/** * Run method with main page logic * * Display a form for a user to confirm his/her user identity that was previously stored in the * database. For POST requests, check that an AuthToken exists and that the user credentials entered in * the form match the credentials of the user stored in the database. If true, * alter the user's status to NEEDADMIN and make a session message indicating the next step in the process. * @access public */ public function run() { $session = Session::getInstance(); // Session should not have a defined user if ($session->getUser() != null) { $session->setMessage("You are already a user", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } $form_errors = array(); $form_values = array("username" => "", "password" => "", "token" => ""); $tokenDAO = AuthTokenDAO::getInstance(); // Do garbage collection on token table //$tokenDAO->garbageCollect (); //return; // Register form if (!empty($_POST)) { $form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : ""; $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : ""; $form_values["token"] = isset($_POST["token"]) ? trim($_POST["token"]) : ""; if (empty($form_values["username"])) { $form_errors["username"] = "******"; } if (empty($form_values["password"])) { $form_errors["password"] = "******"; } if (empty($form_values["token"])) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } $token = $tokenDAO->loadByToken($form_values["token"], array("joins" => true)); // No corresponding token exists if ($token == null) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } else { if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) { $userDAO->delete($token->getUser()); $tokenDAO->delete($token); $session->setMessage("Token has expired. Profile has been deleted"); $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } } // Check password and status of pending user $user = $token->getUser(); $pass_hash = sha1($form_values["password"]); if (strcmp($user->getUsername(), $form_values["username"]) != 0) { $form_errors["username"] = "******"; } else { if (strcmp($user->getPasshash(), $pass_hash) != 0) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } else { if ($user->getStatus() == User::STATUS_OK) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } } } // Form and token are valid. Change user status if (empty($form_errors)) { $user->setStatus(User::STATUS_NEEDADMIN); $user->setUserType(User::REGUSER_TYPE); $userDAO = UserDAO::getInstance(); if (!$userDAO->save($user)) { $session->setMessage("Could not alter profile"); } else { //$session->setUser ($user); $session->setMessage("Now awaiting admin approval"); $tokenDAO->delete($token); } $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } } else { if (!empty($_GET)) { $token_string = isset($_GET["token"]) ? trim($_GET["token"]) : ""; $form_values["token"] = $token_string; if (empty($token_string)) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } else { $token = $tokenDAO->loadByToken($token_string, array("joins" => true)); // Token does not exist. Redirect if ($token == null) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } else { if ($token->getUser()->getStatus() != User::STATUS_PENDING) { $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } else { if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) { $userDAO->delete($token->getUser()); $tokenDAO->delete($token); $session->setMessage("Token has expired. Profile has been deleted", Session::MESSAGE_ERROR); $tokenDAO->garbageCollect(); header("Location: " . BASE_URL); return; } } } } } else { header("Location: " . BASE_URL); return; } } // Do garbage collection on token table $tokenDAO->garbageCollect(); $this->template->render(array("title" => "Verify Account", "main_page" => "verify_tpl.php", "form_values" => $form_values, "form_errors" => $form_errors)); }
/** * Run method with main page logic * * Populate template and display form for registration. For POST requests, check if the user * already exists. If not, create new User and AuthToken entries and send an email notification to the user * @access public */ public function run() { $form_errors = array(); $form_values = array("username" => "", "password" => "", "password2" => "", "ulid" => ""); $session = Session::getInstance(); $user = $session->getUser(); // Session should not have a defined user if ($user != null) { $session->setMessage("You are already a user", Session::MESSAGE_ERROR); header("Location: " . BASE_URL); return; } if (!empty($_POST)) { $form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : ""; $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : ""; $form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : ""; $form_values["ulid"] = isset($_POST["ulid"]) ? trim($_POST["ulid"]) : ""; if (empty($form_values["username"])) { $form_errors["username"] = "******"; } if (empty($form_values["password"])) { $form_errors["password"] = "******"; } if (empty($form_values["password2"])) { $form_errors["password"] = "******"; } if (empty($form_values["ulid"])) { $form_errors["ulid"] = "No ulid specified"; } else { if (!preg_match("/[a-z]{5,7}/", $form_values["ulid"])) { $form_errors["ulid"] = "Ulid is not in the proper format."; } } $userDAO = UserDAO::getInstance(); $user = $userDAO->loadByUsername($form_values["username"]); // User already exists if ($user != null) { $form_errors["username"] = "******"; } if (strcmp($form_values["password"], $form_values["password2"]) != 0) { $form_errors["password"] = "******"; } $user = $userDAO->loadByUlid($form_values["ulid"]); // User already exists if ($user != null) { $form_errors["ulid"] = "Ulid is already registered"; } if (empty($form_errors)) { $user = new User(); $user->setUsername($form_values["username"]); $user->setPassHash(sha1($form_values["password"])); $user->setUlid($form_values["ulid"]); $status = $userDAO->insert($user); if ($status) { $token = new AuthToken(); $token->setUser($user); $tokenDAO = AuthTokenDAO::getInstance(); $status = $tokenDAO->insert($token); if ($status) { $session->setMessage("Registration started. Check your email for a message to continue"); if (defined("SMTP_HOST") && strcmp(SMTP_HOST, "") != 0) { $from_addr = EMAIL_ADDRESS; //$to = "*****@*****.**"; $to = "{$form_values["ulid"]}@" . User::ISU_EMAIL_DOMAIN; $subject = "Verify registration with " . SITE_NAME; $body = "To start the next step of the registration process, click the verify link below and enter the requested information. If the URL does not appear as a link, copy the URL, paste it into your browser's address bar and proceed to the web page.\n\n" . joinPath(BASE_URL, "verify.php") . "?token={$token->getToken()}\n"; $headers = array("From" => $from_addr, "To" => $to, "Subject" => $subject); $stmp = Mail::factory("smtp", array("host" => SMTP_HOST, "auth" => true, "username" => SMTP_USERNAME, "password" => SMTP_PASSWORD)); $mail = $stmp->send($to, $headers, $body); } header("Location: " . BASE_URL); return; } } } } $user = $session->getUser(); $this->template->render(array("title" => "Register", "main_page" => "register_tpl.php", "user" => $user, "session" => $session, "form_errors" => $form_errors, "form_values" => $form_values)); }
/** * Retrieve instance of an AuthTokenDAO or create one if it does * not exist. * * @access public * @static * @return AuthTokenDAO */ public static function getInstance() { if (!isset(self::$instance)) { self::$instance = new self(); } return self::$instance; }