public function changePasswordEvent($runData)
{
$pl = $runData->getParameterList();
$user = $runData->getUser();
$oldPassword = $pl->getParameterValue("old_password");
$newPassword1 = $pl->getParameterValue("new_password1");
$newPassword2 = $pl->getParameterValue("new_password2");
$oldPassword = trim(CryptUtils::rsaDecrypt($oldPassword));
$newPassword1 = trim(CryptUtils::rsaDecrypt($newPassword1));
$newPassword2 = trim(CryptUtils::rsaDecrypt($newPassword2));
$oldPassword = preg_replace("/^__/", '', $oldPassword);
$newPassword1 = preg_replace("/^__/", '', $newPassword1);
$newPassword2 = preg_replace("/^__/", '', $newPassword2);
if (md5($oldPassword) !== $user->getPassword()) {
throw new ProcessException(_("Can not change your password. The current password is invalid."), "form_error");
}
if ($newPassword1 !== $newPassword2) {
throw new ProcessException(_("Can not change your password. New passwords differ but should be identical to eliminate typos."), "form_error");
}
if (strlen8($newPassword1) < 6) {
throw new ProcessException(_("Can not change your password. The new password is too short. Min 6 characters please!"), "form_error");
}
if (strlen8($newPassword1) > 20) {
throw new ProcessException(_("Can not change your password. The new password is too long. Max 20 characters please!"), "form_error");
}
// ok, change the password!!!
$user->setPassword(md5($newPassword1));
$user->save();
}
public function step2Event($runData)
{
$pl = $runData->getParameterList();
$evercode = $pl->getParameterValue("evercode");
if ($evercode != $runData->sessionGet("revcode")) {
throw new ProcessException(_("The verification codes do not match."), "form_error");
}
$password = $pl->getParameterValue("password");
$password2 = $pl->getParameterValue("password2");
$password = trim(CryptUtils::rsaDecrypt($password));
$password = preg_replace("/^__/", '', $password);
$password2 = trim(CryptUtils::rsaDecrypt($password2));
$password2 = preg_replace("/^__/", '', $password2);
// check password
if (strlen8($password) < 6) {
throw new ProcessException(_("Please provide a password min. 6 characters long."), "form_error");
} elseif (strlen8($password) > 20) {
throw new ProcessException(_("Password should not be longer than 20 characters."), "form_error");
} elseif ($password2 != $password) {
throw new ProcessException(_("Passwords are not identical."), "form_error");
}
// ok. seems fine.
$userId = $runData->sessionGet("prUserId");
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user == null) {
throw ProcessException("No such user.", "no_user");
}
$user->setPassword(md5($password));
$user->save();
}
public function loginEvent($runData)
{
$pl = $runData->getParameterList();
$uname = $pl->getParameterValue("name");
$upass = $pl->getParameterValue("password");
$userId = $pl->getParameterValue("welcome");
$keepLogged = $pl->getParameterValue("keepLogged");
$bindIP = $pl->getParameterValue("bindIP");
// decrypt! woooohhooooo!!!!!!!!
$seed = $runData->sessionGet("login_seed");
if ($seed == null) {
throw new ProcessException(_("You have been inactive quite long while trying to log in and your session data have expired. Please try to click 'log in' once again."), "no_seed");
}
$uname = CryptUtils::rsaDecrypt($uname);
$upass = CryptUtils::rsaDecrypt($upass);
// remove seed
if (preg_match('/^' . $seed . '/', $uname) == 0 || preg_match('/^' . $seed . '/', $upass) == 0) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The user and password do not match."), "login_invalid");
}
$uname = preg_replace('/^' . $seed . '/', '', $uname);
$upass = preg_replace('/^' . $seed . '/', '', $upass);
if ($userId && is_numeric($userId) && $userId > 0) {
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user && $user->getPassword() !== md5($upass)) {
$user = null;
}
} else {
$user = SecurityManager::authenticateUser($uname, $upass);
}
if ($user == null) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The login and password do not match."), "login_invalid");
}
$runData->resetSession();
$session = $runData->getSession();
$session->setUserId($user->getUserId());
// set other parameters
$session->setStarted(new ODate());
$session->setLastAccessed(new ODate());
$user->setLastLogin(new ODate());
$user->save();
if ($keepLogged) {
$session->setInfinite(true);
}
if ($bindIP) {
$session->setCheckIp(true);
}
setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN);
// log event
EventLogger::instance()->logLogin();
}
public function step0Event($runData)
{
// do it manually. change of rules.
