diff options
| author | Christopher Guindon | 2017-02-27 15:36:54 +0000 |
|---|---|---|
| committer | Christopher Guindon | 2017-03-10 17:32:32 +0000 |
| commit | 82072d3e1e12c5be49f19936686012d7ba676489 (patch) | |
| tree | 3945cca8a8e6afecf5b0a874e3e6c0ca366ad291 | |
| parent | 55f870fa58008e3ef22c04f53c2ea314e203c717 (diff) | |
| download | eclipse.org-common-82072d3e1e12c5be49f19936686012d7ba676489.tar.gz eclipse.org-common-82072d3e1e12c5be49f19936686012d7ba676489.tar.xz eclipse.org-common-82072d3e1e12c5be49f19936686012d7ba676489.zip | |
Bug 512765 - Deprecate dev.eclipse.org/site_login
Change-Id: I18d986f3999c5c7e879e45cd9aae699d77fbfbf0
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
| -rw-r--r-- | classes/subscriptions/mailchimp.class.php | 373 | ||||
| -rw-r--r-- | classes/subscriptions/subscriptions.class.php | 20 | ||||
| -rw-r--r-- | classes/subscriptions/subscriptions_base.class.php | 127 | ||||
| -rw-r--r-- | classes/subscriptions/tpl/subscriptions.tpl.php | 36 | ||||
| -rw-r--r-- | classes/themes/baseTheme.class.php | 16 | ||||
| -rw-r--r-- | classes/users/accountCreator.class.php | 227 | ||||
| -rw-r--r-- | classes/users/cla.class.php | 717 | ||||
| -rw-r--r-- | classes/users/siteLogin.class.php | 1574 | ||||
| -rw-r--r-- | classes/users/tpl/cla_form.tpl.php | 149 | ||||
| -rw-r--r-- | classes/users/tpl/cla_record.tpl.php | 32 | ||||
| -rw-r--r-- | system/eclipseenv.class.php | 3 | ||||
| -rw-r--r-- | system/session.class.php | 2 |
12 files changed, 12 insertions, 3264 deletions
diff --git a/classes/subscriptions/mailchimp.class.php b/classes/subscriptions/mailchimp.class.php deleted file mode 100644 index eaa0f1a8..00000000 --- a/classes/subscriptions/mailchimp.class.php +++ /dev/null @@ -1,373 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2015, 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - initial API and implementation - * Christopher Guindon (Eclipse Foundation) - *******************************************************************************/ -require_once(realpath(dirname(__FILE__) . "/../../system/app.class.php")); -require_once("subscriptions_base.class.php"); - -define('MAILCHIMP_SUBSCRIBE','subscribe'); -define('MAILCHIMP_UNSUBSCRIBE','unsubscribe'); - -class Mailchimp extends Subscriptions_base { - - private $api_key = FALSE; - - private $subscribe_list = array(); - - private $list_id = FALSE; - - public function __construct(App $App) { - parent::__construct($App); - - // Checking if the user is changing Subscription status - $stage = filter_var($this->App->getHTTPParameter('stage', 'POST'), FILTER_SANITIZE_STRING); - $form = filter_var($this->App->getHTTPParameter('form_name', 'POST'), FILTER_SANITIZE_STRING); - - if ($form === 'mailchimp_form') { - if ($stage === 'mailchimp_subscribe') { - if (!$this->addUserToList()) { - die('The subscription service is unavailable at the moment.'); - } - } - - if ($stage === 'mailchimp_unsubscribe') { - if (!$this->_removeUserFromList()) { - die('The subscription service is unavailable at the moment.'); - } - } - } - } - - - /** - * Add user to mailing list - * - * @return bool - */ - public function addUserToList() { - if (!$this->getIsSubscribed()) { - $email_md5 = $this->_getEmailMd5(); - $list_id = $this->_getListId(); - if ($email_md5 && $list_id) { - $request = array( - 'action' => 'PUT', - 'endpoint' => "/lists/" . $list_id . "/members/" . $email_md5, - 'data' => array( - "email_address" => $this->getEmail(), - "status_if_new" => "subscribed", - "merge_fields" => array( - "FNAME" => $this->getFirstName(), - "LNAME" => $this->getLastName(), - ), - ), - ); - - $data = $this->_curlRequest($request); - if ($data === TRUE) { - // Add to list if there's no error - $this->_addUserToSubscribeList(); - $this->App->setSystemMessage('mailchimp_unsubscribe', 'You have successfully subscribed to Eclipse Newsletter.', 'success'); - return TRUE; - } - } - } - $this->App->setSystemMessage('mailchimp_unsubscribe', 'There was a problem subscribing you to Eclipse Newsletter. (#subscriptions-001)', 'danger'); - return FALSE; - } - - /** - * This function returns the user's subscription status - * - * @return bool - */ - public function getIsSubscribed() { - if (!isset($this->subscribe_list[$this->getEmail()])) { - $this->_verifyUserSubscription(); - } - return $this->subscribe_list[$this->getEmail()]; - } - - /** - * Get HTML form - * - * @return string - */ - public function output(){ - $uid = $this->Friend->getUID(); - $html = ""; - if (!empty($uid)) { - ob_start(); - include 'tpl/subscriptions.tpl.php'; - $html = ob_get_clean(); - } - - return $html; - } - - /** - * Add user to subscribe list - */ - private function _addUserToSubscribeList() { - $this->subscribe_list[$this->getEmail()] = TRUE; - } - - - /** - * This function sends an API request to Mailchimp - * - * @param $action - string containing the words GET, PUT or DELETE - * - * @return array - */ - private function _curlRequest($request) { - - $accepted_actions = array( - 'GET', - 'DELETE', - 'PUT' - ); - - $return = array(); - if (!empty($request['action']) && in_array($request['action'], $accepted_actions) && !empty($request['endpoint'])) { - $url = $this->_mailchimpUrl() . $request['endpoint']; - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Authorization: apikey ' . $this->_getApiKey())); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($ch, CURLOPT_TIMEOUT, 30); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE); - curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - curl_setopt($ch, CURLOPT_ENCODING, ''); - - curl_setopt($ch, CURLOPT_FORBID_REUSE, TRUE); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - - // CONFIG: Optional proxy configuration - curl_setopt($ch, CURLOPT_PROXY, 'proxy.eclipse.org:9899'); - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - - // If we're on staging - if ($this->getDebugMode()) { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); - curl_setopt($ch, CURLOPT_PROXY, ''); - } - - switch ($request['action']) { - case "DELETE": - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); - $ret = curl_setopt($ch, CURLOPT_HEADER, TRUE); - $result = curl_exec($ch); - $result = curl_getinfo($ch); - break; - case "PUT": - if (!empty($request['data'])) { - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($request['data'])); - $result = curl_exec($ch); - } - break; - case "GET": - curl_setopt($ch, CURLOPT_URL, $url . '?' . http_build_query(array())); - $result = curl_exec($ch); - break; - - } - - curl_close($ch); - if (isset($result)) { - if ($request['action'] !== 'DELETE') { - $result = json_decode($result, TRUE); - } - $result = $this->_validate_results($result, $request); - if (is_bool($result)) { - return $result; - } - } - } - return 'ERROR'; - } - - /** - * Get Api key - * - * @return string - */ - private function _getApiKey(){ - if (empty($this->api_key)) { - $this->_setApiKeyAndListId(); - } - - return $this->api_key; - } - - /** - * Get MD5 hash of the user's e-mail - * - * @return string|bool - */ - private function _getEmailMd5(){ - $email = $this->getEmail(); - if (!empty($email)) { - return md5($email); - } - return FALSE; - } - - /** - * Get List id - * @return string|unknown|boolean - */ - private function _getListId() { - if (empty($this->list_id)) { - $this->_setApiKeyAndListId(); - } - - return $this->list_id; - } - - - /** - * This function assemble the correct API url to send requests to - * - * @return string - * */ - private function _mailchimpUrl() { - if ($key = $this->_getApiKey()) { - $datacentre = explode('-', $key); - return 'https://' . $datacentre[1] . '.api.mailchimp.com/3.0/'; - } - } - - - /** - * Remove user from mailing list. - */ - private function _removeUserFromList() { - - if ($this->getIsSubscribed()) { - $email_md5 = $this->_getEmailMd5(); - $list_id = $this->_getListId(); - if ($email_md5 && $list_id) { - $request = array( - 'action' => 'DELETE', - 'endpoint' => "/lists/". $list_id ."/members/" . $email_md5, - ); - - $data = $this->_curlRequest($request); - - if ($data === TRUE) { - // Remove from list if there's no error - $this->_removeUserFromSubscribeList(); - $this->App->setSystemMessage('mailchimp_unsubscribe', 'You have successfully unsubscribed to Eclipse Newsletter.', 'success'); - return TRUE; - } - } - } - $this->App->setSystemMessage('mailchimp_unsubscribe', 'There was a problem unsubscribing you to Eclipse Newsletter. (#subscriptions-001)', 'danger'); - return FALSE; - } - - /** - * Remove user from subscribe list - */ - private function _removeUserFromSubscribeList() { - $this->subscribe_list[$this->getEmail()] = FALSE; - } - - /** - * This function sets the Mailchimp API Key and List ID - * - * The default API key and List ID are fetched from eclipse-php-classes - */ - private function _setApiKeyAndListId() { - require_once("/home/data/httpd/eclipse-php-classes/system/authcode.php"); - - $mode = "production"; - if ($this->getDebugMode() === TRUE) { - $mode = "staging"; - } - - if (empty($mailchimp_keys[$mode]['api_key']) || empty($mailchimp_keys[$mode]['list_id'])) { - $this->App->setSystemMessage('mailchimp_api_key', 'The Mailchimp API key or List Id is not valid', 'danger'); - return FALSE; - } - - $this->api_key = $mailchimp_keys[$mode]['api_key']; - $this->list_id = $mailchimp_keys[$mode]['list_id']; - - } - - - /** - * Validate curl request results - * - * @param array $return - * @param array $request - * - * @return sting|bool - */ - private function _validate_results($return, $request) { - switch ($request['action']) { - case "DELETE": - if ($return['http_code'] == '204') { - return TRUE; - } - break; - - case "PUT": - if ($return['email_address'] == $this->getEmail() && $return['status'] === 'subscribed') { - return TRUE; - } - break; - - case "GET": - // The user is not subscribed. - if ($return['status'] == '404') { - return FALSE; - } - - //The user was found in the list. - if ($return['email_address'] == $this->getEmail() && $return['status'] === 'subscribed') { - return TRUE; - } - } - - // If something goes wrong - return 'ERROR'; - } - - /** - * This function verifies if the user is part of the members list - * - * @return bool - * */ - private function _verifyUserSubscription() { - $email_md5 = $this->_getEmailMd5(); - $list_id = $this->_getListId(); - if ($email_md5 && $list_id) { - $request = array( - 'action' => 'GET', - 'endpoint' => '/lists/' . $list_id . '/members/' . $email_md5, - ); - - $list = $this->_curlRequest($request); - - if ($list === TRUE) { - $this->_addUserToSubscribeList(); - } - elseif ($list === FALSE) { - $this->_removeUserFromSubscribeList(); - } - } - } -} - diff --git a/classes/subscriptions/subscriptions.class.php b/classes/subscriptions/subscriptions.class.php deleted file mode 100644 index 3c723de4..00000000 --- a/classes/subscriptions/subscriptions.class.php +++ /dev/null @@ -1,20 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - Initial implementation - *******************************************************************************/ -require_once("mailchimp.class.php"); - -class Subscriptions extends Mailchimp { - - function __construct(App $App) { - parent::__construct($App); - } - -}
\ No newline at end of file diff --git a/classes/subscriptions/subscriptions_base.class.php b/classes/subscriptions/subscriptions_base.class.php deleted file mode 100644 index 0f0e599f..00000000 --- a/classes/subscriptions/subscriptions_base.class.php +++ /dev/null @@ -1,127 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://eclipse.org/legal/epl-v10.html - * - * Contributors: - * Christopher Guindon (Eclipse Foundation) - Initial implementation - *******************************************************************************/ - -class Subscriptions_base { - - protected $App = NULL; - - private $debug_mode = FALSE; - - private $email = ""; - - private $first_name = ""; - - private $last_name = ""; - - protected $Friend = NULL; - - protected $Sessions = NULL; - - function __construct(App $App) { - $this->App = $App; - $this->Sessions = $this->App->useSession(); - $this->Friend = $this->Sessions->getFriend(); - - // Set debug mode if the domain contains the word .local or staging - $domain = $this->App->getEclipseDomain(); - if (in_array($domain['shortname'], array('local','staging'))) { - $this->_setDebugMode(TRUE); - } - } - - /** - * Get First Name - */ - public function getFirstName() { - if (empty($this->first_name)) { - $this->setFirstName($this->Friend->getFirstName()); - } - return $this->first_name; - } - - /** - * Set First Name - * - * @param string $first_name - */ - public function setFirstName($first_name = "") { - $this->first_name = filter_var($first_name, FILTER_SANITIZE_STRING); - return $this->first_name; - } - - /** - * Get Last Name - */ - public function getLastName() { - if (empty($this->last_name)) { - $this->setLastName($this->Friend->getLastName()); - } - return $this->last_name; - } - - /** - * Set Last Name - * - * @param string $last_name - */ - public function setLastName($last_name = ""){ - $this->last_name = filter_var($last_name, FILTER_SANITIZE_STRING); - return $this->first_name; - } - - /** - * Get Email - */ - public function getEmail() { - if (empty($this->email)) { - $this->email = $this->setEmail($this->Friend->getEmail()); - } - return $this->email; - } - - /** - * Set Email - * - * @param string $email - */ - public function setEmail($email = "") { - if (filter_var($email, FILTER_VALIDATE_EMAIL)) { - $this->email = $email; - } - - return $this->email; - } - - /** - * Get debug mode value - * - * @return Ambigous <boolean, string> - */ - public function getDebugMode() { - return $this->debug_mode; - } - - /** - * Enable/disable debug/sandbox mode - */ - private function _setDebugMode($debug_mode = FALSE){ - if ($debug_mode === TRUE) { - $this->debug_mode = TRUE; - } - - if ($this->getDebugMode()) { - $this->App->setSystemMessage('debug', 'Debug, logging and Sandbox mode is enabled.', 'warning'); - return TRUE; - } - } - -}
