function register_valid(Codendi_Request $request)
{
global $Language;
if (!$request->existAndNonEmpty('Update')) {
return false;
}
if (!$request->existAndNonEmpty('user_id')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_userid'));
return false;
}
if (!$request->existAndNonEmpty('form_pw')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_nopasswd'));
return false;
}
if ($request->get('form_pw') != $request->get('form_pw2')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_passwd'));
return false;
}
$errors = array();
if (!account_pwvalid($request->get('form_pw'), $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return false;
}
// if we got this far, it must be good
$user_manager = UserManager::instance();
$user = $user_manager->getUserById($request->get('user_id'));
$user->setPassword($request->get('form_pw'));
if (!$user_manager->updateDb($user)) {
$GLOBALS['Response']->addFeedback(Feedback::ERROR, $Language->getText('admin_user_changepw', 'error_update'));
return false;
}
return true;
}
function register_valid()
{
if (!$GLOBALS["Update"]) {
return 0;
}
// check against old pw
$res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid());
$row_pw = db_fetch_array($res);
if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) {
$GLOBALS[register_error] = "Old password is incorrect.";
return 0;
}
if ($row_pw[status] != 'A') {
$GLOBALS[register_error] = "Account must be active to change password.";
return 0;
}
if (!$GLOBALS[form_pw]) {
$GLOBALS[register_error] = "You must supply a password.";
return 0;
}
if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) {
$GLOBALS[register_error] = "Passwords do not match.";
return 0;
}
if (!account_pwvalid($GLOBALS[form_pw])) {
return 0;
}
// if we got this far, it must be good
$user =& user_get_object(user_getid());
if (!$user->setPasswd($GLOBALS['form_pw'])) {
$GLOBALS['register_error'] = $user->getErrorMessage();
return 0;
}
return 1;
}
function register_valid()
{
global $Language;
if (!isset($GLOBALS['Update'])) {
return 0;
}
if (!isset($GLOBALS['user_id'])) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_userid'));
return 0;
}
if (!isset($GLOBALS['form_pw'])) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_nopasswd'));
return 0;
}
if ($GLOBALS['form_pw'] != $GLOBALS['form_pw2']) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_passwd'));
return 0;
}
if (!account_pwvalid($GLOBALS['form_pw'], $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return 0;
}
// if we got this far, it must be good
if (!account_set_password($GLOBALS['user_id'], $GLOBALS['form_pw'])) {
$GLOBALS['register_error'] = $Language->getText('admin_user_changepw', 'error_update');
return 0;
}
return 1;
}
function register_valid()
{
global $form_user;
if (!$GLOBALS["Update"]) {
return 0;
}
// check against old pw
db_query("SELECT user_pw FROM users WHERE user_id={$form_user}");
if (!$GLOBALS['form_pw']) {
$GLOBALS['register_error'] = "You must supply a password.";
return 0;
}
if ($GLOBALS['form_pw'] != $GLOBALS['form_pw2']) {
$GLOBALS['register_error'] = "Passwords do not match.";
return 0;
}
if (!account_pwvalid($GLOBALS['form_pw'])) {
return 0;
}
// if we got this far, it must be good
//$user=user_get_object(user_getid());
$user = user_get_object($form_user);
if (!$user->setPasswd($GLOBALS['form_pw'])) {
$GLOBALS['register_error'] = $user->getErrorMessage();
return 0;
}
return 1;
}
function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager)
{
$request = HTTPRequest::instance();
if (!$request->isPost() || !$request->exist('Update')) {
return 0;
}
$csrf->check();
// check against old pw
$user_manager = UserManager::instance();
$user = $user_manager->getUserById($user_id);
if ($user === null) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found'));
return 0;
}
$password_expiration_checker = new User_PasswordExpirationChecker();
$password_handler = PasswordHandlerFactory::getPasswordHandler();
$login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler);
if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password'));
return 0;
}
try {
$status_manager = new User_UserStatusManager();
$status_manager->checkStatus($user);
} catch (User_StatusInvalidException $exception) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive'));
return 0;
}
if (!$request->exist('form_pw')) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed'));
return 0;
}
if ($request->get('form_pw') != $request->get('form_pw2')) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match'));
return 0;
}
if ($request->get('form_pw') === $request->get('form_oldpw')) {
$GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password'));
return 0;
}
if (!account_pwvalid($request->get('form_pw'), $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return 0;
}
// if we got this far, it must be good
$user->setPassword($request->get('form_pw'));
if (!$user_manager->updateDb($user)) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update'));
return 0;
}
return 1;
}
function account_register_new($unix_name, $realname, $password1, $password2, $email, $language, $timezone, $mail_site, $mail_va, $language_id, $timezone)
{
global $feedback;
if (db_numrows(db_query("SELECT user_id FROM users WHERE user_name LIKE '{$unix_name}'")) > 0) {
$feedback .= "That username already exists.";
return false;
}
// Check that username is not identical with an existing unix groupname (groups) helix 22.06.2001
if (db_numrows(db_query("SELECT unix_group_name FROM groups WHERE unix_group_name LIKE '{$unix_name}'")) > 0) {
$feedback .= "That username is identical with the unixname of an existing group.";
return false;
}
// End of change helix 22.06.2001
if (!$unix_name) {
$feedback .= "You must supply a username.";
return false;
}
if (!$password1) {
$feedback .= "You must supply a password.";
return false;
}
if ($password1 != $password2) {
$feedback .= "Passwords do not match.";
return false;
}
if (!account_pwvalid($password1)) {
$feedback .= ' Password must be at least 6 characters. ';
return false;
}
if (!account_namevalid($unix_name)) {
$feedback .= ' Invalid Unix Name ';
return false;
}
if (!validate_email($email)) {
$feedback .= ' Invalid Email Address ';
return false;
}
// if we got this far, it must be good
$confirm_hash = substr(md5($session_hash . $HTTP_POST_VARS['form_pw'] . time()), 0, 16);
$result = db_query("INSERT INTO users (user_name,user_pw,unix_pw,realname,email,add_date," . "status,confirm_hash,mail_siteupdates,mail_va,language,timezone) " . "VALUES ('{$unix_name}'," . "'" . md5($password1) . "'," . "'" . account_genunixpw($password1) . "'," . "'" . "{$realname}'," . "'{$email}'," . "'" . time() . "'," . "'P'," . "'{$confirm_hash}'," . "'" . ($mail_site ? "1" : "0") . "'," . "'" . ($mail_va ? "1" : "0") . "'," . "'{$language_id}'," . "'{$timezone}')");
$user_id = db_insertid($result, 'users', 'user_id');
if (!$result || !$user_id) {
$feedback .= ' Insert Failed ' . db_error();
return false;
} else {
// send mail
$message = "Thank you for registering on the " . $GLOBALS['sys_default_name'] . " web site. In order\n" . "to complete your registration, visit the following url: \n\n" . "https://" . $GLOBALS['HTTP_HOST'] . "/account/verify.php?confirm_hash={$confirm_hash}\n\n" . "Enjoy the site.\n\n" . " -- the " . $GLOBALS['sys_default_name'] . " staff\n";
mail($email, $GLOBALS['sys_default_name'] . " Account Registration", $message, "From: noreply@" . $GLOBALS['sys_default_domain']);
return $user_id;
}
}
function register_valid($user_id)
{
$request =& HTTPRequest::instance();
if (!$request->isPost() || !$request->exist('Update')) {
return 0;
}
// check against old pw
$res = db_query("SELECT user_pw, status FROM user WHERE status IN ('A', 'R') AND user_id=" . db_ei($user_id));
if (!$res || db_numrows($res) != 1) {
$GLOBALS['Response']->addFeedback('error', "Internal error: Cannot locate user in database.");
return 0;
}
$row_pw = db_fetch_array();
if ($row_pw['user_pw'] != md5($request->get('form_oldpw'))) {
$GLOBALS['Response']->addFeedback('error', "Old password is incorrect.");
return 0;
}
if ($row_pw['status'] != 'A' && $row_pw['status'] != 'R') {
$GLOBALS['Response']->addFeedback('error', "Account must be active to change password.");
return 0;
}
if (!$request->exist('form_pw')) {
$GLOBALS['Response']->addFeedback('error', "You must supply a password.");
return 0;
}
if ($request->get('form_pw') != $request->get('form_pw2')) {
$GLOBALS['Response']->addFeedback('error', "Passwords do not match.");
return 0;
}
if (!account_pwvalid($request->get('form_pw'), $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return 0;
}
// if we got this far, it must be good
if (!account_set_password($user_id, $request->get('form_pw'))) {
$GLOBALS['Response']->addFeedback('error', "Internal error: Could not update password.");
return 0;
}
return 1;
}
<?php
header("Cache-Control: no-cache, no-store, must-revalidate");
require_once 'pre.php';
require_once 'account.php';
$request =& HTTPRequest::instance();
account_pwvalid($request->get('form_pw'), $errors);
echo '[' . implode(', ', array_keys($errors)) . ']';
/**
* setPasswd - Changes user's password.
*
* @param string The plaintext password.
* @return boolean success.
