public function testRandom()
{
$this->assertNotEmpty(\SecureFuncs\SecureFuncs::pseudoBytes(32));
$this->assertStringMatchesFormat('%s', \SecureFuncs\SecureFuncs::randomHex(32));
$this->assertStringMatchesFormat('%s', \SecureFuncs\SecureFuncs::randomString(32));
$this->assertInternalType('int', \SecureFuncs\SecureFuncs::randomInt(32, 64));
}
/**
* Create new user
* @param $username
* @param $email
* @param $password
* @param $password_repeat
* @param bool $send_activation
* @return bool
* @throws \Exception
*/
public function register($username, $email, $password, $password_repeat, $send_activation = true)
{
$this->checkLoggedIn();
$username = strtolower(trim($username));
$_SESSION['stored_register_fields']['username'] = $username;
$email = strtolower(trim($email));
$_SESSION['stored_register_fields']['email'] = $email;
if (empty($username)) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMPTY_NAME);
} elseif (preg_match("/^[0-9A-Za-z_ ]+\$/", $username) == 0) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_INVALID_NAME);
} elseif (empty($password) || empty($password_repeat)) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMPTY_PASSWORDS);
} elseif ($password !== $password_repeat) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_BOTH_PASSWORDS_SAME);
} elseif ($send_activation === true && strlen($password) < 8) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_SHORT_PASSWORDS);
} elseif (strlen($username) > 64 || strlen($username) < 2) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_NAME_MINIMUM_LENGTH);
} elseif (!preg_match('/^[a-zA-Z-_ \\d]{2,64}$/i', $username)) {
$this->setMessage('error', 'You entered a character which is not allowed.');
} elseif (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$this->setMessage('error', 'Please enter a valid email');
} else {
// Clear all expired user activations
$this->cleanNotActivatedAccounts();
$check_user = $this->newBuilder()->select('*')->from('users')->where('LOWER(username) = :username OR LOWER(email) = :email')->setParameter(':username', $username)->setParameter(':email', $email)->execute();
if ($check_user->rowcount() > 0) {
$existing_user = $check_user->fetch();
if ($existing_user['username'] == $username) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_USERNAME_TAKEN);
} elseif ($existing_user['email'] == $email) {
$this->setMessage('error', ADVANCEDLOGINSCRIPT_REGISTER_EMAIL_TAKEN);
}
return false;
}
// hash the password with bcrypt
$password_hash = \SecureFuncs\SecureFuncs::password_hash($password, PASSWORD_DEFAULT);
$id_exists = 0;
// do while loop until we find a id which isn't used
while ($id_exists !== false) {
// generate random id
$id = \SecureFuncs\SecureFuncs::randomInt(99999, 99999999);
// check if random id already exists
$check_id = $this->newBuilder()->select('id')->from('users')->where('id = :id')->setParameter(':id', $id)->execute();
if ($check_id->rowcount() === 0) {
$id_exists = false;
} else {
$id_exists++;
if ($id_exists > 99) {
throw new \Exception('After 99 attempts we couldn\'t find a secure random id for this user.');
}
}
}
$new_user = $this->newBuilder()->insert('users')->values(array('id' => ':id', 'username' => ':username', 'password' => ':password', 'email' => ':email', 'activation_code' => ':code', 'activation_created' => 'now()'))->setParameter(':id', $id)->setParameter(':username', $username)->setParameter(':password', $password_hash)->setParameter(':email', $email)->setParameter(':code', \SecureFuncs\SecureFuncs::randomString(64))->execute();
if ($new_user > 0) {
if ($send_activation) {
$this->sendActivationCode($id);
}
unset($_SESSION['stored_register_fields']);
return $id;
}
}
return false;
}
