/** * Check for an API key, and throw an exception if it's not set * * @param array $args URL and POST params * * @return boolean continuation flag */ function prepare($args) { GNUsocial::setApi(true); // reduce exception reports to aid in debugging parent::prepare($args); if (!common_config('globalapi', 'enabled')) { throw new ClientException(_('Global API not enabled.'), 403); } $apikey = $this->trimmed('apikey'); if (empty($apikey)) { throw new ClientException(_('No API key.'), 403); } $expected = common_config('globalapi', 'key'); if ($expected != $apikey) { // FIXME: increment a counter by IP address to prevent brute-force // attacks on the key. throw new ClientException(_('Bad API key.'), 403); } $email = common_canonical_email($this->trimmed('email')); if (empty($email)) { throw new ClientException(_('No email address.')); } if (!Validate::email($email, common_config('email', 'check_domain'))) { throw new ClientException(_('Invalid email address.')); } $this->email = $email; return true; }
public function onStartCheckPassword($nickname, $password, &$authenticatedUser) { if (common_is_email($nickname)) { $this->unauthed_user = User::getKV('email', common_canonical_email($nickname)); } else { $this->unauthed_user = User::getKV('nickname', Nickname::normalize($nickname)); } if (!$this->unauthed_user instanceof User) { // Unknown username continue processing StartCheckPassword (maybe uninitialized LDAP user etc?) return true; } $this->failed_attempts = (int) $this->unauthed_user->getPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip); switch (true) { case $this->failed_attempts >= 5: common_log(LOG_WARNING, sprintf('Multiple failed login attempts for user %s from IP %s - brute force attack?', $this->unauthed_user->getNickname(), $this->client_ip)); // 5 seconds is a good max waiting time anyway... sleep($this->failed_attempts % 5 + 1); break; case $this->failed_attempts > 0: common_debug(sprintf('Previously failed login on user %s from IP %s - sleeping %u seconds.', $this->unauthed_user->getNickname(), $this->client_ip, $this->failed_attempts)); sleep($this->failed_attempts); break; default: // No sleeping if it's our first failed attempt. } return true; }
function user_from($from_hdr) { $froms = Mail_RFC822::parseAddressList($from_hdr); if (PEAR::isError($froms)) { return NULL; } $from = $froms[0]; $addr = common_canonical_email($from->mailbox . '@' . $from->host); $user = User::staticGet('email', $addr); if (!$user) { $user = User::staticGet('smsemail', $addr); } return $user; }
function sendInvitations() { # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } $user = common_current_user(); $profile = $user->getProfile(); $bestname = $profile->getBestName(); $sitename = common_config('site', 'name'); $personal = $this->trimmed('personal'); $addresses = explode("\n", $this->trimmed('addresses')); foreach ($addresses as $email) { $email = trim($email); if (!Validate::email($email, common_config('email', 'check_domain'))) { // TRANS: Form validation message when providing an e-mail address that does not validate. // TRANS: %s is an invalid e-mail address. $this->showForm(sprintf(_('Invalid email address: %s.'), $email)); return; } } $this->already = array(); $this->subbed = array(); foreach ($addresses as $email) { $email = common_canonical_email($email); $other = User::staticGet('email', $email); if ($other) { if ($user->isSubscribed($other)) { $this->already[] = $other; } else { subs_subscribe_to($user, $other); $this->subbed[] = $other; } } else { $this->sent[] = $email; $this->sendInvitation($email, $user, $personal); } } $this->mode = 'sent'; $this->showPage(); }
function sendInvitations() { # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('表单错误,请重试')); return; } $user = common_current_user(); $profile = $user->getProfile(); $bestname = $profile->getBestName(); $sitename = common_config('site', 'name'); $personal = $this->trimmed('personal'); $addresses = explode("\n", $this->trimmed('addresses')); foreach ($addresses as $email) { $email = trim($email); if (!Validate::email($email, common_config('email', 'check_domain'))) { $this->showForm(sprintf(_('邮件地址格式错误: %s'), $email)); return; } } $this->already = array(); $this->subbed = array(); foreach ($addresses as $email) { $email = common_canonical_email($email); $other = User::staticGet('email', $email); if ($other) { if ($user->isSubscribed($other)) { $this->already[] = $other; } else { subs_subscribe_to($user, $other); $this->subbed[] = $other; } } else { $this->sent[] = $email; $this->sendInvitation($email, $user, $personal); } } $this->mode = 'sent'; $this->showPage(); }
