From 8768a7ae96d457d38aa9468a410522db56906202 Mon Sep 17 00:00:00 2001 From: Jacob G Date: Tue, 26 May 2015 22:02:11 -0400 Subject: [PATCH 1/4] added limited alt account checking (#14) --- .../business/AccountConfirmSubmission.php | 4 +-- .../language/ConfirmAccountPage.i18n.php | 2 ++ .../actions/ConfirmAccount_body.php | 29 +++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/ConfirmAccount/business/AccountConfirmSubmission.php b/ConfirmAccount/business/AccountConfirmSubmission.php index f0af483..231ba45 100644 --- a/ConfirmAccount/business/AccountConfirmSubmission.php +++ b/ConfirmAccount/business/AccountConfirmSubmission.php @@ -294,10 +294,10 @@ class AccountConfirmSubmission { } # Actually send out the email (@TODO: rollback on failure including $wgAuth) - $result = $user->sendMail( + /*$result = $user->sendMail( $context->msg( 'confirmaccount-email-subj' )->inContentLanguage()->text(), $ebody - ); + );*/ # Update user count $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 ); diff --git a/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php b/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php index 3e9ed71..23a1103 100644 --- a/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php +++ b/ConfirmAccount/frontend/language/ConfirmAccountPage.i18n.php @@ -135,6 +135,8 @@ There may be contact lists on site that you can use if you want to know more abo $2 There may be contact lists on site that you can use if you want to know more about user account policy.', + 'confirmaccount-altwarning' => 'The following accounts have made edits from the same IP address as this user:', + 'confirmaccount-warning' => 'Warning', ); diff --git a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php index 696e4c4..026d539 100644 --- a/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php +++ b/ConfirmAccount/frontend/specialpages/actions/ConfirmAccount_body.php @@ -421,6 +421,20 @@ class ConfirmAccountsPage extends SpecialPage { } $form .= ''; } + + //search for possible alt accounts + $ip = $accountReq->getIP(); + $alts = $this->getUsersFromIP($ip); + if (!empty($alts)) { + foreach ($alts as &$user) { + + } + $form .= '
'; + $form .= '' . $this->msg('confirmaccount-warning') . ''; + $form .= '' . $this->msg('confirmaccount-altwarning') . ''; + $form .= ''; + $form .= '
'; + } $form .= '
'; $form .= '' . $this->msg( 'confirmaccount-legend' )->escaped() . ''; @@ -746,6 +760,21 @@ class ConfirmAccountsPage extends SpecialPage { return $r; } + + function getUsersFromIP($ip) { + global $wgShowExceptionDetails ; + $wgShowExceptionDetails = true; + $dbr = wfGetDB( DB_SLAVE ); + $result = $dbr->select('recentchanges', array('DISTINCT(rc_user_text)'), 'rc_ip=\'' . $ip . '\''); + + $return = array(); + foreach ($result as $row) { + $return[] = (string)$row->rc_user_text; + } + array_unique($return); + + return $return; + } } /** From 60576cf84305b519556d75db77bcaf7e919f549c Mon Sep 17 00:00:00 2001 From: Jacob G Date: Mon, 28 Dec 2015 18:39:35 -0500 Subject: [PATCH 2/4] fixed an installation glitch --- ConfirmAccount/ConfirmAccount.php | 172 +++++++++--------- .../language/RequestAccountPage.i18n.php | 9 + 2 files changed, 100 insertions(+), 81 deletions(-) diff --git a/ConfirmAccount/ConfirmAccount.php b/ConfirmAccount/ConfirmAccount.php index c511663..4ce5de9 100644 --- a/ConfirmAccount/ConfirmAccount.php +++ b/ConfirmAccount/ConfirmAccount.php @@ -1,81 +1,91 @@ - __FILE__, - 'name' => 'Confirm User Accounts', - 'descriptionmsg' => 'confirmedit-desc', - 'author' => 'Aaron Schulz and Jacob G.', - 'url' => 'https://www.mediawiki.org/wiki/Extension:ConfirmAccount', -); - -# Load default config