enwikipedia-acc / waca

includes/Pages/Statistics/StatsMain.php

Indentation +89 added lines, -89 removed lines

@@ -12,104 +12,104 @@
 
 class StatsMain extends InternalPageBase
 {
-    public function main()
-    {
-        $this->setHtmlTitle('Statistics');
-
-        $this->assign('statsPageTitle', 'Account Creation Statistics');
-
-        $statsPages = array(
-            'fastCloses'       => 'Requests closed less than 30 seconds after reservation in the past 3 months',
-            'inactiveUsers'    => 'Inactive tool users',
-            'monthlyStats'     => 'Monthly Statistics',
-            'reservedRequests' => 'All currently reserved requests',
-            'templateStats'    => 'Template Stats',
-            'topCreators'      => 'Top Account Creators',
-            'users'            => 'Account Creation Tool users',
-        );
-
-        $this->generateSmallStatsTable();
-
-        $this->assign('statsPages', $statsPages);
-
-        $graphList = array('day', '2day', '4day', 'week', '2week', 'month', '3month');
-        $this->assign('graphList', $graphList);
-
-        $this->setTemplate('statistics/main.tpl');
-    }
-
-    /**
-     * Gets the relevant statistics from the database for the small statistics table
-     */
-    private function generateSmallStatsTable()
-    {
-        $database = $this->getDatabase();
-        $requestsQuery = <<<'SQL'
+	public function main()
+	{
+		$this->setHtmlTitle('Statistics');
+
+		$this->assign('statsPageTitle', 'Account Creation Statistics');
+
+		$statsPages = array(
+			'fastCloses'       => 'Requests closed less than 30 seconds after reservation in the past 3 months',
+			'inactiveUsers'    => 'Inactive tool users',
+			'monthlyStats'     => 'Monthly Statistics',
+			'reservedRequests' => 'All currently reserved requests',
+			'templateStats'    => 'Template Stats',
+			'topCreators'      => 'Top Account Creators',
+			'users'            => 'Account Creation Tool users',
+		);
+
+		$this->generateSmallStatsTable();
+
+		$this->assign('statsPages', $statsPages);
+
+		$graphList = array('day', '2day', '4day', 'week', '2week', 'month', '3month');
+		$this->assign('graphList', $graphList);
+
+		$this->setTemplate('statistics/main.tpl');
+	}
+
+	/**
+	 * Gets the relevant statistics from the database for the small statistics table
+	 */
+	private function generateSmallStatsTable()
+	{
+		$database = $this->getDatabase();
+		$requestsQuery = <<<'SQL'
 SELECT COUNT(*) FROM request WHERE status = :status AND emailconfirm = 'Confirmed';
 SQL;
-        $requestsStatement = $database->prepare($requestsQuery);
+		$requestsStatement = $database->prepare($requestsQuery);
 
-        $requestStates = $this->getSiteConfiguration()->getRequestStates();
+		$requestStates = $this->getSiteConfiguration()->getRequestStates();
 
-        $requestStateData = array();
+		$requestStateData = array();
 
-        foreach ($requestStates as $statusName => $data) {
-            $requestsStatement->execute(array(':status' => $statusName));
-            $requestCount = $requestsStatement->fetchColumn();
-            $requestsStatement->closeCursor();
-            $headerText = $data['header'];
-            $requestStateData[$headerText] = $requestCount;
-        }
+		foreach ($requestStates as $statusName => $data) {
+			$requestsStatement->execute(array(':status' => $statusName));
+			$requestCount = $requestsStatement->fetchColumn();
+			$requestsStatement->closeCursor();
+			$headerText = $data['header'];
+			$requestStateData[$headerText] = $requestCount;
+		}
 
-        $this->assign('requestCountData', $requestStateData);
+		$this->assign('requestCountData', $requestStateData);
 
