entirely new verification code algorithm! (fixes #3)

This commit is contained in:
Jacob G 2015-01-11 21:01:56 -05:00
parent 6ec0e602ad
commit 0ce10636db
3 changed files with 15 additions and 8 deletions

View file

@ -24,7 +24,7 @@ class AccountRequestSubmission {
protected $attachmentDidNotForget; // user already saw "please re-attach" notice protected $attachmentDidNotForget; // user already saw "please re-attach" notice
protected $attachmentSize; // bytes size of file protected $attachmentSize; // bytes size of file
protected $attachmentTempPath; // tmp path file was uploaded to FS protected $attachmentTempPath; // tmp path file was uploaded to FS
public function __construct( User $requester, array $params ) { public function __construct( User $requester, array $params ) {
$this->requester = $requester; $this->requester = $requester;
$this->userName = trim( $params['userName'] ); $this->userName = trim( $params['userName'] );
@ -90,10 +90,10 @@ class AccountRequestSubmission {
} }
//before we continue, verify user //before we continue, verify user
$code = sha1($_SERVER['REMOTE_ADDR'] . date('m')); $code = $context->getRequest()->getSessionData('confirmaccount-code');
$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/10135908/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache $data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/10135908/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
if (!$data) { if (!$data) {
return array('api_failed', 'Accessing the API to verify your registration failed. Please try again later.'); return array('api_failed', $context->msg('requestaccount-api-failed'));
return; return;
} }
$success = false; $success = false;
@ -108,15 +108,15 @@ class AccountRequestSubmission {
} }
if ($_POST['pwd1'] != $_POST['pwd2']) { if ($_POST['pwd1'] != $_POST['pwd2']) {
return array('pwds_no_match', 'The passwords did not match.'); return array('pwds_no_match', $context->msg('badretype'));
} }
if (strlen($_POST['pwd1']) <= 4) { if (strlen($_POST['pwd1']) <= 4) {
return array('pwd_too_short', 'The password is too short'); return array('pwd_too_short', $context->msg('passwordtooshort', 5));
} }
if (!$success) { if (!$success) {
return array('no_comment', $this->msg('requestaccount-nocomment-error')); return array('no_comment', $context->msg('requestaccount-nocomment-error'));
} }
$u = User::newFromName( $this->userName, 'creatable' ); $u = User::newFromName( $this->userName, 'creatable' );

View file

@ -77,6 +77,7 @@ You cannot make any more requests.",
'requestaccount-project-info' => 'Please go to the [$1 user verification project] and comment the following code:<br />\'\'\'$2\'\'\'', 'requestaccount-project-info' => 'Please go to the [$1 user verification project] and comment the following code:<br />\'\'\'$2\'\'\'',
'requestaccount-project-link' => 'http://scratch.mit.edu/projects/10135908/', 'requestaccount-project-link' => 'http://scratch.mit.edu/projects/10135908/',
'requestaccount-nocomment-error' => 'It does not appear you commented the verification code on the specified project. Please try again.', 'requestaccount-nocomment-error' => 'It does not appear you commented the verification code on the specified project. Please try again.',
'requestaccount-api-failed' => 'Accessing the API to verify your registration failed. Please try again later.',
); );
/** Message documentation (Message documentation) /** Message documentation (Message documentation)

View file

@ -92,6 +92,12 @@ class RequestAccountPage extends SpecialPage {
protected function showForm( $msg = '', $forgotFile = 0 ) { protected function showForm( $msg = '', $forgotFile = 0 ) {
global $wgAccountRequestTypes, $wgMakeUserPageFromBio; global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
$this->getRequest()->setSessionData('confirmaccount-time', time());
}
$reqUser = $this->getUser(); $reqUser = $this->getUser();
$this->mForgotAttachment = $forgotFile; $this->mForgotAttachment = $forgotFile;
@ -212,7 +218,7 @@ class RequestAccountPage extends SpecialPage {
//Scratch user verification //Scratch user verification
$form .= '<fieldset>'; $form .= '<fieldset>';
$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>'; $form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), sha1($_SERVER['REMOTE_ADDR'] . date('m'))) . '</b></p> $form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n"; <p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
$form .= '</fieldset>'; $form .= '</fieldset>';
@ -319,7 +325,7 @@ class RequestAccountPage extends SpecialPage {
'attachmentSrcName' => $this->mSrcName, 'attachmentSrcName' => $this->mSrcName,
'attachmentDidNotForget' => $this->mForgotAttachment, // confusing name :) 'attachmentDidNotForget' => $this->mForgotAttachment, // confusing name :)
'attachmentSize' => $this->mFileSize, 'attachmentSize' => $this->mFileSize,
'attachmentTempPath' => $this->mTempPath 'attachmentTempPath' => $this->mTempPath,
) )
); );