/** * */ public function register($username, $password, $confirmPassword, $email, $gender, $birthdate, $securityCode) { if (preg_match('/[^' . Flux::config('UsernameAllowedChars') . ']/', $username)) { throw new Flux_RegisterError('Caractere(s) inválido usados no nome de usuário', Flux_RegisterError::INVALID_USERNAME); } elseif (strlen($username) < Flux::config('MinUsernameLength')) { throw new Flux_RegisterError('Nome de usuário é muito curto', Flux_RegisterError::USERNAME_TOO_SHORT); } elseif (strlen($username) > Flux::config('MaxUsernameLength')) { throw new Flux_RegisterError('Nome de usuário é muito longo', Flux_RegisterError::USERNAME_TOO_LONG); } elseif (!Flux::config('AllowUserInPassword') && stripos($password, $username) !== false) { throw new Flux_RegisterError('Senha contém o nome de usuário', Flux_RegisterError::USERNAME_IN_PASSWORD); } elseif (!ctype_graph($password)) { throw new Flux_RegisterError('Caractere(s) inválido usado na senha', Flux_RegisterError::INVALID_PASSWORD); } elseif (strlen($password) < Flux::config('MinPasswordLength')) { throw new Flux_RegisterError('Senha é muito curta', Flux_RegisterError::PASSWORD_TOO_SHORT); } elseif (strlen($password) > Flux::config('MaxPasswordLength')) { throw new Flux_RegisterError('Senha é muito longa', Flux_RegisterError::PASSWORD_TOO_LONG); } elseif ($password !== $confirmPassword) { throw new Flux_RegisterError('Senhas não combinam', Flux_RegisterError::PASSWORD_MISMATCH); } elseif (Flux::config('PasswordMinUpper') > 0 && preg_match_all('/[A-Z]/', $password, $matches) < Flux::config('PasswordMinUpper')) { throw new Flux_RegisterError('As senhas devem conter pelo menos ' + intval(Flux::config('PasswordMinUpper')) + ' letra(s) maiúscula(s)', Flux_RegisterError::PASSWORD_NEED_UPPER); } elseif (Flux::config('PasswordMinLower') > 0 && preg_match_all('/[a-z]/', $password, $matches) < Flux::config('PasswordMinLower')) { throw new Flux_RegisterError('As senhas devem conter pelo menos ' + intval(Flux::config('PasswordMinLower')) + ' letra(s) minúscula(s)', Flux_RegisterError::PASSWORD_NEED_LOWER); } elseif (Flux::config('PasswordMinNumber') > 0 && preg_match_all('/[0-9]/', $password, $matches) < Flux::config('PasswordMinNumber')) { throw new Flux_RegisterError('As senhas devem conter pelo menos ' + intval(Flux::config('PasswordMinNumber')) + ' número(s)', Flux_RegisterError::PASSWORD_NEED_NUMBER); } elseif (Flux::config('PasswordMinSymbol') > 0 && preg_match_all('/[^A-Za-z0-9]/', $password, $matches) < Flux::config('PasswordMinSymbol')) { throw new Flux_RegisterError('As senhas devem conter pelo menos ' + intval(Flux::config('PasswordMinSymbol')) + ' símbolo(s)', Flux_RegisterError::PASSWORD_NEED_SYMBOL); } elseif (Flux::config('PasswordMaxSymbols') > 0 && preg_match_all('/[^A-Za-z0-9]/', $password, $matches) > Flux::config('PasswordMaxSymbols')) { throw new Flux_RegisterError('As senhas não podem conter mais de ' + intval(Flux::config('PasswordMaxSymbols')) + ' Caracteres', Flux_RegisterError::PASSWORD_MAX_SYMBOLS); } elseif (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\\._-]+@([a-zA-Z0-9]+\\.)([a-zA-Z0-9]+)$/', $email)) { throw new Flux_RegisterError('Endereço de e-mail inválido', Flux_RegisterError::INVALID_EMAIL_ADDRESS); } elseif (!in_array(strtoupper($gender), array('M', 'F'))) { throw new Flux_RegisterError('Gênero inválido', Flux_RegisterError::INVALID_GENDER); } elseif (($birthdatestamp = strtotime($birthdate)) === false || date('Y-m-d', $birthdatestamp) != $birthdate) { throw new Flux_RegisterError('Data de nascimento inválida', Flux_RegisterError::INVALID_BIRTHDATE); } elseif (Flux::config('UseCaptcha')) { if (Flux::config('EnableReCaptcha')) { require_once 'recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer(Flux::config('ReCaptchaPrivateKey'), $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); if (!