diff options
| author | Christopher Guindon | 2014-10-17 18:03:40 +0000 |
|---|---|---|
| committer | Christopher Guindon | 2014-10-17 18:03:40 +0000 |
| commit | 4a3e94e896d16693c887893826ef7fdc69494f6a (patch) | |
| tree | a20ae6f2310222c489d4e3da0122535b98e90c43 | |
| parent | 76bc90b85ac848e33afd08870c6507f03fc075ef (diff) | |
| download | dev.eclipse.org-staging.tar.gz dev.eclipse.org-staging.tar.xz dev.eclipse.org-staging.zip | |
replace tabs with spacesstaging
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
| -rwxr-xr-x | site_login/createaccount.php | 672 |
1 files changed, 336 insertions, 336 deletions
diff --git a/site_login/createaccount.php b/site_login/createaccount.php index e5789b0..198ca04 100755 --- a/site_login/createaccount.php +++ b/site_login/createaccount.php @@ -1,4 +1,4 @@ -<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); $App = new App(); $Nav = new Nav(); $Menu = new Menu(); include("_projectCommon.php"); # All on the same line to unclutter the user's desktop' +<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); $App = new App(); $Nav = new Nav(); $Menu = new Menu(); include("_projectCommon.php"); # All on the same line to unclutter the user's desktop' /******************************************************************************* * Copyright (c) 2012 Eclipse Foundation and others. * All rights reserved. This program and the accompanying materials @@ -9,367 +9,367 @@ * Contributors: * Denis Roy (Eclipse Foundation)- initial API and implementation *******************************************************************************/ - $App->preventCaching(); + $App->preventCaching(); - $pageTitle = "Eclipse.org account"; - $pageKeywords = "eclipse,friends,login,account,signon,sign-on,register"; - $pageAuthor = "Eclipse Foundation, Inc."; - header("Content-type: text/html; charset=utf-8"); - header("Cache-Control: no-cache, must-revalidate"); + $pageTitle = "Eclipse.org account"; + $pageKeywords = "eclipse,friends,login,account,signon,sign-on,register"; + $pageAuthor = "Eclipse Foundation, Inc."; + header("Content-type: text/html; charset=utf-8"); + header("Cache-Control: no-cache, must-revalidate"); - $username = $App->getHTTPParameter("username", "POST"); - $submit = $App->getHTTPParameter("submit", "POST"); - $fname = $App->getHTTPParameter("fname", "POST"); - $lname = $App->getHTTPParameter("lname", "POST"); - $password1 = $App->getHTTPParameter("password1", "POST"); - $password2 = $App->getHTTPParameter("password2", "POST"); - $skill = $App->getHTTPParameter("skill", "POST"); - $agree = $App->getHTTPParameter("agree", "POST"); - $stage = $App->getHTTPParameter("stage"); - $token = $App->getHTTPParameter("t"); - $p = $App->getHTTPParameter("p"); + $username = $App->getHTTPParameter("username", "POST"); + $submit = $App->getHTTPParameter("submit", "POST"); + $fname = $App->getHTTPParameter("fname", "POST"); + $lname = $App->getHTTPParameter("lname", "POST"); + $password1 = $App->getHTTPParameter("password1", "POST"); + $password2 = $App->getHTTPParameter("password2", "POST"); + $skill = $App->getHTTPParameter("skill", "POST"); + $agree = $App->getHTTPParameter("agree", "POST"); + $stage = $App->getHTTPParameter("stage"); + $token = $App->getHTTPParameter("t"); + $p = $App->getHTTPParameter("p"); - $error = ""; - $reset_error = ""; + $error = ""; + $reset_error = ""; - # Sanitize for XSS - $username = preg_replace($xss_patterns, '', $username); - $fname = preg_replace($name_regexp, '', $fname); - $lname = preg_replace($name_regexp, '', $lname); - $password1 = preg_replace($xss_patterns, '', $password1); - $password2 = preg_replace($xss_patterns, '', $password2); - $token = preg_replace("/[^a-zA-Z0-9]/", "", $token); + # Sanitize for XSS + $username = preg_replace($xss_patterns, '', $username); + $fname = preg_replace($name_regexp, '', $fname); + $lname = preg_replace($name_regexp, '', $lname); + $password1 = preg_replace($xss_patterns, '', $password1); + $password2 = preg_replace($xss_patterns, '', $password2); + $token = preg_replace("/[^a-zA-Z0-9]/", "", $token); - if($token != "" && $stage == "") { - $stage = "confirm"; - } + if($token != "" && $stage == "") { + $stage = "confirm"; + } - if($token != "" && $p == "p") { - $stage = "reset2"; - } - if($token != "" && $password1 != "") { - $stage = "reset3"; - } + if($token != "" && $p == "p") { + $stage = "reset2"; + } + if($token != "" && $password1 != "") { + $stage = "reset3"; + } - $includefile = "content/en_" . $App->getScriptName(); - if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { - $password1 = stripslashes($password1); - } + $includefile = "content/en_" . $App->getScriptName(); + if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { + $password1 = stripslashes($password1); + } - require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php"); - require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php"); - require_once '/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php'; - $Friend = new Friend(); + require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php"); + require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php"); + require_once '/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php'; + $Friend = new Friend(); - if($stage == "create") { - if($username != "" && $fname != "" && $lname != "" && $password1 != "") { - # Create an account. Check to ensure this IP address hasn't flooded us with requests - # or that this email address doesn't already have an account - $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] >= 25) { - $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8723s)"; - } - else { - $error = "<b>An unknown error has ocurred. Please try later."; - # Check LDAP - $ldap = new LDAPConnection(); - if(! $ldap->checkEmailAvailable($username)) { - $error = "<b>That account already exists. If you cannot remember your password, please use the password reset option below.