-        // Unconfirmed requests
-        $unconfirmedStatement = $database->query(<<<SQL
+		// Unconfirmed requests
+		$unconfirmedStatement = $database->query(<<<SQL
 SELECT COUNT(*) FROM request WHERE emailconfirm != 'Confirmed' AND emailconfirm != '';
 SQL
-        );
-        $unconfirmed = $unconfirmedStatement->fetchColumn();
-        $unconfirmedStatement->closeCursor();
-        $this->assign('statsUnconfirmed', $unconfirmed);
-
-        $userStatusStatement = $database->prepare('SELECT COUNT(*) FROM user WHERE status = :status;');
-
-        // Admin users
-        $userStatusStatement->execute(array(':status' => 'Admin'));
-        $adminUsers = $userStatusStatement->fetchColumn();
-        $userStatusStatement->closeCursor();
-        $this->assign('statsAdminUsers', $adminUsers);
-
-        // Users
-        $userStatusStatement->execute(array(':status' => 'User'));
-        $users = $userStatusStatement->fetchColumn();
-        $userStatusStatement->closeCursor();
-        $this->assign('statsUsers', $users);
-
-        // Suspended users
-        $userStatusStatement->execute(array(':status' => 'Suspended'));
-        $suspendedUsers = $userStatusStatement->fetchColumn();
-        $userStatusStatement->closeCursor();
-        $this->assign('statsSuspendedUsers', $suspendedUsers);
-
-        // New users
-        $userStatusStatement->execute(array(':status' => 'New'));
-        $newUsers = $userStatusStatement->fetchColumn();
-        $userStatusStatement->closeCursor();
-        $this->assign('statsNewUsers', $newUsers);
-
-        // Most comments on a request
-        $mostCommentsStatement = $database->query(<<<SQL
+		);
+		$unconfirmed = $unconfirmedStatement->fetchColumn();
+		$unconfirmedStatement->closeCursor();
+		$this->assign('statsUnconfirmed', $unconfirmed);
+
+		$userStatusStatement = $database->prepare('SELECT COUNT(*) FROM user WHERE status = :status;');
+
+		// Admin users
+		$userStatusStatement->execute(array(':status' => 'Admin'));
+		$adminUsers = $userStatusStatement->fetchColumn();
+		$userStatusStatement->closeCursor();
+		$this->assign('statsAdminUsers', $adminUsers);
+
+		// Users
+		$userStatusStatement->execute(array(':status' => 'User'));
+		$users = $userStatusStatement->fetchColumn();
+		$userStatusStatement->closeCursor();
+		$this->assign('statsUsers', $users);
+
+		// Suspended users
+		$userStatusStatement->execute(array(':status' => 'Suspended'));
+		$suspendedUsers = $userStatusStatement->fetchColumn();
+		$userStatusStatement->closeCursor();
+		$this->assign('statsSuspendedUsers', $suspendedUsers);
+
+		// New users
+		$userStatusStatement->execute(array(':status' => 'New'));
+		$newUsers = $userStatusStatement->fetchColumn();
+		$userStatusStatement->closeCursor();
+		$this->assign('statsNewUsers', $newUsers);
+
+		// Most comments on a request
+		$mostCommentsStatement = $database->query(<<<SQL
 SELECT request FROM comment GROUP BY request ORDER BY COUNT(*) DESC LIMIT 1;
 SQL
-        );
-        $mostComments = $mostCommentsStatement->fetchColumn();
-        $mostCommentsStatement->closeCursor();
-        $this->assign('mostComments', $mostComments);
-    }
-
-    public function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asInternalPage();
-    }
+		);
+		$mostComments = $mostCommentsStatement->fetchColumn();
+		$mostCommentsStatement->closeCursor();
+		$this->assign('mostComments', $mostComments);
+	}
+
+	public function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asInternalPage();
+	}
 }

includes/Pages/Statistics/StatsReservedRequests.php

Indentation +15 added lines, -15 removed lines

@@ -13,11 +13,11 @@ 
 
 class StatsReservedRequests extends InternalPageBase
 {
-    public function main()
-    {
-        $this->setHtmlTitle('Reserved Requests :: Statistics');
+	public function main()
+	{
+		$this->setHtmlTitle('Reserved Requests :: Statistics');
 
-        $query = <<<sql
+		$query = <<<sql
 SELECT
     p.id AS requestid,
     p.name AS name,
@@ -29,16 +29,16 @@ 
 WHERE reserved != 0;
 sql;
 
