public function changePasswordEvent($runData) { $pl = $runData->getParameterList(); $user = $runData->getUser(); $oldPassword = $pl->getParameterValue("old_password"); $newPassword1 = $pl->getParameterValue("new_password1"); $newPassword2 = $pl->getParameterValue("new_password2"); $oldPassword = trim(CryptUtils::rsaDecrypt($oldPassword)); $newPassword1 = trim(CryptUtils::rsaDecrypt($newPassword1)); $newPassword2 = trim(CryptUtils::rsaDecrypt($newPassword2)); $oldPassword = preg_replace("/^__/", '', $oldPassword); $newPassword1 = preg_replace("/^__/", '', $newPassword1); $newPassword2 = preg_replace("/^__/", '', $newPassword2); if (md5($oldPassword) !== $user->getPassword()) { throw new ProcessException(_("Can not change your password. The current password is invalid."), "form_error"); } if ($newPassword1 !== $newPassword2) { throw new ProcessException(_("Can not change your password. New passwords differ but should be identical to eliminate typos."), "form_error"); } if (strlen8($newPassword1) < 6) { throw new ProcessException(_("Can not change your password. The new password is too short. Min 6 characters please!"), "form_error"); } if (strlen8($newPassword1) > 20) { throw new ProcessException(_("Can not change your password. The new password is too long. Max 20 characters please!"), "form_error"); } // ok, change the password!!! $user->setPassword(md5($newPassword1)); $user->save(); }
public function build($runData) { if (!$runData->getUser()) { $runData->setModuleTemplate('account/AccountNotLoggedInModule'); return; } $user = $runData->getUser(); $runData->contextAdd("user", $user); $pl = $runData->getParameterList(); $start = $pl->getParameterValue("start"); if ($start) { $runData->contextAdd("start", $start); } $composeTo = $pl->getParameterValue("composeto"); if ($composeTo) { $runData->contextAdd("composeTo", $composeTo); } $inboxMessage = $pl->getParameterValue("inboxmessage"); if ($inboxMessage) { $runData->contextAdd("inboxMessage", $inboxMessage); } // put the key too $runData->contextAdd("rsaKey", CryptUtils::modulus()); $this->extraJs[] = '/common--javascript/crypto/rsa.js'; }
public function step2Event($runData) { $pl = $runData->getParameterList(); $evercode = $pl->getParameterValue("evercode"); if ($evercode != $runData->sessionGet("revcode")) { throw new ProcessException(_("The verification codes do not match."), "form_error"); } $password = $pl->getParameterValue("password"); $password2 = $pl->getParameterValue("password2"); $password = trim(CryptUtils::rsaDecrypt($password)); $password = preg_replace("/^__/", '', $password); $password2 = trim(CryptUtils::rsaDecrypt($password2)); $password2 = preg_replace("/^__/", '', $password2); // check password if (strlen8($password) < 6) { throw new ProcessException(_("Please provide a password min. 6 characters long."), "form_error"); } elseif (strlen8($password) > 20) { throw new ProcessException(_("Password should not be longer than 20 characters."), "form_error"); } elseif ($password2 != $password) { throw new ProcessException(_("Passwords are not identical."), "form_error"); } // ok. seems fine. $userId = $runData->sessionGet("prUserId"); $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId); if ($user == null) { throw ProcessException("No such user.", "no_user"); } $user->setPassword(md5($password)); $user->save(); }
public function build($runData) { $userId = $runData->getUserId(); if ($userId !== null) { throw new ProcessException(_("You already are logged in."), "already_logged"); } $runData->ajaxResponseAdd("key", CryptUtils::modulus()); $runData->sessionStart(); $seed = CryptUtils::generateSeed(10); $runData->sessionAdd("login_seed", $seed); $this->extraJs[] = '/common--javascript/crypto/rsa.js'; }