$resp->is_valid) { throw new Flux_RegisterError('Código de segurança inválido', Flux_RegisterError::INVALID_SECURITY_CODE); } } elseif (strtolower($securityCode) !== strtolower(Flux::$sessionData->securityCode)) { throw new Flux_RegisterError('Código de segurança inválido', Flux_RegisterError::INVALID_SECURITY_CODE); } } $sql = "SELECT userid FROM {$this->loginDatabase}.login WHERE "; if ($this->config->getNoCase()) { $sql .= 'LOWER(userid) = LOWER(?) '; } else { $sql .= 'BINARY userid = ? '; } $sql .= 'LIMIT 1'; $sth = $this->connection->getStatement($sql); $sth->execute(array($username)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('Nome de usuário já está em uso', Flux_RegisterError::USERNAME_ALREADY_TAKEN); } if (!Flux::config('AllowDuplicateEmails')) { $sql = "SELECT email FROM {$this->loginDatabase}.login WHERE email = ? LIMIT 1"; $sth = $this->connection->getStatement($sql); $sth->execute(array($email)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('Endereço de e-mail já está em uso', Flux_RegisterError::EMAIL_ADDRESS_IN_USE); } } if ($this->config->getUseMD5()) { $password = Flux::hashPassword($password); } $sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, group_id, birthdate) VALUES (?, ?, ?, ?, ?, ?)"; $sth = $this->connection->getStatement($sql); $res = $sth->execute(array($username, $password, $email, $gender, (int) $this->config->getGroupID(), date('Y-m-d', $birthdatestamp))); if ($res) { $idsth = $this->connection->getStatement("SELECT LAST_INSERT_ID() AS account_id"); $idsth->execute(); $idres = $idsth->fetch(); $createTable = Flux::config('FluxTables.AccountCreateTable'); $sql = "INSERT INTO {$this->loginDatabase}.{$createTable} (account_id, userid, user_pass, sex, email, reg_date, reg_ip, confirmed) "; $sql .= "VALUES (?, ?, ?, ?, ?, NOW(), ?, 1)"; $sth = $this->connection->getStatement($sql); $sth->execute(array($idres->account_id, $username, $password, $gender, $email, $_SERVER['REMOTE_ADDR'])); return $idres->account_id; } else { return false; } }
if ($username && $password && $e->getCode() != Flux_LoginError::INVALID_SERVER) { $loginAthenaGroup = Flux::getServerGroupByName($server); $sql = "SELECT account_id FROM {$loginAthenaGroup->loginDatabase}.login WHERE "; if (!$loginAthenaGroup->loginServer->config->getNoCase()) { $sql .= "CAST(userid AS BINARY) "; } else { $sql .= "userid "; } $sql .= "= ? LIMIT 1"; $sth = $loginAthenaGroup->connection->getStatement($sql); $sth->execute(array($username)); $row = $sth->fetch(); if ($row) { $accountID = $row->account_id; if ($loginAthenaGroup->loginServer->config->getUseMD5()) { $password = Flux::hashPassword($password); } $sql = "INSERT INTO {$loginAthenaGroup->loginDatabase}.{$loginLogTable} "; $sql .= "(account_id, username, password, ip, error_code, login_date) "; $sql .= "VALUES (?, ?, ?, ?, ?, NOW())"; $sth = $loginAthenaGroup->connection->getStatement($sql); $sth->execute(array($accountID, $username, $password, $_SERVER['REMOTE_ADDR'], $e->getCode())); } } switch ($e->getCode()) { case Flux_LoginError::UNEXPECTED: $errorMessage = Flux::message('UnexpectedLoginError'); break; case Flux_LoginError::INVALID_SERVER: $errorMessage = Flux::message('InvalidLoginServer'); break;
} elseif (Flux::config('PasswordMinLower') > 0 && preg_match_all('/[a-z]/', $newPassword, $matches) < $passwordMinLower) { $errorMessage = sprintf(Flux::message('NewPasswordNeedLower'), $passwordMinLower); } elseif (Flux::config('PasswordMinNumber') > 0 && preg_match_all('/[0-9]/', $newPassword, $matches) < $passwordMinNumber) { $errorMessage = sprintf(Flux::message('NewPasswordNeedNumber'), $passwordMinNumber); } elseif (Flux::config('PasswordMinSymbol') > 0 && preg_match_all('/[^A-Za-z0-9]/', $newPassword, $matches) < $passwordMinSymbol) { $errorMessage = sprintf(Flux::message('NewPasswordNeedSymbol'), $passwordMinSymbol); } elseif (!Flux_Security::csrfValidate('PasswordEdit', $_POST, $error)) { $errorMessage = $error; } else { $sql = "SELECT user_pass AS currentPassword FROM {$server->loginDatabase}.login WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($session->account->account_id)); $account = $sth->fetch(); $useMD5 = $session->loginServer->config->getUseMD5(); $currentPassword = $useMD5 ? Flux::hashPassword($currentPassword) : $currentPassword; $newPassword = $useMD5 ? Flux::hashPassword($newPassword) : $newPassword; if ($currentPassword != $account->currentPassword) { $errorMessage = Flux::message('OldPasswordInvalid'); } else { $sql = "UPDATE {$server->loginDatabase}.login SET user_pass = ? WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); if ($sth->execute(array($newPassword, $session->account->account_id))) { $pwChangeTable = Flux::config('FluxTables.ChangePasswordTable'); $sql = "INSERT INTO {$server->loginDatabase}.{$pwChangeTable} "; $sql .= "(account_id, old_password, new_password, change_ip, change_date) "; $sql .= "VALUES (?, ?, ?, ?, NOW())"; $sth = $server->connection->getStatement($sql); $sth->execute(array($session->account->account_id, $currentPassword, $newPassword, $_SERVER['REMOTE_ADDR'])); $session->setMessageData(Flux::message('PasswordHasBeenChanged')); $session->logout(); $this->redirect($this->url('account', 'login'));
/** * */ public function register($username, $password, $confirmPassword, $email, $gender, $birthdate, $securityCode) { if (preg_match('/^[^' . Flux::config('UsernameAllowedChars') . ']$/', $username)) { throw new Flux_RegisterError('Invalid character(s) used in username', Flux_RegisterError::INVALID_USERNAME); } elseif (strlen($username) < Flux::config('MinUsernameLength')) { throw new Flux_RegisterError('Username is too short', Flux_RegisterError::USERNAME_TOO_SHORT); } elseif (strlen($username) > Flux::config('MaxUsernameLength')) { throw new Flux_RegisterError('Username is too long', Flux_RegisterError::USERNAME_TOO_LONG); } elseif (!Flux::config('AllowUserInPassword') && stripos($password, $username) !== false) { throw new Flux_RegisterError('Password contains username', Flux_RegisterError::USERNAME_IN_PASSWORD); } elseif (!ctype_graph($password)) { throw new Flux_RegisterError('Invalid character(s) used in password', Flux_RegisterError::INVALID_PASSWORD); } elseif (strlen($password) < Flux::config('MinPasswordLength')) { throw new Flux_RegisterError('Password is too short', Flux_RegisterError::PASSWORD_TOO_SHORT); } elseif (strlen($password) > Flux::config('MaxPasswordLength')) { throw new Flux_RegisterError('Password is too long', Flux_RegisterError::PASSWORD_TOO_LONG); } elseif ($password !== $confirmPassword) { throw new Flux_RegisterError('Passwords do not match', Flux_RegisterError::PASSWORD_MISMATCH); } elseif (Flux::config('PasswordMinUpper') > 0 && preg_match_all('/[A-Z]/', $password, $matches) < Flux::config('PasswordMinUpper')) { throw new Flux_RegisterError('Passwords must contain at least ' + intval(Flux::config('PasswordMinUpper')) + ' uppercase letter(s)', Flux_RegisterError::PASSWORD_NEED_UPPER); } elseif (Flux::config('PasswordMinLower') > 0 && preg_match_all('/[a-z]/', $password, $matches) < Flux::config('PasswordMinLower')) { throw new Flux_RegisterError('Passwords must contain at least ' + intval(Flux::config('PasswordMinLower')) + ' lowercase letter(s)', Flux_RegisterError::PASSWORD_NEED_LOWER); } elseif (Flux::config('PasswordMinNumber') > 0 && preg_match_all('/[0-9]/', $password, $matches) < Flux::config('PasswordMinNumber')) { throw new Flux_RegisterError('Passwords must contain at least ' + intval(Flux::config('PasswordMinNumber')) + ' number(s)', Flux_RegisterError::PASSWORD_NEED_NUMBER); } elseif (Flux::config('PasswordMinSymbol') > 0 && preg_match_all('/[^A-Za-z0-9]/', $password, $matches) < Flux::config('PasswordMinSymbol')) { throw new Flux_RegisterError('Passwords must contain at least ' + intval(Flux::config('PasswordMinSymbol')) + ' symbol(s)', Flux_RegisterError::PASSWORD_NEED_SYMBOL); } elseif (!preg_match('/^(.