function resetPassword() { # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Form validation error message. $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } $user = $this->getTempUser(); if (!$user) { // TRANS: Client error displayed when trying to reset as password without providing a user. $this->clientError(_('Unexpected password reset.')); return; } $newpassword = $this->trimmed('newpassword'); $confirm = $this->trimmed('confirm'); if (!$newpassword || strlen($newpassword) < 6) { // TRANS: Reset password form validation error message. $this->showPasswordForm(_('Password must be 6 characters or more.')); return; } if ($newpassword != $confirm) { // TRANS: Reset password form validation error message. $this->showPasswordForm(_('Password and confirmation do not match.')); return; } # OK, we're ready to go $original = clone $user; $user->password = common_munge_password($newpassword, $user->id); if (!$user->update($original)) { common_log_db_error($user, 'UPDATE', __FILE__); // TRANS: Reset password form validation error message. $this->serverError(_('Cannot save new password.')); return; } $this->clearTempUser(); if (!common_set_user($user->nickname)) { // TRANS: Server error displayed when something does wrong with the user object during password reset. $this->serverError(_('Error setting user.')); return; } common_real_login(true); $this->mode = 'saved'; // TRANS: Success message for user after password reset. $this->msg = _('New password successfully saved. ' . 'You are now logged in.'); $this->success = true; $this->showPage(); }
/** * Handle a post * * Validate input and save changes. Reload the form with a success * or error message. * * @return void */ function handlePost() { // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. ' . 'Try again, please.')); return; } $user = common_current_user(); assert(!is_null($user)); // should already be checked // FIXME: scrub input $newpassword = $this->arg('newpassword'); $confirm = $this->arg('confirm'); # Some validation if (strlen($newpassword) < 6) { $this->showForm(_('Password must be 6 or more characters.')); return; } else { if (0 != strcmp($newpassword, $confirm)) { $this->showForm(_('Passwords don\'t match.')); return; } } if ($user->password) { $oldpassword = $this->arg('oldpassword'); if (!common_check_user($user->nickname, $oldpassword)) { $this->showForm(_('Incorrect old password')); return; } } $original = clone $user; $user->password = common_munge_password($newpassword, $user->id); $val = $user->validate(); if ($val !== true) { $this->showForm(_('Error saving user; invalid.')); return; } if (!$user->update($original)) { $this->serverError(_('Can\'t save new password.')); return; } $this->showForm(_('Password saved.'), true); }
function common_check_user($nickname, $password) { // empty nickname always unacceptable if (empty($nickname)) { return false; } $authenticatedUser = false; if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { $user = User::staticGet('nickname', common_canonical_nickname($nickname)); if (!empty($user)) { if (!empty($password)) { // never allow login with blank password if (0 == strcmp(common_munge_password($password, $user->id), $user->password)) { //internal checking passed $authenticatedUser = $user; } } } Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); } return $authenticatedUser; }
/** * Handle a post * * Validate input and save changes. Reload the form with a success * or error message. * * @return void */ function handlePost() { // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Client error displayed when the session token does not match or is not given. $this->showForm(_('There was a problem with your session token. ' . 'Try again, please.')); return; } $user = common_current_user(); assert(!is_null($user)); // should already be checked // FIXME: scrub input $newpassword = $this->arg('newpassword'); $confirm = $this->arg('confirm'); // Some validation if (strlen($newpassword) < 6) { // TRANS: Form validation error on page where to change password. $this->showForm(_('Password must be 6 or more characters.')); return; } else { if (0 != strcmp($newpassword, $confirm)) { // TRANS: Form validation error on password change when password confirmation does not match. $this->showForm(_('Passwords do not match.')); return; } } if ($user->password) { $oldpassword = $this->arg('oldpassword'); if (!common_check_user($user->nickname, $oldpassword)) { // TRANS: Form validation error on page where to change password. $this->showForm(_('Incorrect old password.')); return; } } else { $oldpassword = null; } $success = false; if (Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))) { //no handler changed the password, so change the password internally $original = clone $user; $user->password = common_munge_password($newpassword, $user->id); $val = $user->validate(); if ($val !