$pl = $runData->getParameterList();
$name = $pl->getParameterValue("name");
$email = $pl->getParameterValue("email");
$password = $pl->getParameterValue("password");
$password2 = $pl->getParameterValue("password2");
$captcha = trim($pl->getParameterValue("captcha"));
// decrypt
$email = trim(CryptUtils::rsaDecrypt($email));
$password = trim(CryptUtils::rsaDecrypt($password));
$password2 = trim(CryptUtils::rsaDecrypt($password2));
$email = preg_replace("/^__/", '', $email);
$password = preg_replace("/^__/", '', $password);
$password2 = preg_replace("/^__/", '', $password2);
// validate now.
$errors = array();
//name
$unixified = WDStringUtils::toUnixName($name);
if (strlen($name) < 2) {
$errors['name'] = _("You really should provide the screen name you want to use.");
} elseif (strlen8($name) > 20) {
$errors['name'] = _("Your screen name should not be longer than 20 characters.");
} elseif (preg_match('/^[ _a-zA-Z0-9-\\!#\\$%\\^\\*\\(\\)]+$/', $name) == 0) {
$errors['name'] = _("Only alphanumeric characters (+a few special) can be used in the screen name.");
} elseif (strlen($unixified) < 2) {
$errors['name'] = _("It seems there are too less alphanumeric characters in your screen name");
} else {
//handle forbidden names
$unixName = WDStringUtils::toUnixName($name);
$forbiddenUnixNames = explode("\n", file_get_contents(WIKIDOT_ROOT . '/conf/forbidden_user_names.conf'));
foreach ($forbiddenUnixNames as $f) {
if (preg_match($f, $unixName) > 0) {
$errors['name'] = _('For some reason this name is not allowed or is reserved for future use.');
}
}
// check if user does not exist
$c = new Criteria();
$c->add("unix_name", $unixified);
$u = DB_OzoneUserPeer::instance()->selectOne($c);
if ($u != null) {
$errors['name'] = _("A user with this screen name (or very similar) already exists.");
}
}
// now check email
if (strlen($email) < 5) {
$errors['email'] = _("Please provide a valid email address.");
} elseif (strlen($email) > 50) {
$errors['email'] = _("Please provide a valid email address - this one seems is to long.");
} elseif (preg_match("/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)+\$/", $email) == 0) {
$errors['email'] = _("Please provide a valid email address.");
} else {
// check if email is unique
$c = new Criteria();
$c->add("lower(email)", strtolower($email));
$u = DB_OzoneUserPeer::instance()->selectOne($c);
if ($u != null) {
$errors['email'] = _("A user with this email already exists.");
}
}
// check password
if (strlen8($password) < 6) {
$errors['password'] = _("Please provide a password min. 6 characters long.");
} elseif (strlen8($password) > 20) {
$errors['password'] = _("Password should not be longer than 20 characters.");
} elseif ($password2 != $password) {
$errors['password2'] = _("Passwords are not identical.");
}
// check language
$lang = $pl->getParameterValue("language");
if ($lang !== "pl" && $lang !== "en") {
$errors['language'] = _("Please select your preferred language.");
}
// captcha
$captcha = str_replace('0', 'O', $captcha);
$captcha = strtoupper($captcha);
if ($captcha != strtoupper($runData->sessionGet("captchaCode"))) {
$errors['captcha'] = _("Human verification code is not valid.");
}
if (!$pl->getParameterValue("tos")) {
$errors['tos'] = _("Please read and agree to the Terms of Service.");
}
if (count($errors) > 0) {
$runData->ajaxResponseAdd("formErrors", $errors);
throw new ProcessException("Form errors", "form_errors");
}
// store data in the session
$data = array('name' => $name, 'email' => $email, 'password' => $password, 'language' => $lang);
$runData->sessionAdd("ca_data", $data);
// send email HERE:
$data = $runData->sessionGet("ca_data");
$email = $data['email'];
$name = $data['name'];
//generate the email verification code
$evcode = $runData->sessionGet('evcode');
if (!$evcode) {
srand((double) microtime() * 1000000);
$string = md5(rand(0, 9999));
$evcode = substr($string, 2, 6);
}
//send a confirmation email to the user.
$oe = new OzoneEmail();
$oe->addAddress($email);
$oe->setSubject(sprintf(_("%s- email verification"), GlobalProperties::$SERVICE_NAME));
$oe->contextAdd('name', $name);
$oe->contextAdd('email', $email);
$oe->contextAdd('evcode', $evcode);
$oe->setBodyTemplate('RegistrationEmailVerification');
if (!$oe->Send()) {
throw new ProcessException(_("The email can not be sent to this address."), "email_failed");
}
$runData->sessionAdd('evcode', $evcode);
}