+?)@(.+?)$/', $email)) { throw new Flux_RegisterError('Invalid e-mail address', Flux_RegisterError::INVALID_EMAIL_ADDRESS); } elseif (!in_array(strtoupper($gender), array('M', 'F'))) { throw new Flux_RegisterError('Invalid gender', Flux_RegisterError::INVALID_GENDER); } elseif (($birthdatestamp = strtotime($birthdate)) === false || date('Y-m-d', $birthdatestamp) != $birthdate) { throw new Flux_RegisterError('Invalid birthdate', Flux_RegisterError::INVALID_BIRTHDATE); } elseif (Flux::config('UseCaptcha')) { if (Flux::config('EnableReCaptcha')) { require_once 'recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer(Flux::config('ReCaptchaPrivateKey'), $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); if (!$resp->is_valid) { throw new Flux_RegisterError('Invalid security code', Flux_RegisterError::INVALID_SECURITY_CODE); } } elseif (strtolower($securityCode) !== strtolower(Flux::$sessionData->securityCode)) { throw new Flux_RegisterError('Invalid security code', Flux_RegisterError::INVALID_SECURITY_CODE); } } $sql = "SELECT userid FROM {$this->loginDatabase}.login WHERE "; if ($this->config->getNoCase()) { $sql .= 'LOWER(userid) = LOWER(?) '; } else { $sql .= 'BINARY userid = ? '; } $sql .= 'LIMIT 1'; $sth = $this->connection->getStatement($sql); $sth->execute(array($username)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('Username is already taken', Flux_RegisterError::USERNAME_ALREADY_TAKEN); } if (!Flux::config('AllowDuplicateEmails')) { $sql = "SELECT email FROM {$this->loginDatabase}.login WHERE email = ? LIMIT 1"; $sth = $this->connection->getStatement($sql); $sth->execute(array($email)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('E-mail address is already in use', Flux_RegisterError::EMAIL_ADDRESS_IN_USE); } } if ($this->config->getUseMD5()) { $password = Flux::hashPassword($password); } $sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, group_id, birthdate) VALUES (?, ?, ?, ?, ?, ?)"; $sth = $this->connection->getStatement($sql); $res = $sth->execute(array($username, $password, $email, $gender, (int) $this->config->getGroupID(), date('Y-m-d', $birthdatestamp))); if ($res) { $idsth = $this->connection->getStatement("SELECT LAST_INSERT_ID() AS account_id"); $idsth->execute(); $idres = $idsth->fetch(); $createTable = Flux::config('FluxTables.AccountCreateTable'); $sql = "INSERT INTO {$this->loginDatabase}.{$createTable} (account_id, userid, user_pass, sex, email, reg_date, reg_ip, confirmed) "; $sql .= "VALUES (?, ?, ?, ?, ?, NOW(), ?, 1)"; $sth = $this->connection->getStatement($sql); $sth->execute(array($idres->account_id, $username, $password, $gender, $email, $_SERVER['REMOTE_ADDR'])); return $idres->account_id; } else { return false; } }
if (!$sth->execute(array($account, $code)) || !($reset = $sth->fetch())) { $this->deny(); } $sql = "UPDATE {$loginAthenaGroup->loginDatabase}.{$resetPassTable} SET "; $sql .= "reset_done = 1, reset_date = NOW(), reset_ip = ?, new_password = ? WHERE id = ?"; $sth = $loginAthenaGroup->connection->getStatement($sql); $newPassword = ''; $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $characters = str_split($characters, 1); $passLength = intval(($len = Flux::config('RandomPasswordLength')) < 8 ? 8 : $len); for ($i = 0; $i < $passLength; ++$i) { $newPassword .= $characters[array_rand($characters)]; } $unhashedNewPassword = $newPassword; if ($loginAthenaGroup->loginServer->config->getUseMD5()) { $newPassword = Flux::hashPassword($newPassword); } if (!$sth->execute(array($_SERVER['REMOTE_ADDR'], $newPassword, $reset->id))) { $session->setMessageData(Flux::message('ResetPwFailed')); $this->redirect(); } $sql = "UPDATE {$loginAthenaGroup->loginDatabase}.login SET user_pass = ? WHERE account_id = ?"; $sth = $loginAthenaGroup->connection->getStatement($sql); if (!$sth->execute(array($newPassword, $account))) { $session->setMessageData(Flux::message('ResetPwFailed')); $this->redirect(); } require_once 'Flux/Mailer.php'; $mail = new Flux_Mailer(); $sent = $mail->send($acc->email, 'Password Has Been Reset', 'newpass', array('AccountUsername' => $acc->userid, 'NewPassword' => $unhashedNewPassword)); if ($sent) {