\ No newline at end of file diff --git a/classes/subscriptions/tpl/subscriptions.tpl.php b/classes/subscriptions/tpl/subscriptions.tpl.php deleted file mode 100644 index 52419b9f..00000000 --- a/classes/subscriptions/tpl/subscriptions.tpl.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - initial API and implementation - * Christopher Guindon (Eclipse Foundation) - *******************************************************************************/ -if(!is_a($this, 'Mailchimp')){ - exit(); -} -?> - <table class="table"> - <thead> - <tr> - <th>Newsletters</th> - <th></th> - </tr> - </thead> - <tbody> - <tr> - <td>Eclipse Newsletter</td> - <td> - <?php if ($this->getIsSubscribed()): ?> - <button id="subscription-form-submit" class="btn btn-danger btn-xs float-right">Unsubscribe</button> - <?php else: ?> - <button id="subscription-form-submit" class="btn btn-primary btn-xs float-right">Subscribe</button> - <?php endif;?> - </td> - </tr> - </tbody> - </table>
\ No newline at end of file diff --git a/classes/themes/baseTheme.class.php b/classes/themes/baseTheme.class.php index c8a964cc..c36e72cb 100644 --- a/classes/themes/baseTheme.class.php +++ b/classes/themes/baseTheme.class.php @@ -491,8 +491,8 @@ EOHTML; */ public function getBaseUrlLogin() { if (empty($this->base_url_login)) { - $domains = $this->App->getEclipseDomain(); - $this->base_url_login = 'https://' . $domains['dev_domain']; + $domain = $this->App->getEclipseDomain(); + $this->base_url_login = 'https://' . $domain['accounts']; } return $this->base_url_login; } @@ -1768,8 +1768,8 @@ EOHTML; if (substr($path, 0, 1) == "/") { $path = substr($path, 1); } - - return "?takemeback=" . $this->getBaseUrl() . $path; + $url = urlencode($this->getBaseUrl() . $path); + return "?takemeback=" . $url; } /** @@ -1788,8 +1788,8 @@ EOHTML; ); $Session = $this->_getSession(); $Friend = $Session->getFriend(); - $this->session_variables['create_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/site_login/createaccount.php"><i class="fa fa-user fa-fw"></i> Create account</a>'; - $this->session_variables['my_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/site_login/' . $this->_getTakeMeBack() . '"><i class="fa fa-sign-in fa-fw"></i> Log in</a>'; + $this->session_variables['create_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/user/register"><i class="fa fa-user fa-fw"></i> Create account</a>'; + $this->session_variables['my_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/user/login/' . $this->_getTakeMeBack() . '"><i class="fa fa-sign-in fa-fw"></i> Log in</a>'; $this->session_variables['logout'] = ''; if ($Session->isLoggedIn()) { @@ -1801,10 +1801,10 @@ EOHTML; if (!empty($this->session_variables['user_ldap_uid'])){ $this->session_variables['create_account_link'] = '<a href="https://www.eclipse.org/user/' . $this->session_variables['user_ldap_uid'] . '">Welcome, ' . $this->session_variables['full_name'] . '</a>'; } - $this->session_variables['my_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/site_login/myaccount.php#open_tab_profile" class="" data-tab-destination="tab-profile"><i class="fa fa-edit fa-fw"></i> Edit my account</a>'; + $this->session_variables['my_account_link'] = '<a href="' . $this->getBaseUrlLogin() . '/user/edit" class="" data-tab-destination="tab-profile"><i class="fa fa-edit fa-fw"></i> Edit my account</a>'; // Adding <li> with logout because we only display // two options if the user is not logged in. - $this->session_variables['logout'] = '<li><a href="' . $this->getBaseUrlLogin() . '/site_login/logout.php"><i class="fa fa-power-off fa-fw"></i> Log out</a></li>'; + $this->session_variables['logout'] = '<li><a href="' . $this->getBaseUrlLogin() . '/user/logout"><i class="fa fa-power-off fa-fw"></i> Log out</a></li>'; } } if (!empty($this->session_variables[$id])) { diff --git a/classes/users/accountCreator.class.php b/classes/users/accountCreator.class.php deleted file mode 100644 index 5c4c78ad..00000000 --- a/classes/users/accountCreator.class.php +++ /dev/null @@ -1,227 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2012-2014 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Christopher Guindon (Eclipse Foundation) - initial API and implementation - *******************************************************************************/ - -/** - * Usage example: - * - * $AccountCreator = New AccountCreator(); - * $AccountCreator->setDebugMode(); - * $AccountCreator->setUrl('https://bugs.eclipse.org/bugstest/index.cgi'); - * $AccountCreator->setUsername('user@mail.com'); - * $AccountCreator->setPassword('the_password'); - * $AccountCreator->setAccountType('gerrit'); - * $AccountCreator->execute(); - */ - - -/** - * Eclipse Account Creator Class - * - * Create new users to 3rd party applications. - * - * @package Site_login - * @author Christopher Guindon - */ -class AccountCreator { - - /** - * Type of Account to create - * - * @var string - */ - private $account_type = ""; - - /** - * Enable or disable debug mode. - * - * @var bool - */ - private $debug = FALSE; - - /** - * Username/e-mail address of the user. - * - * @var string - */ - private $username = ""; - - /** - * Password of the user. - * - * @var string - */ - private $password = ""; - - /** - * Url of Website. - * - * @var string - */ - private $url = ""; - - // -------------------------------------------------------------------- - - /** - * Constructor - Sets default settings - * - * @return void - */ - function __construct() { - $this->url = "https://bugs.eclipse.org/bugs/index.cgi"; - } - - /** - * Execute Login Process - * - * @return int/bool - */ - public function execute() { - if (filter_var($this->username, FILTER_VALIDATE_EMAIL) && !empty($this->password)) { - return $this->_process(); - } - else{ - trigger_error("Invalid username or password", E_USER_NOTICE); - } - return FALSE; - } - - /** - * Set Account Type - * - * @return bool - */ - public function setAccountType($type = "") { - $allowed_type = array('gerrit', 'bugzilla'); - $type = strtolower($type); - if (in_array($type, $allowed_type)) { - $this->account_type = $type; - return TRUE; - } - return FALSE; - } - - /** - * Enable Debug Mode - * - * @return bool - */ - public function setDebugMode($set = TRUE){ - if ($set == TRUE) { - $this->debug = TRUE; - return TRUE; - } - return FALSE; - } - - /** - * Set Password - * - * @return bool - */ - public function setPassword($password = "") { - if (!empty($password)) { - $this->password = $password; - return TRUE; - } - return FALSE; - } - - /** - * Set Website URL - * - * @return bool - */ - public function setUrl($url = "") { - if (filter_var($url, FILTER_VALIDATE_URL)) { - $this->url = $url; - return TRUE; - } - return FALSE; - } - - /** - * Set Username - * - * @return bool - */ - public function setUsername($username = "") { - if (filter_var($username, FILTER_VALIDATE_EMAIL)) { - $this->username = $username; - return TRUE; - } - return FALSE; - } - - /** - * Print Response Output - * - * @return int - */ - private function _output($ch){ - - $result = curl_exec($ch); - - if (curl_errno($ch)) { - // @todo: Log errors - if ($this->debug) { - echo 'Error: ' . curl_error($ch); - } - } - else { - if ($this->debug) { - print $result; - } - } - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - return $http_code; - } - - /** - * Initialize a CURL Session - * - * @return int - */ - private function _process() { - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $this->url); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); - curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (site_login)"); - - // Bug 442432 - New posts are being associated with incorrect accounts/authors - curl_setopt($ch, CURLOPT_REFERER, $this->url); - - curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); - - curl_setopt($ch, CURLOPT_POST, TRUE); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); - - curl_setopt($ch, CURLOPT_HEADER, TRUE); - curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE); - - switch ($this->account_type) { - case "gerrit": - $post = "username=" . urlencode($this->username) . "&password=" . urlencode($this->password); - break; - - default: - $post = "Bugzilla_login=" . urlencode($this->username) . "&Bugzilla_password=" . urlencode($this->password); - break; - } - - curl_setopt($ch, CURLOPT_POSTFIELDS, $post); - return $this->_output($ch); - } - -} diff --git a/classes/users/cla.class.php b/classes/users/cla.class.php deleted file mode 100644 index 2b308769..00000000 --- a/classes/users/cla.class.php +++ /dev/null @@ -1,717 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - initial API and implementation - *******************************************************************************/ - -require_once(realpath(dirname(__FILE__) . "/../friends/friend.class.php")); - -class Cla { - - /** - * Eclipse App class - * - * @var stdClass - */ - private $App = NULL; - - /** - * List of possible contributor agreements - * - * @var Array - */ - private $contributor_agreement_documents = NULL; - - /** - * Signed Agreements by the user - * @var unknown - */ - private $user_contributor_agreement_documents = NULL; - - /** - * Form field values - * - * @var array - */ - private $form_fields = NULL; - - /** - * Content for the Contributor aggrement form - * - * @var array - */ - private $form_content = array(); - - /** - * Display Contributor notification flag - * - * @var string - */ - private $display_notificaiton = TRUE; - - /** - * Eclipse Friend object - * - * @var stdClass - */ - private $Friend = NULL; - - /** - * LDAP UID of the user - * @var string - */ - private $ldap_uid = ''; - - /** - * Current state of contributor agreement - * @var string - */ - private $eca = TRUE; - - /** - * URL of ECA document - * - * https://eclipse.local:50243/legal/ECA.html - * @var string - */ - private $eca_url = "http://www.eclipse.org/legal/ECA.html"; - - public function Cla(App $App) { - // Load the user - $this->App = $App; - $Session = $this->App->useSession(); - $this->Friend = $Session->getFriend(); - $this->ldap_uid = $this->Friend->getUID(); - - // Load contributor agreement documents - $this->_setContributorDocuments(); - $this->_setUserContributorSignedDocuments(); - - // Get the current state - $state = filter_var($this->App->getHTTPParameter("state", "POST"), FILTER_SANITIZE_STRING); - $form = filter_var($this->App->getHTTPParameter("form_name", "POST"), FILTER_SANITIZE_STRING); - - if (!empty($this->ldap_uid) && $form == "cla-form") { - switch ($state) { - case 'submit_cla': - $this->_submitClaDocument(); - break; - case 'invalidate_cla': - $this->_invalidateClaDocument(); - break; - case 'disable_unsigned_notification': - $this->_disableUnsignedNotification(); - break; - } - } - - // Check if the current user has a signed CLA - $this->notifyUserOfUnsignedCla(); - } - - private function _setEca($eca = TRUE) { - if (is_bool($eca)) { - $this->eca = $eca; - } - return $this->eca; - } - - public function getEca() { - return $this->eca; - } - - /** - * Get CLA Document Id - * @return string - */ - public function getClaDocumentId() { - return 'a6f31f81d1b9abbcdbba'; - } - - /** - * Get ECA Document Id - * @return string - */ - public function getEcaDocumentId() { - return '99f64b0dac3e41dc1e97'; - } - - /** - * Return CLA document id if still valid, - * otherwise return eca document id - * - * @return string - */ - public function getContributorDocumentId() { - if (!$this->getEca()) { - return $this->getClaDocumentId(); - } - return $this->getEcaDocumentId(); - } - - /** - * Get Display CLA notification flag - * @return boolean|string - */ - public function getDisplayNotification() { - return $this->display_notificaiton; - } - - /** - * Set Display CLA notification flag - * - * @param string $value - * @return boolean|string - */ - public function setDisplayNotification($value = TRUE) { - if (is_bool($value)) { - $this->display_notificaiton = $value; - } - return $this->display_notificaiton; - } - - /** - * This function let the user know about an unsigned CLA - * - * @return boolean - */ - public function notifyUserOfUnsignedCla() { - // Verify if the display notification flag was disabled - if (!$this->getDisplayNotification()) { - return FALSE; - } - - // We don't need to display the nofication if the user already signed the cla - if ($this->getClaIsSigned()) { - return FALSE; - } - - // Check if user don't want to see the notification - if (isset($_COOKIE['ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION']) && $_COOKIE['ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION'] === '1') { - return FALSE; - } - - $committer_string = ''; - if ($this->Friend->getIsCommitter()) { - $committer_string = ' for which you are not a committer '; - } - - $message = ' - <p>In order to contribute code to an Eclipse Foundation Project ' . $committer_string . 'you will be required to sign a Eclipse Contributor Agreement (ECA).