public function testRandom() { $this->assertNotEmpty(\SecureFuncs\SecureFuncs::pseudoBytes(32)); $this->assertStringMatchesFormat('%s', \SecureFuncs\SecureFuncs::randomHex(32)); $this->assertStringMatchesFormat('%s', \SecureFuncs\SecureFuncs::randomString(32)); $this->assertInternalType('int', \SecureFuncs\SecureFuncs::randomInt(32, 64)); }
/** * Create new user * @param $username * @param $email * @param $password * @param $password_repeat * @param bool $send_activation * @return bool * @throws \Exception */ public function register($username, $email, $password, $password_repeat, $send_activation = true) { $this->checkLoggedIn(); $username = strtolower(trim($username)); $_SESSION['stored_register_fields']['username'] = $username; $email = strtolower(trim($email)); $_SESSION['stored_register_fields']['email'] = $email; if (empty($username)) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMPTY_NAME); } elseif (preg_match("/^[0-9A-Za-z_ ]+\$/", $username) == 0) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_INVALID_NAME); } elseif (empty($password) || empty($password_repeat)) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMPTY_PASSWORDS); } elseif ($password !== $password_repeat) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_BOTH_PASSWORDS_SAME); } elseif ($send_activation === true && strlen($password) < 8) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_SHORT_PASSWORDS); } elseif (strlen($username) > 64 || strlen($username) < 2) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_NAME_MINIMUM_LENGTH); } elseif (!preg_match('/^[a-zA-Z-_ \\d]{2,64}$/i', $username)) { $this->setMessage('error', 'You entered a character which is not allowed.'); } elseif (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { $this->setMessage('error', 'Please enter a valid email'); } else { // Clear all expired user activations $this->cleanNotActivatedAccounts(); $check_user = $this->newBuilder()->select('*')->from('users')->where('LOWER(username) = :username OR LOWER(email) = :email')->setParameter(':username', $username)->setParameter(':email', $email)->execute(); if ($check_user->rowcount() > 0) { $existing_user = $check_user->fetch(); if ($existing_user['username'] == $username) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_USERNAME_TAKEN); } elseif ($existing_user['email'] == $email) { $this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMAIL_TAKEN); } return false; } // hash the password with bcrypt $password_hash = \SecureFuncs\SecureFuncs::password_hash($password, PASSWORD_DEFAULT); $id_exists = 0; // do while loop until we find a id which isn't used while ($id_exists !== false) { // generate random id $id = \SecureFuncs\SecureFuncs::randomInt(99999, 99999999); // check if random id already exists $check_id = $this->newBuilder()->select('id')->from('users')->where('id = :id')->setParameter(':id', $id)->execute(); if ($check_id->rowcount() === 0) { $id_exists = false; } else { $id_exists++; if ($id_exists > 99) { throw new \Exception('After 99 attempts we couldn\'t find a secure random id for this user.'); } } } $new_user = $this->newBuilder()->insert('users')->values(array('id' => ':id', 'username' => ':username', 'password' => ':password', 'email' => ':email', 'activation_code' => ':code', 'activation_created' => 'now()'))->setParameter(':id', $id)->setParameter(':username', $username)->setParameter(':password', $password_hash)->setParameter(':email', $email)->setParameter(':code', \SecureFuncs\SecureFuncs::randomString(64))->execute(); if ($new_user > 0) { if ($send_activation) { $this->sendActivationCode($id); } unset($_SESSION['stored_register_fields']); return $id; } } return false; }