/** * */ public function register($username, $password, $confirmPassword, $email, $gender, $securityCode) { if (strlen($username) < Flux::config('MinUsernameLength')) { throw new Flux_RegisterError('Username is too short', Flux_RegisterError::USERNAME_TOO_SHORT); } elseif (strlen($username) > Flux::config('MaxUsernameLength')) { throw new Flux_RegisterError('Username is too long', Flux_RegisterError::USERNAME_TOO_LONG); } elseif (strlen($password) < Flux::config('MinPasswordLength')) { throw new Flux_RegisterError('Password is too short', Flux_RegisterError::PASSWORD_TOO_SHORT); } elseif (strlen($password) > Flux::config('MaxPasswordLength')) { throw new Flux_RegisterError('Password is too long', Flux_RegisterError::PASSWORD_TOO_LONG); } elseif ($password !== $confirmPassword) { throw new Flux_RegisterError('Passwords do not match', Flux_RegisterError::PASSWORD_MISMATCH); } elseif (!preg_match('/(.+?)@(.+?)/', $email)) { throw new Flux_RegisterError('Invalid e-mail address', Flux_RegisterError::INVALID_EMAIL_ADDRESS); } elseif (!in_array(strtoupper($gender), array('M', 'F'))) { throw new Flux_RegisterError('Invalid gender', Flux_RegisterError::INVALID_GENDER); } elseif (Flux::config('UseCaptcha')) { if (Flux::config('EnableReCaptcha')) { require_once 'recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer(Flux::config('ReCaptchaPrivateKey'), $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); if (!$resp->is_valid) { throw new Flux_RegisterError('Invalid security code', Flux_RegisterError::INVALID_SECURITY_CODE); } } elseif (strtolower($securityCode) !== strtolower(Flux::$sessionData->securityCode)) { throw new Flux_RegisterError('Invalid security code', Flux_RegisterError::INVALID_SECURITY_CODE); } } $sql = "SELECT userid FROM {$this->loginDatabase}.login WHERE "; if ($this->config->getNoCase()) { $sql .= 'LOWER(userid) = LOWER(?) '; } else { $sql .= 'BINARY userid = ? '; } $sql .= 'LIMIT 1'; $sth = $this->connection->getStatement($sql); $sth->execute(array($username)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('Username is already taken', Flux_RegisterError::USERNAME_ALREADY_TAKEN); } if (!Flux::config('AllowDuplicateEmails')) { $sql = "SELECT email FROM {$this->loginDatabase}.login WHERE email = ? LIMIT 1"; $sth = $this->connection->getStatement($sql); $sth->execute(array($email)); $res = $sth->fetch(); if ($res) { throw new Flux_RegisterError('E-mail address is already in use', Flux_RegisterError::EMAIL_ADDRESS_IN_USE); } } if ($this->config->getUseMD5()) { $password = Flux::hashPassword($password); } $sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex) VALUES (?, ?, ?, ?)"; $sth = $this->connection->getStatement($sql); $res = $sth->execute(array($username, $password, $email, $gender)); if ($res) { $idsth = $this->connection->getStatement("SELECT LAST_INSERT_ID() AS account_id"); $idsth->execute(); $idres = $idsth->fetch(); $createTable = Flux::config('FluxTables.AccountCreateTable'); $sql = "INSERT INTO {$this->loginDatabase}.{$createTable} (account_id, userid, user_pass, sex, email, reg_date, reg_ip, confirmed) "; $sql .= "VALUES (?, ?, ?, ?, ?, NOW(), ?, 1)"; $sth = $this->connection->getStatement($sql); $sth->execute(array($idres->account_id, $username, $password, $gender, $email, $_SERVER['REMOTE_ADDR'])); return $idres->account_id; } else { return false; } }