/** * Does the given email address already exist? * * Checks a canonical email address against the database. * * @param string $email email address to check * * @return boolean true if the address already exists */ function emailExists($email) { $email = common_canonical_email($email); if (!$email || strlen($email) == 0) { return false; } $user = User::staticGet('email', $email); return is_object($user); }
/** * Add the address passed in by the user * * @return void */ function addAddress() { $user = common_current_user(); $email = $this->trimmed('email'); // Some validation if (!$email) { // TRANS: Message given saving e-mail address without having provided one. $this->showForm(_('No email address.')); return; } $email = common_canonical_email($email); if (!$email) { // TRANS: Message given saving e-mail address that cannot be normalised. $this->showForm(_('Cannot normalize that email address')); return; } if (!Validate::email($email, common_config('email', 'check_domain'))) { // TRANS: Message given saving e-mail address that not valid. $this->showForm(_('Not a valid email address.')); return; } else { if ($user->email == $email) { // TRANS: Message given saving e-mail address that is already set. $this->showForm(_('That is already your email address.')); return; } else { if ($this->emailExists($email)) { // TRANS: Message given saving e-mail address that is already set for another user. $this->showForm(_('That email address already belongs ' . 'to another user.')); return; } } } $confirm = new Confirm_address(); $confirm->address = $email; $confirm->address_type = 'email'; $confirm->user_id = $user->id; $confirm->code = common_confirmation_code(64); $result = $confirm->insert(); if ($result === false) { common_log_db_error($confirm, 'INSERT', __FILE__); // TRANS: Server error thrown on database error adding e-mail confirmation code. $this->serverError(_('Couldn\'t insert confirmation code.')); return; } mail_confirm_address($user, $confirm->code, $user->nickname, $email); // TRANS: Message given saving valid e-mail address that is to be confirmed. $msg = _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.'); $this->showForm($msg, true); }
/** * Register a new user account and profile and set up default subscriptions. * If a new-user welcome message is configured, this will be sent. * * @param array $fields associative array of optional properties * string 'bio' * string 'email' * bool 'email_confirmed' pass true to mark email as pre-confirmed * string 'fullname' * string 'homepage' * string 'location' informal string description of geolocation * float 'lat' decimal latitude for geolocation * float 'lon' decimal longitude for geolocation * int 'location_id' geoname identifier * int 'location_ns' geoname namespace to interpret location_id * string 'nickname' REQUIRED * string 'password' (may be missing for eg OpenID registrations) * string 'code' invite code * ?string 'uri' permalink to notice; defaults to local notice URL * @return mixed User object or false on failure */ static function register($fields) { // MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); if (!empty($email)) { $email = common_canonical_email($email); } $nickname = common_canonical_nickname($nickname); $profile->nickname = $nickname; if (!User::allowed_nickname($nickname)) { common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), __FILE__); return false; } $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; $loc = Location::fromName($location); if (!empty($loc)) { $profile->lat = $loc->lat; $profile->lon = $loc->lon; $profile->location_id = $loc->location_id; $profile->location_ns = $loc->location_ns; } } $profile->created = common_sql_now(); $user = new User(); $user->nickname = $nickname; // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::staticGet($code); if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } if (isset($email_confirmed) && $email_confirmed) { $user->email = $email; } // This flag is ignored but still set to 1 $user->inboxed = 1; // Set default-on options here, otherwise they'll be disabled // initially for sites using caching, since the initial encache // doesn't know about the defaults in the database. $user->emailnotifysub = 1; $user->emailnotifyfav = 1; $user->emailnotifynudge = 1; $user->emailnotifymsg = 1; $user->emailnotifyattn = 1; $user->emailmicroid = 1; $user->emailpost = 1; $user->jabbermicroid = 1; $user->viewdesigns = 1; $user->created = common_sql_now(); if (Event::handle('StartUserRegister', array(&$user, &$profile))) { $profile->query('BEGIN'); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); return false; } $user->id = $id; if (!empty($uri)) { $user->uri = $uri; } else { $user->uri = common_user_uri($user); } if (!empty($password)) { // may not have a password for OpenID users $user->password = common_munge_password($password, $id); } $result = $user->insert(); if (!