From 0ce10636db406969704c8c08225be352f1c1e3bc Mon Sep 17 00:00:00 2001
From: Jacob G <jacob-x@jvvgindustries.com>
Date: Sun, 11 Jan 2015 21:01:56 -0500
Subject: [PATCH] entirely new verification code algorithm! (fixes #3)

---
 ConfirmAccount/business/AccountRequestSubmission.php | 12 ++++++------
 .../frontend/language/RequestAccountPage.i18n.php    |  1 +
 .../specialpages/actions/RequestAccount_body.php     | 10 ++++++++--
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/ConfirmAccount/business/AccountRequestSubmission.php b/ConfirmAccount/business/AccountRequestSubmission.php
index 89c41c5..ea979f4 100644
--- a/ConfirmAccount/business/AccountRequestSubmission.php
+++ b/ConfirmAccount/business/AccountRequestSubmission.php
@@ -24,7 +24,7 @@ class AccountRequestSubmission {
 	protected $attachmentDidNotForget; // user already saw "please re-attach" notice
 	protected $attachmentSize; // bytes size of file
 	protected $attachmentTempPath; // tmp path file was uploaded to FS
-
+		
 	public function __construct( User $requester, array $params ) {
 		$this->requester = $requester;
 		$this->userName = trim( $params['userName'] );
@@ -90,10 +90,10 @@ class AccountRequestSubmission {
 		}
 		
 		//before we continue, verify user
-		$code = sha1($_SERVER['REMOTE_ADDR'] . date('m'));
+		$code = $context->getRequest()->getSessionData('confirmaccount-code');
 		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/10135908/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
 	    if (!$data) {
-		   return array('api_failed', 'Accessing the API to verify your registration failed. Please try again later.');
+		   return array('api_failed', $context->msg('requestaccount-api-failed'));
 		   return;
 	    }
 	    $success = false;
@@ -108,15 +108,15 @@ class AccountRequestSubmission {
 	    }
 	    
 	    if ($_POST['pwd1'] != $_POST['pwd2']) {
-		    return array('pwds_no_match', 'The passwords did not match.');
+		    return array('pwds_no_match', $context->msg('badretype'));
 	    }
 		
 		if (strlen($_POST['pwd1']) <= 4) {
-			return array('pwd_too_short', 'The password is too short');
+			return array('pwd_too_short', $context->msg('passwordtooshort', 5));
 		}
 	    
 	    if (!$success) {
-		    return array('no_comment', $this->msg('requestaccount-nocomment-error'));
+		    return array('no_comment', $context->msg('requestaccount-nocomment-error'));
 	    }
 		
 		$u = User::newFromName( $this->userName, 'creatable' );
diff --git a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
index 6832ecb..8d3c7a0 100644
--- a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
+++ b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php
@@ -77,6 +77,7 @@ You cannot make any more requests.",
 	'requestaccount-project-info'		=> 'Please go to the [$1 user verification project] and comment the following code:<br />\'\'\'$2\'\'\'',
 	'requestaccount-project-link' 		=> 'http://scratch.mit.edu/projects/10135908/',
 	'requestaccount-nocomment-error'	=> 'It does not appear you commented the verification code on the specified project. Please try again.',
+	'requestaccount-api-failed'			=> 'Accessing the API to verify your registration failed. Please try again later.',
 );
 
 /** Message documentation (Message documentation)
diff --git a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
index eed848b..12e4339 100644
--- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
+++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php
@@ -92,6 +92,12 @@ class RequestAccountPage extends SpecialPage {
 	protected function showForm( $msg = '', $forgotFile = 0 ) {
 		global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
 
+		//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
+		if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
+			$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
+			$this->getRequest()->setSessionData('confirmaccount-time', time());
+		}
+
 		$reqUser = $this->getUser();
 
 		$this->mForgotAttachment = $forgotFile;
@@ -212,7 +218,7 @@ class RequestAccountPage extends SpecialPage {
 		//Scratch user verification
 		$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
-		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), sha1($_SERVER['REMOTE_ADDR'] . date('m'))) . '</b></p>
+		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
 		<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
 		$form .= '</fieldset>';
 		
@@ -319,7 +325,7 @@ class RequestAccountPage extends SpecialPage {
 				'attachmentSrcName'         => $this->mSrcName,
 				'attachmentDidNotForget'    => $this->mForgotAttachment, // confusing name :)
 				'attachmentSize'            => $this->mFileSize,
-				'attachmentTempPath'        => $this->mTempPath
+				'attachmentTempPath'        => $this->mTempPath,
 			)
 		);