</p> - <form action="" method="POST"> - <input type="hidden" name="unsigned_cla_notification" value="1"> - <input type="hidden" name="state" value="disable_unsigned_notification"> - <input type="hidden" name="form_name" value="cla-form"> - <ul class="list-inline margin-top-10 margin-bottom-0"> - <li><a class="small btn btn-primary" href="http://www.eclipse.org/legal/clafaq.php">What is a ECA?</a></li> - <li><a class="small btn btn-primary" href="#open_tab_cla">Sign your ECA</a></li> - <li><button class="small btn btn-primary">Disable this message</button></li> - </ul> - </form>'; - - $this->App->setSystemMessage('unsigned_cla',$message,'info'); - } - - /** - * This function returns the CLA expiry date - * - * @return string - */ - public function getClaExpiryDate() { - $user_documents = $this->_getUserContributorSignedDocuments(); - if (!empty($user_documents[$this->getContributorDocumentId()]['EffectiveDate'])) { - return date("Y-m-d", strtotime('+3 years', strtotime($user_documents[$this->getContributorDocumentId()]['EffectiveDate']))); - } - - return ''; - } - - /** - * These functions returns the text to put on the CLA form - * - * @param string $key - * @return NULL|string|string - */ - public function getClaFormContent($key = "") { - if (!empty($key) && isset($this->form_content[$key])) { - return $this->form_content[$key]; - } - return ''; - } - - /** - * This function sets the CLA fields - * values from what's being posted from the form - * - * @param string $field - * @return mixed - */ - public function getFieldValues($field = "") { - if (is_null($this->form_fields)) { - $this->form_fields = array( - 'Question 1' => filter_var($this->App->getHTTPParameter("question_1", "POST"), FILTER_SANITIZE_NUMBER_INT), - 'Question 2' => filter_var($this->App->getHTTPParameter("question_2", "POST"), FILTER_SANITIZE_NUMBER_INT), - 'Question 3' => filter_var($this->App->getHTTPParameter("question_3", "POST"), FILTER_SANITIZE_NUMBER_INT), - 'Question 4' => filter_var($this->App->getHTTPParameter("question_4", "POST"), FILTER_SANITIZE_NUMBER_INT), - 'Email' => filter_var($this->App->getHTTPParameter("email", "POST"), FILTER_SANITIZE_EMAIL), - 'Legal Name' => filter_var($this->App->getHTTPParameter("legal_name", "POST"), FILTER_SANITIZE_STRING), - 'Public Name' => filter_var($this->App->getHTTPParameter("public_name", "POST"), FILTER_SANITIZE_STRING), - 'Employer' => filter_var($this->App->getHTTPParameter("employer", "POST"), FILTER_SANITIZE_STRING), - 'Address' => filter_var($this->App->getHTTPParameter("address", "POST"), FILTER_SANITIZE_STRING), - 'Agree' => filter_var($this->App->getHTTPParameter("cla_agree", "POST"), FILTER_SANITIZE_STRING) - ); - } - - // Return the field if we're asking for one in particular - if (!empty($field)) { - if (empty($this->form_fields[$field])) { - return ''; - } - return $this->form_fields[$field]; - } - - return $this->form_fields; - } - - /** - * Set contributor_agreement_documents - * @return Array - */ - protected function _setContributorDocuments() { - $this->contributor_agreement_documents = array(); - $sql = "SELECT * FROM SYS_Documents - WHERE DocumentID = " . $this->App->returnQuotedString($this->getClaDocumentID()) . " or " . - $this->App->returnQuotedString($this->getECADocumentID()) . " AND Version=1 AND Type='IN'"; - $result = $this->App->foundation_sql($sql); - while ($row = mysql_fetch_assoc($result)) { - $this->contributor_agreement_documents[$row['DocumentID']] = $row; - } - return $this->contributor_agreement_documents; - } - - /** - * Get contributor_agreement_documents - * @return Array - */ - protected function _getContributorDocuments(){ - if (is_null($this->contributor_agreement_documents)) { - $this->_setContributorDocuments(); - } - return $this->contributor_agreement_documents; - } - - /** - * Set user_contributor_agreement_documents - * - * @return array - */ - protected function _setUserContributorSignedDocuments(){ - $this->user_contributor_agreement_documents = array(); - $sql = "SELECT PersonID, EffectiveDate, DocumentID - FROM PeopleDocuments - WHERE PersonID = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)) . " - AND (DocumentID = " . $this->App->returnQuotedString($this->getClaDocumentID()) . " or " . - $this->App->returnQuotedString($this->getECADocumentID()) . ") - AND ExpirationDate IS NULL"; - $result = $this->App->foundation_sql($sql); - - while ($row = mysql_fetch_assoc($result)) { - $this->user_contributor_agreement_documents[$row['DocumentID']] = $row; - } - - if (!empty($this->user_contributor_agreement_documents[$this->getClaDocumentID()])) { - $this->_setEca(FALSE); - } - return $this->user_contributor_agreement_documents; - } - - /** - * Set user_contributor_agreement_documents - * - * @return array - */ - protected function _getUserContributorSignedDocuments(){ - if (is_null($this->user_contributor_agreement_documents)) { - $this->_setUserContributorSignedDocuments(); - } - return $this->user_contributor_agreement_documents; - } - - /** - * Verify if the user signed his CLA. - * - * @return boolean - */ - public function getClaIsSigned($document_id = NULL) { - - if (is_null($document_id)) { - $document_id = $this->getContributorDocumentId(); - } - - $user_documents = $this->_getUserContributorSignedDocuments(); - - // If the array is empty, the user did not - // sign the eca or cla. - if (empty($user_documents)) { - return FALSE; - } - - if (!empty($user_documents[$document_id])) { - return TRUE; - } - - return FALSE; - } - - - /** - * Generate HTML for CLA page - */ - public function outputPage() { - switch ($this->getClaIsSigned()){ - case TRUE: - include $_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/users/tpl/cla_record.tpl.php"; - break; - case FALSE: - $this->_claFormContent(); - include $_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/users/tpl/cla_form.tpl.php"; - break; - } - } - - /** - * This function insert rows in the account_requests and SYS_EvtLog tables - * depending on $action is specified - * - * @param $action - Validate or invalidate a CLA - * @return mysql_query() - */ - private function _actionLdapGroupRecord($action) { - $email = $this->Friend->getEmail(); - $accepted_actions = array( - 'CLA_SIGNED', - 'CLA_INVALIDATED' - ); - if ($this->ldap_uid && in_array($action, $accepted_actions) && !empty($email)) { - //Insert the request to add to LDAP. - $sql = "INSERT INTO account_requests - (email,fname,lname,password,ip,token,req_when) - values ( - ".$this->App->returnQuotedString($this->App->sqlSanitize($email)).", - ".$this->App->returnQuotedString($this->App->sqlSanitize($this->Friend->getFirstName())).", - ".$this->App->returnQuotedString($this->App->sqlSanitize($this->Friend->getLastName())).", - 'eclipsecla', - ".$this->App->returnQuotedString($this->App->sqlSanitize($_SERVER['REMOTE_ADDR'])).", - ".$this->App->returnQuotedString($this->App->sqlSanitize($action)).", - NOW() - )"; - $result = $this->App->eclipse_sql($sql); - - // Log that this event occurred - $sql = "INSERT INTO SYS_EvtLog - (LogTable,PK1,PK2,LogAction,uid,EvtDateTime) - values ( - 'cla', - ".$this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)).", - 'EclipseCLA-v1', - ".$this->App->returnQuotedString($this->App->sqlSanitize($action)).", - 'cla_service', - NOW() - )"; - return $this->App->eclipse_sql($sql); - } - $this->App->setSystemMessage('account_requests', "There's been an error updated the LDAP group record. (LDAP-01)", "danger"); - } - - /** - * This function check if the current user has access to sign the CLA - * - * @return boolean - */ - private function _allowSigning() { - // If user is logged in - $email = $this->Friend->getEmail(); - if (!empty($this->ldap_uid) || !empty($email)) { - return TRUE; - } - - // The user is not logged in and is not part of the foundation staff - return FALSE; - } - - /** - * This internal function prepares a data array and converts it to JSON, - * it is a helper function for contributor_agreement__insert_cla_document - * - * @return string JSON encoded string. - */ - private function _claDocumentInJson() { - - $cla_document = fopen($this->eca_url, 'r'); - $data = array( - 'legal_name' => $this->form_fields['Legal Name'], - 'public_name' => $this->form_fields['Public Name'], - 'employer' => $this->form_fields['Employer'], - 'address' => $this->form_fields['Address'], - 'email' => $this->form_fields['Email'], - 'question_1' => $this->form_fields['Question 1'], - 'question_2' => $this->form_fields['Question 2'], - 'question_3' => $this->form_fields['Question 3'], - 'question_4' => $this->form_fields['Question 4'], - 'agree' => $this->form_fields['Agree'], - 'cla_doc' => base64_encode(stream_get_contents($cla_document)), - ); - fclose($cla_document); - return json_encode($data); - } - - /** - * This function fetches content from the CLA html file - */ - private function _claFormContent() { - - $cla_document = new DomDocument(); - $cla_document->loadhtmlfile($this->eca_url); - - // Remove the #reference DIV - $reference = $cla_document->getElementById('reference'); - $reference->parentNode->removeChild($reference); - - // Fetching the pieces of content by ID - $question1 = $cla_document->getElementById('question1'); - $question2 = $cla_document->getElementById('question2'); - $question3 = $cla_document->getElementById('question3'); - $question4 = $cla_document->getElementById('question4'); - $text1 = $cla_document->getElementById('text1'); - $text2 = $cla_document->getElementById('text2'); - $text3 = $cla_document->getElementById('text3'); - $text4 = $cla_document->getElementById('text4'); - - $this->form_content = array( - 'question_1' => $question1->nodeValue, - 'question_2' => $question2->nodeValue, - 'question_3' => $question3->nodeValue, - 'question_4' => $question4->nodeValue, - 'text_1' => $cla_document->saveXML($text1), - 'text_2' => $cla_document->saveXML($text2), - 'text_3' => $cla_document->saveXML($text3), - 'text_4' => $cla_document->saveXML($text4), - ); - } - - /** - * This function creates a new people record in the foundationDB - * if it can't find an existing one - * - * @return bool - */ - private function _createPeopleRecordIfNecessary() { - - if (empty($this->ldap_uid)) { - return FALSE; - } - - $sql = "SELECT PersonID FROM People - WHERE PersonID = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)); - $result = $this->App->foundation_sql($sql); - - if ($row = mysql_fetch_assoc($result)) { - if (isset($row['PersonID']) && !empty($row['PersonID'])) { - return TRUE; - } - } - - $sql = "INSERT INTO People - (PersonID, FName, LName, Type, IsMember, Email, IsUnixAcctCreated) - values ( - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->Friend->getFirstName())) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->Friend->getLastName())) .", - 'XX', - 0, - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->Friend->getEmail())) .", - 0 - )"; - $result_insert = $this->App->foundation_sql($sql); - - // Log that this event occurred - $sql = "INSERT INTO SYS_ModLog - (LogTable,PK1,PK2,LogAction,PersonID,ModDateTime) - VALUES ( - 'cla', - 'cla_service', - 'EclipseCLA-v1', - 'NEW PEOPLE RECORD', - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)) .", - NOW() - )"; - $result_log = $this->App->foundation_sql($sql); - - - return (bool)$result_insert; - } - - /** - * This function sets a cookie to hide the unsigned notification message - * */ - private function _disableUnsignedNotification() { - setcookie ('ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION', '1', time() + 3600 * 24 * 1095, '/' ); - $this->setDisplayNotification(FALSE); - } - -/** - * This function invalidates a user's CLA document - */ - private function _invalidateClaDocument() { - $document_id = $this->getContributorDocumentId(); - $user_documents = $this->_getUserContributorSignedDocuments(); - $document = $user_documents[$document_id]; - - if (!empty($this->ldap_uid) && !empty($document['EffectiveDate'])) { - // Log that this event occurred Note that foundationdb uses SYS_ModLog instead of SYS_EvtLog; - $sql = "INSERT INTO SYS_ModLog - (LogTable,PK1,PK2,LogAction,PersonID,ModDateTime) - values ( - 'cla', - 'cla_service', - 'EclipseCLA-v1', - 'INVALIDATE_CLA DOCUMENT', - ".$this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)).", - NOW() - )"; - $result = $this->App->foundation_sql($sql); - - // Invalidate the users LDAP group. - $this->_actionLdapGroupRecord('CLA_INVALIDATED'); - - $invalidated = FALSE; - $loop = 0; - - while($loop < 10) { - // Wait 1 second for the Perl script to invalidate - // the user's CLA/ECA in the PeopleDocuments table - sleep(1); - - // Perform another Select to find out if the user - // still has a valid CLA/ECA - $this->_setUserContributorSignedDocuments(); - - if ($this->getClaIsSigned() == FALSE) { - $invalidated = TRUE; - break; - } - $loop++; - } - - if ($invalidated) { - - // Making sure we add the notification back in the page - if (isset($_COOKIE['ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION'])) { - unset($_COOKIE['ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION']); - setcookie('ECLIPSE_CLA_DISABLE_UNSIGNED_NOTIFICATION', '', time() - 3600, '/'); - } - - // Create success message - $this->App->setSystemMessage('invalidate_cla','You have successfully invalidated your ECA.','success'); - return TRUE; - } - $this->App->setSystemMessage('invalidate_cla','We were unable to invalidate the ECA we have on record. (LDAP-02)','danger'); - return FALSE; - } - - $this->App->setSystemMessage('invalidate_cla','An attempt to invalidate the ECA failed because we were unable to find the ECA that matches. (LDAP-03)','danger'); - return FALSE; - } - - /** - * This internal function inserts a new CLA document based off the form data submitted. - */ - private function _submitClaDocument() { - // Check if the sumitted fields validate and if there is no signed CLA for this user - $document_id = $this->getEcaDocumentId(); - if ($this->_allowSigning() && $this->_validatedClaFields() && !