1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace SES; |
4
|
|
|
|
5
|
|
|
use User; |
6
|
|
|
use Sanitizer; |
7
|
|
|
use Exception; |
8
|
|
|
|
9
|
|
|
/** |
10
|
|
|
* @license GNU GPL v3+ |
11
|
|
|
* @since 1.0 |
12
|
|
|
* |
13
|
|
|
* @author Serhii Kutnii |
14
|
|
|
*/ |
15
|
|
|
class UserAccountDataChecker extends DataChecker { |
16
|
|
|
|
17
|
|
|
public $mUsername = ''; |
18
|
|
|
public $mPassword = ''; |
19
|
|
|
public $mEmail = ''; |
20
|
|
|
public $mRealname = ''; |
21
|
|
|
public $mDomain = ''; |
22
|
|
|
public $mLanguage = ''; |
23
|
|
|
public $mRemember = false; |
24
|
|
|
public $mUser = null; |
25
|
|
|
|
26
|
1 |
|
public function __construct() { |
27
|
1 |
|
$that = $this; |
28
|
1 |
|
$this->addCheck( array( &$that, 'checkDomainValidity' ), array() ); |
29
|
1 |
|
$this->addCheck( array( &$that, 'checkDomainUser' ), array() ); |
30
|
1 |
|
$this->addCheck( array( &$that, 'checkCreatePermissions' ), array() ); |
31
|
1 |
|
$this->addCheck( array( &$that, 'checkSorbs' ), array() ); |
32
|
1 |
|
$this->addCheck( array( &$that, 'checkUserExists' ), array() ); |
33
|
1 |
|
$this->addCheck( array( &$that, 'checkPasswordLength' ), array() ); |
34
|
1 |
|
$this->addCheck( array( &$that, 'checkEmailValidity' ), array() ); |
35
|
|
|
} |
36
|
|
|
|
37
|
|
|
// Checks |
38
|
|
|
|
39
|
|
|
public function checkDomainValidity() { |
40
|
|
|
global $wgAuth; |
41
|
|
|
|
42
|
|
|
if ( !$wgAuth->validDomain( $this->mDomain ) ) |
43
|
|
|
$this->error( wfMessage( 'wrongpassword' )->text() ); |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
public function checkDomainUser() { |
47
|
|
|
global $wgAuth; |
48
|
|
|
|
49
|
|
|
if ( ( 'local' != $this->mDomain ) && ( '' != $this->mDomain ) |
50
|
|
|
&& !$wgAuth->canCreateAccounts() && ( !$wgAuth->userExists( $this->mName ) || !$wgAuth->authenticate( $this->mName, $this->mPassword ) ) ) |
51
|
|
|
$this->error( wfMessage( 'wrongpassword' )->text() ); |
52
|
|
|
} |
53
|
|
|
|
54
|
|
|
public function checkCreatePermissions() { |
55
|
|
|
global $wgUser; |
56
|
|
|
|
57
|
|
|
if ( !$wgUser->isAllowed( 'createaccount' ) || $wgUser->isBlockedFromCreateAccount() ) |
58
|
|
|
$this->error( wfMessage( 'ses-createforbidden' )->text() ); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
public function checkSorbs() { |
62
|
|
|
global $wgProxyWhitelist; |
63
|
|
|
global $wgEnableSorbs, $wgRequest; |
64
|
|
|
$ip = $wgRequest->getIP(); |
65
|
|
|
if ( $wgEnableSorbs && !in_array( $ip, $wgProxyWhitelist ) && |
66
|
|
|
$wgUser->inSorbsBlacklist( $ip ) ) |
|
|
|
|
67
|
|
|
$this->error( wfMessage( 'sorbs_create_account_reason' )->text() ); |
68
|
|
|
} |
69
|
|
|
|
70
|
|
|
public function checkUserExists() { |
71
|
|
|
if ( $this->mUser->idForName() ) |
72
|
|
|
$this->error( wfMessage( 'ses-userexists' )->text() ); |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
public function checkPasswordLength() { |
76
|
|
|
if ( !$this->mUser->isValidPassword( $this->mPassword ) ) |
77
|
|
|
{ |
78
|
|
|
global $wgMinimalPasswordLength; |
79
|
|
|
$this->error( wfMessage( 'passwordtooshort' )->numParams( $wgMinimalPasswordLength )->text() ); |
80
|
|
|
} |
81
|
|
|
} |
82
|
|
|
|
83
|
|
|
public function checkEmailValidity() { |
84
|
|
|
global $wgEnableEmail; |
85
|
|
|
if ( $wgEnableEmail && $this->mEmail !== '' && !Sanitizer::validateEmail( $this->mEmail ) ) { |
86
|
|
|
$this->error( wfMessage( 'invalidemailaddress' )->text() ); |
87
|
|
|
} |
88
|
|
|
} |
89
|
|
|
|
90
|
|
|
protected function populateData() { |
91
|
|
|
$this->mUsername = $this->getUserDataValue( 'wpName', 'nousername' ); |
92
|
|
|
$name = trim( $this->mUsername ); |
93
|
|
|
$this->mUser = User::newFromName( $name, 'creatable' ); |
94
|
|
|
if ( !$this->mUser ) { |
95
|
|
|
$this->error( wfMessage( 'ses-noname' )->text() ); |
96
|
|
|
} |
97
|
|
|
|
98
|
|
|
global $sesRealNameRequired; |
99
|
|
|
$this->mRealname = $this->getUserDataValue( 'wpRealName', $sesRealNameRequired ? 'norealname' : null ); |
100
|
|
|
|
101
|
|
|
$this->mPassword = $this->getUserDataValue( 'wpPassword' ); |
102
|
|
|
$retype = $this->getUserDataValue( 'wpRetype' ); |
103
|
|
|
if ( strcmp( $this->mPassword, $retype ) ) |
104
|
|
|
$this->error( wfMessage( 'ses-nopwdmatch' )->text() ); |
105
|
|
|
|
106
|
|
|
$this->mDomain = $this->getUserDataValue( 'wpDomain' ); |
107
|
|
|
|
108
|
|
|
global $wgEmailConfirmToEdit; |
109
|
|
|
$this->mEmail = $this->getUserDataValue( 'wpEmail', $wgEmailConfirmToEdit ? 'noemailtitle' : null ); |
110
|
|
|
|
111
|
|
|
$this->mLanguage = $this->getUserDataValue( 'uselang' ); |
112
|
|
|
|
113
|
|
|
global $wgRequest; |
114
|
|
|
$this->mRemember = $wgRequest->getCheck( 'wpRemember' ); |
115
|
|
|
} |
116
|
|
|
|
117
|
|
|
} |
118
|
|
|
|
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.