-        $database = $this->getDatabase();
-        $statement = $database->query($query);
-        $data = $statement->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign('dataTable', $data);
-        $this->assign('statsPageTitle', 'All currently reserved requests');
-        $this->setTemplate('statistics/reserved-requests.tpl');
-    }
+		$database = $this->getDatabase();
+		$statement = $database->query($query);
+		$data = $statement->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign('dataTable', $data);
+		$this->assign('statsPageTitle', 'All currently reserved requests');
+		$this->setTemplate('statistics/reserved-requests.tpl');
+	}
 
-    public function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asInternalPage();
-    }
+	public function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asInternalPage();
+	}
 }

includes/Pages/Statistics/StatsTemplateStats.php

Indentation +15 added lines, -15 removed lines

@@ -13,11 +13,11 @@ 
 
 class StatsTemplateStats extends InternalPageBase
 {
-    public function main()
-    {
-        $this->setHtmlTitle('Template Stats :: Statistics');
+	public function main()
+	{
+		$this->setHtmlTitle('Template Stats :: Statistics');
 
-        $query = <<<SQL
+		$query = <<<SQL
 SELECT
     t.id AS templateid,
     t.usercode AS usercode,
@@ -45,16 +45,16 @@ 
         GROUP BY welcome_template
     ) u2 ON u2.allid = t.id;
 SQL;
-        $database = $this->getDatabase();
-        $statement = $database->query($query);
-        $data = $statement->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign('dataTable', $data);
-        $this->assign('statsPageTitle', 'Template Stats');
-        $this->setTemplate('statistics/welcome-template-usage.tpl');
-    }
+		$database = $this->getDatabase();
+		$statement = $database->query($query);
+		$data = $statement->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign('dataTable', $data);
+		$this->assign('statsPageTitle', 'Template Stats');
+		$this->setTemplate('statistics/welcome-template-usage.tpl');
+	}
 
-    public function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asInternalPage();
-    }
+	public function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asInternalPage();
+	}
 }