$result) { common_log_db_error($user, 'INSERT', __FILE__); return false; } // Everyone gets an inbox $inbox = new Inbox(); $inbox->user_id = $user->id; $inbox->notice_ids = ''; $result = $inbox->insert(); if (!$result) { common_log_db_error($inbox, 'INSERT', __FILE__); return false; } // Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); return false; } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); return false; } } if (!empty($code) && $user->email) { $user->emailChanged(); } // Default system subscription $defnick = common_config('newuser', 'default'); if (!empty($defnick)) { $defuser = User::staticGet('nickname', $defnick); if (empty($defuser)) { common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__); } else { Subscription::start($user, $defuser); } } $profile->query('COMMIT'); if (!empty($email) && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } // Welcome message $welcome = common_config('newuser', 'welcome'); if (!empty($welcome)) { $welcomeuser = User::staticGet('nickname', $welcome); if (empty($welcomeuser)) { common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__); } else { $notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system'); } } Event::handle('EndUserRegister', array(&$profile, &$user)); } return $user; }
static function recoverPassword($nore) { $user = User::staticGet('email', common_canonical_email($nore)); if (!$user) { try { $user = User::staticGet('nickname', common_canonical_nickname($nore)); } catch (NicknameException $e) { // invalid } } // See if it's an unconfirmed email address if (!$user) { // Warning: it may actually be legit to have multiple folks // who have claimed, but not yet confirmed, the same address. // We'll only send to the first one that comes up. $confirm_email = new Confirm_address(); $confirm_email->address = common_canonical_email($nore); $confirm_email->address_type = 'email'; $confirm_email->find(); if ($confirm_email->fetch()) { $user = User::staticGet($confirm_email->user_id); } else { $confirm_email = null; } } else { $confirm_email = null; } if (!$user) { // TRANS: Information on password recovery form if no known username or e-mail address was specified. throw new ClientException(_('No user with that email address or username.')); return; } // Try to get an unconfirmed email address if they used a user name if (!$user->email && !$confirm_email) { $confirm_email = new Confirm_address(); $confirm_email->user_id = $user->id; $confirm_email->address_type = 'email'; $confirm_email->find(); if (!$confirm_email->fetch()) { $confirm_email = null; } } if (!$user->email && !$confirm_email) { // TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address. throw new ClientException(_('No registered email address for that user.')); return; } // Success! We have a valid user and a confirmed or unconfirmed email address $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; $confirm->address = !empty($user->email) ? $user->email : $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); // TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form. throw new ServerException(_('Error saving address confirmation.')); return; } // @todo FIXME: needs i18n. $body = "Hola, {$user->nickname}."; $body .= "\n\n"; $body .= 'Alguien ha solicitado una nueva contraseña ' . 'para esta cuenta en ' . common_config('site', 'name') . '.'; $body .= "\n\n"; $body .= 'Si has sido tú, y quieres modificarla, pulsa en el enlace de abajo:'; $body .= "\n\n"; $body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code)); $body .= "\n\n"; $body .= 'Si no, puedes ignorar y eliminar este mensaje.'; $body .= "\n\n"; $body .= 'Gracias por tu tiempo, '; $body .= "\n"; $body .= common_config('site', 'name'); $body .= "\n"; $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname); // TRANS: Subject for password recovery e-mail. mail_to_user($user, _('Solicitud de recuperación de contraseña'), $body, $headers, $confirm->address); }
