/**
* @see Form::validate()
*/
public function validate()
{
ACPForm::validate();
if (empty($this->masterPassword)) {
throw new UserInputException('masterPassword');
}
// check password security
if (StringUtil::length($this->masterPassword) < 8) {
throw new UserInputException('masterPassword', 'notSecure');
}
// digits
if (!preg_match('![0-9]+!', $this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// latin characters (lower-case)
if (!preg_match('![a-z]+!', $this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// latin characters (upper-case)
if (!preg_match('![A-Z]+!', $this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// special characters
if (!preg_match('![^A-Za-z0-9]+!', $this->masterPassword)) {
throw new UserInputException('masterPassword', 'notSecure');
}
// search for identical admin passwords
$sql = "SELECT\tpassword, salt\n\t\t\tFROM\twcf" . WCF_N . "_user\n\t\t\tWHERE\tuserID IN (\n\t\t\t\t\tSELECT\tuserID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_user_to_groups\n\t\t\t\t\tWHERE\tgroupID = 4\n\t\t\t\t)";
$result = WCF::getDB()->sendQuery($sql);
while ($row = WCF::getDB()->fetchArray($result)) {
if (StringUtil::getDoubleSaltedHash($this->masterPassword, $row['salt']) == $row['password']) {
throw new UserInputException('masterPassword', 'notSecure');
}
}
// confirm master password
if (empty($this->confirmMasterPassword)) {
throw new UserInputException('confirmMasterPassword');
}
if ($this->confirmMasterPassword != $this->masterPassword) {
throw new UserInputException('confirmMasterPassword', 'notEqual');
}
}
/**
* Validates the key.
*
* @param string key
* @param string salt
* @param mixed value
* @param mixed value2
* ...
*/
protected function validate($key, $salt, $value1, $value2 = null, $value3 = null, $value4 = null, $value5 = null)
{
$values = array();
if ($value1 === null) {
$this->send('no values given to validate', 104);
}
$values[] = $value1;
if ($value2 !== null) {
$values[] = $value2;
}
if ($value3 !== null) {
$values[] = $value3;
}
if ($value4 !== null) {
$values[] = $value4;
}
if ($value5 !== null) {
$values[] = $value5;
}
$i = 0;
do {
$string .= $values[$i];
$i++;
} while ($values[$i] !== null);
if ($key !== StringUtil::getDoubleSaltedHash($string, $salt)) {
$this->send('key not correct', 101);
}
}
/**
* Updates the static data of this user.
*
* @param string $username
* @param string $email
* @param string $password
* @param array $additionalFields
*/
protected function updateUser($username = '', $email = '', $password = '', $additionalFields = array())
{
// create new salt
if (!empty($password)) {
$salt = StringUtil::getRandomID();
$password = StringUtil::getDoubleSaltedHash($password, $salt);
}
$updateSQL = '';
if (!empty($username)) {
$updateSQL = "username = '******'";
$this->username = $username;
}
if (!empty($email)) {
if (!empty($updateSQL)) {
$updateSQL .= ',';
}
$updateSQL .= "email = '" . escapeString($email) . "'";
$this->email = $email;
}
if (!empty($password)) {
if (!empty($updateSQL)) {
$updateSQL .= ',';
}
$updateSQL .= "password = '******', salt = '" . $salt . "'";
$this->password = $password;
$this->salt = $salt;
}
foreach ($additionalFields as $key => $value) {
if (!empty($updateSQL)) {
$updateSQL .= ',';
}
$updateSQL .= $key . '=' . (is_int($value) ? $value : "'" . escapeString($value) . "'");
}
if (!empty($updateSQL)) {
// save user
$sql = "UPDATE\twcf" . WCF_N . "_user\n\t\t\t\tSET\t" . $updateSQL . "\n\t\t\t\tWHERE \tuserID = " . $this->userID;
WCF::getDB()->sendQuery($sql);
}
$this->resetSession();
}
/**
* Validates the key.
*
* @param array data
*/
private function validateKey($data)
{
$string = $this->sendTime . str_rot13($this->action);
if (StringUtil::$this->key !== StringUtil::getDoubleSaltedHash($string, $this->salt)) {
$this->send('key validation failed with string: "' . $string . '"', 220);
return false;
}
return true;
}
/**
* Returns true, if the given password is the correct password for this user.
*
* @param string $password
* @return boolean password correct
*/
public function checkPassword($password)
{
return $this->password == StringUtil::getDoubleSaltedHash($password, $this->salt);
}
