redid verification code system, also made profile link open in new tab (closes #10, closes #11)

ConfirmAccount/business/AccountRequestSubmission.php

@@ -60,6 +60,15 @@ class AccountRequestSubmission {
 	public function getAttachtmentPrevName() {
 		return $this->attachmentPrevName;
 	}
+	
+	private function stringContainsArray($string, $array) {
+	   foreach ($array as $val) {
+		   if (strstr($string, $val)) {
+			   return true;
+		   }
+	   }
+	   return false;
+   }
 
 	/**
 	 * Attempt to validate and submit this data to the DB
@@ -93,18 +102,21 @@ class AccountRequestSubmission {
 		//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
 		$project_link = $context->msg('requestaccount-project-link')->text();
 		preg_match('%(\d+)%', $project_link, $matches);
-		$code = $context->getRequest()->getSessionData('confirmaccount-code');
+		$codes = array();
+		for ($i = 0; $i <= 2; $i++) { //have a "fault-tolerance" of two, so if the code was generated and the time changed between entering the code and checking it, it still works
+			$codes[] = sha1((floor(time() / 1800) - $i) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
+		}
 		$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
 	    if (!$data) {
 		   return array('api_failed', $context->msg('requestaccount-api-failed'));
 		   return;
 	    }
 	    $success = false;
-	    preg_match_all('%<div id="comments-\d+" class="comment.*?" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
+	    preg_match_all('%<div id="comments-\d+" class="comment +" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
 	    foreach ($matches[2] as $key => $val) {
 		   $user = $matches[1][$key];
 		   $comment = trim($val);
-		   if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) {
+		   if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) {
 			  $success = true;
 			  break;
 		   }

ConfirmAccount/frontend/language/RequestAccountPage.i18n.php

@@ -41,7 +41,7 @@ Make sure you are comfortable publishing such information.",
 	'requestaccount-attach'     => 'Resume or CV (optional):',
 	'requestaccount-notes'      => 'Why you would like to become a contributor',
 	'requestaccount-urls'       => 'List of websites, if any (each on a separate line):',
-	'requestaccount-agree'      => 'You must certify that your real name is correct and that you agree to our Terms of Service.',
+	'requestaccount-agree'      => 'You must certify that you agree to abide by the Scratch Wiki Guidelines.',
 	'requestaccount-inuse'      => 'Username is already in use in a pending account request.',
 	'requestaccount-tooshort'   => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.',
 	'requestaccount-emaildup'   => 'Another pending account request uses the same e-mail address.',

ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php

@@ -295,7 +295,7 @@ class ConfirmAccountsPage extends SpecialPage {
 		$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
 		$form .= '<table cellpadding=\'4\'>';
 		$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
-		$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
+		$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '" target="_BLANK">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
 		$econf = '';
 		/*if ( $accountReq->getEmailAuthTimestamp() ) {
 			$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';

ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php

@@ -92,11 +92,8 @@ class RequestAccountPage extends SpecialPage {
 	protected function showForm( $msg = '', $forgotFile = 0 ) {
 		global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
 
-		//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code
-		if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) {
-			$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
-			$this->getRequest()->setSessionData('confirmaccount-time', time());
-		}
+		//generate the verification code, it's the floor of the time / 7200, so it changes every 2 hours (the next page also adds some fault tolerance if the code is entered on the hour border)
+		$vercode = sha1(floor(time() / 1800) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
 
 		$reqUser = $this->getUser();
 
@@ -218,7 +215,7 @@ class RequestAccountPage extends SpecialPage {
 		//Scratch user verification
 		$form .= '<fieldset>';
 		$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
-		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p>
+		$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $vercode) . '</p>
 		<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
 		$form .= '</fieldset>';