示例#1
0
 public function complexityTest($password, $answer, $count)
 {
     global $CDASH_PASSWORD_COMPLEXITY_COUNT;
     $CDASH_PASSWORD_COMPLEXITY_COUNT = $count;
     $response = getPasswordComplexity($password);
     if ($response != $answer) {
         $this->fail("Expected {$answer} for '{$password}' when count is {$count}, instead got {$response}");
         return false;
     }
     return true;
 }
示例#2
0
文件: install.php 项目: kitware/cdash
 $admin_email = htmlspecialchars(pdo_real_escape_string($_POST['admin_email']));
 $admin_password = htmlspecialchars(pdo_real_escape_string($_POST['admin_password']));
 $valid_email = true;
 if (strlen($admin_email) < 6 || strstr($admin_email, '@') === false) {
     $xml .= '<db_created>0</db_created>';
     $xml .= "<alert>* Administrator's email should be a valid email address</alert>";
     $valid_email = false;
 }
 global $CDASH_MINIMUM_PASSWORD_LENGTH, $CDASH_MINIMUM_PASSWORD_COMPLEXITY, $CDASH_PASSWORD_COMPLEXITY_COUNT;
 if ($valid_email && strlen($admin_password) < $CDASH_MINIMUM_PASSWORD_LENGTH) {
     $xml .= '<db_created>0</db_created>';
     $xml .= "<alert>* Administrator's password must be at least {$CDASH_MINIMUM_PASSWORD_LENGTH} characters</alert>";
     $valid_email = false;
 }
 if ($valid_email) {
     $complexity = getPasswordComplexity($admin_password);
     if ($complexity < $CDASH_MINIMUM_PASSWORD_COMPLEXITY) {
         $xml .= "<alert>* Administrator's password is not complex enough. ";
         if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) {
             $xml .= "It must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols.";
         } else {
             $xml .= "It must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols.";
         }
         $xml .= '</alert>';
         $valid_email = false;
     }
 }
 if ($valid_email) {
     $db_created = true;
     // If this is MySQL we try to create the database
     if ($db_type == 'mysql') {
示例#3
0
/** Authentication function */
function register()
{
    global $reg;
    include dirname(__DIR__) . '/config/config.php';
    require_once 'include/pdo.php';
    if (isset($_GET['key'])) {
        $key = pdo_real_escape_string($_GET['key']);
        $sql = 'SELECT * FROM ' . qid('usertemp') . " WHERE registrationkey='{$key}'";
        $query = pdo_query($sql);
        if (pdo_num_rows($query) == 0) {
            $reg = 'The key is invalid.';
            return 0;
        }
        $query_array = pdo_fetch_array($query);
        $email = $query_array['email'];
        // We copy the data from usertemp to user
        $user = new User();
        $user->Email = $email;
        $user->Password = $query_array['password'];
        $user->FirstName = $query_array['firstname'];
        $user->LastName = $query_array['lastname'];
        $user->Institution = $query_array['institution'];
        if ($user->Save()) {
            pdo_query("DELETE FROM usertemp WHERE email='{$email}'");
            return 1;
        } else {
            $reg = pdo_error();
            return 0;
        }
    } elseif (isset($_POST['sent'])) {
        // arrive from register form
        $url = $_POST['url'];
        if ($url != 'catchbot') {
            $reg = 'Bots are not allowed to obtain CDash accounts!';
            return 0;
        }
        $email = $_POST['email'];
        $passwd = $_POST['passwd'];
        $passwd2 = $_POST['passwd2'];
        if (!($passwd == $passwd2)) {
            $reg = 'Passwords do not match!';
            return 0;
        }
        global $CDASH_MINIMUM_PASSWORD_LENGTH, $CDASH_MINIMUM_PASSWORD_COMPLEXITY, $CDASH_PASSWORD_COMPLEXITY_COUNT;
        $complexity = getPasswordComplexity($passwd);
        if ($complexity < $CDASH_MINIMUM_PASSWORD_COMPLEXITY) {
            if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) {
                $reg = "Your password must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols.";
            } else {
                $reg = "Your password must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols.";
            }
            return 0;
        }
        if (strlen($passwd) < $CDASH_MINIMUM_PASSWORD_LENGTH) {
            $reg = "Your password must be at least {$CDASH_MINIMUM_PASSWORD_LENGTH} characters.";
            return 0;
        }
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $institution = $_POST['institution'];
        if ($email && $passwd && $passwd2 && $fname && $lname && $institution) {
            $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
            pdo_select_db("{$CDASH_DB_NAME}", $db);
            $passwd = md5($passwd);
            $email = pdo_real_escape_string($email);
            $sql = 'SELECT email FROM ' . qid('user') . " WHERE email='{$email}'";
            if (pdo_num_rows(pdo_query($sql)) > 0) {
                $reg = "{$email} is already registered.";
                return 0;
            }
            $sql = 'SELECT email  FROM ' . qid('usertemp') . " WHERE email='{$email}'";
            if (pdo_num_rows(pdo_query($sql)) > 0) {
                $reg = "{$email} is already registered. Check your email if you haven't received the link to activate yet.";
                return 0;
            }
            $passwd = pdo_real_escape_string($passwd);
            $fname = pdo_real_escape_string($fname);
            $lname = pdo_real_escape_string($lname);
            $institution = pdo_real_escape_string($institution);
            if ($CDASH_REGISTRATION_EMAIL_VERIFY) {
                $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
                $length = 40;
                $key = '';
                $max = strlen($keychars) - 1;
                for ($i = 0; $i < $length; $i++) {
                    // random_int is available in PHP 7 and the random_compat PHP 5.x
                    // polyfill included in the Composer package.json dependencies.
