", "id": "feature-comments",
"lastupdate": 1511450038, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -68,7 +68,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.", "description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id": "feature-guiconfig", "id": "feature-guiconfig",
"lastupdate": 1499800843, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -77,7 +77,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds the ability to keep unlimited page history, limited only by your disk space. Note that this doesn't store file history (yet). Currently depends on feature-recent-changes for rendering of the history page.", "description": "Adds the ability to keep unlimited page history, limited only by your disk space. Note that this doesn't store file history (yet). Currently depends on feature-recent-changes for rendering of the history page.",
"id": "feature-history", "id": "feature-history",
"lastupdate": 1518645062, "lastupdate": 1518719583,
"optional": false "optional": false
}, },
{ {
@ -86,7 +86,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds recent changes. Access through the 'recent-changes' action.", "description": "Adds recent changes. Access through the 'recent-changes' action.",
"id": "feature-recent-changes", "id": "feature-recent-changes",
"lastupdate": 1521408644, "lastupdate": 1522411212,
"optional": false "optional": false
}, },
{ {
@ -95,7 +95,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds support for redirect pages. Uses the same syntax that Mediawiki does.", "description": "Adds support for redirect pages. Uses the same syntax that Mediawiki does.",
"id": "feature-redirect", "id": "feature-redirect",
"lastupdate": 1498646092, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -104,7 +104,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.", "description": "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.",
"id": "feature-search", "id": "feature-search",
"lastupdate": 1521391886, "lastupdate": 1522411212,
"optional": false "optional": false
}, },
{ {
@ -113,7 +113,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.", "description": "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
"id": "feature-stats", "id": "feature-stats",
"lastupdate": 1505768903, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -122,7 +122,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.", "description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload", "id": "feature-upload",
"lastupdate": 1518645569, "lastupdate": 1518719583,
"optional": false "optional": false
}, },
{ {
@ -131,7 +131,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a user preferences page, letting pople do things like change their email address and password.", "description": "Adds a user preferences page, letting pople do things like change their email address and password.",
"id": "feature-user-preferences", "id": "feature-user-preferences",
"lastupdate": 1497799247, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -140,7 +140,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds the credits page. You *must* have this module :D", "description": "Adds the credits page. You *must* have this module :D",
"id": "page-credits", "id": "page-credits",
"lastupdate": 1513196998, "lastupdate": 1514040637,
"optional": false "optional": false
}, },
{ {
@ -149,7 +149,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.", "description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"id": "page-debug-info", "id": "page-debug-info",
"lastupdate": 1483389558, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -158,7 +158,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds an action to allow administrators to delete pages.", "description": "Adds an action to allow administrators to delete pages.",
"id": "page-delete", "id": "page-delete",
"lastupdate": 1501009581, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -167,7 +167,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Allows you to edit pages by adding the edit and save actions. You should probably include this one.", "description": "Allows you to edit pages by adding the edit and save actions. You should probably include this one.",
"id": "page-edit", "id": "page-edit",
"lastupdate": 1521390769, "lastupdate": 1522411212,
"optional": false "optional": false
}, },
{ {
@ -176,7 +176,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a page that you can use to export your wiki as a .zip file. Uses $settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.", "description": "Adds a page that you can use to export your wiki as a .zip file. Uses $settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
"id": "page-export", "id": "page-export",
"lastupdate": 1472230366, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -185,7 +185,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a rather useful help page. Access through the 'help' action. This module also exposes help content added to Pepperminty Wiki's inbuilt invisible help section system.", "description": "Adds a rather useful help page. Access through the 'help' action. This module also exposes help content added to Pepperminty Wiki's inbuilt invisible help section system.",
"id": "page-help", "id": "page-help",
"lastupdate": 1492433537, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -194,7 +194,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a page that lists all the pages in the index along with their metadata.", "description": "Adds a page that lists all the pages in the index along with their metadata.",
"id": "page-list", "id": "page-list",
"lastupdate": 1518645476, "lastupdate": 1518719583,
"optional": false "optional": false
}, },
{ {
@ -203,7 +203,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login", "id": "page-login",
"lastupdate": 1505512966, "lastupdate": 1522412068,
"optional": false "optional": false
}, },
{ {
