1 | <?php |
||
2 | // This file is part of BOINC. |
||
3 | // http://boinc.berkeley.edu |
||
4 | // Copyright (C) 2017 University of California |
||
5 | // |
||
6 | // BOINC is free software; you can redistribute it and/or modify it |
||
7 | // under the terms of the GNU Lesser General Public License |
||
8 | // as published by the Free Software Foundation, |
||
9 | // either version 3 of the License, or (at your option) any later version. |
||
10 | // |
||
11 | // BOINC is distributed in the hope that it will be useful, |
||
12 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
13 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
14 | // See the GNU Lesser General Public License for more details. |
||
15 | // |
||
16 | // You should have received a copy of the GNU Lesser General Public License |
||
17 | // along with BOINC. If not, see <http://www.gnu.org/licenses/>. |
||
18 | |||
19 | // functions for creating and deleting users |
||
20 | |||
21 | |||
22 | include_once("../inc/boinc_db.inc"); |
||
23 | include_once("../inc/util.inc"); |
||
24 | include_once("../inc/email.inc"); |
||
25 | include_once("../inc/recaptchalib.php"); |
||
26 | require_once("../inc/password_compat/password.inc"); |
||
27 | require_once("../inc/consent.inc"); |
||
28 | |||
29 | // Password hash has old format. |
||
30 | // Update user record with new format |
||
31 | // |
||
32 | function do_passwd_rehash($user, $passwd_hash) { |
||
33 | $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
||
34 | $result = $user->update(" passwd_hash='$database_passwd_hash' "); |
||
35 | } |
||
36 | |||
37 | // return true if the passwd hash (old format) |
||
38 | // matches the user's passwd hash (possibly new format) |
||
39 | // |
||
40 | function check_passwd_hash($user, $passwd_hash) { |
||
41 | if (password_verify($passwd_hash, $user->passwd_hash)) { |
||
42 | // on valid login, rehash password to upgrade hash overtime |
||
43 | // as the defaults change. |
||
44 | // |
||
45 | if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) { |
||
46 | do_passwd_rehash($user, $passwd_hash); |
||
47 | } |
||
48 | } else if ($passwd_hash == $user->passwd_hash) { |
||
49 | // user record has old format. Change to new. |
||
50 | // |
||
51 | do_passwd_rehash($user, $passwd_hash); |
||
52 | } else { |
||
53 | return false; |
||
54 | } |
||
55 | return true; |
||
56 | } |
||
57 | |||
58 | function check_passwd_ui($user, $passwd) { |
||
59 | $passwd_hash = md5($passwd.$user->email_addr); |
||
60 | if(!check_passwd_hash($user, $passwd_hash)) { |
||
61 | sleep(LOGIN_FAIL_SLEEP_SEC); |
||
62 | page_head("Password incorrect"); |
||
63 | echo "The password you entered is incorrect. Please go back and try again.\n"; |
||
64 | page_tail(); |
||
65 | exit; |
||
0 ignored issues
–
show
|
|||
66 | } |
||
67 | } |
||
68 | |||
69 | function is_banned_email_addr($email_addr) { |
||
70 | global $banned_email_domains; |
||
71 | if (isset($banned_email_domains)) { |
||
72 | foreach($banned_email_domains as $d) { |
||
73 | $x = strstr($email_addr, $d); |
||
74 | if ($x == $d) return true; |
||
75 | } |
||
76 | } |
||
77 | return false; |
||
78 | } |
||
79 | |||
80 | function is_valid_user_name($name, &$reason) { |
||
81 | if (trim($name) !== $name) { |
||
82 | $reason = tra("user name cannot have leading or trailing white space"); |
||
83 | return false; |
||
84 | } |
||
85 | if (strlen($name) == 0) { |
||