variables -require( dirname( __FILE__ ) . '/ConfirmAccount.config.php' ); - -# Define were PHP files and i18n files are located -require( dirname( __FILE__ ) . '/ConfirmAccount.setup.php' ); -ConfirmAccountSetup::defineSourcePaths( $wgAutoloadClasses, $wgExtensionMessagesFiles ); - -# Define JS/CSS modules and file locations -ConfirmAccountUISetup::defineResourceModules( $wgResourceModules ); - -# Let some users confirm account requests and view credentials for created accounts -$wgAvailableRights[] = 'confirmaccount'; // user can confirm account requests -$wgAvailableRights[] = 'requestips'; // user can see IPs in request queue -$wgAvailableRights[] = 'lookupcredentials'; // user can lookup info on confirmed users - -# Actually register special pages -ConfirmAccountUISetup::defineSpecialPages( $wgSpecialPages, $wgSpecialPageGroups ); - -# ####### HOOK CALLBACK FUNCTIONS ######### - -# UI-related hook handlers -ConfirmAccountUISetup::defineHookHandlers( $wgHooks ); - -# Check for account name collisions -$wgHooks['AbortNewAccount'][] = 'ConfirmAccountUIHooks::checkIfAccountNameIsPending'; - -# Schema changes -$wgHooks['LoadExtensionSchemaUpdates'][] = 'ConfirmAccountUpdaterHooks::addSchemaUpdates'; - -# ####### END HOOK CALLBACK FUNCTIONS ######### - -# Load the extension after setup is finished -$wgExtensionFunctions[] = 'efLoadConfirmAccount'; - -/** - * This function is for setup that has to happen in Setup.php - * when the functions in $wgExtensionFunctions get executed. - * @return void - */ -function efLoadConfirmAccount() { - global $wgEnableEmail; - # This extension needs email enabled! - # Otherwise users can't get their passwords... - if ( !$wgEnableEmail ) { - echo "ConfirmAccount extension requires \$wgEnableEmail set to true.\n"; - exit( 1 ) ; - } -} + __FILE__, + 'name' => 'Confirm User Accounts', + 'descriptionmsg' => 'confirmedit-desc', + 'author' => 'Aaron Schulz and Jacob G.', + 'url' => 'https://www.mediawiki.org/wiki/Extension:ConfirmAccount', +); + +# Load default config variables +require( dirname( __FILE__ ) . '/ConfirmAccount.config.php' ); + +# Define were PHP files and i18n files are located +require( dirname( __FILE__ ) . '/ConfirmAccount.setup.php' ); + +ConfirmAccountSetup::defineSourcePaths( $wgAutoloadClasses, $wgExtensionMessagesFiles ); + +# Define JS/CSS modules and file locations +require( dirname( __FILE__ ) . '/frontend/ConfirmAccountUI.setup.php' ); +ConfirmAccountUISetup::defineResourceModules( $wgResourceModules ); + +# Let some users confirm account requests and view credentials for created accounts +$wgAvailableRights[] = 'confirmaccount'; // user can confirm account requests +$wgAvailableRights[] = 'requestips'; // user can see IPs in request queue +$wgAvailableRights[] = 'lookupcredentials'; // user can lookup info on confirmed users + +# Actually register special pages +ConfirmAccountUISetup::defineSpecialPages( $wgSpecialPages, $wgSpecialPageGroups ); + +# ####### HOOK CALLBACK FUNCTIONS ######### + +# UI-related hook handlers +ConfirmAccountUISetup::defineHookHandlers( $wgHooks ); + +# Check for account name collisions +$wgHooks['AbortNewAccount'][] = 'ConfirmAccountUIHooks::checkIfAccountNameIsPending'; + +# Schema changes +$wgHooks['LoadExtensionSchemaUpdates'][] = 'ConfirmAccountUpdaterHooks::addSchemaUpdates'; + +# ####### END HOOK CALLBACK FUNCTIONS ######### + +# Load the extension after setup is finished +$wgExtensionFunctions[] = 'efLoadConfirmAccount'; + +/** + + * This function is for setup that has to happen in Setup.php + * when the functions in $wgExtensionFunctions get executed. + * @return void + + */ + +function efLoadConfirmAccount() { + global $wgEnableEmail; + + # This extension needs email enabled! + # Otherwise users can't get their passwords... + + /*if ( !