== true) { // TRANS: Form validation error on page where to change password. $this->showForm(_('Error saving user; invalid.')); return; } if (!$user->update($original)) { // TRANS: Server error displayed on page where to change password when password change // TRANS: could not be made because of a server error. $this->serverError(_('Cannot save new password.')); return; } Event::handle('EndChangePassword', array($user)); } // TRANS: Form validation notice on page where to change password. $this->showForm(_('Password saved.'), true); }
/** * Check if a username exists and has matching password. */ function common_check_user($nickname, $password) { // empty nickname always unacceptable if (empty($nickname)) { return false; } $authenticatedUser = false; if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { if (common_is_email($nickname)) { $user = User::getKV('email', common_canonical_email($nickname)); } else { $user = User::getKV('nickname', Nickname::normalize($nickname)); } if ($user instanceof User && !empty($password)) { if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) { //internal checking passed $authenticatedUser = $user; } } } Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); return $authenticatedUser; }
/** * Register a new user account and profile and set up default subscriptions. * If a new-user welcome message is configured, this will be sent. * * @param array $fields associative array of optional properties * string 'bio' * string 'email' * bool 'email_confirmed' pass true to mark email as pre-confirmed * string 'fullname' * string 'homepage' * string 'location' informal string description of geolocation * float 'lat' decimal latitude for geolocation * float 'lon' decimal longitude for geolocation * int 'location_id' geoname identifier * int 'location_ns' geoname namespace to interpret location_id * string 'nickname' REQUIRED * string 'password' (may be missing for eg OpenID registrations) * string 'code' invite code * ?string 'uri' permalink to notice; defaults to local notice URL * @return mixed User object or false on failure */ static function register($fields) { // MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); if (!empty($email)) { $email = common_canonical_email($email); } $nickname = common_canonical_nickname($nickname); $profile->nickname = $nickname; if (!User::allowed_nickname($nickname)) { common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname), __FILE__); return false; } $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; $loc = Location::fromName($location); if (!empty($loc)) { $profile->lat = $loc->lat; $profile->lon = $loc->lon; $profile->location_id = $loc->location_id; $profile->location_ns = $loc->location_ns; } } $profile->created = common_sql_now(); $user = new User(); $user->nickname = $nickname; // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::staticGet($code); if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } if (isset($email_confirmed) && $email_confirmed) { $user->email = $email; } // This flag is ignored but still set to 1 $user->inboxed = 1; // Set default-on options here, otherwise they'll be disabled // initially for sites using caching, since the initial encache // doesn't know about the defaults in the database. $user->emailnotifysub = 1; $user->emailnotifyfav = 1; $user->emailnotifynudge = 1; $user->emailnotifymsg = 1; $user->emailnotifyattn = 1; $user->emailmicroid = 1; $user->emailpost = 1; $user->jabbermicroid = 1; $user->viewdesigns = 1; $user->created = common_sql_now(); if (Event::handle('StartUserRegister', array(&$user, &$profile))) { $profile->query('BEGIN'); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); return false; } $user->id = $id; if (!empty($uri)) { $user->uri = $uri; } else { $user->uri = common_user_uri($user); } if (!empty($password)) { // may not have a password for OpenID users $user->password = common_munge_password($password, $id); } $result = $user->insert(); if (!$result) { common_log_db_error($user, 'INSERT', __FILE__); return false; } // Everyone gets an inbox $inbox = new Inbox(); $inbox->user_id = $user->id; $inbox->notice_ids = ''; $result = $inbox->insert(); if (!