86 | $reason = tra("user name must be nonempty"); |
||
87 | return false; |
||
88 | } |
||
89 | if (sanitize_tags($name) !== $name) { |
||
90 | $reason = tra("user name may not contain HTML tags"); |
||
91 | return false; |
||
92 | } |
||
93 | if (is_numeric($name)) { |
||
94 | $reason = tra("user name may not be a number"); |
||
95 | return false; |
||
96 | } |
||
97 | return true; |
||
98 | } |
||
99 | |||
100 | function default_show_hosts() { |
||
101 | global $config; |
||
102 | // If enable privacy by default is TRUE, then show_hosts' default |
||
103 | // is FALSE. |
||
104 | return parse_bool($config, "enable_privacy_by_default") ? 0 : 1; |
||
105 | } |
||
106 | |||
107 | // the following DB-escapes its args |
||
108 | // |
||
109 | function make_user( |
||
110 | $email_addr, $name, $passwd_hash, |
||
111 | $country=null, $postal_code=null, $project_prefs=null, $teamid=0 |
||
112 | ) { |
||
113 | if (!is_valid_email_addr($email_addr)) return null; |
||
114 | if (is_banned_email_addr($email_addr)) return null; |
||
115 | |||
116 | $authenticator = random_string(); |
||
117 | $cross_project_id = random_string(); |
||
118 | $now = time(); |
||
119 | if (!is_valid_country($country)) return null; |
||
120 | |||
121 | $email_addr = BoincDb::escape_string($email_addr); |
||
122 | $name = sanitize_tags($name); |
||
123 | $name = BoincDb::escape_string($name); |
||
124 | $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
||
125 | |||
126 | $country = BoincDb::escape_string($country); |
||
127 | $postal_code = sanitize_tags(BoincDb::escape_string($postal_code)); |
||
128 | |||
129 | $show_hosts = default_show_hosts(); |
||
130 | $uid = BoincUser::insert("(create_time, email_addr, name, authenticator, country, postal_code, total_credit, expavg_credit, expavg_time, project_prefs, teamid, venue, send_email, show_hosts, posts, seti_id, seti_nresults, seti_last_result_time, seti_total_cpu, has_profile, cross_project_id, passwd_hash, email_validated, donated) values($now, '$email_addr', '$name', '$authenticator', '$country', '$postal_code', 0, 0, unix_timestamp(), '$project_prefs', $teamid, '', 1, $show_hosts, 0, 0, 0, 0, 0, 0, '$cross_project_id', '$database_passwd_hash', 0, 0)"); |
||
131 | |||
132 | if (!$uid) { |
||
133 | return null; |
||
134 | } |
||
135 | $user = BoincUser::lookup_id($uid); |
||
136 | if (defined('RECORD_USER_IP')) { |
||
137 | $ip = $_SERVER['REMOTE_ADDR']; |
||
138 | $ip = BoincDb::escape_string($ip); |
||
139 | $user->update("venue='$ip'"); |
||
140 | } |
||
141 | return $user; |
||
142 | } |
||
143 | |||
144 | function make_user_ldap($email_addr, $name) { |
||
145 | $email_addr = BoincDb::escape_string($email_addr); |
||
146 | $name = sanitize_tags($name); |
||
147 | $name = BoincDb::escape_string($name); |
||
148 | $authenticator = random_string(); |
||
149 | $cross_project_id = random_string(); |
||
150 | $passwd_hash = random_string(); |
||
151 | $now = time(); |
||
152 | |||
153 | $show_hosts = default_show_hosts(); |
||
154 | $uid = BoincUser::insert("(create_time, email_addr, name, authenticator, country, postal_code, total_credit, expavg_credit, expavg_time, project_prefs, teamid, send_email, show_hosts, cross_project_id, passwd_hash) values($now, '$email_addr', '$name', '$authenticator', '', '', 0, 0, unix_timestamp(), '', 0, 1, $show_hosts, '$cross_project_id', '$passwd_hash')"); |
||
155 | |||
156 | if ($uid) { |
||