                    $key .= substr($keychars, random_int(0, $max), 1);
                }
                $date = date(FMT_DATETIME);
                $sql = 'INSERT INTO ' . qid('usertemp') . " (email,password,firstname,lastname,institution,registrationkey,registrationdate)\n                    VALUES ('{$email}','{$passwd}','{$fname}','{$lname}','{$institution}','{$key}','{$date}')";
            } else {
                $user = new User();
                $user->Email = $email;
                $user->Password = $passwd;
                $user->FirstName = $fname;
                $user->LastName = $lname;
                $user->Institution = $institution;
                $user->Save();
            }
            if (pdo_query($sql)) {
                if ($CDASH_REGISTRATION_EMAIL_VERIFY) {
                    $currentURI = get_server_URI();
                    // Send the email
                    $emailtitle = 'Welcome to CDash!';
                    $emailbody = 'Hello ' . $fname . ",\n\n";
                    $emailbody .= "Welcome to CDash! In order to validate your registration please follow this link: \n";
                    $emailbody .= $currentURI . '/register.php?key=' . $key . "\n";
                    $serverName = $CDASH_SERVER_NAME;
                    if (strlen($serverName) == 0) {
                        $serverName = $_SERVER['SERVER_NAME'];
                    }
                    $emailbody .= "\n-CDash on " . $serverName . "\n";
                    if (cdashmail("{$email}", $emailtitle, $emailbody)) {
                        add_log('email sent to: ' . $email, 'Registration');
                    } else {
                        add_log('cannot send email to: ' . $email, 'Registration', LOG_ERR);
                    }
                    $reg = "A confirmation email has been sent. Check your email (including your spam folder) to confirm your registration!\n";
                    $reg .= 'You need to activate your account within 24 hours.';
                    return 0;
                }
                return 1;
            } else {
                $reg = pdo_error();
                return 0;
            }
        } else {
            $reg = 'Please fill in all of the required fields';
            return 0;
        }
    }
    return 0;
}
示例#4
0
 if ($password_is_good && $CDASH_PASSWORD_EXPIRATION > 0) {
     $query = "SELECT password FROM password WHERE userid={$userid}";
     if ($CDASH_UNIQUE_PASSWORD_COUNT) {
         $query .= " ORDER BY date DESC LIMIT {$CDASH_UNIQUE_PASSWORD_COUNT}";
     }
     $result = pdo_query($query);
     while ($row = pdo_fetch_array($result)) {
         if ($md5pass == $row['password']) {
             $password_is_good = false;
             $error_msg = 'You have recently used this password.  Please select a new one.';
             break;
         }
     }
 }
 if ($password_is_good) {
     $complexity = getPasswordComplexity($passwd);
     if ($complexity < $CDASH_MINIMUM_PASSWORD_COMPLEXITY) {
         $password_is_good = false;
         if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) {
             $error_msg = "Your password must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols.";
         } else {
             $error_msg = "Your password must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols.";
         }
     }
 }
 if (!$password_is_good) {
     $xml .= "<error>{$error_msg}</error>";
 } else {
     $user = new User();
     $user->Id = $userid;
     $user->Fill();