/** * Add the address passed in by the user * * @return void */ function addAddress() { $user = common_current_user(); $email = $this->trimmed('email'); // Some validation if (!$email) { $this->showForm(_('未填写邮箱地址')); return; } $email = common_canonical_email($email); if (!$email) { $this->showForm(_('邮件地址格式错误')); return; } if (!Validate::email($email, common_config('email', 'check_domain'))) { $this->showForm(_('邮件地址格式错误')); return; } else { if ($user->email == $email) { $this->showForm(_('新邮件地址与原邮件地址相同')); return; } else { if ($this->emailExists($email)) { $this->showForm(_('此邮件地址属于其他用户')); return; } } } $confirm = new Confirm_address(); $confirm->address = $email; $confirm->address_type = 'email'; $confirm->user_id = $user->id; $confirm->code = common_confirmation_code(64); $result = $confirm->insert(); if ($result === false) { common_log_db_error($confirm, 'INSERT', __FILE__); $this->serverError(_('生成验证邮件失败,请返回重试')); return; } mail_confirm_address($user, $confirm->code, $user->nickname, $email); $msg = _('验证邮件已经发送,请稍候查看邮箱以确认验证信息'); $this->showForm($msg, true); }
function user_from_header($from_hdr) { $froms = mailparse_rfc822_parse_addresses($from_hdr); if (!$froms) { return null; } $from = $froms[0]; $addr = common_canonical_email($from['address']); $user = User::staticGet('email', $addr); if (!$user) { $user = User::staticGet('smsemail', $addr); } return $user; }
/** * Add the address passed in by the user * * @return void */ function addAddress() { $user = $this->scoped->getUser(); $email = $this->trimmed('email'); // Some validation if (empty($email)) { // TRANS: Message given saving e-mail address without having provided one. throw new ClientException(_('No email address.')); } $email = common_canonical_email($email); if (empty($email)) { // TRANS: Message given saving e-mail address that cannot be normalised. throw new ClientException(_('Cannot normalize that email address.')); } if (!Validate::email($email, common_config('email', 'check_domain'))) { // TRANS: Message given saving e-mail address that not valid. throw new ClientException(_('Not a valid email address.')); } else { if ($user->email == $email) { // TRANS: Message given saving e-mail address that is already set. throw new ClientException(_('That is already your email address.')); } else { if ($this->emailExists($email)) { // TRANS: Message given saving e-mail address that is already set for another user. throw new ClientException(_('That email address already belongs to another user.')); } } } if (Event::handle('StartAddEmailAddress', array($user, $email))) { $confirm = new Confirm_address(); $confirm->address = $email; $confirm->address_type = 'email'; $confirm->user_id = $user->getID(); $confirm->code = common_confirmation_code(64); $result = $confirm->insert(); if ($result === false) { common_log_db_error($confirm, 'INSERT', __FILE__); // TRANS: Server error thrown on database error adding e-mail confirmation code. throw new ServerException(_('Could not insert confirmation code.')); } common_debug('Sending confirmation address for user ' . $user->getID() . ' to email ' . $email); mail_confirm_address($user, $confirm->code, $user->getNickname(), $email); Event::handle('EndAddEmailAddress', array($user, $email)); } // TRANS: Message given saving valid e-mail address that is to be confirmed. return _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.'); }
function validate(&$values) { // Validate site name if (empty($values['site']['name'])) { // TRANS: Client error displayed trying to save an empty site name. $this->clientError(_('Site name must have non-zero length.')); } // Validate email $values['site']['email'] = common_canonical_email($values['site']['email']); if (empty($values['site']['email'])) { // TRANS: Client error displayed trying to save site settings without a contact address. $this->clientError(_('You must have a valid contact email address.')); } if (!Validate::email($values['site']['email'], common_config('email', 'check_domain'))) { // TRANS: Client error displayed trying to save site settings without a valid contact address. $this->clientError(_('Not a valid email address.')); } // Validate logos if (!empty($values['site']['logo']) && !Validate::uri($values['site']['logo'], array('allowed_schemes' => array('http', 'https')))) { // TRANS: Client error displayed when a logo URL is not valid. $this->clientError(_('Invalid logo URL.')); } if (!empty($values['site']['ssllogo']) && !Validate::uri($values['site']['ssllogo'], array('allowed_schemes' => array('https')))) { // TRANS: Client error displayed when a SSL logo URL is invalid. $this->clientError(_('Invalid SSL logo URL.')); } // Validate timezone if (is_null($values['site']['timezone']) || !in_array($values['site']['timezone'], DateTimeZone::listIdentifiers())) { // TRANS: Client error displayed trying to save site settings without a timezone. $this->clientError(_('Timezone not selected.')); return; } // Validate language if (!is_null($values['site']['language']) && !in_array($values['site']['language'], array_keys(get_nice_language_list()))) { // TRANS: Client error displayed trying to save site settings with an invalid language code. // TRANS: %s is the invalid language code. $this->clientError(sprintf(_('Unknown language "%s".'), $values['site']['language'])); } // Validate text limit if (!Validate::number($values['site']['textlimit'], array('min' => 0))) { // TRANS: Client error displayed trying to save site settings with a text limit below 0. $this->clientError(_('Minimum text limit is 0 (unlimited).')); } // Validate dupe limit if (!Validate::number($values['site']['dupelimit'], array('min' => 1))) { // TRANS: Client error displayed trying to save site settings with a text limit below 1. $this->clientError(_('Dupe limit must be one or more seconds.')); } }
static function recoverPassword($nore) { // $confirm_email will be used as a fallback if our user doesn't have a confirmed email $confirm_email = null; if (common_is_email($nore)) { $user = User::getKV('email', common_canonical_email($nore)); // See if it's an unconfirmed email address if (!$user instanceof User) { // Warning: it may actually be legit to have multiple folks // who have claimed, but not yet confirmed, the same address. // We'll only send to the first one that comes up. $confirm_email = new Confirm_address(); $confirm_email->address = common_canonical_email($nore); $confirm_email->address_type = 'email'; if ($confirm_email->find(true)) { $user = User::getKV('id', $confirm_email->user_id); } } // No luck finding anyone by that email address. if (!$user instanceof User) { if (common_config('site', 'fakeaddressrecovery')) { // Return without actually doing anything! We fake address recovery // to avoid revealing which email addresses are registered with the site. return; } // TRANS: Information on password recovery form if no known e-mail address was specified. throw new ClientException(_('No user with that email address exists here.')); } } else { // This might throw a NicknameException on bad nicknames $user = User::getKV('nickname', common_canonical_nickname($nore)); if (!$user instanceof User) { // TRANS: Information on password recovery form if no known username was specified. throw new ClientException(_('No user with that nickname exists here.')); } } // Try to get an unconfirmed email address if they used a user name if (empty($user->email) && $confirm_email === null) { $confirm_email = new Confirm_address(); $confirm_email->user_id = $user->id; $confirm_email->address_type = 'email'; $confirm_email->find(); if (!$confirm_email->fetch()) { // Nothing found, so let's reset it to null $confirm_email = null; } } if (empty($user->email) && !$confirm_email instanceof Confirm_address) { // TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address. throw new ClientException(_('No registered email address for that user.')); } // Success! We have a valid user and a confirmed or unconfirmed email address $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; $confirm->address = $user->email ?: $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); // TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form. throw new ServerException(_('Error saving address confirmation.')); } // @todo FIXME: needs i18n. $body = "Hey, {$user->nickname}."; $body .= "\n\n"; $body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.'; $body .= "\n\n"; $body .= 'If it was you, and you want to confirm, use the URL below:'; $body .= "\n\n"; $body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code)); $body .= "\n\n"; $body .= 'If not, just ignore this message.'; $body .= "\n\n"; $body .= 'Thanks for your time, '; $body .= "\n"; $body .= common_config('site', 'name'); $body .= "\n"; $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname); // TRANS: Subject for password recovery e-mail. mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address); }