</b> (8725s)"; - # Jot this down to avoid repetitively polling ldap - $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ", - '', - " . $App->returnQuotedString($App->sqlSanitize($fname)) . ", - " . $App->returnQuotedString($App->sqlSanitize($lname)) . ", - '', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $App->returnQuotedString("CREATE_FAILED") . ")"); + if($stage == "create") { + if($username != "" && $fname != "" && $lname != "" && $password1 != "") { + # Create an account. Check to ensure this IP address hasn't flooded us with requests + # or that this email address doesn't already have an account + $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] >= 25) { + $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8723s)"; + } + else { + $error = "<b>An unknown error has ocurred. Please try later."; + # Check LDAP + $ldap = new LDAPConnection(); + if(! $ldap->checkEmailAvailable($username)) { + $error = "<b>That account already exists. If you cannot remember your password, please use the password reset option below.</b> (8725s)"; + # Jot this down to avoid repetitively polling ldap + $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ", + '', + " . $App->returnQuotedString($App->sqlSanitize($fname)) . ", + " . $App->returnQuotedString($App->sqlSanitize($lname)) . ", + '', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + " . $App->returnQuotedString("CREATE_FAILED") . ")"); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($username); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_ALREADY_EXISTS"); - $EventLog->insertModLog("apache"); - } - else { - $error = ""; - if($agree != 1) { - $error .= "- You must agree to the terms and contitions of use<br />"; - } + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($username); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("ACCT_CREATE_ALREADY_EXISTS"); + $EventLog->insertModLog("apache"); + } + else { + $error = ""; + if($agree != 1) { + $error .= "- You must agree to the terms and contitions of use<br />"; + } - if(!preg_match($email_regexp, $username)) { - $error .= "- Your email address is not formatted correctly<br />"; - } + if(!preg_match($email_regexp, $username)) { + $error .= "- Your email address is not formatted correctly<br />"; + } - if($skill != 16) { - $error .= "- You haven't answered the mathematical question correctly<br />"; - } - if(!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $password1)) { - $error .= "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />"; - } + if($skill != 16) { + $error .= "- You haven't answered the mathematical question correctly<br />"; + } + if(!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $password1)) { + $error .= "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />"; + } - # Houston, we have a problem. - if($error != "") { - $error = "<b>Your request could not be processed for the following reason(s):<br/>" . $error . "</b>"; - } - else { - # Add request to database - $token = $App->getAlphaCode(64); - mysql_set_charset('utf8'); - $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize(trim($username))) . ", - '', - " . $App->returnQuotedString($App->sqlSanitize(trim($fname))) . ", - " . $App->returnQuotedString($App->sqlSanitize(trim($lname))) . ", - '" . $App->sqlSanitize($password1) . "', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $App->returnQuotedString($token) . ")"); + # Houston, we have a problem. + if($error != "") { + $error = "<b>Your request could not be processed for the following reason(s):<br/>" . $error . "</b>"; + } + else { + # Add request to database + $token = $App->getAlphaCode(64); + mysql_set_charset('utf8'); + $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize(trim($username))) . ", + '', + " . $App->returnQuotedString($App->sqlSanitize(trim($fname))) . ", + " . $App->returnQuotedString($App->sqlSanitize(trim($lname))) . ", + '" . $App->sqlSanitize($password1) . "', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + " . $App->returnQuotedString($token) . ")"); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($token); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_REQ_SUCCESS"); - $EventLog->insertModLog($username); + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($token); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("ACCT_CREATE_REQ_SUCCESS"); + $EventLog->insertModLog($username); - # Send mail to dest - $mail = "Dear $fname,\n\n"; - $mail .= "Thank you for registering for an account at Eclipse.org. Before we can activate your account one last step must be taken to complete your registration.\n\n"; - $mail .= "To complete your registration, please visit this URL:\nhttps://dev.eclipse.org/site_login/r.php?t=$token\n\n"; - $mail .= "Your Username is: $username\n\n"; - $mail .= "If you have any problems signing up please contact webmaster@eclipse.org\n\n"; - $mail .