function setDefaultValues() { // Sets default values of fields in $_POST. $_POST['system_title'] = 'LOVD - Leiden Open Variation Database'; $_POST['location_url'] = $_SERVER['HTTP_HOST'] == 'localhost' || lovd_matchIPRange($_SERVER['HTTP_HOST']) ? '' : lovd_getInstallURL(); $_POST['refseq_build'] = 'hg38'; $_POST['api_feed_history'] = 3; $_POST['logo_uri'] = 'gfx/LOVD3_logo145x50.jpg'; $_POST['mutalyzer_soap_url'] = 'https://mutalyzer.nl/services'; $_POST['send_stats'] = 1; $_POST['include_in_listing'] = 1; $_POST['allow_submitter_registration'] = 1; $_POST['allow_submitter_mods'] = 1; if (!SSL) { $_POST['use_ssl'] = 0; } else { $_POST['use_ssl'] = 1; } $_POST['lock_users'] = 1; $_POST['allow_unlock_accounts'] = 1; $_POST['lock_uninstall'] = 1; return true; }
function checkFields($aData, $zData = false) { // Checks fields before submission of data. global $_AUTH, $_DB, $_PE, $_SETT; // Mandatory fields. $this->aCheckMandatory = array('name', 'institute', 'address', 'city', 'countryid', 'email', 'username'); // These password fields are only not mandatory when we're editing. if (ACTION != 'edit') { $this->aCheckMandatory[] = 'password_1'; $this->aCheckMandatory[] = 'password_2'; } parent::checkFields($aData); // Email address. if (!empty($aData['email'])) { $aEmail = explode("\r\n", $aData['email']); foreach ($aEmail as $sEmail) { if (!lovd_matchEmail($sEmail)) { lovd_errorAdd('email', 'Email "' . htmlspecialchars($sEmail) . '" is not a correct email address' . ($sEmail && $sEmail == trim($sEmail) ? '' : '. Make sure there are no spaces or empty lines left in the email field') . '.'); } } } if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'create') { // Check username format. if ($aData['username'] && !lovd_matchUsername($aData['username'])) { lovd_errorAdd('username', 'Please fill in a correct username; 4 to 20 characters and starting with a letter followed by letters, numbers, dots, underscores and dashes only.'); } } if (in_array(ACTION, array('create', 'register'))) { // Does the username exist already? if ($aData['username']) { if ($_DB->query('SELECT COUNT(*) FROM ' . TABLE_USERS . ' WHERE username = ?', array($aData['username']))->fetchColumn()) { lovd_errorAdd('username', 'There is already a user with this username. Please choose another one.'); } } } // One of two password fields entered... check 'em. if ($aData['password_1'] || $aData['password_2']) { if ($aData['password_1'] && $aData['password_2']) { // Both entered. if ($aData['password_1'] != $aData['password_2']) { lovd_errorAdd('password_2', 'The \'' . (in_array(ACTION, array('edit', 'change_password')) ? 'New p' : 'P') . 'assword\' fields are not equal. Please try again.'); } else { // Password quality. if (!lovd_matchPassword($aData['password_1'])) { lovd_errorAdd('password_1', 'Your password is found too weak. Please fill in a proper password; at least 4 characters long and containing at least one number or special character.'); } } } else { if (in_array(ACTION, array('edit', 'change_password'))) { lovd_errorAdd('password_2', 'If you want to change the current password, please fill in both \'New password\' fields.'); } else { lovd_errorAdd('password_2', 'Please fill in both \'Password\' fields.'); } } } // Check given security IP range. if (!empty($aData['allowed_ip'])) { // This function will throw an error itself (second argument). $bIP = lovd_matchIPRange($aData['allowed_ip'], 'allowed_ip'); if (lovd_getProjectFile() == '/install/index.php' || ACTION == 'edit' && $_PE[1] == $_AUTH['id']) { // Check given security IP range. if ($bIP && !lovd_validateIP($aData['allowed_ip'], $_SERVER['REMOTE_ADDR'])) { // This IP range is not allowing the current IP to connect. This ain't right. // If IP address is actually IPv6, then complain that we can't restrict at all. // Otherwise, be clear the current setting just doesn't match. if (strpos($_SERVER['REMOTE_ADDR'], ':') !== false) { // IPv6... lovd_errorAdd('allowed_ip', 'Your current IP address is IPv6 (' . $_SERVER['REMOTE_ADDR'] . '), which is not supported by LOVD to restrict access to your account.'); } else { lovd_errorAdd('allowed_ip', 'Your current IP address is not matched by the given IP range. This would mean you would not be able to get access to LOVD with this IP range.'); } } } } else { // We're not sure if $aData == $_POST. But we'll just do this. It can't harm I guess. $_POST['allowed_ip'] = '*'; } // Level can't be higher or equal than the current user. if (!empty($aData['level']) && $aData['level'] >= $_AUTH['level']) { lovd_writeLog('Error', 'HackAttempt', 'Tried to upgrade user ID ' . $_PE[1] . ' to level ' . $_SETT['user_levels'][$aData['level']] . ')'); lovd_errorAdd('level', 'User level is not permitted. Hack attempt.'); } // XSS attack prevention. Deny input of HTML. lovd_checkXSS(); }