redid verification code system, also made profile link open in new tab (closes #10, closes #11)

This commit is contained in:
Jacob G 2015-03-22 14:32:37 -04:00
parent 066b521780
commit 9f7ac6bb43
4 changed files with 20 additions and 11 deletions

View file

@ -60,6 +60,15 @@ class AccountRequestSubmission {
public function getAttachtmentPrevName() { public function getAttachtmentPrevName() {
return $this->attachmentPrevName; return $this->attachmentPrevName;
} }
private function stringContainsArray($string, $array) {
foreach ($array as $val) {
if (strstr($string, $val)) {
return true;
}
}
return false;
}
/** /**
* Attempt to validate and submit this data to the DB * Attempt to validate and submit this data to the DB
@ -93,18 +102,21 @@ class AccountRequestSubmission {
//the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there) //the project link is stored in the interface, so splice the URL out of it (it should be the only decimal there)
$project_link = $context->msg('requestaccount-project-link')->text(); $project_link = $context->msg('requestaccount-project-link')->text();
preg_match('%(\d+)%', $project_link, $matches); preg_match('%(\d+)%', $project_link, $matches);
$code = $context->getRequest()->getSessionData('confirmaccount-code'); $codes = array();
for ($i = 0; $i <= 2; $i++) { //have a "fault-tolerance" of two, so if the code was generated and the time changed between entering the code and checking it, it still works
$codes[] = sha1((floor(time() / 1800) - $i) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
}
$data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache $data = file_get_contents('http://scratch.mit.edu/site-api/comments/project/' . $matches[1] . '/?page=1&salt=' . md5(time())); //add the salt so it doesn't cache
if (!$data) { if (!$data) {
return array('api_failed', $context->msg('requestaccount-api-failed')); return array('api_failed', $context->msg('requestaccount-api-failed'));
return; return;
} }
$success = false; $success = false;
preg_match_all('%<div id="comments-\d+" class="comment.*?" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches); preg_match_all('%<div id="comments-\d+" class="comment +" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
foreach ($matches[2] as $key => $val) { foreach ($matches[2] as $key => $val) {
$user = $matches[1][$key]; $user = $matches[1][$key];
$comment = trim($val); $comment = trim($val);
if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && strstr($comment, $code)) { if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) {
$success = true; $success = true;
break; break;
} }

View file

@ -41,7 +41,7 @@ Make sure you are comfortable publishing such information.",
'requestaccount-attach' => 'Resume or CV (optional):', 'requestaccount-attach' => 'Resume or CV (optional):',
'requestaccount-notes' => 'Why you would like to become a contributor', 'requestaccount-notes' => 'Why you would like to become a contributor',
'requestaccount-urls' => 'List of websites, if any (each on a separate line):', 'requestaccount-urls' => 'List of websites, if any (each on a separate line):',
'requestaccount-agree' => 'You must certify that your real name is correct and that you agree to our Terms of Service.', 'requestaccount-agree' => 'You must certify that you agree to abide by the Scratch Wiki Guidelines.',
'requestaccount-inuse' => 'Username is already in use in a pending account request.', 'requestaccount-inuse' => 'Username is already in use in a pending account request.',
'requestaccount-tooshort' => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.', 'requestaccount-tooshort' => 'Your biography must be at least $1 {{PLURAL:$1|word|words}} long.',
'requestaccount-emaildup' => 'Another pending account request uses the same e-mail address.', 'requestaccount-emaildup' => 'Another pending account request uses the same e-mail address.',

View file

@ -295,7 +295,7 @@ class ConfirmAccountsPage extends SpecialPage {
$form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>'; $form .= '<legend>' . $this->msg( 'confirmaccount-leg-user' )->escaped() . '</legend>';
$form .= '<table cellpadding=\'4\'>'; $form .= '<table cellpadding=\'4\'>';
$form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>"; $form .= "<tr><td>" . Xml::label( $this->msg( 'username' )->text(), 'wpNewName' ) . "</td>";
$form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n"; $form .= '<td>' . Xml::input( 'wpNewName', 30, $this->reqUsername, array( 'id' => 'wpNewName', 'type' => 'hidden' ) ) . ' <a href="http://scratch.mit.edu/users/' . htmlspecialchars(str_replace(' ', '_', $this->reqUsername)) . '" target="_BLANK">' . htmlspecialchars($this->reqUsername) . '</a></td></tr>' . "\n";
$econf = ''; $econf = '';
/*if ( $accountReq->getEmailAuthTimestamp() ) { /*if ( $accountReq->getEmailAuthTimestamp() ) {
$econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>'; $econf = ' <strong>' . $this->msg( 'confirmaccount-econf' )->escaped() . '</strong>';

View file

@ -92,11 +92,8 @@ class RequestAccountPage extends SpecialPage {
protected function showForm( $msg = '', $forgotFile = 0 ) { protected function showForm( $msg = '', $forgotFile = 0 ) {
global $wgAccountRequestTypes, $wgMakeUserPageFromBio; global $wgAccountRequestTypes, $wgMakeUserPageFromBio;
//generate the codes randomly, and generate a new one every two hours in case the code gets censored for some reason or any other issue related to the code //generate the verification code, it's the floor of the time / 7200, so it changes every 2 hours (the next page also adds some fault tolerance if the code is entered on the hour border)
if (!$this->getRequest()->getSessionData('confirmaccount-code') || $this->getRequest()->getSessionData('confirmaccount-time') < time() - 60 * 60 * 2) { $vercode = sha1(floor(time() / 1800) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
$this->getRequest()->setSessionData('confirmaccount-code', sha1(rand(1,999999999)));
$this->getRequest()->setSessionData('confirmaccount-time', time());
}
$reqUser = $this->getUser(); $reqUser = $this->getUser();
@ -218,7 +215,7 @@ class RequestAccountPage extends SpecialPage {
//Scratch user verification //Scratch user verification
$form .= '<fieldset>'; $form .= '<fieldset>';
$form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>'; $form .= '<legend>' . $this->msg('requestaccount-user-verification') . '</legend>';
$form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $this->getRequest()->getSessionData('confirmaccount-code')) . '</p> $form .= '<p>' . $this->msg('requestaccount-project-info', $this->msg('requestaccount-project-link')->text(), $vercode) . '</p>
<p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n"; <p>' . $this->msg('requestaccount-code-troubleshoot') . '</p>' . "\n";
$form .= '</fieldset>'; $form .= '</fieldset>';