includes/Pages/PagePreferences.php

Indentation +109 added lines, -109 removed lines

@@ -17,113 +17,113 @@
 
 class PagePreferences extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Preferences');
-
-        $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth();
-
-        // Dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user = User::getCurrent($this->getDatabase());
-            $user->setWelcomeSig(WebRequest::postString('sig'));
-            $user->setEmailSig(WebRequest::postString('emailsig'));
-            $user->setAbortPref(WebRequest::getBoolean('sig') ? 1 : 0);
-
-            $email = WebRequest::postEmail('email');
-            if ($email !== null) {
-                $user->setEmail($email);
-            }
-
-            $user->save();
-            SessionAlert::success("Preferences updated!");
-
-            $this->redirect('');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('preferences/prefs.tpl');
-            $this->assign("enforceOAuth", $enforceOAuth);
-        }
-    }
-
-    protected function changePassword()
-    {
-        $this->setHtmlTitle('Change Password');
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            try {
-                $oldPassword = WebRequest::postString('oldpassword');
-                $newPassword = WebRequest::postString('newpassword');
-                $newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
-
-                $user = User::getCurrent($this->getDatabase());
-                if (!$user instanceof User) {
-                    throw new ApplicationLogicException('User not found');
-                }
-
-                $this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('preferences', 'changePassword');
-
-                return;
-            }
-
-            $user->setPassword($newPassword);
-            $user->save();
-
-            SessionAlert::success('Password changed successfully!');
-
-            $this->redirect('preferences');
-        }
-        else {
-            // not allowed to GET this.
-            $this->redirect('preferences');
-        }
-    }
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asInternalPage();
-    }
-
-    /**
-     * @param string $oldPassword
-     * @param string $newPassword
-     * @param string $newPasswordConfirmation
-     * @param User   $user
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
-    {
-        if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
-            throw new ApplicationLogicException('All three fields must be completed to change your password');
-        }
-
-        if ($newPassword !== $newPasswordConfirmation) {
-            throw new ApplicationLogicException('Your new passwords did not match!');
-        }
-
-        if (!$user->authenticate($oldPassword)) {
-            throw new ApplicationLogicException('The password you entered was incorrect.');
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Preferences');
+
+		$enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth();
+
+		// Dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user = User::getCurrent($this->getDatabase());
+			$user->setWelcomeSig(WebRequest::postString('sig'));
+			$user->setEmailSig(WebRequest::postString('emailsig'));
+			$user->setAbortPref(WebRequest::getBoolean('sig') ? 1 : 0);
+
+			$email = WebRequest::postEmail('email');
+			if ($email !== null) {
+				$user->setEmail($email);
+			}
+
+			$user->save();
+			SessionAlert::success("Preferences updated!");
+
+			$this->redirect('');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('preferences/prefs.tpl');
+			$this->assign("enforceOAuth", $enforceOAuth);
+		}
+	}
+
+	protected function changePassword()
+	{
+		$this->setHtmlTitle('Change Password');
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			try {
+				$oldPassword = WebRequest::postString('oldpassword');
+				$newPassword = WebRequest::postString('newpassword');
+				$newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
+
+				$user = User::getCurrent($this->getDatabase());
+				if (!$user instanceof User) {
+					throw new ApplicationLogicException('User not found');
+				}
+
+				$this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('preferences', 'changePassword');
+
+				return;
+			}
+
+			$user->setPassword($newPassword);
+			$user->save();
+
+			SessionAlert::success('Password changed successfully!');
+
+			$this->redirect('preferences');
+		}
+		else {
+			// not allowed to GET this.
+			$this->redirect('preferences');
+		}
+	}
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asInternalPage();
+	}
+
+	/**
+	 * @param string $oldPassword
+	 * @param string $newPassword
+	 * @param string $newPasswordConfirmation
+	 * @param User   $user
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
+	{
+		if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
+			throw new ApplicationLogicException('All three fields must be completed to change your password');
+		}
+
+		if ($newPassword !== $newPasswordConfirmation) {
+			throw new ApplicationLogicException('Your new passwords did not match!');
+		}
+
+		if (!$user->authenticate($oldPassword)) {
+			throw new ApplicationLogicException('The password you entered was incorrect.');
+		}
+	}
 }
\ No newline at end of file

