Esempio n. 1
0
 private function validateInput(User $user, $password1, $password2, UserRepository $userRepo, Text $text)
 {
     $valid = true;
     if (!Validate::username($user->getUsername())) {
         $valid = false;
         $text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
     }
     if (!Validate::displayName($user->getDisplayName())) {
         $valid = false;
         $text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
     }
     if (!Validate::password($password1, $password2)) {
         $valid = false;
         $text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
     }
     if (!Validate::email($user->getEmail())) {
         $valid = false;
         $text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
     }
     if ($userRepo->isUsernameInUse($user->getUsername())) {
         // User with that name already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
     }
     if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
         // User with that email already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
     }
     return $valid;
 }
Esempio n. 2
0
 private function validateInput(User $user, $password, Authentication $auth, UserRepository $userRepo, Text $text)
 {
     $valid = true;
     if (!Validate::username($user->getUsername())) {
         $valid = false;
         $text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
     }
     if (!Validate::displayName($user->getDisplayName())) {
         $valid = false;
         $text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
     }
     if (!Validate::password($password, $password)) {
         $valid = false;
         $text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
     }
     if (!Validate::email($user->getEmail())) {
         $valid = false;
         $text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
     }
     if ($userRepo->isUsernameInUse($user->getUsername())) {
         // User with that name already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
     }
     if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
         // User with that email already exists
         $valid = false;
         $text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
     }
     if (!$auth->isValidRankForAccounts($user->getRank())) {
         // Invlaid rank
         $valid = false;
         $text->addError($text->t("users.the_rank") . " " . $text->t("errors.is_invalid"));
     }
     return $valid;
 }
Esempio n. 3
0
    public function getPageContent(Website $website, Request $request)
    {
        $show_form = true;
        $textToDisplay = "";
        if ($request->hasRequestValue("password")) {
            // Sent
            $old_password = $request->getRequestString("old_password");
            if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) {
                // Old password entered correctly
                $password = $request->getRequestString("password");
                $password2 = $request->getRequestString("password2");
                if (Validate::password($password, $password2)) {
                    // Valid password
                    $this->user->setPassword($password);
                    $userRepo = $website->getAuth()->getUserRepository();
                    $userRepo->save($this->user);
                    // Saved
                    $textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>';
                    // Update login cookie (only when changing your own password)
                    if (!$this->editing_someone_else) {
                        $website->getAuth()->setLoginCookie();
                    }
                    // Don't show form
                    $show_form = false;
                } else {
                    // Invalid new password
                    $website->addError($website->t("users.password") . ' ' . Validate::getLastError($website));
                    $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
                }
            } else {
                // Invalid old password
                $website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct"));
                $textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
            }
        }
        // Show form
        if ($show_form) {
            // Text above form
            $textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n";
            if ($this->editing_someone_else) {
                $textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
            }
            // Form itself
            $old_password_text = "";
            if (!$this->editing_someone_else) {
                // Add field to verify old password when editing yourself
                $old_password_text = <<<EOT
                    <label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br />
                    <input type="password" id="old_password" name="old_password" value=""/><br />
EOT;
            }
            $textToDisplay .= <<<EOT
                <p>{$website->t("main.fields_required")}</p>
                <form action="{$website->getUrlMain()}" method="post">
                    <p>
                        {$old_password_text}
                        <label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br />
                        <input type="password" id="password" name="password" value=""/><br />
                        <label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br />
                        <input type="password" id="password2" name="password2" value=""/><br />
                    </p>
                    <p>
                        <input type="hidden" name="p" value="edit_password" />
                        <input type="hidden" name="id" value="{$this->user->getId()}" />
                        <input type="submit" value="{$website->t('users.password.edit')} " class="button" />
                    </p>
                </form>
EOT;
        }
        // Links
        $textToDisplay .= $this->get_account_links_html($website);
        return $textToDisplay;
    }
Esempio n. 4
0
 /**
  * Checks if the given password would be too weak for the user. Password
  * requirements are a little more strict for admins.
  * @param User $user The user.
  * @param string $password The (plain-text) password.
  * @return boolean True if the password would be too weak.
  */
 public function isWeakPassword($password)
 {
     if ($this->getRank() === Authentication::RANK_ADMIN) {
         // Admins shouldn't use the default password
         if ($password === "admin") {
             return true;
         }
     }
     if (!Validate::password($password, $password)) {
         // Password wouldn't pass current validation
         return true;
     }
     return false;
 }