public function loginEvent($runData) { $pl = $runData->getParameterList(); $uname = $pl->getParameterValue("name"); $upass = $pl->getParameterValue("password"); $userId = $pl->getParameterValue("welcome"); $keepLogged = $pl->getParameterValue("keepLogged"); $bindIP = $pl->getParameterValue("bindIP"); // decrypt! woooohhooooo!!!!!!!! $seed = $runData->sessionGet("login_seed"); if ($seed == null) { throw new ProcessException(_("You have been inactive quite long while trying to log in and your session data have expired. Please try to click 'log in' once again."), "no_seed"); } $uname = CryptUtils::rsaDecrypt($uname); $upass = CryptUtils::rsaDecrypt($upass); // remove seed if (preg_match('/^' . $seed . '/', $uname) == 0 || preg_match('/^' . $seed . '/', $upass) == 0) { EventLogger::instance()->logFailedLogin($uname); throw new ProcessException(_("The user and password do not match."), "login_invalid"); } $uname = preg_replace('/^' . $seed . '/', '', $uname); $upass = preg_replace('/^' . $seed . '/', '', $upass); if ($userId && is_numeric($userId) && $userId > 0) { $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId); if ($user && $user->getPassword() !== md5($upass)) { $user = null; } } else { $user = SecurityManager::authenticateUser($uname, $upass); } if ($user == null) { EventLogger::instance()->logFailedLogin($uname); throw new ProcessException(_("The login and password do not match."), "login_invalid"); } $runData->resetSession(); $session = $runData->getSession(); $session->setUserId($user->getUserId()); // set other parameters $session->setStarted(new ODate()); $session->setLastAccessed(new ODate()); $user->setLastLogin(new ODate()); $user->save(); if ($keepLogged) { $session->setInfinite(true); } if ($bindIP) { $session->setCheckIp(true); } setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN); // log event EventLogger::instance()->logLogin(); }
public function build($runData) { $pl = $runData->getParameterList(); $url = $pl->getParameterValue('url'); $siteId = $pl->getParameterValue('siteId'); if ($siteId && is_numeric($siteId)) { $site = DB_SitePeer::instance()->selectByPrimaryKey($siteId); } if (!$site) { throw new ProcessException(_('Invalid site')); } $runData->setLanguage($site->getLanguage()); $GLOBALS['lang'] = $site->getLanguage(); // and for gettext too: $lang = $site->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $themeId = $pl->getParameterValue('themeId'); if ($themeId && is_numeric($themeId)) { $theme = DB_ThemePeer::instance()->selectByPrimaryKey($themeId); } if (!$theme) { throw new ProcessException(_('Invalid theme')); } $runData->contextAdd('site', $site); $runData->contextAdd('theme', $theme); $runData->contextAdd('url', $url); $seed = CryptUtils::generateSeed(4); // put seed into session! $runData->sessionStart(); $runData->sessionAdd("login_seed", $seed); $runData->contextAdd("key", CryptUtils::modulus()); $runData->contextAdd("seed", $seed); // clear welcome cookie? if ($pl->getParameterValue("clearwelcome")) { $runData->contextAdd('reset', true); } }
public function build($runData) { $code = $runData->sessionGet('captchaCode'); $runData->ajaxResponseAdd("key", CryptUtils::modulus()); if ($code === null) { srand((double) microtime() * 1000000); $string = md5(rand(0, 9999)); $code = substr($string, 2, 4); $code = str_replace('0', 'O', $code); $code = strtoupper($code); $runData->sessionAdd("captchaCode", $code); } $runData->contextAdd("rand", rand(0, 1000)); $runData->sessionAdd("rstep", 0); $this->extraJs[] = '/common--javascript/crypto/rsa.js'; }
public function build($runData) { $runData->sessionAdd("rstep", -1); // get terms of service. // also set the crypto things $runData->ajaxResponseAdd("key", CryptUtils::modulus()); // get the TOS content $pageName = "legal:terms-of-service"; $siteName = "www"; $c = new Criteria(); $c->add("unix_name", $siteName); $site = DB_SitePeer::instance()->selectOne($c); $page = DB_PagePeer::instance()->selectByName($site->getSiteId(), $pageName); // get content $content = $page->getCompiled()->getText(); // remove toc ;-) $content = preg_replace(';<table style=".*?id="toc".*?</table>;s', '', $content, 1); $content = preg_replace(';<a ([^>]*)>;s', '<a \\1 target="_blank">', $content); $runData->contextAdd("tosContent", $content); }
