Empty commit

gazelle.sql

@@ -79,7 +79,7 @@ CREATE TABLE `artists_tags` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 
 CREATE TABLE `bad_passwords` (
-  `Password` char(32) CHARACTER SET latin1 NOT NULL,
+  `Password` char(32) COLLATE utf8_swedish_ci NOT NULL,
   PRIMARY KEY (`Password`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_swedish_ci;
 

sections/ajax/password_validate.php

@@ -0,0 +1,15 @@
+<?php
+$Password=db_string($_POST["password"]);
+$IsGoodPassword = false;
+
+$DB->query("SELECT Password FROM bad_passwords WHERE Password='$Password'");
+
+if ($DB->record_count() == 0) {
+	$IsGoodPassword = true;
+}
+
+echo $IsGoodPassword ? 'true' : 'false';
+exit();
+?>
+
+

sections/artist/add_alias.php

@@ -45,6 +45,7 @@
 	}
 }
 if(!$CloneAliasID) {
+	if($Redirect) {
 		$DB->query("SELECT ArtistID, Redirect FROM artists_alias WHERE AliasID = $Redirect");
 		if(!$DB->record_count()) {
 			error('Cannot redirect to a nonexistent artist alias.');
@@ -56,6 +57,7 @@
 		if($FoundRedirect != 0) {
 			$Redirect = $FoundRedirect;
 		}
+	}
 	$DB->query("INSERT INTO artists_alias(ArtistID, Name, Redirect, UserID)
 		VALUES
 		(".$ArtistID.", '".$DBAliasName."', ".$Redirect.", ".$LoggedUser['ID'].")");

sections/comments/index.php

@@ -89,8 +89,8 @@
 
 $Artists = get_artists($GroupIDs);
 
-$DB->set_query_id($Comments);
 show_header($Title,'bbcode');
+$DB->set_query_id($Comments);
 
 ?><div class="thin">
 	<h2>

sections/login/recover_step2.php

@@ -12,7 +12,7 @@
 ?>
 		<font color="red"><strong><?=display_str($Err)?></strong></font><br /><br />
 <?	} ?>
-		Please choose a password between 6 and 15 characters long<br /><br />
+		Please choose a password between 8 and 40 characters long<br /><br />
 		<table cellpadding="2" cellspacing="1" border="0" align="center">
 			<tr valign="top">
 				<td align="right">Password&nbsp;</td>

sections/register/step1.php

@@ -2,6 +2,8 @@
 show_header('Register','validate');
 echo $Val->GenerateJS('regform');
 ?>
+<script src="<?=STATIC_SERVER?>functions/jquery.js" type="text/javascript"></script>
+<script src="<?=STATIC_SERVER?>functions/password_validate.js" type="text/javascript"></script>
 <form name="regform" id="regform" method="post" action="" onsubmit="return formVal();">
 <div style="width:500px;">
 	<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
@@ -29,11 +31,11 @@
 		</tr>
 		<tr valign="top">
 			<td align="right">Password&nbsp;</td>
-			<td align="left"><input type="password" name="password" id="password" class="inputtext" /></td>
+			<td align="left"><input type="password" name="password" id="new_pass_1" class="inputtext" /> <b id="pass_strength"/> </td>
 		</tr>
 		<tr valign="top">
 			<td align="right">Verify Password&nbsp;</td>
-			<td align="left"><input type="password" name="confirm_password" id="confirm_password" class="inputtext" /></td>
+			<td align="left"><input type="password" name="confirm_password" id="new_pass_2" class="inputtext" /> <b id="pass_match"/> </td>
 		</tr>
 		<tr valign="top">
 			<td></td>

sections/tools/managers/bans.php

@@ -70,8 +70,8 @@
 
 $PageLinks=get_pages($Page,$Results,BANS_PER_PAGE,11);
 
-$DB->set_query_id($Bans);
 show_header('IP Bans');
+$DB->set_query_id($Bans);
 ?>
 