157 | return BoincUser::lookup_id($uid); |
||
158 | } else { |
||
159 | return null; |
||
160 | } |
||
161 | } |
||
162 | |||
163 | function show_error($str) { |
||
164 | page_head(tra("Can't create account")); |
||
165 | echo "$str<br>\n"; |
||
166 | echo BoincDb::error(); |
||
167 | echo "<p>".tra("Click your browser's <b>Back</b> button to try again.")."\n</p>\n"; |
||
168 | page_tail(); |
||
169 | exit(); |
||
170 | } |
||
171 | |||
172 | // validate POST args and make user. |
||
173 | // If error show error page and exit. |
||
174 | // Else return user object |
||
175 | // |
||
176 | function validate_post_make_user() { |
||
177 | global $recaptcha_private_key; |
||
178 | $config = get_config(); |
||
179 | if (parse_bool($config, "disable_account_creation") |
||
180 | || parse_bool($config, "no_web_account_creation") |
||
181 | ) { |
||
182 | error_page("Account creation is disabled"); |
||
183 | } |
||
184 | |||
185 | if ($recaptcha_private_key) { |
||
186 | if (!boinc_recaptcha_isValidated($recaptcha_private_key)) { |
||
187 | show_error( |
||
188 | tra("Your reCAPTCHA response was not correct. Please try again.") |
||
189 | ); |
||
190 | } |
||
191 | } |
||
192 | |||
193 | // Check if consent to terms of use has been given. |
||
194 | // |
||
195 | $myconsent = FALSE; |
||
196 | list($checkct, $ctid) = check_consent_type(CONSENT_TYPE_ENROLL); |
||
197 | if ($checkct and check_termsofuse()) { |
||
198 | $agree = post_str("agree_to_terms_of_use", true); |
||
199 | if (!$agree) { |
||
200 | error_page(tra("You have not agreed to our terms of use. Please agree to the terms of use by navigating back to the previous page, in order to create your account")); |
||
201 | } |
||
202 | $myconsent = TRUE; |
||
203 | } |
||
204 | |||
205 | // see whether the new account should be pre-enrolled in a team, |
||
206 | // and initialized with its founder's project prefs |
||
207 | // |
||
208 | $teamid = post_int("teamid", true); |
||
209 | if ($teamid) { |
||
210 | $team = BoincTeam::lookup_id($teamid); |
||
211 | $clone_user = BoincUser::lookup_id($team->userid); |
||
212 | if (!$clone_user) { |
||
213 | error_page("User $userid not found"); |
||
214 | } |
||
215 | $project_prefs = $clone_user->project_prefs; |
||
216 | } else { |
||
217 | $teamid = 0; |
||
218 | $project_prefs = ""; |
||
219 | } |
||
220 | |||
221 | if (defined('INVITE_CODES')) { |
||
222 | $invite_code = post_str("invite_code"); |
||
223 | if (strlen($invite_code) == 0) { |
||
224 | show_error(tra("You must supply an invitation code to create an account.")); |
||
225 | } |
||
226 | if (!preg_match(INVITE_CODES, $invite_code)) { |
||
227 | show_error(tra("The invitation code you gave is not valid.")); |
||
228 | } |
||
229 | } |
||
230 | |||
231 | $new_name = post_str("new_name"); |
||
232 | if (!is_valid_user_name($new_name, $reason)) { |
||
233 | show_error($reason); |
||
234 | } |
||
235 | if (UNIQUE_USER_NAME) { |
||
236 | $u = BoincUser::lookup_name($new_name); |
||
237 | if ($u) { |
||
238 | page_head("That name is in use"); |
||
239 | echo "<p>The following user names are taken; |
||
240 | please go back and use a different one.<p> |
||
241 | "; |
||
242 | $users = BoincUser::enum( |
||
243 | sprintf("name like '%s%%'", $new_name) |
||
244 | ); |
||
245 | foreach ($users as $u){ |
||
246 | echo "<p>$u->name\n"; |
||
247 | } |
||
248 | page_tail(); |
||
249 | exit; |
||
250 | } |
||
251 | } |
