diff --git a/ConfirmAccount/business/AccountRequestSubmission.php b/ConfirmAccount/business/AccountRequestSubmission.php index 8f285aa..eac6eb1 100644 --- a/ConfirmAccount/business/AccountRequestSubmission.php +++ b/ConfirmAccount/business/AccountRequestSubmission.php @@ -60,6 +60,15 @@ class AccountRequestSubmission { public function getAttachtmentPrevName() { return $this->attachmentPrevName; } + + private function stringContainsArray($string, $array) { + foreach ($array as $val) { + if (strstr($string, $val)) { + return true; + } + } + return false; + } /** * Attempt to validate and submit this data to the DB @@ -93,18 +102,21 @@ class AccountRequestSubmission { //the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there) $project_link = $context->msg('requestaccount-project-link')->text(); preg_match('%(\d+)%', $project_link, $matches); - $code = $context->getRequest()->getSessionData('confirmaccount-code'); + $codes = array(); + for ($i = 0; $i <= 2; $i++) { //have a "fault-tolerance" of two, so if the code was generated and the time changed between entering the code and checking it, it still works + $codes[] = sha1((floor(time() / 1800) - $i) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']); + } $data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache if (!$data) { return array('api_failed', $context->msg('requestaccount-api-failed')); return; } $success = false; - preg_match_all('%
.*?.*?
(.*?)
%ms', $data, $matches); + preg_match_all('%
.*?.*?
(.*?)
%ms', $data, $matches); foreach ($matches[2] as $key => $val) { $user = $matches[1][$key]; $comment = trim($val); - if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) { + if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) { $success = true; break; } diff --git a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php index cb74774..2c3adf9 100644 --- a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php +++ b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php @@ -41,7 +41,7 @@ Make sure you are comfortable publishing such information.", 'requestaccount-attach' => 'Resume or CV (optional):', 'requestaccount-notes' => 'Why you would like to become a contributor', 'requestaccount-urls' => 'List of websites, if any (each on a separate line):', - 'requestaccount-agree' => 'You must certify that your real name is correct and that you agree to our Terms of Service.', + 'requestaccount-agree' => 'You must certify that you agree to abide by the Scratch Wiki Guidelines.', 'requestaccount-inuse' => 'Username is already in use in a pending account request.', 'requestaccount-tooshort' => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.', 'requestaccount-emaildup' => 'Another pending account request uses the same e-mail address.', diff --git a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php index 2805dc8..696e4c4 100644 --- a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php +++ b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php @@ -295,7 +295,7 @@ class ConfirmAccountsPage extends SpecialPage { $form .= '' . $this->msg( 'confirmaccount-leg-user' )->escaped() . ''; $form .= ''; $form .= ""; - $form .= '' . "\n"; + $form .= '' . "\n"; $econf = ''; /*if ( $accountReq->getEmailAuthTimestamp() ) { $econf = ' ' . $this->msg( 'confirmaccount-econf' )->escaped() . ''; diff --git a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php index 12e4339..3b16585 100644 --- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php +++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php @@ -92,11 +92,8 @@ class RequestAccountPage extends SpecialPage { protected function showForm( $msg = '', $forgotFile = 0 ) { global $wgAccountRequestTypes, $wgMakeUserPageFromBio; - //generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code - if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) { - $this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999))); - $this->getRequest()->setSessionData('confirmaccount-time', time()); - } + //generate the verification code, it uses the floor of the time / 1800, so it changes every 30 minutes (the next page also adds some fault tolerance if the code is entered on the border) + $vercode = sha1(floor(time() / 1800) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']); $reqUser = $this->getUser(); @@ -218,7 +215,7 @@ class RequestAccountPage extends SpecialPage { //Scratch user verification $form .= '
'; $form .= '' . $this->msg('requestaccount-user-verification') . ''; - $form .= '

' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '

+ $form .= '

' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $vercode) . '

' . $this->msg('requestaccount-code-troubleshoot') . '

' . "\n"; $form .= '
';
" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' ' . htmlspecialchars($this->reqUsername) . '
' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' ' . htmlspecialchars($this->reqUsername) . '