$result) { common_log_db_error($inbox, 'INSERT', __FILE__); return false; } // Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); return false; } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); return false; } } if (!empty($code) && $user->email) { $user->emailChanged(); } // Default system subscription $defnick = common_config('newuser', 'default'); if (!empty($defnick)) { $defuser = User::staticGet('nickname', $defnick); if (empty($defuser)) { common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__); } else { Subscription::start($user, $defuser); } } $profile->query('COMMIT'); if (!empty($email) && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } // Welcome message $welcome = common_config('newuser', 'welcome'); if (!empty($welcome)) { $welcomeuser = User::staticGet('nickname', $welcome); if (empty($welcomeuser)) { common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__); } else { $notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system'); } } Event::handle('EndUserRegister', array(&$profile, &$user)); } return $user; }
function confirmUser() { $orig = clone $this->user; $this->user->email = $this->confirm->address; // Throws exception on failure. $this->user->updateWithKeys($orig); $this->user->emailChanged(); $orig = clone $this->user; $this->user->password = common_munge_password($this->password, $this->user->getProfile()); $this->user->update($orig); $this->confirm->delete(); }
function confirmUser() { $orig = clone $this->user; $this->user->email = $this->confirm->address; $this->user->updateKeys($orig); $this->user->emailChanged(); $orig = clone $this->user; $this->user->password = common_munge_password($this->password, $this->user->id); $this->user->update($orig); $this->confirm->delete(); }
ini_set("max_input_time", "0"); set_time_limit(0); mb_internal_encoding('UTF-8'); define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); define('LACONICA', true); require_once INSTALLDIR . '/lib/common.php'; if ($argc != 3) { print "USAGE: setpassword.php <username> <password>\n"; print "Sets the password of user with name <username> to <password>\n"; exit(1); } $nickname = $argv[1]; $password = $argv[2]; if (mb_strlen($password) < 6) { print "Password must be 6 characters or more.\n"; exit(1); } $user = User::staticGet('nickname', $nickname); if (!$user) { print "No such user '{$nickname}'.\n"; exit(1); } $original = clone $user; $user->password = common_munge_password($password, $user->id); if (!$user->update($original)) { print "Error updating user '{$nickname}'.\n"; exit(1); } else { print "Password for user '{$nickname}' updated.\n"; exit(0); }
function common_check_user($nickname, $password) { // NEVER allow blank passwords, even if they match the DB if (mb_strlen($password) == 0) { return false; } $user = User::staticGet('nickname', $nickname); if (is_null($user)) { return false; } else { if (0 == strcmp(common_munge_password($password, $user->id), $user->password)) { return $user; } else { return false; } } }
function resetPassword() { # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. Try again, please.')); return; } $user = $this->getTempUser(); if (!$user) { $this->clientError(_('Unexpected password reset.')); return; } $newpassword = $this->trimmed('newpassword'); $confirm = $this->trimmed('confirm'); if (!$newpassword || strlen($newpassword) < 6) { $this->showPasswordForm(_('Password must be 6 chars or more.')); return; } if ($newpassword != $confirm) { $this->showPasswordForm(_('Password and confirmation do not match.')); return; } # OK, we're ready to go $original = clone $user; $user->password = common_munge_password($newpassword, $user->id); if (!$user->update($original)) { common_log_db_error($user, 'UPDATE', __FILE__); $this->serverError(_('Can\'t save new password.')); return; } $this->clearTempUser(); if (!common_set_user($user->nickname)) { $this->serverError(_('Error setting user.')); return; } common_real_login(true); $this->mode = 'saved'; $this->msg = _('New password successfully saved. ' . 'You are now logged in.'); $this->success = true; $this->showPage(); }