||
252 | |||
253 | $new_email_addr = strtolower(post_str("new_email_addr")); |
||
254 | if (!is_valid_email_addr($new_email_addr)) { |
||
255 | show_error(tra("Invalid email address: please enter a valid address of the form [email protected]")); |
||
256 | } |
||
257 | $user = BoincUser::lookup_email_addr($new_email_addr); |
||
258 | if ($user) { |
||
259 | show_error(tra("There's already an account with that email address.")); |
||
260 | } |
||
261 | $tmpuser = BoincUser::lookup_prev_email_addr($new_email_addr); |
||
262 | if ($tmpuser) { |
||
263 | show_error(tra("There's already an account with that email address.")); |
||
264 | } |
||
265 | |||
266 | $passwd = post_str("passwd"); |
||
267 | |||
268 | $min_passwd_length = parse_config($config, "<min_passwd_length>"); |
||
269 | if (!$min_passwd_length) $min_passwd_length = 6; |
||
270 | |||
271 | if (!is_ascii($passwd)) { |
||
272 | show_error(tra("Passwords may only include ASCII characters.")); |
||
273 | } |
||
274 | |||
275 | if (strlen($passwd)<$min_passwd_length) { |
||
276 | show_error( |
||
277 | tra("New password is too short: minimum password length is %1 characters.", $min_passwd_length) |
||
278 | ); |
||
279 | } |
||
280 | |||
281 | $passwd_hash = md5($passwd.$new_email_addr); |
||
282 | |||
283 | $country = ""; |
||
284 | if (USER_COUNTRY) { |
||
285 | $country = post_str("country", true); |
||
286 | if ($country && !is_valid_country($country)) { |
||
287 | error_page("bad country"); |
||
288 | } |
||
289 | } |
||
290 | |||
291 | if (POSTAL_CODE) { |
||
292 | $postal_code = sanitize_tags(post_str("postal_code", true)); |
||
293 | } else { |
||
294 | $postal_code = ''; |
||
295 | } |
||
296 | |||
297 | $user = make_user( |
||
298 | $new_email_addr, $new_name, $passwd_hash, |
||
299 | $country, $postal_code, $project_prefs, $teamid |
||
300 | ); |
||
301 | if (!$user) { |
||
302 | show_error( |
||
303 | tra("Couldn't create account").": ".BoincDb::error() |
||
304 | ); |
||
305 | } |
||
306 | |||
307 | if ($myconsent) { |
||
308 | $rc = consent_to_a_policy($user, $ctid, 1, 0, 'Webreg'); |
||
309 | if (!$rc) { |
||
310 | show_error(tra("database error, please contact site administrators")); |
||
311 | } |
||
312 | } |
||
313 | |||
314 | if (defined('INVITE_CODES')) { |
||
315 | error_log("Account '$new_email_addr' created using invitation code '$invite_code'"); |
||
316 | } |
||
317 | return $user; |
||
318 | } |
||
319 | |||
320 | // delete a user and all associated records except |
||
321 | // result |
||
322 | // host |
||
323 | // batch |
||
324 | // team |
||
325 | // user_submit |
||
326 | // user_submit_app |
||
327 | // credited_job |
||
328 | // donation_paypal |
||
329 | // sent_email |
||
330 | // |
||
331 | function delete_user($user) { |
||
332 | delete_profile($user); |
||
333 | forum_delete_user($user); |
||
334 | // deletes post, thread, subscription, forum_preferences, forum_logging |
||
335 | BoincPrivateMessage::delete_aux("userid=$user->id or senderid=$user->id"); |
||
336 | BoincNotify::delete_aux("userid=$user->id"); |
||
337 | BoincCreditUser::delete_user($user); |
||
338 | BoincBadgeUser::delete("user_id=$user->id"); |
||
339 | BoincFriend::delete_aux("user_src=$user->id or user_dest=$user->id"); |
||
340 | BoincToken::delete_for_user($user->id); |
||
341 | $user->delete(); |
||
342 | } |
||
343 | ?> |
||
344 |
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.