= " -- Eclipse webmaster\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8'; - mail($username, "Eclipse Account Registration", $mail, $headers); + # Send mail to dest + $mail = "Dear $fname,\n\n"; + $mail .= "Thank you for registering for an account at Eclipse.org. Before we can activate your account one last step must be taken to complete your registration.\n\n"; + $mail .= "To complete your registration, please visit this URL:\nhttps://dev.eclipse.org/site_login/r.php?t=$token\n\n"; + $mail .= "Your Username is: $username\n\n"; + $mail .= "If you have any problems signing up please contact webmaster@eclipse.org\n\n"; + $mail .= " -- Eclipse webmaster\n"; + $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8'; + mail($username, "Eclipse Account Registration", $mail, $headers); - $includefile = "content/en_createsuccess.php"; - } + $includefile = "content/en_createsuccess.php"; + } } ldap_close($ds); - } - } - else { - $error = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (8726s)"; - } - } - if($stage == "reset") { - # reset stage 1. We got an email address, create token and email to user - # make sure someone isn't blasting us. We disregard "token failed" since a common use-case - # is to click the reset link after it has expired. - $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token <> 'TOKEN_FAILED' AND fname = 'RESET' AND lname = 'RESET' AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] >= 13) { - $error = "<b>We were unable to determine your identity after several attempts. Subsequent inquiries will be ignored for our protection. Please try later, or contact webmaster@eclipse.org for support.</b> (8727s)"; - $includefile = "content/en_reset_error.php"; - } - else { - # Check to see if we're trying to reset the password of a valid account. - $ldap = new LDAPConnection(); - $token = $App->getAlphaCode(64); - $App->eclipse_sql("INSERT IGNORE INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ", - '', - " . $App->returnQuotedString("RESET") . ", - " . $App->returnQuotedString("RESET") . ", - '" . $App->sqlSanitize($password1) . "', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $App->returnQuotedString($token) . ")"); + } + } + else { + $error = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (8726s)"; + } + } + if($stage == "reset") { + # reset stage 1. We got an email address, create token and email to user + # make sure someone isn't blasting us. We disregard "token failed" since a common use-case + # is to click the reset link after it has expired. + $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token <> 'TOKEN_FAILED' AND fname = 'RESET' AND lname = 'RESET' AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] >= 13) { + $error = "<b>We were unable to determine your identity after several attempts. Subsequent inquiries will be ignored for our protection. Please try later, or contact webmaster@eclipse.org for support.</b> (8727s)"; + $includefile = "content/en_reset_error.php"; + } + else { + # Check to see if we're trying to reset the password of a valid account. + $ldap = new LDAPConnection(); + $token = $App->getAlphaCode(64); + $App->eclipse_sql("INSERT IGNORE INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ", + '', + " . $App->returnQuotedString("RESET") . ", + " . $App->returnQuotedString("RESET") . ", + '" . $App->sqlSanitize($password1) . "', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + " . $App->returnQuotedString($token) . ")"); - if(!preg_match($email_regexp, $username)) { - $reset_error = "<b>Your email address is not formatted correctly.</b><br />"; - } - elseif($ldap->checkEmailAvailable($username)) { - $reset_error = "<b>We were unable to determine your identity with the information you've supplied.</b> Perhaps you don't have an Eclipse.org account, or your account is under a different email address.(8x27s)"; - } - else { - # Send mail to dest - $mail = "You (or someone pretending to be you) has requested a password reset from:\n"; - $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n"; - $mail .= "To change your password, please visit this URL:\nhttps://dev.eclipse.org/site_login/p.php?t=$token\n\n"; - $mail .= "If you have not requested this change, you can safely let it expire. If you have any problems signing in please contact webmaster@eclipse.org\n\n"; - $mail .= " -- Eclipse webmaster\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>'; - mail($username, "Eclipse Account Password Reset", $mail, $headers); - $pageTitle = "Password reset"; - $includefile = "content/en_reset.php"; + if(!preg_match($email_regexp, $username)) { + $reset_error = "<b>Your email address is not formatted correctly.</b><br />"; + } + elseif($ldap->checkEmailAvailable($username)) { + $reset_error = "<b>We were unable to determine your identity with the information you've supplied.</b> Perhaps you don't have an Eclipse.org account, or your account is under a different email address.(8x27s)"; + } + else { + # Send mail to dest + $mail = "You (or someone pretending to be you) has requested a password reset from:\n"; + $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n"; + $mail .= "To change your password, please visit this URL:\nhttps://dev.eclipse.org/site_login/p.php?t=$token\n\n"; + $mail .= "If you have not requested this change, you can safely let it expire. If you have any problems signing in please contact webmaster@eclipse.org\n\n"; + $mail .