includes/Pages/PageBan.php

Indentation +322 added lines, -322 removed lines

@@ -21,326 +21,326 @@
 
 class PageBan extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $this->assignCSRFToken();
-
-        $this->setHtmlTitle('Bans');
-
-        $bans = Ban::getActiveBans(null, $this->getDatabase());
-
-        $userIds = array_map(
-            function(Ban $entry) {
-                return $entry->getUser();
-            },
-            $bans);
-        $userList = User::getUsernames($userIds, $this->getDatabase());
-
-        $this->assign('usernames', $userList);
-        $this->assign('activebans', $bans);
-        $this->setTemplate('bans/banlist.tpl');
-    }
-
-    /**
-     * Entry point for the ban set action
-     */
-    protected function set()
-    {
-        $this->setHtmlTitle('Bans');
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-        }
-    }
-
-    /**
-     * Entry point for the ban remove action
-     */
-    protected function remove()
-    {
-        $this->setHtmlTitle('Bans');
-
-        $ban = $this->getBanForUnban();
-
-        // dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $unbanReason = WebRequest::postString('unbanreason');
-
-            if ($unbanReason === null || trim($unbanReason) === "") {
-                SessionAlert::error('No unban reason specified');
-                $this->redirect("bans", "remove", array('id' => $ban->getId()));
-            }
-
-            // set optimistic locking from delete form page load
-            $updateVersion = WebRequest::postInt('updateversion');
-            $ban->setUpdateVersion($updateVersion);
-
-            $database = $this->getDatabase();
-            $ban->setActive(false);
-            $ban->save();
-
-            Logger::unbanned($database, $ban, $unbanReason);
-
-            SessionAlert::quick('Disabled ban.');
-            $this->getNotificationHelper()->unbanned($ban, $unbanReason);
-
-            $this->redirect('bans');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('ban', $ban);
-            $this->setTemplate('bans/unban.tpl');
-        }
-    }
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        // display of bans is allowed for any user, but setting and removing bans is admin-only.
-        switch ($this->getRouteName()) {
-            case "main":
-                return $this->getSecurityManager()->configure()->asInternalPage();
-            default:
-                return $this->getSecurityManager()->configure()->asAdminPage();
-        }
-    }
-
-    /**
-     * @throws ApplicationLogicException
-     */
-    private function getBanDuration()
-    {
-        $duration = WebRequest::postString('duration');
-        if ($duration === "other") {
-            $duration = strtotime(WebRequest::postString('otherduration'));
-
-            if (!$duration) {
-                throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
-                throw new ApplicationLogicException('Ban time has already expired!');
-            }
-
-            return $duration;
-        }
-        elseif ($duration === "-1") {
-            $duration = -1;
-
-            return $duration;
-        }
-        else {
-            $duration = WebRequest::postInt('duration') + time();
-
-            return $duration;
-        }
-    }
-
-    /**
-     * @param string $type
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateBanType($type, $target)
-    {
-        switch ($type) {
-            case 'IP':
-                $this->validateIpBan($target);
-
-                return;
-            case 'Name':
-                // No validation needed here.
-                return;
-            case 'EMail':
-                $this->validateEmailBanTarget($target);
-
-                return;
-            default:
-                throw new ApplicationLogicException("Unknown ban type");
-        }
-    }
-
-    /**
-     * Handles the POST method on the set action
-     *
-     * @throws ApplicationLogicException
-     * @throws Exception
-     */
-    private function handlePostMethodForSetBan()
-    {
-        $this->validateCSRFToken();
-        $reason = WebRequest::postString('banreason');
-        $target = WebRequest::postString('target');
-
-        // Checks whether there is a reason entered for ban.
-        if ($reason === null || trim($reason) === "") {
-            throw new ApplicationLogicException('You must specify a ban reason');
-        }
-
-        // Checks whether there is a target entered to ban.
-        if ($target === null || trim($target) === "") {
-            throw new ApplicationLogicException('You must specify a target to be banned');
-        }
-
-        // Validate ban duration
-        $duration = $this->getBanDuration();
-
-        // Validate ban type & target for that type
-        $type = WebRequest::postString('type');
-        $this->validateBanType($type, $target);
-
-        $database = $this->getDatabase();
-
-        if (count(Ban::getActiveBans($target, $database)) > 0) {
-            throw new ApplicationLogicException('This target is already banned!');
-        }
-
-        $ban = new Ban();
-        $ban->setDatabase($database);
-        $ban->setActive(true);
-        $ban->setType($type);
-        $ban->setTarget($target);
-        $ban->setUser(User::getCurrent($database)->getId());
-        $ban->setReason($reason);
-        $ban->setDuration($duration);
-
-        $ban->save();
-
-        Logger::banned($database, $ban, $reason);
-
-        $this->getNotificationHelper()->banned($ban);
-        SessionAlert::quick('Ban has been set.');
-
-        $this->redirect('bans');
-    }
-
-    /**
-     * Handles the GET method on the set action
-     */