/** * Register a new user account and profile and set up default subscriptions. * If a new-user welcome message is configured, this will be sent. * * @param array $fields associative array of optional properties * string 'bio' * string 'email' * bool 'email_confirmed' pass true to mark email as pre-confirmed * string 'fullname' * string 'homepage' * string 'location' informal string description of geolocation * float 'lat' decimal latitude for geolocation * float 'lon' decimal longitude for geolocation * int 'location_id' geoname identifier * int 'location_ns' geoname namespace to interpret location_id * string 'nickname' REQUIRED * string 'password' (may be missing for eg OpenID registrations) * string 'code' invite code * ?string 'uri' permalink to notice; defaults to local notice URL * @return User object * @throws Exception on failure */ static function register(array $fields) { // MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); if (!empty($email)) { $email = common_canonical_email($email); } // Normalize _and_ check whether it is in use. Throw NicknameException on failure. $profile->nickname = Nickname::normalize($nickname, true); $profile->profileurl = common_profile_url($profile->nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; $loc = Location::fromName($location); if (!empty($loc)) { $profile->lat = $loc->lat; $profile->lon = $loc->lon; $profile->location_id = $loc->location_id; $profile->location_ns = $loc->location_ns; } } $profile->created = common_sql_now(); $user = new User(); $user->nickname = $profile->nickname; $invite = null; // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::getKV($code); if ($invite instanceof Invitation && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } if (isset($email_confirmed) && $email_confirmed) { $user->email = $email; } // Set default-on options here, otherwise they'll be disabled // initially for sites using caching, since the initial encache // doesn't know about the defaults in the database. $user->emailnotifysub = 1; $user->emailnotifynudge = 1; $user->emailnotifymsg = 1; $user->emailnotifyattn = 1; $user->emailmicroid = 1; $user->emailpost = 1; $user->jabbermicroid = 1; $user->created = common_sql_now(); if (Event::handle('StartUserRegister', array($profile))) { $profile->query('BEGIN'); $id = $profile->insert(); if ($id === false) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Profile data could not be inserted for some reason. throw new ServerException(_m('Could not insert profile data for new user.')); } $user->id = $id; if (!empty($uri)) { $user->uri = $uri; } else { $user->uri = common_user_uri($user); } if (!empty($password)) { // may not have a password for OpenID users $user->password = common_munge_password($password, $id); } $result = $user->insert(); if ($result === false) { common_log_db_error($user, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: User data could not be inserted for some reason. throw new ServerException(_m('Could not insert user data for new user.')); } // Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Subscription data could not be inserted for some reason. throw new ServerException(_m('Could not insert subscription data for new user.')); } // Mark that this invite was converted if (!empty($invite)) { $invite->convert($user); } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); $profile->query('ROLLBACK'); // TRANS: Email confirmation data could not be inserted for some reason. throw new ServerException(_m('Could not insert email confirmation data for new user.')); } } if (!empty($code) && $user->email) { $user->emailChanged(); } // Default system subscription $defnick = common_config('newuser', 'default'); if (!empty($defnick)) { $defuser = User::getKV('nickname', $defnick); if (empty($defuser)) { common_log(LOG_WARNING, sprintf("Default user %s does not exist.", $defnick), __FILE__); } else { Subscription::ensureStart($profile, $defuser->getProfile()); } } $profile->query('COMMIT'); if (!empty($email) && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } // Welcome message $welcome = common_config('newuser', 'welcome'); if (!empty($welcome)) { $welcomeuser = User::getKV('nickname', $welcome); if (empty($welcomeuser)) { common_log(LOG_WARNING, sprintf("Welcome user %s does not exist.", $defnick), __FILE__); } else { $notice = Notice::saveNew($welcomeuser->id, sprintf(_('Welcome to %1$s, @%2$s!'), common_config('site', 'name'), $user->nickname), 'system'); } } Event::handle('EndUserRegister', array($profile)); } if (!$user instanceof User) { throw new ServerException('User could not be registered. Probably an event hook that failed.'); } return $user; }
public function setPassword($password) { $orig = clone $this; $this->password = common_munge_password($password, $this->getProfile()); if ($this->validate() !== true) { // TRANS: Form validation error on page where to change password. throw new ServerException(_('Error saving user; invalid.')); } if (!$this->update($orig)) { common_log_db_error($this, 'UPDATE', __FILE__); // TRANS: Server error displayed on page where to change password when password change // TRANS: could not be made because of a server error. throw new ServerException(_('Cannot save new password.')); } }
