Merge pull request #5 from jacob-g/master

Fixed problems with the verification code system
This commit is contained in:
seotts 2015-03-30 11:48:06 -05:00
commit 7975ed4332
4 changed files with 20 additions and 11 deletions

View file

@ -60,6 +60,15 @@ class AccountRequestSubmission {
public function getAttachtmentPrevName() {
return $this->attachmentPrevName;
}
private function stringContainsArray($string, $array) {
foreach ($array as $val) {
if (strstr($string, $val)) {
return true;
}
}
return false;
}
/**
* Attempt to validate and submit this data to the DB
@ -93,18 +102,21 @@ class AccountRequestSubmission {
//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
$project_link = $context->msg('requestaccount-project-link')->text();
preg_match('%(\d+)%', $project_link, $matches);
$code = $context->getRequest()->getSessionData('confirmaccount-code');
$codes = array();
for ($i = 0; $i <= 2; $i++) { //have a "fault-tolerance" of two, so if the code was generated and the time changed between entering the code and checking it, it still works
$codes[] = sha1((floor(time() / 1800) - $i) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
}
$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
if (!$data) {
return array('api_failed', $context->msg('requestaccount-api-failed'));
return;
}
$success = false;
preg_match_all('%<div id="comments-\d+" class="comment.*?" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
preg_match_all('%<div id="comments-\d+" class="comment +" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
foreach ($matches[2] as $key => $val) {
$user = $matches[1][$key];
$comment = trim($val);
if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) {
if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) {
$success = true;
break;
}

View file

@ -41,7 +41,7 @@ Make sure you are comfortable publishing such information.",
'requestaccount-attach' => 'Resume or CV (optional):',
'requestaccount-notes' => 'Why you would like to become a contributor',
'requestaccount-urls' => 'List of websites, if any (each on a separate line):',
'requestaccount-agree' => 'You must certify that your real name is correct and that you agree to our Terms of Service.',
'requestaccount-agree' => 'You must certify that you agree to abide by the Scratch Wiki Guidelines.',
'requestaccount-inuse' => 'Username is already in use in a pending account request.',
'requestaccount-tooshort' => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.',
'requestaccount-emaildup' => 'Another pending account request uses the same e-mail address.',

View file

@ -295,7 +295,7 @@ class ConfirmAccountsPage extends SpecialPage {
$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
$form .= '<table cellpadding=\'4\'>';
$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '" target="_BLANK">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
$econf = '';
/*if ( $accountReq->getEmailAuthTimestamp() ) {
$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';

View file

@ -92,11 +92,8 @@ class RequestAccountPage extends SpecialPage {
protected function showForm( $msg = '', $forgotFile = 0 ) {
global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
$this->getRequest()->setSessionData('confirmaccount-time', time());
}
//generate the verification code, it uses the floor of the time / 1800, so it changes every 30 minutes (the next page also adds some fault tolerance if the code is entered on the border)
$vercode = sha1(floor(time() / 1800) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
$reqUser = $this->getUser();
@ -218,7 +215,7 @@ class RequestAccountPage extends SpecialPage {
//Scratch user verification
$form .= '<fieldset>';
$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $vercode) . '</p>
<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
$form .= '</fieldset>';