$wgEnableEmail ) { + echo "ConfirmAccount extension requires \$wgEnableEmail set to true.\n"; + exit( 1 ) ; + }*/ +} + diff --git a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php index 2c3adf9..2fa354e 100644 --- a/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php +++ b/ConfirmAccount/frontend/language/RequestAccountPage.i18n.php @@ -1123,6 +1123,15 @@ Este código de confirmación caducará el $4.', La dirección de correo electrónico ha sido confirmada. Puedes confirmar la solicitud aquí "$2".', 'acct_request_throttle_hit' => 'Perdón, ya has solicitado {{PLURAL:$1|1 cuenta|$1 cuentas}}. No puedes hacer ninguna otra solicitud.', + +//Scratch-specific stuff + 'requestaccount-user-verification' => 'Verificion de usuario', + 'requestaccount-code-troubleshoot' => '\'\'\'Aviso:\'\'\' Si tienes problemas con el sistema de verificacion, por favor lee la [[Scratch_Wiki:Become a contributor/Verification code troubleshooting|pagina de soluciones]].', + 'requestaccount-set-pwd' => 'Decide la contrasena', + 'requestaccount-project-info' => 'Por favor ve al [$1 proyecto de verificacion] y comenta el codigo siguiente:
\'\'\'$2\'\'\'', + 'requestaccount-project-link' => 'http://scratch.mit.edu/projects/10135908/', + 'requestaccount-nocomment-error' => 'No aparece como hayas comentado el codigo.', + 'requestaccount-api-failed' => 'Estamos teniendo problemas con el servidor. Por favor trata de registrarte otra vez en un tiempo diferente.', ); /** Estonian (eesti) From 6d719cfd4748e6e48e17fe4de8ba25e3f4504148 Mon Sep 17 00:00:00 2001 From: Jacob G Date: Mon, 11 Jan 2016 20:06:53 -0500 Subject: [PATCH 3/4] fixed regex detection of scratch team members with asterisk in username --- ConfirmAccount/business/AccountRequestSubmission.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ConfirmAccount/business/AccountRequestSubmission.php b/ConfirmAccount/business/AccountRequestSubmission.php index e0452cd..690c19a 100644 --- a/ConfirmAccount/business/AccountRequestSubmission.php +++ b/ConfirmAccount/business/AccountRequestSubmission.php @@ -112,14 +112,14 @@ class AccountRequestSubmission { return; } $success = false; - preg_match_all('%
.*?
.*?
\s+(([a-zA-Z0-9]|-|_)+)\s+
\s+
(.*?)
%ms', $data, $matches); + preg_match_all('%
.*?
.*?
\s+(([a-zA-Z0-9]|-|_|\*)+)\s+
\s+
(.*?)
%ms', $data, $matches); unset($matches[2]); unset($matches[3]); unset($matches[4]); foreach ($matches[5] as $key => $val) { $user = $matches[1][$key]; $comment = trim($val); - if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) { + if ((strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) { $success = true; break; } From f958aceb16f2d03f9de6e219901bd30c3ba8e68f Mon Sep 17 00:00:00 2001 From: Jacob G Date: Mon, 11 Jan 2016 20:07:41 -0500 Subject: [PATCH 4/4] fixed syntax error --- ConfirmAccount/business/AccountRequestSubmission.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ConfirmAccount/business/AccountRequestSubmission.php b/ConfirmAccount/business/AccountRequestSubmission.php index 690c19a..e4194a6 100644 --- a/ConfirmAccount/business/AccountRequestSubmission.php +++ b/ConfirmAccount/business/AccountRequestSubmission.php @@ -119,7 +119,7 @@ class AccountRequestSubmission { foreach ($matches[5] as $key => $val) { $user = $matches[1][$key]; $comment = trim($val); - if ((strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) { + if (strtolower($user) == strtolower(htmlspecialchars($this->userName)) && $this->stringContainsArray($comment, $codes)) { $success = true; break; }