if (empty($fullname)) { echo 'username required'; exit; } if (empty($email)) { echo 'email required'; exit; } if (empty($password)) { echo 'password required'; exit; } $profile = new Profile(); $profile->fullname = $fullname; $profile->email = $email; $profile->created = common_sql_now(); $profile_id = $profile->insert(); if (!$profile_id) { common_log_db_error($profile, 'INSERT', __FILE__); exit; } $profile_role = new Profile_role(); $profile_role->profile_id = $profile_id; $profile_role->role = Profile_role::SUPERADMIN; $profile_role->created = common_sql_now(); $profile_role->insert(); $pnew = Profile::staticGet($profile_id); $orig = clone $pnew; $pnew->password = common_munge_password($password, $profile_id); $pnew->update($orig); echo "Done!";
/** * Handle a post * * Validate input and save changes. Reload the form with a success * or error message. * * @return void */ function handlePost() { // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('网页错误,请返回重试 ')); return; } $user = common_current_user(); assert(!is_null($user)); // should already be checked // FIXME: scrub input $newpassword = $this->arg('newpassword'); $confirm = $this->arg('confirm'); # Some validation if (strlen($newpassword) < 6) { $this->showForm(_('密码必须是6个以上字符组成')); return; } else { if (0 != strcmp($newpassword, $confirm)) { $this->showForm(_('新密码两次输入不一致')); return; } } if ($user->password) { $oldpassword = $this->arg('oldpassword'); if (!common_check_user($user->nickname, $oldpassword)) { $this->showForm(_('旧密码不正确')); return; } } else { $oldpassword = null; } $success = false; if (Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))) { //no handler changed the password, so change the password internally $original = clone $user; $user->password = common_munge_password($newpassword, $user->id); $val = $user->validate(); if ($val !== true) { $this->showForm(_('用户资料错误')); return; } if (!$user->update($original)) { $this->serverError(_('无法保存新密码,请重试')); return; } Event::handle('EndChangePassword', array($user)); } $this->showForm(_('密码修改成功'), true); }
static function register($fields) { # MAGICALLY put fields into current scope extract($fields); $profile = new Profile(); $profile->query('BEGIN'); $profile->nickname = $nickname; $profile->profileurl = common_profile_url($nickname); if (!empty($fullname)) { $profile->fullname = $fullname; } if (!empty($homepage)) { $profile->homepage = $homepage; } if (!empty($bio)) { $profile->bio = $bio; } if (!empty($location)) { $profile->location = $location; } $profile->created = common_sql_now(); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); return false; } $user = new User(); $user->id = $id; $user->nickname = $nickname; if (!empty($password)) { # may not have a password for OpenID users $user->password = common_munge_password($password, $id); } # Users who respond to invite email have proven their ownership of that address if (!empty($code)) { $invite = Invitation::staticGet($code); if ($invite && $invite->address && $invite->address_type == 'email' && $invite->address == $email) { $user->email = $invite->address; } } $inboxes = common_config('inboxes', 'enabled'); if ($inboxes === true || $inboxes == 'transitional') { $user->inboxed = 1; } $user->created = common_sql_now(); $user->uri = common_user_uri($user); $result = $user->insert(); if (!$result) { common_log_db_error($user, 'INSERT', __FILE__); return false; } # Everyone is subscribed to themself $subscription = new Subscription(); $subscription->subscriber = $user->id; $subscription->subscribed = $user->id; $subscription->created = $user->created; $result = $subscription->insert(); if (!$result) { common_log_db_error($subscription, 'INSERT', __FILE__); return false; } if (!empty($email) && !$user->email) { $confirm = new Confirm_address(); $confirm->code = common_confirmation_code(128); $confirm->user_id = $user->id; $confirm->address = $email; $confirm->address_type = 'email'; $result = $confirm->insert(); if (!$result) { common_log_db_error($confirm, 'INSERT', __FILE__); return false; } } if (!empty($code) && $user->email) { $user->emailChanged(); } $profile->query('COMMIT'); if ($email && !$user->email) { mail_confirm_address($user, $confirm->code, $profile->nickname, $email); } return $user; }