 <h2>IP Bans</h2>

sections/torrents/editgroupid.php

@@ -71,6 +71,8 @@
 	list($TorrentsInGroup) = $DB->next_record();
 	if($TorrentsInGroup == 0) {
 		$DB->query("UPDATE torrents_comments SET GroupID='$GroupID' WHERE GroupID='$OldGroupID'");
+		$Cache->delete_value('torrent_comments_'.$GroupID.'_catalogue_0');
+		$Cache->delete_value('torrent_comments_'.$GroupID);
 		delete_group($OldGroupID);
 	} else {
 		update_hash($OldGroupID);

sections/torrents/merge.php

@@ -89,6 +89,7 @@
 	}
 	
 	$Cache->delete_value('torrent_comments_'.$GroupID.'_catalogue_0');
+	$Cache->delete_value('torrent_comments_'.$GroupID);
 	$Cache->delete_value('groups_artists_'.$GroupID);
 	update_hash($GroupID);
 	

sections/user/edit.php

@@ -61,7 +61,7 @@ function checked($Checked) {
 	$SiteOptions = array();
 }
 
-show_header($Username.' > Settings','user,validate');
+show_header($Username.' > Settings','user,jquery,password_validate,validate');
 echo $Val->GenerateJS('userform');
 ?>
 <div class="thin">
@@ -412,17 +412,25 @@ function checked($Checked) {
 					<strong>Change password</strong>
 				</td>
 			</tr>
+			<tr>
+			<td/>
+				<td>
+					<p class="min_padding">A strong password is 8 characters or longer</p>
+					<p class="min_padding">Contains at least 1 lowercase and uppercase letter</p>
+					<p class="min_padding">Contains at least a number or symbol</p>
+				</td>
+			</tr>
 			<tr>
 				<td class="label"><strong>Current password</strong></td>
 				<td><input type="password" size="40" name="cur_pass" id="cur_pass" value="" /></td>
 			</tr>
 			<tr>
 				<td class="label"><strong>New password</strong></td>
-				<td><input type="password" size="40" name="new_pass_1" id="new_pass_1" value="" /></td>
+				<td><input type="password" size="40" name="new_pass_1" id="new_pass_1" value="" />  <b id="pass_strength"/></td>
 			</tr>
 			<tr>
 				<td class="label"><strong>Re-type new password</strong></td>
-				<td><input type="password" size="40" name="new_pass_2" id="new_pass_2" value="" /></td>
+				<td><input type="password" size="40" name="new_pass_2" id="new_pass_2" value="" />  <b id="pass_match"/></td>
 			</tr>
 			<tr>
 				<td class="label"><strong>Reset passkey</strong></td>

