Beispiel #1
0
/**
 * @param string param name
 * @param string param name
 * @param boolean Is a password required? (non-empty)
 * @return boolean true if OK
 */
function param_check_passwords($var1, $var2, $required = false)
{
    global $Settings;
    $pass1 = $GLOBALS[$var1];
    $pass2 = $GLOBALS[$var2];
    if (empty($pass1) && empty($pass2) && !$required) {
        // empty is OK:
        return true;
    }
    if (empty($pass1)) {
        param_error($var1, T_('Please enter your password twice.'));
        return false;
    }
    if (empty($pass2)) {
        param_error($var2, T_('Please enter your password twice.'));
        return false;
    }
    // checking the password has been typed twice the same:
    if ($pass1 != $pass2) {
        param_error_multiple(array($var1, $var2), T_('You typed two different passwords.'));
        return false;
    }
    if (strlen($pass1) < $Settings->get('user_minpwdlen')) {
        param_error_multiple(array($var1, $var2), sprintf(T_('The minimum password length is %d characters.'), $Settings->get('user_minpwdlen')));
        return false;
    }
    return true;
}
Beispiel #2
0
/**
 * @param string param name
 * @param string param name
 * @param boolean Is a password required? (non-empty)
 * @param integer Minimum password length
 * @return boolean true if OK
 */
function param_check_passwords($var1, $var2, $required = false, $min_length = 6)
{
    $pass1 = get_param($var1);
    $pass2 = get_param($var2);
    if (!strlen($pass1) && !strlen($pass2) && !$required) {
        // empty is OK:
        return true;
    }
    if (!strlen($pass1)) {
        param_error($var1, T_('Please enter your new password.'));
        param_error($var2, T_('Please enter your new password twice.'));
        return false;
    }
    if (!strlen($pass2)) {
        param_error($var2, T_('Please enter your new password twice.'));
        return false;
    }
    // checking the password has been typed twice the same:
    if ($pass1 != $pass2) {
        param_error_multiple(array($var1, $var2), T_('You typed two different passwords.'));
        return false;
    }
    if (evo_strlen($pass1) < $min_length) {
        param_error_multiple(array($var1, $var2), sprintf(T_('The minimum password length is %d characters.'), $min_length));
        return false;
    }
    return true;
}
Beispiel #3
0
/**
 * @param string param name
 * @param string param name
 * @param boolean Is a password required? (non-empty)
 * @param integer Minimum password length
 * @param array Params
 * @return boolean true if OK
 */
function param_check_passwords($var1, $var2, $required = false, $min_length = 6, $params = array())
{
    $params = array_merge(array('msg_pass_wrong' => T_('Passwords cannot contain the characters &lt;, &gt; and &amp;.'), 'msg_pass_new' => T_('Please enter your new password.'), 'msg_pass_twice' => T_('Please enter your new password twice.'), 'msg_pass_diff' => T_('You typed two different passwords.'), 'msg_pass_min' => T_('The minimum password length is %d characters.')), $params);
    $pass1 = get_param($var1);
    $pass2 = get_param($var2);
    if (!strlen($pass1) && !strlen($pass2) && !$required) {
        // empty is OK:
        return true;
    }
    if (!strlen($pass1)) {
        param_error($var1, $params['msg_pass_new']);
        param_error($var2, $params['msg_pass_twice']);
        return false;
    }
    if (!strlen($pass2)) {
        param_error($var2, $params['msg_pass_twice']);
        return false;
    }
    // checking the password has been typed twice the same:
    if ($pass1 != $pass2) {
        param_error_multiple(array($var1, $var2), $params['msg_pass_diff']);
        return false;
    }
    if (utf8_strlen($pass1) < $min_length) {
        // Checking min length
        param_error_multiple(array($var1, $var2), sprintf($params['msg_pass_min'], $min_length));
        return false;
    }
    if (preg_match('/[<>&]/', isset($_POST[$var1]) ? $_POST[$var1] : $_GET[$var1])) {
        // Checking the not allowed chars
        param_error_multiple(array($var1, $var2), $params['msg_pass_wrong']);
        return false;
    }
    return true;
}
Beispiel #4
0
/**
 * Check profile parameters and add errors through {@link param_error()}.
 *
 * @param array associative array.
 *     Either array( $value, $input_name ) or just $value;
 *     ($input_name gets used for associating it to a form fieldname)
 *     - 'invitation': check for non-empty when users can register ONLY with an Invitation code/link
 *     - 'login': check for non-empty
 *     - 'nickname': check for non-empty
 *     - 'icq': must be a number
 *     - 'email': mandatory, must be well formed
 *     - 'country': check for non-empty
 *     - 'firstname': check for non-empty
 *     - 'lastname': check for non-empty
 *     - 'url': must be well formed, in allowed scheme, not blacklisted
 *     - 'pass1' / 'pass2': passwords (twice), must be the same and not == login (if given)
 *     - 'pass_required': false/true (default is true)
 * @param User|NULL A user to use for additional checks (password != login/nick).