$this->getClaIsSigned($document_id)) { - - $this->_createPeopleRecordIfNecessary(); - - // get the CLA document in Json format - $blob = $this->_claDocumentInJson(); - - $sql = "INSERT INTO PeopleDocuments - (PersonId,DocumentId,Version,EffectiveDate,ReceivedDate, - ScannedDocumentBLOB,ScannedDocumentMime,ScannedDocumentBytes, - ScannedDocumentFileName,Comments) - VALUES ( - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($document_id)) .", - 1, - now(), - now(), - '". $blob ."', - 'application/json', - ". strlen($blob) .", - 'eclipse-eca.json', - 'Automatically generated CLA' - )"; - $result = $this->App->foundation_sql($sql); - - // Log that this event occurred - $sql = "INSERT INTO SYS_ModLog - (LogTable,PK1,PK2,LogAction,PersonID,ModDateTime) - VALUES ( - 'cla', - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->ldap_uid)) .", - 'EclipseCLA-v1', - 'NEW CLA DOCUMENT', - 'cla_service', - NOW() - )"; - $result = $this->App->foundation_sql($sql); - - // Submit the users LDAP group. - $this->_actionLdapGroupRecord('CLA_SIGNED'); - $this->App->setSystemMessage('submit_cla',"You successfully submitted the ECA!",'success'); - $this->_setUserContributorSignedDocuments(); - return TRUE; - } - - $this->App->setSystemMessage('submit_cla',"Error, the ECA have not been submitted. (LDAP-03)",'danger'); - return FALSE; - } - - /** - * This function checks if all the fields from the form validates - * - * @return BOOL - * - */ - private function _validatedClaFields() { - $form_fields = $this->getFieldValues(); - foreach ($form_fields as $field_name => $field_value) { - if (strpos($field_name, 'Question') !== FALSE && $field_value !== "1") { - $this->App->setSystemMessage('submit_cla','You must accept ' . $field_name,'danger'); - $is_valid = FALSE; - } - if (($field_name == 'Email' || $field_name == 'Legal Name' || $field_name == 'Employer' || $field_name == 'Address') && empty($field_value)) { - $this->App->setSystemMessage('submit_cla','You must enter your ' . $field_name,'danger'); - $is_valid = FALSE; - } - if ($field_name == 'Agree' && $field_value !== 'I AGREE') { - $this->App->setSystemMessage('submit_cla','You must enter "I AGREE" in the Electronic Signature field.','danger'); - $is_valid = FALSE; - } - } - - if (!isset($is_valid)) { - return TRUE; - } - - return FALSE; - } - -}
\ No newline at end of file diff --git a/classes/users/siteLogin.class.php b/classes/users/siteLogin.class.php deleted file mode 100644 index 41fc65de..00000000 --- a/classes/users/siteLogin.class.php +++ /dev/null @@ -1,1574 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2014, 2015 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Christopher Guindon (Eclipse Foundation) - initial API and implementation - *******************************************************************************/ - -require_once(realpath(dirname(__FILE__) . "/../../system/app.class.php")); -require_once(realpath(dirname(__FILE__) . "/../friends/friend.class.php")); -require_once(realpath(dirname(__FILE__) . "/../../system/session.class.php")); -require_once("accountCreator.class.php"); -require_once('/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php'); -require_once(realpath(dirname(__FILE__) . "/../../system/evt_log.class.php")); -require_once(realpath(dirname(__FILE__) . "/../captcha/captcha.class.php")); -require_once(realpath(dirname(__FILE__) . "/../forms/formToken.class.php")); - -define('SITELOGIN_EMAIL_REGEXP', '/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/'); - -define('SITELOGIN_NAME_REGEXP', '/[^\p{L}\p{N}\-\.\' ]/u'); - -class Sitelogin { - - private $App = NULL; - - private $agree = ""; - - private $bio = ""; - - private $Captcha = NULL; - - private $country = ""; - - private $country_list = NULL; - - private $githubid = ""; - - private $formToken = NULL; - - private $Friend = NULL; - - private $fname = ""; - - private $exipred_pass_token = FALSE; - - private $interests = ""; - - private $jobtitle = ""; - - private $Ldapconn = NULL; - - private $lname = ""; - - private $messages = array(); - - private $newsletter_status = ""; - - private $organization = ""; - - private $p = ""; - - private $page = ""; - - private $password = ""; - - private $password1 = ""; - - private $password2 = ""; - - private $password_update = 0; - - private $password_expired = ""; - - private $path_public_key = ""; - - private $profile_default = array(); - - private $referer = ""; - - private $remember = ""; - - private $Session = NULL; - - private $stage = ""; - - private $submit = ""; - - private $takemeback = ""; - - private $t = ""; - - private $twitter_handle = ""; - - private $username = ""; - - private $user_uid = ""; - - private $user_mail = ""; - - private $website = ""; - - private $xss_patterns = array(); - - private $is_committer = ""; - - private $changed_employer = ""; - - function Sitelogin($stage = NULL) { - $this->xss_patterns = array( - '/<script[^>]*?>.*?<\/script>/si', - '/<[\/\!]*?[^<>]*?>/si', - '/<style[^>]*?>.*?<\/style>/siU', - '/<![\s\S]*?–[ \t\n\r]*>/' - ); - - $this->path_public_key = "/home/data/httpd/dev.eclipse.org/html/public_key.pem"; - - global $App; - $this->App = $App; - $this->Captcha = New Captcha(); - $this->Session = $this->App->useSession(); - $this->Friend = $this->Session->getFriend(); - $this->Ldapconn = new LDAPConnection(); - $this->FormToken = new FormToken(); - - $this->_sanitizeVariables(); - $this->user_uid = $this->Ldapconn->getUIDFromMail($this->Friend->getEmail()); - $this->user_mail = $this->Friend->getEmail(); - $this->is_committer = $this->Friend->getIsCommitter(); - $this->password_expired = $this->_verifyIfPasswordExpired(); - - $this->_setStage($stage); - - switch ($this->stage) { - case 'login': - $this->_userAuthentification(); - break; - case 'create': - $this->_createAccount(); - break; - case 'reset': - $this->_resetPassword(); - break; - case 'reset2': - $this->_resetPassword2(); - break; - case 'reset3': - $this->_resetPassword3(); - break; - case 'confirm': - $this->_confirmAccount(); - break; - case 'save': - $this->_processSave(); - break; - case 'save-account': - $this->_processSave(FALSE); - break; - case 'save-profile': - $this->_processSaveProfile(); - break; - } - } - - public function getDomain() { - $domain = $this->App->getEclipseDomain(); - return 'https://' . $domain['dev_domain']; - } - - public function getStage(){ - return $this->stage; - } - - public function getIsCommitter(){ - return $this->is_committer; - } - - public function getCountryList() { - if (is_null($this->country_list)) { - $this->_fetchCountries(); - } - return $this->country_list; - } - - public function getSystemMessage() { - $return = ""; - $allowed_type = array( - 'success', - 'info', - 'warning', - 'danger' - ); - foreach ($this->messages as $type) { - foreach ($type as $key => $value) { - if (!in_array($key, $allowed_type)) { - continue; - } - $list = '<ul>'; - if (count($value) == 1) { - if ($key == 'danger'){ - $org_value = $value[0]; - $value[0] = '<p><strong>' . $org_value . '</strong></p>'; - } - $return .= $this->_getMessageContainer($value[0], $key); - continue; - } - foreach ($value as $msg) { - $list .= '<li><strong>' . $msg . '</strong></li>'; - } - $list .= '</ul>'; - $return .= $this->_getMessageContainer($list, $key); - } - } - return $return; - } - - public function getVariables($type = NULL){ - - $return = array( - 'agree' => "", - 'username' => "", - 'password' => "", - 'remember' => "", - 'submit' => "", - 'takemeback' => "", - 'githubid' => "", - 'referer' => "", - 'password1' => "", - 'password2' => "", - 'password_update' => "", - 'fname' => "", - 'lname' => "", - 'githubid' => "", - 'organization' => "", - 'jobtitle' => "", - 'website' => "", - 'bio' => "", - 'interests' => "", - 'twitter_handle' => "", - 'country' => "", - 'newsletter_status' => "", - ); - - $this->_get_default_profile_fields(); - # Bug 428032 - Multiple XSS on site_login - $username = filter_var($this->username, FILTER_SANITIZE_EMAIL); - $fname = filter_var($this->fname, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $lname = filter_var($this->lname, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $takemeback = filter_var($this->takemeback, FILTER_SANITIZE_ENCODED); - $remember = filter_var($this->remember, FILTER_SANITIZE_NUMBER_INT); - $agree = filter_var($this->agree, FILTER_SANITIZE_NUMBER_INT); - $password_update = filter_var($this->password_update, FILTER_SANITIZE_NUMBER_INT); - $githubid = filter_var($this->Ldapconn->getGithubIDFromMail($this->Friend->getEmail()), FILTER_SANITIZE_STRING); - $organization = filter_var($this->organization, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $country = filter_var($this->country, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $jobtitle = filter_var($this->jobtitle, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $website = filter_var($this->website, FILTER_SANITIZE_URL); - $bio = filter_var($this->bio, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $interests = filter_var($this->interests, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $token = filter_var($this->t, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $twitter_handle = filter_var($this->twitter_handle, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - $newsletter_status = filter_var($this->newsletter_status, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW); - - switch ($type) { - case 'login': - $return['username'] = $username; - $return['remember'] = ($remember) ? 'checked="checked"' : ""; - $return['takemeback'] = $takemeback; - break; - - case 'welcomeback': - $return['username'] = $this->_get_default_field_value('username', $username); - $return['fname'] = $this->_get_default_field_value('fname', $fname); - $return['lname'] = $this->_get_default_field_value('lname', $lname); - $return['githubid'] = $this->_get_default_field_value('githubid', $githubid); - $return['takemeback'] = $takemeback; - $return['organization'] = $organization; - $return['jobtitle'] = $jobtitle; - $return['website'] = $website; - $return['bio'] = $bio; - $return['country'] = $country; - $return['interests'] = $interests; - $return['twitter_handle'] = $twitter_handle; - $return['friend'] = array( - 'uid' => $this->Friend->getUID(), - 'is_committer' => $this->Friend->getIsCommitter(), - 'is_benefit' => $this->Friend->getIsBenefit(), - 'date_joined' => substr($this->Friend->getDateJoined(), 0, 10), - 'date_expired' => substr($this->Friend->getBenefitExpires(), 0, 10), - ); - - break; - - case 'create': - if ($this->stage == 'create') { - $return['username'] = $username; - $return['fname'] = $fname; - $return['lname'] = $lname; - $return['organization'] = $organization; - $return['country'] = $country; - $return['agree'] = $agree; - $return['takemeback'] = $takemeback; - $return['newsletter_status'] = $newsletter_status; - } - break; - - case 'reset': - $return['token'] = $token; - break; - - case 'logout': - $return['password_update'] = $password_update; - break; - - } - return $return; - } - - public function logout() { - $referer = ""; - if (isset($_SERVER['HTTP_REFERER'])) { - $referer = $_SERVER['HTTP_REFERER']; - } - - $eclipse_domains = array( - 'projects.eclipse.org' => 'https://projects.eclipse.org/', - 'eclipse.org/forums/' => 'https://www.eclipse.org/forums/', - 'wiki.eclipse.org' => 'https://wiki.eclipse.org/index.php?title=Special:UserLogout', - 'git.eclipse.org/r/' => 'https://git.eclipse.org/r/', - 'bugs.eclipse.org/bugs/' => 'https://bugs.eclipse.org/bugs/', - 'lts.eclipse.org' => 'https://lts.eclipse.org/', - 'marketplace.eclipse.org' => 'https://marketplace.eclipse.org', - ); - - $redirect = 'https://www.eclipse.org/'; - - foreach ($eclipse_domains as $key => $value) { - if (strpos($referer, $key)){ - $redirect = $value; - break; - } - } - - // Destroy the session for the user. - // Bug 443883 - [site_login] Password change should invalidate all active sessions - if ($this->Session->isLoggedIn()) { - $this->Session->destroy(TRUE); - $this->messages['logout']['info'][] = 'You have been logged out.'; - } - else{ - $this->messages['logout']['danger'][] = 'You are currently not logged in.'; - $redirect = 'https://dev.eclipse.org/site_login/'; - } - - return $redirect; - } - - public function password_update() { - $this->messages['logout']['success'][] = "Your account details have been updated successfully."; - $this->messages['logout']['warning'][] = 'Please login to confirm your new password.'; - } - - public function showCountries() { - $options = ""; - $continents = $this->_fetchcontinents(); - $countries = $this->_fetchCountries(); - - foreach ($continents as $continent) { - $options .= '<optgroup label="'. $continent .'">'; - foreach ($countries as $country) { - if ($country['continent'] == $continent) { - $selected = ""; - if (!empty($this->country) && $this->country == $country['ccode']) { - $selected = "selected"; - } - $options .= '<option value="'. $country['ccode'] .'" ' . $selected.'