@ -212,7 +212,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds an action to let users user out. For security reasons it is wise to add this module since logging in automatically opens a session that is valid for 30 days.", "description": "Adds an action to let users user out. For security reasons it is wise to add this module since logging in automatically opens a session that is valid for 30 days.",
"id": "page-logout", "id": "page-logout",
"lastupdate": 1466011660, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -221,7 +221,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds an action to allow administrators to move pages.", "description": "Adds an action to allow administrators to move pages.",
"id": "page-move", "id": "page-move",
"lastupdate": 1521408303, "lastupdate": 1522411212,
"optional": false "optional": false
}, },
{ {
@ -230,7 +230,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds an update page that downloads the latest stable version of Pepperminty Wiki. This module is currently outdated as it doesn't save your module preferences.", "description": "Adds an update page that downloads the latest stable version of Pepperminty Wiki. This module is currently outdated as it doesn't save your module preferences.",
"id": "page-update", "id": "page-update",
"lastupdate": 1476906745, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -239,7 +239,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a 'user-list' action that generates a list of users. Supports json output with 'format=json' in the queyr string.", "description": "Adds a 'user-list' action that generates a list of users. Supports json output with 'format=json' in the queyr string.",
"id": "page-user-list", "id": "page-user-list",
"lastupdate": 1487454626, "lastupdate": 1511518191,
"optional": false "optional": false
}, },
{ {
@ -248,7 +248,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Allows you to view pages. You really should include this one.", "description": "Allows you to view pages. You really should include this one.",
"id": "page-view", "id": "page-view",
"lastupdate": 1518647294, "lastupdate": 1518719583,
"optional": false "optional": false
}, },
{ {
@ -257,7 +257,7 @@
"author": "Johnny Broadway & Starbeamrainbowlabs", "author": "Johnny Broadway & Starbeamrainbowlabs",
"description": "The *old* default parser for Pepperminty Wiki. Based on Johnny Broadway's Slimdown (with more than a few modifications). This parser's features are documented in the help page. Superceded by a customised extension of parsedown extra.", "description": "The *old* default parser for Pepperminty Wiki. Based on Johnny Broadway's Slimdown (with more than a few modifications). This parser's features are documented in the help page. Superceded by a customised extension of parsedown extra.",
"id": "parser-default-old", "id": "parser-default-old",
"lastupdate": 1458824880, "lastupdate": 1511518191,
"optional": true "optional": true
}, },
{ {
@ -266,7 +266,7 @@
"author": "Emanuil Rusev & Starbeamrainbowlabs", "author": "Emanuil Rusev & Starbeamrainbowlabs",
"description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation, and also *requires* write access to the disk on first load.", "description": "An upgraded (now default!) parser based on Emanuil Rusev's Parsedown Extra PHP library (https:\/\/github.com\/erusev\/parsedown-extra), which is licensed MIT. Please be careful, as this module adds some weight to your installation, and also *requires* write access to the disk on first load.",
"id": "parser-parsedown", "id": "parser-parsedown",
"lastupdate": 1517750660, "lastupdate": 1518719583,
"optional": false "optional": false
} }
] ]

View file

@ -64,7 +64,7 @@ register_module([
* @apiPermission Anonymous * @apiPermission Anonymous
* *
* @apiParam {string} user The user name to login with. * @apiParam {string} user The user name to login with.
* @apiParam {string} password The password to login with. * @apiParam {string} pass The password to login with.
* @apiParam {string} returnto The URL to redirect to upon a successful login. * @apiParam {string} returnto The URL to redirect to upon a successful login.
* *
* @apiError InvalidCredentialsError The supplied credentials were invalid. Note that this error is actually a redirect to ?action=login&failed=yes (with the returnto parameter appended if you supplied one) * @apiError InvalidCredentialsError The supplied credentials were invalid. Note that this error is actually a redirect to ?action=login&failed=yes (with the returnto parameter appended if you supplied one)
@ -86,21 +86,23 @@ register_module([
add_action("checklogin", function() { add_action("checklogin", function() {
global $settings, $env; global $settings, $env;
//actually do the login // Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"])) if(isset($_POST["user"]) and isset($_POST["pass"]))
{ {
//the user wants to log in // The user wants to log in
$user = $_POST["user"]; $user = $_POST["user"];
$pass = $_POST["pass"]; $pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass)) if($settings->users->$user->password == hash_password($pass))
{ {
// Success! :D
$env->is_logged_in = true; $env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now $expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user; $_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass); $_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going // Redirect to wherever the user was going
http_response_code(302); http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"])) if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]); header("location: " . $_GET["returnto"]);
else else
@ -109,7 +111,9 @@ register_module([
} }
else else
{ {
// Login failed :-(
http_response_code(302); http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes"; $nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"])) if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]); $nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);