function checkPost($args) { global $Security; global $Language; global $dbUsers; global $Site; if ($Security->isBlocked()) { Alert::set($Language->g('IP address has been blocked') . '<br>' . $Language->g('Try again in a few minutes')); return false; } // Remove illegal characters from email $email = Sanitize::email($args['email']); if (Valid::email($email)) { // Get username associated to an email. $username = $dbUsers->getByEmail($email); if ($username != false) { // Generate the token and the token expiration date. $token = $dbUsers->generateTokenEmail($username); // ---- EMAIL ---- $link = $Site->url() . 'admin/login-email?tokenEmail=' . $token . '&username='******'BLUDIT Login access code'); $message = Text::replaceAssoc(array('{{WEBSITE_NAME}}' => $Site->title(), '{{LINK}}' => '<a href="' . $link . '">' . $link . '</a>'), $Language->g('email-notification-login-access-code')); $sent = Email::send(array('from' => $Site->emailFrom(), 'to' => $email, 'subject' => $subject, 'message' => $message)); if ($sent) { Alert::set($Language->g('check-your-inbox-for-your-login-access-code')); return true; } else { Alert::set($Language->g('There was a problem sending the email')); return false; } } } // Bruteforce protection, add IP to blacklist. $Security->addLoginFail(); Alert::set($Language->g('check-your-inbox-for-your-login-access-code')); return false; }
public static function email($email) { // Make sure the email doesn't contain illegal characters $illegalChars = Sanitize::email($email, "", true); if ($illegalChars != array()) { Alert::error("Validate Email", "The email does not allow: " . self::announceIllegalChars($illegalChars), 3); return false; } // Make sure the email has an "@" if (strpos($email, "@") === false) { Alert::error("Validate Email", "Email improperly formatted: doesn't include an @ character.", 3); return false; } // Prepare Values $emailData = array(); $exp = explode("@", $email); $emailData['full'] = $email; $emailData['username'] = $exp[0]; $emailData['domain'] = $exp[1]; $lenEmail = strlen($email); $lenUser = strlen($emailData['username']); $lenDomain = strlen($emailData['domain']); // Check if the email is too long if ($lenEmail > 72) { Alert::error("Validate Email", "Email is over 72 characters long.", 1); return false; } // Check if the username is too long if ($lenUser < 1 or $lenUser > 50) { Alert::error("Validate Email", "Email username must be between 1 and 50 characters.", 2); return false; } // Check if the domain is too long if ($lenDomain < 1 or $lenDomain > 50) { Alert::error("Validate Email", "Email domain must be between 1 and 50 characters.", 2); return false; } // Check for valid emails with the username if ($emailData['username'][0] == '.' or $emailData['username'][$lenUser - 1] == '.') { Alert::error("Validate Email", "Email username cannot start or end with a period.", 5); return false; } // Username cannot have two consecutive dots if (strpos($emailData['username'], "..") !== false) { Alert::error("Validate Email", "Email username cannot contain two consecutive periods.", 5); return false; } // Check the domain for valid characters if (!IsSanitized::variable($emailData['domain'], "-.")) { Alert::error("Validate Email", "Email domain was not properly sanitized.", 3); return false; } // The email was successfully validated return true; }
// Create the ProfilePic for this Account $packet = array("uni_id" => $uniID, "title" => $_POST['display_name']); $response = API_Connect::to("profile_picture", "SetDefaultPic", $packet); // Reset Values $_POST['handle'] = ""; $_POST['display_name'] = ""; $_POST['email'] = ""; $_POST['password'] = ""; } } else { Database::endTransaction(false); Alert::error("Process Error", "An error has occurred while processing this registration.", 1); } } } else { $_POST['email'] = isset($_POST['email']) ? Sanitize::email($_POST['email']) : ""; $_POST['password'] = isset($_POST['password']) ? Sanitize::safeword($_POST['password']) : ""; $_POST['handle'] = isset($_POST['handle']) ? Sanitize::variable($_POST['handle']) : ""; $_POST['display_name'] = isset($_POST['display_name']) ? Sanitize::safeword($_POST['display_name'], ' ') : ""; } // Run Header require SYS_PATH . "/controller/includes/admin_header.php"; // Display the Editing Form echo ' <h3>Add a New User</h3> <form class="uniform" action="/admin/AppAccount/Add User" method="post">' . Form::prepare("add-user-uni6") . ' <p> <strong>Profile Handle:</strong><br /> <input type="text" name="handle" value="' . $_POST['handle'] . '" style="width:200px;" maxlength="22" /> </p>