>'. $country['description'] .'</option>'; - } - } - $options .= '</optgroup>'; - } - return $options; - } - - function verifyUserStatus() { - # bug 432822 - if someone is already logged in, send them to their account info page - if (empty($this->takemeback)) { - $this->takemeback = 'myaccount.php'; - } - if ($this->Session->getGID() != "") { - header("Location: " . $this->takemeback, 302); - exit; - } - } - - /** - * Validate takemeback Url - * - * Bug 421097 - * @return boolean - */ - public function validateTakemebackUrl($takemeback = "") { - if ($takemeback == "") { - $takemeback = $this->takemeback; - } - - $domains = array( - 'eclipse.org', - 'planeteclipse.org', - 'locationtech.org', - 'polarsys.org', - 'eclipse.local' - ); - - foreach ($domains as $d) { - if (preg_match('#^(http(s)?:\/\/)(www\.)?([\w+0-9-]{0,}\.)?' . $d . '(:\d{1,5})?(\/)?#', $takemeback) && - strpos($takemeback, $d . ".") === FALSE){ - return TRUE; - break; - } - } - return FALSE; - } - - private function _confirmAccount() { - $sql = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token IN ('TOKEN_FAILED', 'CONFIRM_SUCCESS') AND ip = " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] > 0) { - $this->messages['confirm']['danger'][] = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8728s)"; - } - else { - if ($this->t != "") { - $sql = "SELECT /* USE MASTER */ email, fname, password, lname, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] <= 0) { - $this->messages['confirm']['danger'][] = "We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try creating your account again, and contact webmaster@eclipse.org if the problem persists. (8729s)"; - # If we can't find a record, insert a record preventing this dude from bombing us - $this->t = $this->App->getAlphaCode(64); - $this->App->eclipse_sql("INSERT INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->App->sqlSanitize($this->t)); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_TOKEN_FAILED"); - $EventLog->insertModLog("apache"); - } - else { - // New accounts will always have a value in $myrow['password']. - $token_confirm = 'CONFIRM_SUCCESS'; - # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing - $sql = "UPDATE account_requests SET token = ". $this->App->returnQuotedString($this->App->sqlSanitize($token_confirm)) .", ip = " . $this->App->returnQuotedString($this->App->sqlSanitize($_SERVER['REMOTE_ADDR'])) - . " WHERE token = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)); - $rs = $this->App->eclipse_sql($sql); - - $this->messages['confirm']['success'][] = "Thank you for confirming your email address. - Your Eclipse.org account is now active and you may now </strong>log in</strong></a>. - Please note that some Eclipse.org pages may require you to provide your login - credentials."; - - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->App->sqlSanitize($this->t)); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_CONFIRM"); - $EventLog->insertModLog($myrow['email']); - } - } - else { - $this->messages['confirm']['danger'][] = "We were unable to validate your request. The supplied token is invalid. Please contact webmaster@eclipse.org."; - } - } - } - - private function _createAccount() { - if ($this->username != "" && $this->fname != "" && $this->lname != "" && $this->password1 != "") { - if (!$this->FormToken->verifyToken($_POST['token-create-account']) || !empty($_POST['create-account-email-req'])) { - # Send mail to webmaster - $mail = "Dear webmaster,\n\n"; - $mail .= "A new eclipse.org account was denied:\n\n"; - $mail .= "Email: " . $this->username . "\n\n"; - $mail .= "First name: " . $this->fname . "\n\n"; - $mail .= "Last name: " . $this->lname . "\n\n"; - - $mail .= "Organization: " . $this->organization. "\n\n"; - $mail .= "Country: " . $this->country. "\n\n"; - $mail .= "Remote addr: " . $_SERVER['REMOTE_ADDR'] . "\n\n"; - $mail .= "Browser: " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"; - $mail .= "Referer: " . $_SERVER['HTTP_REFERER'] . "\n\n"; - - $mail .= " -- Eclipse webdev\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8'; - mail('webmaster@eclipse.org', "Denied Account: Possible spammer", $mail, $headers); - return FALSE; - } - # Create an account. Check to ensure this IP address hasn't flooded us with requests - # or that this email address doesn't already have an account - $sql = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] >= 25) { - $this->messages['create']['danger'][] = "You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request. (8723s)"; - } - else { - # Check LDAP - if(!$this->Ldapconn->checkEmailAvailable($this->username)) { - $this->messages['create']['danger'][] = "That account already exists. If you cannot remember your password, please use the password reset option below. (8725s)"; - # Jot this down to avoid repetitively polling ldap - $this->App->eclipse_sql("INSERT INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . ", - '', - " . $this->App->returnQuotedString($this->App->sqlSanitize($this->fname)) . ", - " . $this->App->returnQuotedString($this->App->sqlSanitize($this->lname)) . ", - '', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $this->App->returnQuotedString("CREATE_FAILED") . ")"); - - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->username); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_ALREADY_EXISTS"); - $EventLog->insertModLog("apache"); - } - else { - if ($this->agree != 1) { - $this->messages['create']['danger'][] = "- You must agree to the terms and contitions of use<br />"; - } - - if (!preg_match(SITELOGIN_EMAIL_REGEXP, $this->username)) { - $this->messages['create']['danger'][] = "- Your email address is not formatted correctly<br />"; - } - - if (!$this->Captcha->validate()) { - $this->messages['create']['danger'][] = "- You haven't answered the captcha question correctly<br />"; - } - if (!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $this->password1)) { - $this->messages['create']['danger'][] = "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />"; - } - - if (!$cryptopass = $this->_generateCryptotext($this->App->sqlSanitize($this->password1))) { - $this->messages['create']['danger'][] = "- An error occurred while processing your request. (8730s)"; - } - - if (empty($this->country)) { - $this->messages['create']['danger'][] = "- You must select your country of residence."; - } - - if (empty($this->messages['create']['danger'])) { - # Add request to database - $this->t = $this->App->getAlphaCode(64); - $this->App->eclipse_sql("INSERT INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize(trim($this->username))) . ", - '', - " . $this->App->returnQuotedString($this->App->sqlSanitize(trim($this->fname))) . ", - " . $this->App->returnQuotedString($this->App->sqlSanitize(trim($this->lname))) . ", - '" . $cryptopass . "', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $this->App->returnQuotedString($this->t) . ")"); - - - $this->App->eclipse_sql("INSERT INTO users_profiles - (user_uid,user_mail,user_country,user_org,user_status) - VALUES ( - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->t)) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->country)) .", - ". $this->App->returnQuotedString($this->App->sqlSanitize($this->organization)) .", - 0 - )" - ); - - if ($this->newsletter_status === 'subscribe') { - $Subscriptions = $this->App->getSubscriptions(); - $Subscriptions->setFirstName($this->fname); - $Subscriptions->setLastName($this->lname); - $Subscriptions->setEmail($this->username); - $Subscriptions->addUserToList(); - } - - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->t); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("ACCT_CREATE_REQ_SUCCESS"); - $EventLog->insertModLog($this->username); - - # Send mail to dest - $mail = "Dear $this->fname,\n\n"; - $mail .= "Thank you for registering for an account at Eclipse.org. Before we can activate your account one last step must be taken to complete your registration.\n\n"; - $mail .= "To complete your registration, please visit this URL:\nhttps://dev.eclipse.org/site_login/token.php?stage=confirm&t=$this->t\n\n"; - $mail .= "Your Username is: $this->username\n\n"; - $mail .= "If you have any problems signing up please contact webmaster@eclipse.org\n\n"; - $mail .= " -- Eclipse webmaster\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8'; - mail($this->username, "Eclipse Account Registration", $mail, $headers); - - # Debug - //print $mail; - - $this->messages['create']['success'][] = "<p>Welcome to the Eclipse.org community! We've sent a confirmation to the email address - you have provided. In that email there are instructions you must follow in order to activate your account.</p> - <p>If you have not received the email within a few hours, and you've made sure it's not in your Junk, Spam or trash folders, please contact webmaster@eclipse.org</p>"; - } - else { - $this->messages['create']['danger'][] = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (5496s)"; - } - } - } - } - else { - $this->messages['create']['danger'][] = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (8726s)"; - } - } - - private function _generateBugzillaSHA256Password($_password) { - $cp = 0; - if ($_password != "") { - # Generate random salt - $hash = "{SHA-256}"; - $salt = $this->App->getAlphaCode(8); - $cp = str_replace("=", "", $salt . base64_encode(hash("sha256", $_password . $salt, true))) . $hash; - } - return $cp; - } - - private function _generateCryptotext($plaintext) { - if (empty($plaintext) || !is_readable($this->path_public_key)) { - return FALSE; - } - - #load public key - $fp = fopen($this->path_public_key, "r"); - $pub_key = fread($fp, 8192); - fclose($fp); - - $key = openssl_pkey_get_public($pub_key); - openssl_public_encrypt($plaintext, $cryptotext, $key, OPENSSL_PKCS1_OAEP_PADDING); - - #encode the output - return base64_encode($cryptotext); - } - - private function _generatePassword($_num_chars) { - $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1023456789,.;:/@#$%^&*()-_=+"; - srand((double)microtime()*1000000); - $loopcount = 0; - $rValue = ""; - while (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $rValue)) { - $rValue = ""; - $i = 0; - $loopcount++; - srand((double)microtime()*1000000); - while ($i <= $_num_chars) { - $num = rand() % strlen($chars); - $rValue .= substr($chars, $num, 1); - $i++; - } - # antilooper - if($loopcount > 1000) { - $rValue = "aA1$" . $this->App->getAlphaCode(4); - } - } - return $rValue; - } - - private function _getMessageContainer($message = '', $type = 'alert') { - $class = "alert alert-" . $type; - return '<div class="' . $class . '" role="alert">' . $message . '</div>'; - } - - private function _get_default_field_value($id, $value, $default_values = TRUE) { - // If the value is not empty and the user is not requesting the default values, - // return the updated values. - if (!empty($value) && $default_values === FALSE) { - return $value; - } - - switch ($id) { - case 'fname': - return $this->Friend->getFirstName(); - break; - - case 'lname': - return $this->Friend->getLastName(); - break; - - case 'username': - return $this->Friend->getEmail(); - break; - - case 'githubid': - return $this->Ldapconn->getGithubIDFromMail($this->Friend->getEmail()); - break; - } - } - - private function _get_profile_from_token($token = NULL){ - if (empty($token)) { - return FALSE; - } - $sql = "SELECT /* USE MASTER */ - user_org as organization, user_jobtitle as jobtitle, user_bio as bio, user_interests as interests, user_website as website, user_twitter_handle as twitter_handle, user_country as country - FROM users_profiles - WHERE user_uid = " . $this->App->returnQuotedString($token) . " - ORDER BY user_update DESC LIMIT 1"; - $rs = $this->App->eclipse_sql($sql); - $profile = mysql_fetch_assoc($rs); - - if (!empty($profile)) { - foreach ($profile as $key => $value) { - if (is_null($value)) { - $value = ""; - } - $this->{$key} = $value; - } - return TRUE; - } - return FALSE; - } - - private function _get_default_profile_fields($get_default_values = FALSE){ - - // Making sure we don't have an empty user_uid to avoid pre-populating - // the account creation fields with an empty user_uid - if (empty($this->user_uid)) { - return FALSE; - } - - if (empty($this->messages['profile']['danger'])) { - $sql = "SELECT /* USE MASTER */ - user_org as organization, user_jobtitle as jobtitle, user_bio as bio, user_interests as interests, user_website as website, user_twitter_handle as twitter_handle, user_country as country - FROM users_profiles - WHERE user_uid = " . $this->App->returnQuotedString($this->user_uid) . " - ORDER BY user_update DESC LIMIT 1"; - $rs = $this->App->eclipse_sql($sql); - $profile = mysql_fetch_assoc($rs); - - $this->profile_default = $profile; - if ($get_default_values) { - return TRUE; - } - - if (!empty($profile)) { - foreach ($profile as $key => $value) { - if (is_null($value)) { - $value = ""; - } - $this->{$key} = $value; - } - } - } - } - - private function _getProfileDefaultValues(){ - if (empty($this->profile_default)) { - $this->_get_default_profile_fields(TRUE); - } - return $this->profile_default; - } - - private function _processSaveProfile() { - if (!