 */
function profile_check_params($params, $User = NULL)
{
    global $Messages, $Settings, $dummy_fields;
    foreach ($params as $k => $v) {
        // normalize params:
        if ($k != 'pass_required' && !is_array($v)) {
            $params[$k] = array($v, $k);
        }
    }
    // checking invitation code:
    if (isset($params['invitation'][0])) {
        if (empty($params['invitation'][0])) {
            // invitation code can't be empty
            param_error($params['invitation'][1], T_('Please enter your invitation code.'));
        }
    }
    // checking login has been typed:
    if (isset($params['login'][0])) {
        if (empty($params['login'][0])) {
            // login can't be empty
            param_error($dummy_fields[$params['login'][1]], T_('Please enter your login.'));
        } else {
            param_check_valid_login($dummy_fields[$params['login'][1]]);
        }
    }
    // checking e-mail address
    if (isset($params['email'][0])) {
        if (empty($params['email'][0])) {
            param_error($dummy_fields[$params['email'][1]], T_('Please enter your e-mail address.'));
        } elseif (!is_email($params['email'][0])) {
            param_error($dummy_fields[$params['email'][1]], T_('The email address is invalid.'));
        }
    }
    // Checking country
    if (isset($params['country']) && empty($params['country'][0])) {
        param_error($params['country'][1], T_('Please select country.'));
    }
    // Checking first name
    if (isset($params['firstname']) && empty($params['firstname'][0])) {
        param_error($params['firstname'][1], T_('Please enter your first name.'));
    }
    // Checking last name
    if (isset($params['lastname']) && empty($params['lastname'][0])) {
        param_error($params['lastname'][1], T_('Please enter your last name.'));
    }
    // Checking gender
    if (isset($params['gender'])) {
        if (empty($params['gender'][0])) {
            param_error($params['gender'][1], T_('Please select gender.'));
        } elseif ($params['gender'][0] != 'M' && $params['gender'][0] != 'F') {
            param_error($params['gender'][1], 'Gender value is invalid');
        }
    }
    // Checking URL:
    if (isset($params['url'])) {
        if ($error = validate_url($params['url'][0], 'commenting')) {
            param_error($params['url'][1], T_('Supplied URL is invalid: ') . $error);
        }
    }
    // Check passwords:
    $pass_required = isset($params['pass_required']) ? $params['pass_required'] : true;
    if (isset($params['pass1'][0]) && isset($params['pass2'][0])) {
        if ($pass_required || !empty($params['pass1'][0]) || !empty($params['pass2'][0])) {
            // Password is required or was given
            // checking the password has been typed twice
            if (empty($params['pass1'][0]) || empty($params['pass2'][0])) {
                param_error($dummy_fields[$params['pass2'][1]], T_('Please enter your password twice.'));
            }
            // checking the password has been typed twice the same:
            if ($params['pass1'][0] !== $params['pass2'][0]) {
                param_error($dummy_fields[$params['pass1'][1]], T_('You typed two different passwords.'));
            } elseif ($Settings->get('passwd_special') && !preg_match('~[\\x20-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\x7f]~', $params['pass1'][0])) {
                param_error($dummy_fields[$params['pass1'][1]], T_('Your password should contain at least one special character (like & ! $ * - _ + etc.)'));
            } elseif (utf8_strlen($params['pass1'][0]) < $Settings->get('user_minpwdlen')) {
                param_error($dummy_fields[$params['pass1'][1]], sprintf(T_('The minimum password length is %d characters.'), $Settings->get('user_minpwdlen')));
            } elseif (isset($User) && $params['pass1'][0] == $User->get('login')) {
                param_error($dummy_fields[$params['pass1'][1]], T_('The password must be different from your login.'));
            } elseif (isset($User) && $params['pass1'][0] == $User->get('nickname')) {
                param_error($dummy_fields[$params['pass1'][1]], T_('The password must be different from your nickname.'));
            } elseif (preg_match('/[<>&]/', $_POST[$dummy_fields[$params['pass1'][1]]])) {
                // Checking the not allowed chars
                param_error_multiple(array($dummy_fields[$params['pass1'][1]], $dummy_fields[$params['pass2'][1]]), T_('Passwords cannot contain the characters &lt;, &gt; and &amp;.'));
            }
        }
    }
}