= " -- Eclipse webmaster\n"; + $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>'; + mail($username, "Eclipse Account Password Reset", $mail, $headers); + $pageTitle = "Password reset"; + $includefile = "content/en_reset.php"; - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($token); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_REQ"); - $EventLog->insertModLog($username); - } - } - } - if($stage == "reset2") { - # reset stage 2. We got an token back. If we find a record, allow user to reset password, then proceed to stage3 - $includefile = "content/en_reset.php"; - if($token != "") { - $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] <= 0) { - $error = "<b>The supplied reset token is invalid; perhaps it has expired? Please wait 5 minutes and try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8129rs)"; - $includefile = "content/en_reset_error.php"; - # If we can't find a record, insert a record preventing this dude from bombing us - $token = $App->getAlphaCode(64); - $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - } - else { - # display password reset page. - $includefile = "content/en_reset.php"; - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($token); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_CONF"); - $EventLog->insertModLog($myrow['email']); - # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing - # $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) - # . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - #$rs = $App->eclipse_sql($SQL); - } - } - } - if($stage == "reset3") { - # reset stage 3. We got a token back, and user is submitting a password. - $includefile = "content/en_reset.php"; - if($token != "" && $password1 != "") { - $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] <= 0) { - $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8329rs)"; - # If we can't find a record, insert a record preventing this dude from bombing us - $token = $App->getAlphaCode(64); - $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - } - else { - if(!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $password1)) { - $error .= "- Your password does not meet the complexity requirements<br />"; - } - else { - # Update this row, change IP address to reflect that of the person who successfully confirmed this password to avoid bombing - $SQL = "UPDATE account_requests SET token = 'PASSWORD_SUCCESS', password='" . $App->sqlSanitize($password1) . "', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) - . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - $rs = $App->eclipse_sql($SQL); + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($token); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("PASSWD_RESET_REQ"); + $EventLog->insertModLog($username); + } + } + } + if($stage == "reset2") { + # reset stage 2. We got an token back. If we find a record, allow user to reset password, then proceed to stage3 + $includefile = "content/en_reset.php"; + if($token != "") { + $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] <= 0) { + $error = "<b>The supplied reset token is invalid; perhaps it has expired? Please wait 5 minutes and try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8129rs)"; + $includefile = "content/en_reset_error.php"; + # If we can't find a record, insert a record preventing this dude from bombing us + $token = $App->getAlphaCode(64); + $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", + '', + 'token_failed', + 'token_failed', + 'token_failed', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + 'TOKEN_FAILED')" + ); + } + else { + # display password reset page. + $includefile = "content/en_reset.php"; + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($token); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("PASSWD_RESET_CONF"); + $EventLog->insertModLog($myrow['email']); + # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing + # $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) + # . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + #$rs = $App->eclipse_sql($SQL); + } + } + } + if($stage == "reset3") { + # reset stage 3. We got a token back, and user is submitting a password. + $includefile = "content/en_reset.php"; + if($token != "" && $password1 != "") { + $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] <= 0) { + $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8329rs)"; + # If we can't find a record, insert a record preventing this dude from bombing us + $token = $App->getAlphaCode(64); + $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", + '', + 'token_failed', + 'token_failed', + 'token_failed', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + 'TOKEN_FAILED')" + ); + } + else { + if(!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $password1)) { + $error .= "- Your password does not meet the complexity requirements<br />"; + } + else { + # Update this row, change IP address to reflect that of the person who successfully confirmed this password to avoid bombing + $SQL = "UPDATE account_requests SET token = 'PASSWORD_SUCCESS', password='" . $App->sqlSanitize($password1) . "', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) + . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + $rs = $App->eclipse_sql($SQL); - $bzpass = &generateBugzillaSHA256Password($password1); - $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($myrow['email'])) . " LIMIT 1"; - $App->bugzilla_sql($SQL); - $App->ipzilla_sql($SQL); + $bzpass = &generateBugzillaSHA256Password($password1); + $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($myrow['email'])) . " LIMIT 1"; + $App->bugzilla_sql($SQL); + $App->ipzilla_sql($SQL); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($token); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_SUCCESS"); - $EventLog->insertModLog($myrow['email']); - } - } - } - } - if($stage == "confirm") { - $includefile = "content/en_confirm.php"; - $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token IN ('TOKEN_FAILED', 'CONFIRM_SUCCESS') AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] > 0) { - $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8728s)"; - } - else { - if($token != "") { - $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - $rs = $App->eclipse_sql($SQL); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] <= 0) { - $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try creating your account again, and contact webmaster@eclipse.org if the problem persists.</b> (8729s)"; - # If we can't find a record, insert a record preventing this dude from bombing us - $token = $App->getAlphaCode(64); - $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($App->sqlSanitize($token)); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_TOKEN_FAILED"); - $EventLog->insertModLog("apache"); - } - else { - # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing - $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) - . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); - $rs = $App->eclipse_sql($SQL); + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($token); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("PASSWD_RESET_SUCCESS"); + $EventLog->insertModLog($myrow['email']); + } + } + } + } + if($stage == "confirm") { + $includefile = "content/en_confirm.php"; + $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token IN ('TOKEN_FAILED', 'CONFIRM_SUCCESS') AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] > 0) { + $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8728s)"; + } + else { + if($token != "") { + $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + $rs = $App->eclipse_sql($SQL); + $myrow = mysql_fetch_assoc($rs); + if($myrow['RecordCount'] <= 0) { + $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try creating your account again, and contact webmaster@eclipse.org if the problem persists.</b> (8729s)"; + # If we can't find a record, insert a record preventing this dude from bombing us + $token = $App->getAlphaCode(64); + $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ", + '', + 'token_failed', + 'token_failed', + 'token_failed', + " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", + NOW(), + 'TOKEN_FAILED')" + ); + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($App->sqlSanitize($token)); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("ACCT_CREATE_TOKEN_FAILED"); + $EventLog->insertModLog("apache"); + } + else { + # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing + $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR'])) + . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token)); + $rs = $App->eclipse_sql($SQL); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($App->sqlSanitize($token)); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_CONFIRM_SUCCESS"); - $EventLog->insertModLog($myrow['email']); - } - } - else { - $error = "<b>We were unable to validate your request. The supplied token is invalid. Please contact webmaster@eclipse.org.</b>"; - } - } - } + $EventLog = new EvtLog(); + $EventLog->setLogTable("__ldap"); + $EventLog->setPK1($App->sqlSanitize($token)); + $EventLog->setPK2($_SERVER['REMOTE_ADDR']); + $EventLog->setLogAction("ACCT_CREATE_CONFIRM_SUCCESS"); + $EventLog->insertModLog($myrow['email']); + } + } + else { + $error = "<b>We were unable to validate your request. The supplied token is invalid. Please contact webmaster@eclipse.org.</b>"; + } + } + } - include($includefile); - # Generate the web page - $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html); + include($includefile); + # Generate the web page + $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html); - function generatePassword($_num_chars) { - global $App; - $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1023456789,.;:/@#$%^&*()-_=+"; - srand((double)microtime()*1000000); - $loopcount = 0; - $rValue = ""; - while (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $rValue)) { - $rValue = ""; - $i = 0; - $loopcount++; - srand((double)microtime()*1000000); - while ($i <= $_num_chars) { - $num = rand() % strlen($chars); - $rValue .= substr($chars, $num, 1); - $i++; - } - # antilooper - if($loopcount > 1000) { - $rValue = "aA1$" . $App->getAlphaCode(4); - } - } - return $rValue; + function generatePassword($_num_chars) { + global $App; + $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1023456789,.;:/@#$%^&*()-_=+"; + srand((double)microtime()*1000000); + $loopcount = 0; + $rValue = ""; + while (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $rValue)) { + $rValue = ""; + $i = 0; + $loopcount++; + srand((double)microtime()*1000000); + while ($i <= $_num_chars) { + $num = rand() % strlen($chars); + $rValue .= substr($chars, $num, 1); + $i++; + } + # antilooper + if($loopcount > 1000) { + $rValue = "aA1$" . $App->getAlphaCode(4); + } + } + return $rValue; } |