$this->FormToken->verifyToken($_POST['token-update-profile']) || !empty($_POST['profile-name-req'])) { - //token verification failed or expected empty field wasn't empty - return FALSE; - } - if ($this->password_expired === TRUE) { - $this->messages['password_expired']['danger'][] = "You need to set a new password before you can update your profile."; - return FALSE; - } - $fname = $this->_get_default_field_value('fname', $this->fname, FALSE); - $lname = $this->_get_default_field_value('lname', $this->lname, FALSE); - - $default_values = $this->_getProfileDefaultValues(); - $default_org = $default_values['organization']; - - $fields = array( - 'user_uid' => $this->user_uid, - 'user_mail' => $this->user_mail, - 'user_org' => $this->organization, - 'user_jobtitle' => $this->jobtitle, - 'user_website' => $this->website, - 'user_bio' => $this->bio, - 'user_interests' => $this->interests, - 'user_twitter_handle' => $this->twitter_handle, - 'user_country' => $this->country, - ); - - $possible_null_field = array( - 'user_org', - 'user_jobtitle', - 'user_website', - 'user_bio', - 'user_interests', - 'user_twitter_handle', - ); - - # Validate values - if (empty($fields['user_uid']) || !is_string($fields['user_uid'])) { - $this->messages['profile']['danger'][] = 'Invalid user id<br>'; - } - if (!empty($fields['user_website']) && !filter_var($fields['user_website'], FILTER_VALIDATE_URL)) { - $this->messages['profile']['danger'][] = 'Invalid website URL<br>'; - } - if (empty($fields['user_country']) && !in_array($fields['user_country'], $this->getCountryList())) { - $this->messages['profile']['danger'][] = 'You must enter a valid country<br>'; - } - - if (!empty($this->messages['profile']['danger'])) { - return FALSE; - } - - //if they are a committer and have changed employers toss all changes and throw a warning + send a message - if ($this->is_committer) { - if ($default_org !== $fields["user_org"]) { - if ($this->changed_employer === 'Yes') { - // Send mail to dest - $this->_sendNotice(); - $this->messages['myaccount']['danger'][] = "You have indicated a change in employer. As such any changes you made have not been saved. A notice has been sent to you and EMO legal (emo-records@eclipse.org) so that they can advise what paperwork(if any) needs to be updated."; - //exit - return FALSE; - } - else if ($this->changed_employer !== "No") { - $this->messages['myaccount']['danger'][] = "You must indicate if you have changed employers in order to save changes to your organization."; - return FALSE; - } - } else { - if ($this->changed_employer === 'Yes') { - // Send mail to dest - $this->_sendNotice(); - $this->messages['myaccount']['danger'][] = "A notice has been sent to you and EMO legal (emo-records@eclipse.org) so that they can advise what paperwork (if any) needs to be updated due to your change in employers."; - } - } - } - - foreach ($possible_null_field as $value) { - if (empty($fields[$value])) { - $fields[$value] = NULL; - } - } - - $sql = "INSERT INTO users_profiles ("; - $columns = array(); - $values = array(); - foreach ($fields as $key => $value) { - if (!empty($value)) { - $columns[] = $key; - $values[] = '"' . $this->App->sqlSanitize($value) . '"'; - } - else if(in_array($key, $possible_null_field)) { - $columns[] = $key; - $values[] = 'NULL'; - } - } - $sql .= implode(',', $columns); - $sql .= ') VALUES ('; - $sql .= implode(',', $values); - $sql .= ") ON DUPLICATE KEY UPDATE"; - foreach ($columns as $key => $value){ - $sql .= ' ' .$value . '=' . $values[$key] . ','; - } - $sql = rtrim($sql, ','); - $this->App->eclipse_sql($sql); - $this->messages['profile']['success'][] = 'Your profile have been updated successfully.'; - - } - - private function _processSave() { - if (!$this->FormToken->verifyToken($_POST['token-edit-account']) || !empty($_POST['edit-account-email-req'])) { - //token verification failed or expected empty field wasn't empty - return FALSE; - } - // Check IF the password is expired - // AND if the user is NOT trying to change the password - if ($this->password_expired === TRUE && (empty($this->password1) && empty($this->password2))) { - $this->messages['password_expired']['danger'][] = "You need to set a new password before you can update your Account Settings."; - $this->getVariables("welcomeback"); - return FALSE; - } - - $user_is_changing_password = FALSE; - if ($this->username != "" && $this->fname != "" && $this->lname != "" && $this->password != "") { - # update account. - # we must first bind to ldap to be able to change attributes - $dn = $this->Ldapconn->authenticate($this->Friend->getEmail(), $this->password); - if ($dn) { - #work out what's changed - $fname_changed = ($this->Ldapconn->getLDAPAttribute($dn, "givenName") !== $this->fname) ? TRUE : FALSE ; - $lname_changed = ($this->Ldapconn->getLDAPAttribute($dn, "sn") !== $this->lname) ? TRUE : FALSE ; - $email_changed = ($this->Ldapconn->getLDAPAttribute($dn, "mail") !== $this->username) ? TRUE : FALSE ; - - //if they are a committer and have changed employers toss all changes and throw a warning + send a message - if ($this->is_committer && $this->changed_employer === 'Yes') { - // Send mail to dest - $this->_sendNotice(); - //notify the user - if ( !$lname_changed && !$email_changed) { - //I guess they just want us to know they've changed employers - $this->messages['myaccount']['danger'][] = "A notice has been sent to you and EMO legal (emo-records@eclipse.org) so that they can advise what paperwork(if any) needs to be updated due to your change in employers."; - } - else { - //they've changed something - $this->messages['myaccount']['danger'][] = "You have indicated a change in employer. As such any changes you made have not been saved. A notice has been sent to you and EMO legal (emo-records@eclipse.org) so that they can advise what paperwork(if any) needs to be updated."; - } - //reset form data - $this->getVariables("welcomeback"); - //return - return; - } - - $update_bz_name = FALSE; - if ($fname_changed) { - $this->Ldapconn->changeAttributeValue($dn, $this->password, "givenName", $this->fname); - $this->Friend->setFirstName($this->fname); - $update_bz_name = TRUE; - } - - if ($lname_changed) { - if ($this->changed_employer === 'No' || !$this->is_committer) { - $this->Ldapconn->changeAttributeValue($dn, $this->password, "sn", $this->lname); - $this->Friend->setLastName($this->lname); - $update_bz_name = TRUE; - $this->_sendNotice("surname", "to: " . $this->lname); - } else if($this->is_committer && empty($this->changed_employer)) { - $this->messages['myaccount']['danger'][] = "You must indicate if you have changed employers in order to save changes to your last name."; - return; - - } - } - - //if either the first or last name has changed the cn should be updated. - if ($fname_changed || $lname_changed) { - $this->Ldapconn->changeAttributeValue($dn, $this->password, "cn", $this->fname . " " . $this->lname); - $update_bz_name = TRUE; - } - - if ($update_bz_name) { - $this->App->bugzilla_sql("SET NAMES 'utf8'"); - $sql = "UPDATE profiles SET realname='" . $this->App->sqlSanitize($this->fname . " " . $this->lname) . "' WHERE login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . " LIMIT 1"; - $this->App->bugzilla_sql($sql); - $this->Session->updateSessionData($this->Friend); - } - - # Update GitHub ID? - if ($this->githubid != "") { - $oldgithubid = $this->Ldapconn->getGithubIDFromMail($this->Friend->getEmail()); - - # we can't change GH ID's automagically - if ($oldgithubid != "") { - $this->messages['myaccount']['danger'][] = "- Your GitHub ID cannot be changed from this form. Please contact webmaster@eclipse.org to update your GitHub ID.<br />"; - } - else { - $this->Ldapconn->setGithubID($dn, $this->password, $this->githubid); - $this->messages['myaccount']['success'][] = "Your github id was saved successfully."; - } - } - - # User is trying to update change is password - if (!empty($this->password1) && !empty($this->password2)) { - if (!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $this->password1)) { - $this->messages['myaccount']['danger'][] = "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />"; - } - else { - if ($this->password != $this->password1) { - $user_is_changing_password = TRUE; - $this->Ldapconn->changePassword($dn, $this->password, $this->password1); - $bzpass = &$this->_generateBugzillaSHA256Password($this->password1); - $sql = "UPDATE profiles SET cryptpassword='" . $this->App->sqlSanitize($bzpass) . "' WHERE login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . " LIMIT 1"; - $this->App->bugzilla_sql($sql); - $this->App->ipzilla_sql($sql); - $this->messages['myaccount']['success'][] = "Your password was updated successfully."; - } - // If the user is trying to update password with the current password - else{ - $this->messages['myaccount']['danger'][] = "- Your new password must be different than your current password."; - } - } - } - - # if email address has changed, we must update Bugzilla DB record too. - $oldmail = $this->Ldapconn->getLDAPAttribute($dn, "mail"); - $mailmsg = ""; - if($email_changed) { - #Not a committer or didn't change employers? - if (!$this->is_committer || $this->changed_employer === 'No') { - if (!$this->Ldapconn->checkEmailAvailable($this->username)) { - $this->messages['myaccount']['danger'][] = "- Unable to change your email address<br />"; - } - elseif (!preg_match(SITELOGIN_EMAIL_REGEXP, $this->username)) { - $this->messages['myaccount']['danger'][] = "- Your email address is not formatted correctly<br />"; - } - else { - # Check that someone isn't piling on a bunch of requests for mail changes just to piss everyone off - $sql = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $sql .= "OR email = " . $this->App->returnQuotedString($oldmail); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] > 3) { - $this->messages['myaccount']['danger'][] = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b>"; - } - else { - # Toss in a request to change the email address - $this->messages['myaccount']['success'][] = " Please check your Inbox for a confirmation email with instructions to complete the email address change. Your email address will not be updated until the process is complete."; - $this->t = $this->t = $this->App->getAlphaCode(64); - $sql = "INSERT INTO account_requests (email,new_email,fname,lname,password,ip,req_when,token)VALUES (" . $this->App->returnQuotedString($oldmail) . ", - " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . ", - " . $this->App->returnQuotedString("MAILCHANGE") . ", - " . $this->App->returnQuotedString("MAILCHANGE") . ", - '', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $this->App->returnQuotedString($this->t) . ")"; - $this->App->eclipse_sql($sql); - - # Send mail to dest - $mail = "You (or someone pretending to be you) has changed their Eclipse.org account email address to this one (" . $this->App->sqlSanitize($this->username) . ") from this IP address:\n"; - $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n"; - $mail .= "To confirm this email change, please click the link below:\n"; - $mail .= " https://dev.eclipse.org/site_login/token.php?stage=confirm&t=$this->t\n\n"; - $mail .= "If you have not issued this request, you can safely ignore it.\n\n"; - $mail .= " -- Eclipse webmaster\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>'; - mail($this->username, "Eclipse Account Change", $mail, $headers); - //notify EMO - $this->_sendNotice("Email address","from: " . $oldmail . " to: " . $this->username ); - } - } - } else if ($this->is_committer && $this->changed_employer === "") { - $this->messages['myaccount']['danger'][] = "You must indicate if you have changed employers in order to save changes to your email address."; - return; - } - } - - - if (empty($this->messages['myaccount']['danger'])) { - $this->messages['myaccount']['success'][] = "Your account details have been updated successfully." . $mailmsg . ""; - if ($user_is_changing_password) { - header("Location: https://dev.eclipse.org/site_login/logout.php?password_update=1", 302); - } - } - } - else { - $this->messages['myaccount']['danger'][] = "Your current password is incorrect."; - } - } - else { - $this->messages['myaccount']['danger'][] = "Please ensure that all the required fields are entered correctly and try again."; - } - } - - private function _resetPassword() { - if (!$this->FormToken->verifyToken($_POST['token-password-recovery']) || !empty($_POST['recover-account-email-req'])) { - //token verification failed or expected empty field wasn't empty - return FALSE; - } - # reset stage 1. We got an email address, create token and email to user - # make sure someone isn't blasting us. We disregard "token failed" since a common use-case - # is to click the reset link after it has expired. - $sql = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token <> 'TOKEN_FAILED' AND fname = 'RESET' AND lname = 'RESET' AND ip = " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] >= 13) { - $this->messages['reset']['danger'][] = "<b>We were unable to determine your identity after several attempts. Subsequent inquiries will be ignored for our protection. Please try later, or contact webmaster@eclipse.org for support.</b> (8727s)"; - } - else { - if (!preg_match(SITELOGIN_EMAIL_REGEXP, $this->username)) { - $this->messages['reset']['danger'][] = "<b>Your email address is not formatted correctly.</b><br />"; - } - elseif ($this->Ldapconn->checkEmailAvailable($this->username)) { - $this->messages['reset']['danger'][] = "<b>We were unable to determine your identity with the information you've supplied.</b> Perhaps you don't have an Eclipse.org account, or your account is under a different email address.