private function validateInput(User $user, $password1, $password2, UserRepository $userRepo, Text $text)
{
$valid = true;
if (!Validate::username($user->getUsername())) {
$valid = false;
$text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
}
if (!Validate::displayName($user->getDisplayName())) {
$valid = false;
$text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
}
if (!Validate::password($password1, $password2)) {
$valid = false;
$text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
}
if (!Validate::email($user->getEmail())) {
$valid = false;
$text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
}
if ($userRepo->isUsernameInUse($user->getUsername())) {
// User with that name already exists
$valid = false;
$text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
}
if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
// User with that email already exists
$valid = false;
$text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
}
return $valid;
}
private function validateInput(User $user, $password, Authentication $auth, UserRepository $userRepo, Text $text)
{
$valid = true;
if (!Validate::username($user->getUsername())) {
$valid = false;
$text->addError($text->t("users.the_username") . " " . Validate::getLastError($text));
}
if (!Validate::displayName($user->getDisplayName())) {
$valid = false;
$text->addError($text->t("users.the_display_name") . " " . Validate::getLastError($text));
}
if (!Validate::password($password, $password)) {
$valid = false;
$text->addError($text->t("users.the_password") . " " . Validate::getLastError($text));
}
if (!Validate::email($user->getEmail())) {
$valid = false;
$text->addError($text->t("users.the_email") . " " . Validate::getLastError($text));
}
if ($userRepo->isUsernameInUse($user->getUsername())) {
// User with that name already exists
$valid = false;
$text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_username")));
}
if (!empty($user->getEmail()) && $userRepo->isEmailInUse($user->getEmail())) {
// User with that email already exists
$valid = false;
$text->addError($text->tReplaced("errors.already_in_use_on_this_site", $text->t("users.the_email")));
}
if (!$auth->isValidRankForAccounts($user->getRank())) {
// Invlaid rank
$valid = false;
$text->addError($text->t("users.the_rank") . " " . $text->t("errors.is_invalid"));
}
return $valid;
}
public function getPageContent(Website $website, Request $request)
{
$show_form = true;
$textToDisplay = "";
if ($request->hasRequestValue("password")) {
// Sent
$old_password = $request->getRequestString("old_password");
if ($this->editing_someone_else || $this->user->verifyPassword($old_password)) {
// Old password entered correctly
$password = $request->getRequestString("password");
$password2 = $request->getRequestString("password2");
if (Validate::password($password, $password2)) {
// Valid password
$this->user->setPassword($password);
$userRepo = $website->getAuth()->getUserRepository();
$userRepo->save($this->user);
// Saved
$textToDisplay .= '<p>' . $website->t("users.password") . ' ' . $website->t("editor.is_changed") . '</p>';
// Update login cookie (only when changing your own password)
if (!$this->editing_someone_else) {
$website->getAuth()->setLoginCookie();
}
// Don't show form
$show_form = false;
} else {
// Invalid new password
$website->addError($website->t("users.password") . ' ' . Validate::getLastError($website));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
} else {
// Invalid old password
$website->addError($website->t("users.old_password") . ' ' . $website->t("errors.not_correct"));
$textToDisplay .= '<p><em>' . $website->tReplacedKey("errors.your_input_has_not_been_changed", "users.password", true) . '</em></p>';
}
}
// Show form
if ($show_form) {
// Text above form
$textToDisplay .= "<p>" . $website->tReplaced("users.password.edit.explained", Validate::$MIN_PASSWORD_LENGHT) . "</p>\n";
if ($this->editing_someone_else) {
$textToDisplay .= "<p><em>" . $website->tReplaced("users.edit_other", $this->user->getDisplayName()) . "</em></p>\n";
}
// Form itself
$old_password_text = "";
if (!$this->editing_someone_else) {
// Add field to verify old password when editing yourself
$old_password_text = <<<EOT
<label for="old_password">{$website->t('users.old_password')}:</label><span class="required">*</span><br />
<input type="password" id="old_password" name="old_password" value=""/><br />
EOT;
}
$textToDisplay .= <<<EOT
<p>{$website->t("main.fields_required")}</p>
<form action="{$website->getUrlMain()}" method="post">
<p>
{$old_password_text}
<label for="password">{$website->t('users.password')}:</label><span class="required">*</span><br />
<input type="password" id="password" name="password" value=""/><br />
<label for="password2">{$website->t('users.password.repeat')}:</label><span class="required">*</span><br />
<input type="password" id="password2" name="password2" value=""/><br />
</p>
<p>
<input type="hidden" name="p" value="edit_password" />
<input type="hidden" name="id" value="{$this->user->getId()}" />
<input type="submit" value="{$website->t('users.password.edit')} " class="button" />
</p>
</form>
EOT;
}
// Links
$textToDisplay .= $this->get_account_links_html($website);
return $textToDisplay;
}
/**
* Checks if the given password would be too weak for the user. Password
* requirements are a little more strict for admins.
* @param User $user The user.
* @param string $password The (plain-text) password.
* @return boolean True if the password would be too weak.
*/
public function isWeakPassword($password)
{
if ($this->getRank() === Authentication::RANK_ADMIN) {
// Admins shouldn't use the default password
if ($password === "admin") {
return true;
}
}
if (!Validate::password($password, $password)) {
// Password wouldn't pass current validation
return true;
}
return false;
}