function sendInvitations() { if (Event::handle('StartSendInvitations', array(&$this))) { // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Client error displayed when the session token does not match or is not given. $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } $user = common_current_user(); $profile = $user->getProfile(); $bestname = $profile->getBestName(); $sitename = common_config('site', 'name'); $personal = $this->trimmed('personal'); $addresses = explode("\n", $this->trimmed('addresses')); foreach ($addresses as $email) { $email = trim($email); $valid = null; try { if (Event::handle('StartValidateUserEmail', array(null, $email, &$valid))) { $valid = Validate::email($email, common_config('email', 'check_domain')); Event::handle('EndValidateUserEmail', array(null, $email, &$valid)); } if ($valid) { if (Event::handle('StartValidateEmailInvite', array($user, $email, &$valid))) { $valid = true; Event::handle('EndValidateEmailInvite', array($user, $email, &$valid)); } } if (!$valid) { // TRANS: Form validation message when providing an e-mail address that does not validate. // TRANS: %s is an invalid e-mail address. $this->showForm(sprintf(_('Invalid email address: %s.'), $email)); return; } } catch (ClientException $e) { $this->showForm($e->getMessage()); return; } } $this->already = array(); $this->subbed = array(); foreach ($addresses as $email) { $email = common_canonical_email($email); try { // If this user is already registered, subscribe to it! $other = Profile::getByEmail($email); if ($user->isSubscribed($other)) { $this->already[] = $other; } else { try { Subscription::ensureStart($profile, $other); $this->subbed[] = $other; } catch (Exception $e) { // subscription failed, but keep working common_debug('Invitation-based subscription failed: ' . $e->getMessage()); } } } catch (NoSuchUserException $e) { // If email was not known, let's send an invite! $this->sent[] = $email; $this->sendInvitation($email, $user, $personal); } } $this->mode = 'sent'; $this->showPage(); Event::handle('EndSendInvitations', array($this)); } }
/** * Check if a username exists and has matching password. */ function common_check_user($nickname, $password) { // empty nickname always unacceptable if (empty($nickname)) { return false; } $authenticatedUser = false; if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { if (common_is_email($nickname)) { $user = User::getKV('email', common_canonical_email($nickname)); } else { $user = User::getKV('nickname', Nickname::normalize($nickname)); } if ($user instanceof User && !empty($password)) { if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) { //internal checking passed $authenticatedUser = $user; } } } Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); return $authenticatedUser; }
/** * Check if a username exists and has matching password. */ function common_check_user($nickname, $password) { // empty nickname always unacceptable if (empty($nickname)) { return false; } $authenticatedUser = false; if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { if (common_is_email($nickname)) { $user = User::staticGet('email', common_canonical_email($nickname)); } else { $user = User::staticGet('nickname', common_canonical_nickname($nickname)); } if (!empty($user)) { if (!empty($password)) { // never allow login with blank password if (0 == strcmp(common_munge_password($password, $user->id), $user->password)) { //internal checking passed $authenticatedUser = $user; } } } Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); } return $authenticatedUser; }
function recoverPassword() { $nore = $this->trimmed('nicknameoremail'); if (!$nore) { $this->showForm(_('Enter a nickname or email address.')); return; } $user = User::staticGet('email', common_canonical_email($nore)); if (!$user) { $user = User::staticGet('nickname', common_canonical_nickname($nore)); } # See if it's an unconfirmed email address if (!$user) { $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); if ($confirm_email && $confirm_email->address_type == 'email') { $user = User::staticGet($confirm_email->user_id); } } if (!$user) { $this->showForm(_('No user with that email address or username.')); return; } # Try to get an unconfirmed email address if they used a user name if (!$user->email && !$confirm_email) { $confirm_email = Confirm_address::staticGet('user_id', $user->id); if ($confirm_email && $confirm_email->address_type != 'email') { # Skip non-email confirmations $confirm_email = null; } } if (!$user->email && !$confirm_email) { $this->clientError(_('No registered email address for that user.')); return; } # Success! We have a valid user and a confirmed or unconfirmed email address $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; $confirm->address = isset($user->email) ? $user->email : $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); $this->serverError(_('Error saving address confirmation.')); return; } $body = "Hey, {$user->nickname}."; $body .