(8x27s)"; - } - else { - # Check to see if we're trying to reset the password of a valid account. - $this->t = $this->App->getAlphaCode(64); - $this->App->eclipse_sql("INSERT IGNORE INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . ", - '', - " . $this->App->returnQuotedString("RESET") . ", - " . $this->App->returnQuotedString("RESET") . ", - '', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - " . $this->App->returnQuotedString($this->t) . ")"); - - # Send mail to dest - $mail = "You (or someone pretending to be you) has requested a password reset from:\n"; - $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n"; - $mail .= "To change your password, please visit this URL:\nhttps://dev.eclipse.org/site_login/token.php?p=p&t=$this->t\n\n"; - $mail .= "If you have not requested this change, you can safely let it expire. If you have any problems signing in please contact webmaster@eclipse.org\n\n"; - $mail .= " -- Eclipse webmaster\n"; - $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>'; - mail($this->username, "Eclipse Account Password Reset", $mail, $headers); - $this->messages['reset']['success'][] = '<strong>Password Recovery:</strong> A token has been emailed to you to allow - you to reset your Eclipse.org password. Please check your Trash and Junk/Spam - folders if you do not see this email in your inbox.'; - - # Debug - //print $mail; - - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->t); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_REQ"); - $EventLog->insertModLog($this->username); - } - } - } - - private function _resetPassword2() { - # reset stage 2. We got an token back. If we find a record, allow user to reset password, then proceed to stage3 - if($this->t != "") { - $sql = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if($myrow['RecordCount'] <= 0) { - $this->exipred_pass_token = TRUE; - $this->_setStage('reset'); - $this->messages['reset2']['danger'][] = "<b>The supplied reset token is invalid; perhaps it has expired? Please wait 5 minutes and try to <a href='password_recovery.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8129rs)"; - # If we can't find a record, insert a record preventing this dude from bombing us - $this->t = $this->App->getAlphaCode(64); - $this->App->eclipse_sql("INSERT INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - } - else { - # display password reset page. - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->t); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_CONF"); - $EventLog->insertModLog($myrow['email']); - } - } - } - - private function _resetPassword3() { - if (!$this->FormToken->verifyToken($_POST['token-password-reset']) || !empty($_POST['reset-account-email-req'])) { - //token verification failed or expected empty field wasn't empty - return FALSE; - } - # reset stage 3. We got a token back, and user is submitting a password. - if ($this->t != "" && $this->password1 != "" ) { - if ($this->password1 != $this->password2) { - $this->messages['reset3']['danger'][] = "Submitted passwords don't match."; - $this->_setStage('reset2'); - return FALSE; - } - - if (!$this->Captcha->validate()) { - $this->messages['reset3']['danger'][] = "- You haven't answered the captcha question correctly<br />"; - $this->_setStage('reset2'); - return FALSE; - } - - $sql = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)); - $rs = $this->App->eclipse_sql($sql); - $myrow = mysql_fetch_assoc($rs); - if ($myrow['RecordCount'] <= 0) { - $this->messages['reset3']['danger'][] = "We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org. (8329rs)"; - $this->_setStage('reset2'); - # If we can't find a record, insert a record preventing this dude from bombing us - $this->t = $this->App->getAlphaCode(64); - $this->App->eclipse_sql("INSERT INTO account_requests VALUES (" . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)) . ", - '', - 'token_failed', - 'token_failed', - 'token_failed', - " . $this->App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", - NOW(), - 'TOKEN_FAILED')" - ); - } - else { - if (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $this->password1)) { - $this->messages['reset3']['danger'][] = "- Your password does not meet the complexity requirements<br />"; - $this->_setStage('reset2'); - } - elseif ($cryptopass = $this->_generateCryptotext($this->App->sqlSanitize($this->password1))) { - # Update this row, change IP address to reflect that of the person who successfully confirmed this password to avoid bombing - $sql = "UPDATE account_requests SET token = 'PASSWORD_SUCCESS', password='" . $cryptopass . "', ip = " . $this->App->returnQuotedString($this->App->sqlSanitize($_SERVER['REMOTE_ADDR'])) - . " WHERE token = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->t)); - $rs = $this->App->eclipse_sql($sql); - - $bzpass = &$this->_generateBugzillaSHA256Password($this->password1); - $sql = "UPDATE profiles SET cryptpassword='" . $this->App->sqlSanitize($bzpass) . "' WHERE login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($myrow['email'])) . " LIMIT 1"; - $this->App->bugzilla_sql($sql); - $this->App->ipzilla_sql($sql); - - $this->messages['reset']['success'][] = '<strong>Password Recovery:</strong> Your password was reset. You may now <a href="/site_login/index.php">log in</a>. Please note that some Eclipse.org sites, such as Bugzilla, Wiki or Forums, may ask you to login again with your new password.'; - - $EventLog = new EvtLog(); - $EventLog->setLogTable("__ldap"); - $EventLog->setPK1($this->t); - $EventLog->setPK2($_SERVER['REMOTE_ADDR']); - $EventLog->setLogAction("PASSWD_RESET_SUCCESS"); - $EventLog->insertModLog($myrow['email']); - } - else { - $this->messages['create']['danger'][] = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (3543s)"; - } - } - } - else { - $this->_setStage('reset2'); - $this->messages['reset3']['danger'][] = "Please enter a new password."; - return FALSE; - } - } - - private function _sanitizeVariables() { - $inputs = array( - 'agree', - 'githubid', - 'fname', - 'lname', - 'password', - 'p', - 'page', - 'password', - 'password1', - 'password2', - 'password_update', - 'remember', - 'stage', - 'submit', - 'takemeback', - 't', - 'username', - 'organization', - 'jobtitle', - 'website', - 'bio', - 'interests', - 'twitter_handle', - 'changed_employer', - 'country', - 'newsletter_status', - ); - - foreach ($inputs as $field) { - $this->$field = $this->App->getHTTPParameter($field, "POST"); - - if ($field == 'takemeback' || $field == 'website') { - $this->$field = urldecode($this->$field); - } - - if ($field == 'fname' || $field == 'lname') { - $this->$field = preg_replace(SITELOGIN_NAME_REGEXP, '', $this->$field); - } - else if ($field == 't') { - $this->$field = preg_replace("/[^a-zA-Z0-9]/", "", $this->t); - } - else { - $this->$field = preg_replace($this->xss_patterns, '', $this->$field); - } - - // Remove whitespace characters on the githubid field - if ($field == 'githubid') { - $this->$field = preg_replace("/\s+/", "", $this->$field); - } - - # Magic quotes feature is removed from PHP 5.4 but just incase. - if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { - $this->$field = stripslashes($this->$field); - } - } - - $this->username = trim($this->username); - - if (!is_numeric($this->remember)) { - $this->remember = 0; - } - - # Takemeback processing - $this->referer = ""; - if (isset($_SERVER['HTTP_REFERER'])) { - $this->referer = $_SERVER['HTTP_REFERER']; - } - - # Coming from the Wiki? Redirect to Special:Userlogin to finish processign - if(preg_match('/^(http|https):\/\/(wiki|wikitest)\.eclipse\.org\//', $this->referer, $matches)) { - $location = substr($this->referer, strlen($matches[0])); - #strip 'extra' index data bug 308257 - $location = preg_replace("/index\.php\?title\=/","",$location); - $this->takemeback = $matches[0] . "index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=" . $location ; - } - - # Forum login process broken with bad redirect - # Bug 430302 - if (preg_match('#^https?://.*eclipse.org/forums/index.php\?t=login#', $this->referer, $matches)) { - $this->takemeback = "https://www.eclipse.org/forums/index.php/l/"; - } - - # Since we use a secure cookie, anything http should be sent back https. - if (preg_match("#^http://(.*)#", $this->takemeback, $matches)) { - $this->takemeback = "https://" . $matches[1]; - } - - if (preg_match('#^https?://dev.eclipse.org/#', $this->takemeback) && !preg_match('#^https?://dev.eclipse.org/site_login/myaccount.php#', $this->takemeback)){ - $this->takemeback = ""; - } - if (!$this->validateTakemebackUrl()) { - $this->takemeback = ""; - } - } - - private function _setStage($stage){ - $possible_values = array( - 'login', - 'create', - 'save', - 'save-profile', - 'reset', - 'reset2', - 'reset3', - 'confirm', - ); - if ($this->t != "" && $stage == "confirm") { - $this->stage = 'confirm'; - } - elseif ($this->exipred_pass_token) { - $this->stage = "reset"; - } - elseif ($this->t == "" && $this->p == "" && $stage == 'password-recovery' && !empty($this->username)) { - $this->stage = "reset"; - } - elseif ($this->t != "" && $this->p == "p" && $stage == 'password-recovery') { - $this->stage = "reset2"; - } - elseif ($this->t != "" && $stage == 'password-recovery') { - $this->stage = "reset3"; - } - elseif (in_array($stage, $possible_values)){ - $this->stage = $stage; - } - } - - private function _sendNotice($changed="", $details=""){ - if ($this->is_committer) { - //do nothing if the changed state isn't yes or no. - if ($this->changed_employer === 'Yes') { - $mail = "Because you have changed employers, you must promptly provide the EMO(emo-records@eclipse.org) with your new employer information.\r\n"; - $mail .= "The EMO will determine what, if any, new legal agreements and/or employer consent forms are required for your committer account to remain active.\r\n\r\n"; - $mail .= " -- Eclipse webmaster\r\n"; - $headers = "From: Eclipse Webmaster (automated) <webmaster@eclipse.org>\r\n"; - $headers .= "CC: EMO-Records <emo-records@eclipse.org>"; - mail($this->user_mail, "Eclipse Account Change", $mail, $headers); - } else if ($this->changed_employer === 'No') { - if ($changed === "" || $details === "" ){ - $mail = "Committer: " . $this->user_uid . "\r\n"; - $mail .= "Has changed something, but details are incomplete. \r\n"; - $mail .= "What changed: " . $changed . " \r\n"; - $mail .= "Details: " . $details . "\r\n\r\n"; - $mail .= "Committer confirms they have NOT changed employers \r\n\r\n"; - } else { - $mail = "Committer: " . $this->user_uid . "\r\n"; - $mail .= "Has changed their " . $changed . " " . $details . "\r\n\r\n"; - $mail .= "Committer confirms they have NOT changed employers \r\n\r\n"; - } - $headers = "From: Eclipse Webmaster (automated) <webmaster@eclipse.org>"; - mail("emo-records@eclipse.org", "Eclipse Account Change", $mail, $headers); - } - } - } - - public function _showChangedEmployer() { - //show the changed employer buttons - if ($this->is_committer) { - echo <<<END - <div class="form-group clearfix has-feedback"> - <label class="col-sm-6 control-label">Have you changed employers<sup>[<a href="https://www.eclipse.org/legal/#CommitterAgreements" title="Why are we asking this?">?</a>]</sup><span class="required">*</span></label> - <div class="col-sm-16"> - <input type="radio" name="changed_employer" value="Yes"> Yes - <input type="radio" name="changed_employer" value="No"> No - </div> - </div> -END; - } - } - - private function _userAuthentification() { - $process = FALSE; - if ($this->FormToken->verifyToken($_POST['token-login']) && empty($_POST['login-username'])) { - $process = TRUE; - } - - if (!preg_match(SITELOGIN_EMAIL_REGEXP, $this->username) && $this->stage == "login") { - $this->messages['login']['danger'][] = "Your email address does not appear to be valid."; - $process = FALSE; - } - - if ($process) { - $dn = $this->Ldapconn->authenticate($this->username, $this->password); - if ($dn) { - # If you've logged in with your uid, we need to get the email. - if (!preg_match("/@/", $this->username)) { - $this->username = $this->Ldapconn->getLDAPAttribute($dn, "mail"); - } - - $this->Friend->getIsCommitter(); - - # Look up BZ ID - - $sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)); - $rs = $this->App->bugzilla_sql($sql); - - if ($myrow = mysql_fetch_assoc($rs)) { - - $uid = $this->Ldapconn->getUIDFromMail($this->username); - $this->Friend->selectFriend($this->Friend->selectFriendID("uid", $uid)); - $this->Friend->setBugzillaID($myrow['userid']); - - } - else { - # Try to log into Bugzilla using these credentials - # This will create one - # creating one is important, since not all our sites use LDAP auth, and some rely on BZ auth - $AccountCreator = New AccountCreator(); - $AccountCreator->setUsername($this->username); - $AccountCreator->setPassword($this->password); - $AccountCreator->execute(); - - # create/update Gerrit account - # Bug 421319 - # sleep(1); # not needed if we take the time to log into Gerrit - $AccountCreator = New AccountCreator(); - $AccountCreator->setUrl('https://git.eclipse.org/r/login/q/status:open,n,z'); - $AccountCreator->setAccountType('gerrit'); - $AccountCreator->setUsername($this->username); - $AccountCreator->setPassword($this->password); - $http_code = $AccountCreator->execute(); - # TODO: verify that account was created (see bugzilla SQL below) - - # Get BZ ID now that an acct should be created - $sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)); - $rs = $this->App->bugzilla_sql($sql); - if ($myrow = mysql_fetch_assoc($rs)) { - $uid = $this->Ldapconn->getUIDFromMail($this->username); - $this->Friend->selectFriend($this->Friend->selectFriendID("uid", $uid)); - $this->Friend->setBugzillaID($myrow['userid']); - } - else { - $EventLog = new EvtLog(); - $EventLog->setLogTable("bugs"); - $EventLog->setPK1($this->password); - $EventLog->setPK2($sql); - $EventLog->setLogAction("AUTH_BZID_NOT_FOUND"); - $EventLog->insertModLog($dn); - $this->Friend->setBugzillaID(41806); # Nobody. - } - } - - # Override loaded friends info with LDAP info - $this->Friend->setFirstName($this->Ldapconn->getLDAPAttribute($dn, "givenName")); - $this->Friend->setLastName($this->Ldapconn->getLDAPAttribute($dn, "sn")); - $realname = $this->Friend->getFirstName() . " " . $this->Friend->getLastName(); - $this->Friend->setDn($dn); - $this->Friend->setEMail($this->username); - - $this->Session->setIsPersistent($this->remember); - $this->Session->setFriend($this->Friend); - $this->Session->create(); - - - # Only temporarily, re-hash the password in Bugzilla so that other services can use it - $bzpass = $this->_generateBugzillaSHA256Password($this->password); - $this->App->bugzilla_sql("SET NAMES 'utf8'"); - $sql = "UPDATE profiles SET cryptpassword='" . $this->App->sqlSanitize($bzpass) . "', realname='" . $this->App->sqlSanitize($realname) . "' WHERE login_name = " . $this->App->returnQuotedString($this->App->sqlSanitize($this->username)) . " LIMIT 1"; - - $this->App->bugzilla_sql($sql); - - # Begin: Bug 432830 - Remove the continue button in site_login - if ($this->takemeback != "") { - header("Location: " . $this->takemeback, 302); - } - else { - header("Location: myaccount.php", 302); - } - exit(); - # END: Bug 432830 - Remove the continue button in site_login - } - else { - $this->messages["login"]['danger'][] = "Authentication Failed. Please verify that your email address and password are correct."; - } - } - } - - private function _verifyIfPasswordExpired() { - - // Check if the user is logged in - if($this->Session->isLoggedIn()){ - // Get the Distinguished Name from UID - $dn = $this->Ldapconn->getDNFromUID($this->user_uid); - // Get shadowLastChange in seconds - $lastChange = ($this->Ldapconn->getLDAPAttribute($dn, "shadowLastChange")) * 86400; - // Get the number of days - $shadowMax = $this->Ldapconn->getLDAPAttribute($dn, "shadowMax"); - // Set the expiry date - $expiryDate = strtotime('+'.$shadowMax.' days', $lastChange); - $expireSoon = strtotime('-30 days', $expiryDate); - if ($this->Friend->getIsCommitter()) { - $numberOfDays = round(($expiryDate - time()) / (3600*24)); - if ($expiryDate >= time() && time() > $expireSoon) { - $days = $numberOfDays == 1 ? 'day' : 'days'; - $this->messages['password_expire_soon']['info'][] = 'Your password expires in <strong>' . $numberOfDays . ' '. $days .'.</strong>'; - return FALSE; - } - if ($expiryDate < time()) { - $this->messages['password_expired']['danger'][] = "Your password is expired. <br>Please update it immediately."; - return TRUE; - } - } - } - return FALSE; - } - - /** - * This function fetches all the countries and continents - * @return array - * */ - private function _fetchCountries() { - $sql = "SELECT - countries.ccode, - countries.en_description as description, - countries.continent_code, - continents.en_description as continent - FROM SYS_countries as countries - LEFT JOIN SYS_continents as continents - ON countries.continent_code = continents.continent_code"; - $result = $this->App->eclipse_sql($sql); - - $countries = array(); - while ($row = mysql_fetch_array($result)) { - $countries[] = $row; - } - $this->country_list = $countries; - return $countries; - } - - /** - * This function fetches all the continents from the SYS_continents table - * @return array - * */ - private function _fetchcontinents() { - $sql = "SELECT en_description FROM SYS_continents ORDER BY sort_order DESC"; - $result = $this->App->eclipse_sql($sql); - - $continents = array(); - while ($row = mysql_fetch_array($result)) { - $continents[] = $row['en_description']; - } - return $continents; - } - -} diff --git a/classes/users/tpl/cla_form.tpl.php b/classes/users/tpl/cla_form.tpl.php deleted file mode 100644 index 69453444..00000000 --- a/classes/users/tpl/cla_form.tpl.php +++ /dev/null @@ -1,149 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - initial API and implementation - *******************************************************************************/ -?> -<?php if (is_a($this, 'Cla') && $this->ldap_uid): ?> - <form id="frm_cla" name="frm_cla" action="#open_tab_cla" method="post"> - <?php print $this->getClaFormContent('text_1'); ?> - <div class="well"> - <?php print $this->getClaFormContent('text_2'); ?> - - <div class="form-group clearfix"> - <div class="col-xs-1 position-static"> - <input <?php if ($this->getFieldValues('Question 1') === "1"){print 'checked';}?> - class="committer-license-agreement-checkbox form-checkbox required" - type="checkbox" id="edit-question-1" name="question_1" value="1" /> - </div> - <div class="col-xs-22"> - <label class="option" for="edit-question-1">Question A <span - class="form-required" title="This field is required.">*</span></label> - <div class="description"><?php print $this->getClaFormContent('question_1'); ?></div> - </div> - </div> - - <div class="form-group clearfix"> - <div class="col-xs-1 position-static"> - <input <?php if ($this->getFieldValues('Question 2') === "1"){print 'checked';}?> - class="committer-license-agreement-checkbox form-checkbox required" - type="checkbox" id="edit-question-2" name="question_2" value="1" /> - </div> - <div class="col-xs-22"> - <label class="option" for="edit-question-2">Question B <span - class="form-required" title="This field is required.">*</span></label> - <div class="description"><?php print $this->getClaFormContent('question_2'); ?></div> - </div> - </div> - - <div class="form-group clearfix"> - <div class="col-xs-1 position-static"> - <input <?php if ($this->getFieldValues('Question 3') === "1"){print 'checked';}?> - class="committer-license-agreement-checkbox form-checkbox required" - type="checkbox" id="edit-question-3" name="question_3" value="1" /> - </div> - <div class="col-xs-22"> - <label class="option" for="edit-question-3">Question C <span - class="form-required" title="This field is required.">*</span></label> - <div class="description"><?php print $this->getClaFormContent('question_3'); ?></div> - </div></div> - - <div class="form-group clearfix"> - <div class="col-xs-1 position-static"> - <input <?php if ($this->getFieldValues('Question 4') === "1"){print 'checked';}?> - class="committer-license-agreement-checkbox form-checkbox required" - type="checkbox" id="edit-question-4" name="question_4" value="1" /> - </div> - <div class="col-xs-22"> - <label class="option" for="edit-question-4">Question D <span - class="form-required" title="This field is required.">*</span></label> - <div class="description"><?php print $this->getClaFormContent('question_4'); ?></div> - </div></div> - - <div class="form-group"> - <?php print $this->getClaFormContent('text_3'); ?> - </div> - <div class="form-group"> - <label for="edit-agree">Electronic Signature <span - class="form-required" title="This field is required.">*</span></label> - <input class="form-control form-text required" type="text" - id="edit-cla-agree" name="cla_agree" value="<?php print $this->getFieldValues('Agree'); ?>" size="60" maxlength="128" /> - <div class="description">Type "I AGREE" to accept the - terms above</div> - </div> - </div> - - - <?php print $this->getClaFormContent('text_4'); ?> - - <div class="form-group"> - <label for="edit-email">Email Address <span class="form-required" - title="This field is required.">*</span></label> - <input readonly class="form-control form-text" - type="text" id="edit-email" name="email" - value="<?php print $this->Friend->getEmail(); ?>" size="60" maxlength="128" /> - <div class="description">If you wish to use a different email - address you must first change the primary email address associated - with your account</div> - - </div> - <div class="form-group"> - <label for="edit-legal-name">Legal Name <span class="form-required" - title="This field is required.">*</span></label> - <input - class="form-control form-text" type="text" - id="edit-legal-name" name="legal_name" value="<?php print $this->Friend->getFirstName() . ' ' . $this->Friend->getLastName(); ?>" - size="60" maxlength="128" /> - <div class="description">Your full name as written in your passport - (e.g. First Middle Lastname)</div> - </div> - - <div class="form-group"> - <label for="edit-public-name">Public Name </label> - <input - class="form-control form-text" type="text" id="edit-public-name" - name="public_name" value="<?php print $this->getFieldValues('Public Name'); ?>" size="60" maxlength="128" /> - <div class="description">Your full name, alias, or nickname that - people call you in the Project (e.g. First Lastname) - leave this - field empty if it's identical to your legal name</div> - </div> - - <div class="form-group"> - <label for="edit-employer">Employer <span class="form-required" - title="This field is required.">*</span></label> <input - class="form-control form-text required" type="text" - id="edit-employer" name="employer" value="<?php print $this->getFieldValues('Employer'); ?>" size="60" - maxlength="128" /> - <div class="description">Your employer - you may choose to enter - "Self-employed" or "Student" in this field</div> - </div> - - <div class="form-group"> - <label for="edit-address">Postal Address <span - class="form-required" title="This field is required.">*</span></label> - <div class="form-textarea-wrapper resizable"> - <textarea class="form-control form-textarea required" - id="edit-address" name="address" cols="60" rows="5"><?php print $this->getFieldValues('Address'); ?></textarea> - </div> - <div class="description">Your physical mailing address</div> - </div> - - <div class="form-group"> - <input type="hidden" name="state" value="submit_cla"> - <input type="hidden" name="form_name" value="cla-form"> - <button class="btn btn-default form-submit" id="edit-submit" name="op" - value="Accept" type="submit">Accept</button> - </div> - <p class="help_text"> - If you have any questions about this agreement, licensing, or - anything related to intellectual property at the Eclipse Foundation, - please send an email to <a href="mailto:license@eclipse.org">license@eclipse.org</a>. - </p> - </form> -<?php endif; ?>
\ No newline at end of file diff --git a/classes/users/tpl/cla_record.tpl.php b/classes/users/tpl/cla_record.tpl.php deleted file mode 100644 index 8650a82b..00000000 --- a/classes/users/tpl/cla_record.tpl.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php -/******************************************************************************* - * Copyright (c) 2016 Eclipse Foundation and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eric Poirier (Eclipse Foundation) - initial API and implementation - *******************************************************************************/ -?> - -<?php if (is_a($this, 'Cla') && $this->Friend->getUID()): ?> - <br> - <div class="alert alert-success" role="alert"> - <strong>Congratulations!</strong> You've signed a ECA. - </div> - <div class="alert alert-info" role="alert"> - <p>The Eclipse Contributor Agreement that we have on record for - you will expire on <?php print $this->getClaExpiryDate(); ?></p> - </div> - <p>If you've changed employers or your contact information, - please invalidate your current ECA and complete the form again. - <strong>Note that if you invalidate / renew your ECA, it cannot be undone; - you will be prompted to sign a new ECA.</strong></p> - <form action="#open_tab_cla" method="POST"> - <input type="hidden" name="state" value="invalidate_cla"> - <input type="hidden" name="form_name" value="cla-form"> - <button class="btn btn-primary">Invalidate / Renew ECA</button> - </form> -<?php endif; ?>
\ No newline at end of file diff --git a/system/eclipseenv.class.php b/system/eclipseenv.class.php index d58a6619..e73e3928 100644 --- a/system/eclipseenv.class.php +++ b/system/eclipseenv.class.php @@ -87,6 +87,7 @@ class EclipseEnv { 'cookie' => '.eclipse.local', 'domain' => 'www.eclipse.local:502' . $local_docker_port, 'dev_domain' => 'dev.eclipse.local:51143', + 'accounts' => 'accounts.eclipse.local:51243', 'allowed_hosts' => array( 'eclipse.local', 'www.eclipse.local', @@ -101,6 +102,7 @@ class EclipseEnv { 'domain' => 'staging.eclipse.org', // We currently dont have a staging server for dev.eclipse.org 'dev_domain' => 'dev.eclipse.org', + 'accounts' => 'accounts-staging.eclipse.org', 'allowed_hosts' => array( 'staging.eclipse.org' ), @@ -111,6 +113,7 @@ class EclipseEnv { 'cookie' => '.eclipse.org', 'domain' => 'www.eclipse.org', 'dev_domain' => 'dev.eclipse.org', + 'accounts' => 'accounts.eclipse.org', 'allowed_hosts' => array( // Empty, since it's the default. ), diff --git a/system/session.class.php b/system/session.class.php index 8cd28d2c..160d6064 100644 --- a/system/session.class.php +++ b/system/session.class.php @@ -59,7 +59,7 @@ class Session { 'session_name' => 'ECLIPSESESSION', 'env' => 'ECLIPSE_ENV', 'htaccess' => '/home/data/httpd/friends.eclipse.org/html/.htaccess', - 'login_page' => 'https://' . $domain['dev_domain'] . '/site_login/', + 'login_page' => 'https://' . $domain['accounts'] . '/user/login', ); # Set default config values. |