*/
function setPasswd($passwd)
{
global $SYS;
if (!account_pwvalid($passwd)) {
$this->setError('Error: ' . $GLOBALS['register_error']);
return false;
}
db_begin();
$unix_pw = account_genunixpw($passwd);
$res = db_query("\n\t\t\tUPDATE users\n\t\t\tSET user_pw='" . md5($passwd) . "',\n\t\t\tunix_pw='{$unix_pw}'\n\t\t\tWHERE user_id='" . $this->getID() . "'\n\t\t");
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ERROR - Could Not Change User Password: '******'{crypt}' . $unix_pw)) {
$this->setError($SYS->getErrorMessage());
db_rollback();
return false;
}
}
}
$hook_params = array();
$hook_params['user'] = $this;
$hook_params['user_id'] = $this->getID();
$hook_params['user_password'] = $passwd;
plugin_hook("user_setpasswd", $hook_params);
db_commit();
return true;
}
function register_valid($confirm_hash)
{
global $Language;
$request =& HTTPRequest::instance();
$vLoginName = new Valid_UserNameFormat('form_loginname');
$vLoginName->required();
if (!$request->valid($vLoginName)) {
return 0;
}
$vRealName = new Valid_RealNameFormat('form_realname');
$vRealName->required();
if (!$request->valid($vRealName)) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_realname'));
return 0;
}
if (!$request->existAndNonEmpty('form_pw')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_nopasswd'));
return 0;
}
$tz = $request->get('timezone');
if (!is_valid_timezone($tz)) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_notz'));
return 0;
}
if (!$request->existAndNonEmpty('form_register_purpose') && ($GLOBALS['sys_user_approval'] && $request->get('page') != "admin_creation")) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_nopurpose'));
return 0;
}
if (!validate_email($request->get('form_email'))) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_email'));
return 0;
}
if ($request->get('page') != "admin_creation" && $request->get('form_pw') != $request->get('form_pw2')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_passwd'));
return 0;
}
if (!account_pwvalid($request->get('form_pw'), $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return 0;
}
$expiry_date = 0;
if ($request->exist('form_expiry') && $request->get('form_expiry') != '' && !ereg("[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}", $request->get('form_expiry'))) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_register', 'data_not_parsed'));
return 0;
}
$vDate = new Valid_String();
$vDate->required();
if ($request->exist('form_expiry') && $vDate->validate($request->get('form_expiry'))) {
$date_list = split("-", $request->get('form_expiry'), 3);
$unix_expiry_time = mktime(0, 0, 0, $date_list[1], $date_list[2], $date_list[0]);
$expiry_date = $unix_expiry_time;
}
$status = 'P';
if ($request->get('page') == "admin_creation") {
if ($request->get('form_restricted')) {
$status = 'R';
} else {
$status = 'A';
}
}
//use sys_lang as default language for each user at register
$res = account_create($request->get('form_loginname'), $request->get('form_pw'), '', $request->get('form_realname'), $request->get('form_register_purpose'), $request->get('form_email'), $status, $confirm_hash, $request->get('form_mail_site'), $request->get('form_mail_va'), $tz, UserManager::instance()->getCurrentUser()->getLocale(), 'A', $expiry_date);
return $res;
}
$mail->AddBCC($tbl_admins['email']);
}
$copyAdmins = "Yes";
}
// initial message
$message = $lang[REG_NEW];
if ($_POST['registerSubmit']) {
global $feedback, $hidden_hash_var, $db_link;
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
//all vars present and passwords match?
if ($username && $password1 && $password1 == $password2 && $email && validate_email($email)) {
//password and name are valid?
if (account_namevalid($username) && account_pwvalid($password1)) {
$username = strtolower($username);
//does the name exist in the database?
$sql = "SELECT * FROM " . TABLE_USERS . " WHERE username='******'";
$result = mysql_query($sql, $db_link);
if ($result && mysql_numrows($result) > 0) {
$feedback .= "ERR_USERNAME_RESERVED";
} else {
//create a new hash to insert into the db and the confirmation email
$hash = md5($email . $hidden_hash_var);
$sql = "INSERT INTO " . TABLE_USERS . " (username, usertype, password, email, confirm_hash, is_confirmed) " . "VALUES ('{$username}','user','" . md5($password1) . "','{$email}', '{$hash}','0')";
$result = mysql_query($sql, $db_link);
if (!$result) {
$feedback .= ' MySQL ERROR - ' . mysql_error();
} else {
//send the confirm email
function user_register($user_name, $password1, $password2, $email, $real_name)
{
global $feedback, $hidden_hash_var;
//all vars present and passwords match?
if ($user_name && $password1 && $password1 == $password2 && $email && validate_email($email)) {
//password and name are valid?
if (account_namevalid($user_name) && account_pwvalid($password1)) {
$user_name = strtolower($user_name);
$password1 = strtolower($password1);
//does the name exist in the database?
$sql = "SELECT * FROM user WHERE user_name='{$user_name}'";
$result = db_query($sql);
if ($result && db_numrows($result) > 0) {
$feedback .= ' ERROR - USER NAME EXISTS ';
return false;
} else {
//create a new hash to insert into the db and the confirmation email
$hash = md5($email . $hidden_hash_var);
$sql = "INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) " . "VALUES ('{$user_name}','{$real_name}','" . md5($password1) . "','{$email}','{$GLOBALS['REMOTE_ADDR']}','{$hash}','0')";
$result = db_query($sql);
if (!$result) {
$feedback .= ' ERROR - ' . db_error();
return false;
} else {
//send the confirm email
user_send_confirm_email($email, $hash);
$feedback .= ' Successfully Registered. You Should Have a Confirmation Email Waiting ';
return true;
}
}
} else {
$feedback .= ' Account Name or Password Invalid ';
return false;
}
} else {
$feedback .= ' ERROR - Must Fill In User Name, Matching Passwords, And Provide Valid Email Address ';
return false;
}
}