= "\n\n"; $body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.'; $body .= "\n\n"; $body .= 'If it was you, and you want to confirm, use the URL below:'; $body .= "\n\n"; $body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code)); $body .= "\n\n"; $body .= 'If not, just ignore this message.'; $body .= "\n\n"; $body .= 'Thanks for your time, '; $body .= "\n"; $body .= common_config('site', 'name'); $body .= "\n"; mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); $this->mode = 'sent'; $this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.'); $this->success = true; $this->showPage(); }
function validate(&$values) { // Validate site name if (empty($values['site']['name'])) { $this->clientError(_('Site name must have non-zero length.')); } // Validate email $values['site']['email'] = common_canonical_email($values['site']['email']); if (empty($values['site']['email'])) { $this->clientError(_('You must have a valid contact email address.')); } if (!Validate::email($values['site']['email'], common_config('email', 'check_domain'))) { $this->clientError(_('Not a valid email address.')); } // Validate timezone if (is_null($values['site']['timezone']) || !in_array($values['site']['timezone'], DateTimeZone::listIdentifiers())) { $this->clientError(_('Timezone not selected.')); return; } // Validate language if (!is_null($values['site']['language']) && !in_array($values['site']['language'], array_keys(get_nice_language_list()))) { $this->clientError(sprintf(_('Unknown language "%s".'), $values['site']['language'])); } // Validate text limit if (!Validate::number($values['site']['textlimit'], array('min' => 0))) { $this->clientError(_("Minimum text limit is 0 (unlimited).")); } // Validate dupe limit if (!Validate::number($values['site']['dupelimit'], array('min' => 1))) { $this->clientError(_("Dupe limit must be one or more seconds.")); } }
function prepare($argarray) { parent::prepare($argarray); if (common_config('site', 'closed')) { // TRANS: Client exception trown when registration by e-mail is not allowed. throw new ClientException(_m('Registration not allowed.'), 403); } if ($this->isPost()) { $this->checkSessionToken(); $this->email = $this->trimmed('email'); if (!empty($this->email)) { if (common_config('site', 'inviteonly')) { // TRANS: Client exception trown when trying to register without an invitation. throw new ClientException(_m('Sorry, only invited people can register.'), 403); } $this->email = common_canonical_email($this->email); $this->state = self::NEWEMAIL; } else { $this->state = self::SETPASSWORD; $this->code = $this->trimmed('code'); if (empty($this->code)) { // TRANS: Client exception thrown when no confirmation code was provided. throw new ClientException(_m('No confirmation code.')); } $this->invitation = Invitation::getKV('code', $this->code); if (!empty($this->invitation)) { if (!empty($this->invitation->registered_user_id)) { // TRANS: Client exception trown when using an invitation multiple times. throw new ClientException(_m('Invitation already used.'), 403); } } else { $this->confirmation = Confirm_address::getKV('code', $this->code); if (empty($this->confirmation)) { // TRANS: Client exception thrown when given confirmation code was not issued. throw new ClientException(_m('No such confirmation code.'), 403); } } $this->nickname = Nickname::normalize($this->trimmed('nickname')); $this->password1 = $this->trimmed('password1'); $this->password2 = $this->trimmed('password2'); $this->tos = $this->boolean('tos'); } } else { // GET $this->code = $this->trimmed('code'); if (empty($this->code)) { if (common_config('site', 'inviteonly')) { // TRANS: Client exception trown when trying to register without an invitation. throw new ClientException(_m('Sorry, only invited people can register.'), 403); } $this->state = self::NEWREGISTER; } else { $this->invitation = Invitation::getKV('code', $this->code); if (!empty($this->invitation)) { if (!empty($this->invitation->registered_user_id)) { // TRANS: Client exception trown when using an invitation multiple times. throw new ClientException(_m('Invitation already used.'), 403); } $this->state = self::CONFIRMINVITE; } else { $this->state = self::CONFIRMREGISTER; $this->confirmation = Confirm_address::getKV('code', $this->code); if (empty($this->confirmation)) { // TRANS: Client exception thrown when given confirmation code was not issued. throw new ClientException(_m('No such confirmation code.'), 405); } } } } return true; }