public function step0Event($runData) { // do it manually. change of rules. $pl = $runData->getParameterList(); $name = $pl->getParameterValue("name"); $email = $pl->getParameterValue("email"); $password = $pl->getParameterValue("password"); $password2 = $pl->getParameterValue("password2"); $captcha = trim($pl->getParameterValue("captcha")); // decrypt $email = trim(CryptUtils::rsaDecrypt($email)); $password = trim(CryptUtils::rsaDecrypt($password)); $password2 = trim(CryptUtils::rsaDecrypt($password2)); $email = preg_replace("/^__/", '', $email); $password = preg_replace("/^__/", '', $password); $password2 = preg_replace("/^__/", '', $password2); // validate now. $errors = array(); //name $unixified = WDStringUtils::toUnixName($name); if (strlen($name) < 2) { $errors['name'] = _("You really should provide the screen name you want to use."); } elseif (strlen8($name) > 20) { $errors['name'] = _("Your screen name should not be longer than 20 characters."); } elseif (preg_match('/^[ _a-zA-Z0-9-\\!#\\$%\\^\\*\\(\\)]+$/', $name) == 0) { $errors['name'] = _("Only alphanumeric characters (+a few special) can be used in the screen name."); } elseif (strlen($unixified) < 2) { $errors['name'] = _("It seems there are too less alphanumeric characters in your screen name"); } else { //handle forbidden names $unixName = WDStringUtils::toUnixName($name); $forbiddenUnixNames = explode("\n", file_get_contents(WIKIDOT_ROOT . '/conf/forbidden_user_names.conf')); foreach ($forbiddenUnixNames as $f) { if (preg_match($f, $unixName) > 0) { $errors['name'] = _('For some reason this name is not allowed or is reserved for future use.'); } } // check if user does not exist $c = new Criteria(); $c->add("unix_name", $unixified); $u = DB_OzoneUserPeer::instance()->selectOne($c); if ($u != null) { $errors['name'] = _("A user with this screen name (or very similar) already exists."); } } // now check email if (strlen($email) < 5) { $errors['email'] = _("Please provide a valid email address."); } elseif (strlen($email) > 50) { $errors['email'] = _("Please provide a valid email address - this one seems is to long."); } elseif (preg_match("/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)+\$/", $email) == 0) { $errors['email'] = _("Please provide a valid email address."); } else { // check if email is unique $c = new Criteria(); $c->add("lower(email)", strtolower($email)); $u = DB_OzoneUserPeer::instance()->selectOne($c); if ($u != null) { $errors['email'] = _("A user with this email already exists."); } } // check password if (strlen8($password) < 6) { $errors['password'] = _("Please provide a password min. 6 characters long."); } elseif (strlen8($password) > 20) { $errors['password'] = _("Password should not be longer than 20 characters."); } elseif ($password2 != $password) { $errors['password2'] = _("Passwords are not identical."); } // check language $lang = $pl->getParameterValue("language"); if ($lang !== "pl" && $lang !== "en") { $errors['language'] = _("Please select your preferred language."); } // captcha $captcha = str_replace('0', 'O', $captcha); $captcha = strtoupper($captcha); if ($captcha != strtoupper($runData->sessionGet("captchaCode"))) { $errors['captcha'] = _("Human verification code is not valid."); } if (!$pl->getParameterValue("tos")) { $errors['tos'] = _("Please read and agree to the Terms of Service."); } if (count($errors) > 0) { $runData->ajaxResponseAdd("formErrors", $errors); throw new ProcessException("Form errors", "form_errors"); } // store data in the session $data = array('name' => $name, 'email' => $email, 'password' => $password, 'language' => $lang); $runData->sessionAdd("ca_data", $data); // send email HERE: $data = $runData->sessionGet("ca_data"); $email = $data['email']; $name = $data['name']; //generate the email verification code $evcode = $runData->sessionGet('evcode'); if (!$evcode) { srand((double) microtime() * 1000000); $string = md5(rand(0, 9999)); $evcode = substr($string, 2, 6); } //send a confirmation email to the user. $oe = new OzoneEmail(); $oe->addAddress($email); $oe->setSubject(sprintf(_("%s- email verification"), GlobalProperties::$SERVICE_NAME)); $oe->contextAdd('name', $name); $oe->contextAdd('email', $email); $oe->contextAdd('evcode', $evcode); $oe->setBodyTemplate('RegistrationEmailVerification'); if (!$oe->Send()) { throw new ProcessException(_("The email can not be sent to this address."), "email_failed"); } $runData->sessionAdd('evcode', $evcode); }