* site configuration misbehavior: turning off shop components
It is easily possible to disable the individual sections of the shop
that sell icons, points, and rename tokens, but the storefront was
not designed to gracefully handle that configuration.
In the case of points or icons, the cart would throw a generic error
when submitting the form. In the case of rename tokens, the "Add To
Order" button would just silently fail.
Although it is unlikely DW will ever disable these shop items, let's
update the code to be better behaved on general principle.
(Unavailable account levels are already handled in a reasonable manner.)
This also adds the missing 'icons' key to the example %LJ::SHOP hash.
* site configuration misbehavior: turning off the shop entirely
Visiting any shop page with the 'payments' config option turned off
results in a completely blank page and an error in the logs that says:
Argument "The shop is currently disabled." isn't numeric.
Looks like this happened because of a misunderstanding about the intended
return value of DW::Controller::controller. The relevant code comment says
to return "error text" if there was an error, but the error message can't be
just a string, it has to be a server response. Perhaps the behavior was later
updated in order to allow other possible responses such as redirects.
At any rate, the fix is to use error_ml here. The subsequent sysban check
obviously has the same problem, so this fixes that as well.
* [#2974] enforce minimum amount for check/money order payments
Defines a new config parameter $LJ::SHOP_CMO_MINIMUM. If set
to a value greater than zero, that value will be the minimum
"cash" value required to accept check/money order payments.
Fixes#2974.
* [#2328] print the currency to 2 decimal places in receipt email
As reported some time ago, the "Amount Due" was being shown as e.g.
$20.2 instead of $20.20. Future emails will print the amount with
the standard number of decimal places.
Fixes#2328.
* new 'payments_cmo' option for LJ::is_enabled
As mentioned in #2974, it's possible that we may need to
entirely disable paying by check or money order in the
future due to increasing costs. This adds a 'payments_cmo'
test to LJ::is_enabled that will make the switch easy to
flip if that day comes.
Bots and scrapers that just get captcha redirects over and over but
never attempt to solve will get blocked. This should be fairly loose so
as not to cause user impact, but will require tuning.
This also adds a simple memcache based tempban system which doesn't
persist to the database.
This adds a very simple site-wide captcha (but only on things that go
thru Controller...)
The goal here is to make it so we can replace the external captcha
system that we have today with something that is more controllable and
user friendly, as hCaptcha is pretty accessible.
Next up, I will try to standardize our captchas so that we have only the
one system for doing it, instead of doing it in N different places.
We haven't used SERVER_DOWN or SERVER_TOTALLY_DOWN in a decade since we
just mark as down at the load balancer level and bypass Apache entirely.
Let's just remove it.
This is a much smaller set of fixes than my other megabranch, just
targeting certain things for MySQL 5.7.
This also adds a Dockerfile that doesn't 100% work yet, tetsing.
Opt-out betas are a little weird. Also, to keep the diff small, I'm switching
these "if" statements to "if (!)" instead of rewriting them; we'll hopefully be
removing them soon anyway.
I couldn't find an issue open for this but I know we've talked about it on Discord: the default journal style for over a decade has been 'negatives/black', which isn't TR-based and doesn't support the newer features present in most other journal styles.
This changes the default style defined in config.pl.example to 'ciel/indil' which I picked because it wasn't nonfree and seemed pleasantly neutral. I also didn't want to pick the same default style that we have been using in production ('practicality/neutralgood') because I thought that might be too much of the same thing across different sites.
This will only affect future installations that don't have an existing config.pl file.