function recoverPassword() { $nore = $this->trimmed('nicknameoremail'); if (!$nore) { // TRANS: Form instructions for password recovery form. $this->showForm(_('Enter a nickname or email address.')); return; } $user = User::staticGet('email', common_canonical_email($nore)); if (!$user) { try { $user = User::staticGet('nickname', common_canonical_nickname($nore)); } catch (NicknameException $e) { // invalid } } # See if it's an unconfirmed email address if (!$user) { // Warning: it may actually be legit to have multiple folks // who have claimed, but not yet confirmed, the same address. // We'll only send to the first one that comes up. $confirm_email = new Confirm_address(); $confirm_email->address = common_canonical_email($nore); $confirm_email->address_type = 'email'; $confirm_email->find(); if ($confirm_email->fetch()) { $user = User::staticGet($confirm_email->user_id); } else { $confirm_email = null; } } else { $confirm_email = null; } if (!$user) { // TRANS: Information on password recovery form if no known username or e-mail address was specified. $this->showForm(_('No user with that email address or username.')); return; } # Try to get an unconfirmed email address if they used a user name if (!$user->email && !$confirm_email) { $confirm_email = new Confirm_address(); $confirm_email->user_id = $user->id; $confirm_email->address_type = 'email'; $confirm_email->find(); if (!$confirm_email->fetch()) { $confirm_email = null; } } if (!$user->email && !$confirm_email) { // TRANS: Client error displayed on password recovery form if a user does not have a registered e-mail address. $this->clientError(_('No registered email address for that user.')); return; } # Success! We have a valid user and a confirmed or unconfirmed email address $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; $confirm->address = !empty($user->email) ? $user->email : $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); // TRANS: Server error displayed if e-mail address confirmation fails in the database on the password recovery form. $this->serverError(_('Error saving address confirmation.')); return; } // @todo FIXME: needs i18n. $body = "Hey, {$user->nickname}."; $body .= "\n\n"; $body .= 'Someone just asked for a new password ' . 'for this account on ' . common_config('site', 'name') . '.'; $body .= "\n\n"; $body .= 'If it was you, and you want to confirm, use the URL below:'; $body .= "\n\n"; $body .= "\t" . common_local_url('recoverpassword', array('code' => $confirm->code)); $body .= "\n\n"; $body .= 'If not, just ignore this message.'; $body .= "\n\n"; $body .= 'Thanks for your time, '; $body .= "\n"; $body .= common_config('site', 'name'); $body .= "\n"; $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname); // TRANS: Subject for password recovery e-mail. mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address); $this->mode = 'sent'; // TRANS: User notification after an e-mail with instructions was sent from the password recovery form. $this->msg = _('Instructions for recovering your password ' . 'have been sent to the email address registered to your ' . 'account.'); $this->success = true; $this->showPage(); }
/** * Add the address passed in by the user * * @return void */ function addAddress() { $user = common_current_user(); $email = $this->trimmed('email'); // Some validation if (!$email) { $this->showForm(_('No email address.')); return; } $email = common_canonical_email($email); if (!$email) { $this->showForm(_('Cannot normalize that email address')); return; } if (!Validate::email($email, true)) { $this->showForm(_('Not a valid email address')); return; } else { if ($user->email == $email) { $this->showForm(_('That is already your email address.')); return; } else { if ($this->emailExists($email)) { $this->showForm(_('That email address already belongs ' . 'to another user.')); return; } } } $confirm = new Confirm_address(); $confirm->address = $email; $confirm->address_type = 'email'; $confirm->user_id = $user->id; $confirm->code = common_confirmation_code(64); $result = $confirm->insert(); if ($result === false) { common_log_db_error($confirm, 'INSERT', __FILE__); $this->serverError(_('Couldn\'t insert confirmation code.')); return; } mail_confirm_address($user, $confirm->code, $user->nickname, $email); $msg = _('A confirmation code was sent to the email address you added. ' . 'Check your inbox (and spam box!) for the code and instructions ' . 'on how to use it.'); $this->showForm($msg, true); }