static/functions/password_validate.js

@@ -0,0 +1,208 @@
+/**
+*
+* Validates passwords to make sure they are powerful
+* w@author Gwindow
+*
+**/
+
+(function($) {
+var CLEAR = 0;
+var WEAK = 1;
+var STRONG = 3;
+var SHORT = 4;
+var MATCH_IRCKEY = 5;
+var MATCH_USERNAME = 6;
+var COMMON = 7;
+
+var USER_PATH = "/user.php";
+
+$(document).ready(function() {
+
+var old = $("#new_pass_1").val().length;
+var password1;
+var password2;
+
+$("#new_pass_1").keyup(function() {
+	password1 = $("#new_pass_1").val();
+	if(password1.length != old) {
+		disableSubmit();
+		calculateComplexity(password1);
+		old = password1.length;
+	}
+
+});
+
+$("#new_pass_1").change(function() {
+	password1 = $("#new_pass_1").val();
+	password2 =  $("#new_pass_2").val();
+
+	if(password1.length == 0 && password2.length==0) {
+		enableSubmit();
+	}
+	else if(getStrong() == true) {
+		validatePassword(password1);
+ 	}
+
+});
+
+$("#new_pass_1").focus(function() {
+	password1 = $("#new_pass_1").val();
+	password2 = $("#new_pass_2").val();
+	if(password1.length > 0) {
+		checkMatching(password1, password2);
+	}
+});
+
+$("#new_pass_2").keyup(function() {
+	password2 =  $("#new_pass_2").val();
+	checkMatching(password1, password2);
+});
+
+$("#new_pass_1").blur(function() {
+        password1 = $("#new_pass_1").val();
+        password2 =  $("#new_pass_2").val();
+        if(password1.length == 0 && password2.length==0) {
+                enableSubmit();
+        }
+});
+
+});
+
+function validatePassword(password) {
+	if(isUserPage()) {
+	 $.ajax({
+                type: 'POST',
+                dataType: 'text',
+		url : 'ajax.php?action=password_validate',
+		data: 'password=' + password,
+		async: false,
+                success: function(value) {
+			if(value == 'false') {
+				setStatus(COMMON);
+			}
+		}
+		});
+	}
+}
+
+function calculateComplexity(password) {
+	var length = password.length;
+	var username;
+
+	if(isUserPage()) {
+		username = $(".username").text();
+	}
+	else {
+		username = $("#username").val();
+	}
+
+	var irckey;
+
+	if(isUserPage()) {
+		irckey = $("#irckey").val();
+	}
+
+	if(length >= 8) {
+		setStatus(WEAK);
+	}
+	if(length >= 8 && isStrongPassword(password)) {
+		setStatus(STRONG);
+	}
+	if(length > 0 && length < 8) {
+		setStatus(SHORT);
+	}
+	if(length == 0) {
+		setStatus(CLEAR);
+	}
+	if(isUserPage()) {
+		if(irckey.length > 0){
+			if(password.toLowerCase() == irckey.toLowerCase()) {
+				setStatus(MATCH_IRCKEY);
+        		}
+		}
+	}
+	if(username.length > 0) {
+       		if(password.toLowerCase() == username.toLowerCase()) {
+			setStatus(MATCH_USERNAME);
+        	}
+	}
+}
+
+function isStrongPassword(password) {
+	var toReturn = false;
+	//var regex = /^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/;
+	var regex = /(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/;
+	if(regex.test(password)) {
+		toReturn = true;
+	}
+	return toReturn;
+}
+
+function checkMatching(password1, password2) {
+	if(password2.length > 0) {
+	if(password1 == password2 && getStrong() == true) {
+		 $("#pass_match").text("Passwords match").css("color", "green");
+		 enableSubmit();
+	}
+	else if(getStrong() == true) {
+		 $("#pass_match").text("Passwords do not match").css("color", "red");
+		 disableSubmit();
+	} 
+	else{
+		 $("#pass_match").text("Password isn't strong").css("color", "red");
+                 disableSubmit();
+	    }
+	}
+	else {
+		$("#pass_match").text("");
+	}
+}
+
+function getStrong() {
+	return $("#pass_strength").text() == "Strong";
+}
+
+function setStatus(strength) {
+	if(strength == WEAK) {
+		disableSubmit();
+		$("#pass_strength").text("Weak").css("color", "red");
+	}
+	if(strength == STRONG) {
+		disableSubmit();
+		$("#pass_strength").text("Strong").css("color", "green");
+	}
+	if(strength == SHORT) {
+		disableSubmit();
+		$("#pass_strength").text("Too Short").css("color", "red");
+	}
+	if(strength == MATCH_IRCKEY) {
+		disableSubmit();
+		$("#pass_strength").text("Password cannot match IRC Key").css("color", "red");
+	}
+	if(strength == MATCH_USERNAME) {
+		disableSubmit();
+		$("#pass_strength").text("Password cannot match Username").css("color", "red");
+	}
+	if(strength == COMMON) {
+		 disableSubmit();
+		 $("#pass_strength").text("Password is too common").css("color", "red");
+	}
+	if(strength == CLEAR) {
+		$("#pass_strength").text("");
+	}
+}
+
+function disableSubmit() {
+	  $('input[type="submit"]').attr('disabled','disabled');
+}
+
+function enableSubmit() {
+          $('input[type="submit"]').removeAttr('disabled');
+}
+
+function isUserPage() {
+	return window.location.pathname.indexOf(USER_PATH) != -1;
+}
+
+} ) ( jQuery );
+