mirror of
https://github.com/scratchfoundation/swiki-confirmaccount.git
synced 2024-12-04 21:01:02 -05:00
Merge pull request #5 from jacob-g/master
Fixed problems with the verification code system
This commit is contained in:
commit
7975ed4332
4 changed files with 20 additions and 11 deletions
|
@ -61,6 +61,15 @@ class AccountRequestSubmission {
|
|||
return $this->attachmentPrevName;
|
||||
}
|
||||
|
||||
private function stringContainsArray($string, $array) {
|
||||
foreach ($array as $val) {
|
||||
if (strstr($string, $val)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempt to validate and submit this data to the DB
|
||||
* @param $context IContextSource
|
||||
|
@ -93,18 +102,21 @@ class AccountRequestSubmission {
|
|||
//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
|
||||
$project_link = $context->msg('requestaccount-project-link')->text();
|
||||
preg_match('%(\d+)%', $project_link, $matches);
|
||||
$code = $context->getRequest()->getSessionData('confirmaccount-code');
|
||||
$codes = array();
|
||||
for ($i = 0; $i <= 2; $i++) { //have a "fault-tolerance" of two, so if the code was generated and the time changed between entering the code and checking it, it still works
|
||||
$codes[] = sha1((floor(time() / 1800) - $i) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
|
||||
}
|
||||
$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
|
||||
if (!$data) {
|
||||
return array('api_failed', $context->msg('requestaccount-api-failed'));
|
||||
return;
|
||||
}
|
||||
$success = false;
|
||||
preg_match_all('%<div id="comments-\d+" class="comment.*?" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
|
||||
preg_match_all('%<div id="comments-\d+" class="comment +" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
|
||||
foreach ($matches[2] as $key => $val) {
|
||||
$user = $matches[1][$key];
|
||||
$comment = trim($val);
|
||||
if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) {
|
||||
if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) {
|
||||
$success = true;
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ Make sure you are comfortable publishing such information.",
|
|||
'requestaccount-attach' => 'Resume or CV (optional):',
|
||||
'requestaccount-notes' => 'Why you would like to become a contributor',
|
||||
'requestaccount-urls' => 'List of websites, if any (each on a separate line):',
|
||||
'requestaccount-agree' => 'You must certify that your real name is correct and that you agree to our Terms of Service.',
|
||||
'requestaccount-agree' => 'You must certify that you agree to abide by the Scratch Wiki Guidelines.',
|
||||
'requestaccount-inuse' => 'Username is already in use in a pending account request.',
|
||||
'requestaccount-tooshort' => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.',
|
||||
'requestaccount-emaildup' => 'Another pending account request uses the same e-mail address.',
|
||||
|
|
|
@ -295,7 +295,7 @@ class ConfirmAccountsPage extends SpecialPage {
|
|||
$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
|
||||
$form .= '<table cellpadding=\'4\'>';
|
||||
$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
|
||||
$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
|
||||
$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '" target="_BLANK">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
|
||||
$econf = '';
|
||||
/*if ( $accountReq->getEmailAuthTimestamp() ) {
|
||||
$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';
|
||||
|
|
|
@ -92,11 +92,8 @@ class RequestAccountPage extends SpecialPage {
|
|||
protected function showForm( $msg = '', $forgotFile = 0 ) {
|
||||
global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
|
||||
|
||||
//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
|
||||
if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
|
||||
$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
|
||||
$this->getRequest()->setSessionData('confirmaccount-time', time());
|
||||
}
|
||||
//generate the verification code, it uses the floor of the time / 1800, so it changes every 30 minutes (the next page also adds some fault tolerance if the code is entered on the border)
|
||||
$vercode = sha1(floor(time() / 1800) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
|
||||
|
||||
$reqUser = $this->getUser();
|
||||
|
||||
|
@ -218,7 +215,7 @@ class RequestAccountPage extends SpecialPage {
|
|||
//Scratch user verification
|
||||
$form .= '<fieldset>';
|
||||
$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
|
||||
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
|
||||
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $vercode) . '</p>
|
||||
<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
|
||||
$form .= '</fieldset>';
|
||||
|
||||
|
|
Loading…
Reference in a new issue