-    protected function handleGetMethodForSetBan()
-    {
-        $this->setTemplate('bans/banform.tpl');
-        $this->assignCSRFToken();
-
-        $banType = WebRequest::getString('type');
-        $banTarget = WebRequest::getInt('request');
-
-        $database = $this->getDatabase();
-
-        // if the parameters are null, skip loading a request.
-        if ($banType === null
-            || !in_array($banType, array('IP', 'Name', 'EMail'))
-            || $banTarget === null
-            || $banTarget === 0
-        ) {
-            $this->assign('bantarget', '');
-            $this->assign('bantype', '');
-
-            return;
-        }
-
-        // Set the ban type, which the user has indicated.
-        $this->assign('bantype', $banType);
-
-        // Attempt to resolve the correct target
-        /** @var Request $request */
-        $request = Request::getById($banTarget, $database);
-        if ($request === false) {
-            $this->assign('bantarget', '');
-
-            return;
-        }
-
-        $realTarget = '';
-        switch ($banType) {
-            case 'EMail':
-                $realTarget = $request->getEmail();
-                break;
-            case 'IP':
-                $xffProvider = $this->getXffTrustProvider();
-                $realTarget = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-                break;
-            case 'Name':
-                $realTarget = $request->getName();
-                break;
-        }
-
-        $this->assign('bantarget', $realTarget);
-    }
-
-    /**
-     * Validates an IP ban target
-     *
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateIpBan($target)
-    {
-        $squidIpList = $this->getSiteConfiguration()->getSquidList();
-
-        if (filter_var($target, FILTER_VALIDATE_IP) === false) {
-            throw new ApplicationLogicException('Invalid target - IP address expected.');
-        }
-
-        if (in_array($target, $squidIpList)) {
-            throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
-        }
-    }
-
-    /**
-     * Validates an email address as a ban target
-     *
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateEmailBanTarget($target)
-    {
-        if (filter_var($target, FILTER_VALIDATE_EMAIL) !== $target) {
-            throw new ApplicationLogicException('Invalid target - email address expected.');
-        }
-    }
-
-    /**
-     * @return Ban
-     * @throws ApplicationLogicException
-     */
-    private function getBanForUnban()
-    {
-        $banId = WebRequest::getInt('id');
-        if ($banId === null || $banId === 0) {
-            throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
-        }
-
-        $ban = Ban::getActiveId($banId, $this->getDatabase());
-
-        if ($ban === false) {
-            throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-        }
-
-        return $ban;
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$this->assignCSRFToken();
+
+		$this->setHtmlTitle('Bans');
+
+		$bans = Ban::getActiveBans(null, $this->getDatabase());
+
+		$userIds = array_map(
+			function(Ban $entry) {
+				return $entry->getUser();
+			},
+			$bans);
+		$userList = User::getUsernames($userIds, $this->getDatabase());
+
+		$this->assign('usernames', $userList);
+		$this->assign('activebans', $bans);
+		$this->setTemplate('bans/banlist.tpl');
+	}
+
+	/**
+	 * Entry point for the ban set action
+	 */
+	protected function set()
+	{
+		$this->setHtmlTitle('Bans');
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+		}
+	}
+
+	/**
+	 * Entry point for the ban remove action
+	 */
+	protected function remove()
+	{
+		$this->setHtmlTitle('Bans');
+
+		$ban = $this->getBanForUnban();
+
+		// dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$unbanReason = WebRequest::postString('unbanreason');
+
+			if ($unbanReason === null || trim($unbanReason) === "") {
+				SessionAlert::error('No unban reason specified');
+				$this->redirect("bans", "remove", array('id' => $ban->getId()));
+			}
+
+			// set optimistic locking from delete form page load
+			$updateVersion = WebRequest::postInt('updateversion');
+			$ban->setUpdateVersion($updateVersion);
+
+			$database = $this->getDatabase();
+			$ban->setActive(false);
+			$ban->save();
+
+			Logger::unbanned($database, $ban, $unbanReason);
+
+			SessionAlert::quick('Disabled ban.');
+			$this->getNotificationHelper()->unbanned($ban, $unbanReason);
+
+			$this->redirect('bans');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('ban', $ban);
+			$this->setTemplate('bans/unban.tpl');
+		}
+	}
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		// display of bans is allowed for any user, but setting and removing bans is admin-only.
+		switch ($this->getRouteName()) {
+			case "main":
+				return $this->getSecurityManager()->configure()->asInternalPage();
+			default:
+				return $this->getSecurityManager()->configure()->asAdminPage();
+		}
+	}
+
+	/**
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanDuration()
+	{
+		$duration = WebRequest::postString('duration');
+		if ($duration === "other") {
+			$duration = strtotime(WebRequest::postString('otherduration'));
+
+			if (!$duration) {
+				throw new ApplicationLogicException('Invalid ban time');
+			}
+			elseif (time() > $duration) {
+				throw new ApplicationLogicException('Ban time has already expired!');
+			}
+
+			return $duration;
+		}
+		elseif ($duration === "-1") {
+			$duration = -1;
+
+			return $duration;
+		}
+		else {
+			$duration = WebRequest::postInt('duration') + time();
+
+			return $duration;
+		}
+	}
+
+	/**
+	 * @param string $type
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateBanType($type, $target)
+	{
+		switch ($type) {
+			case 'IP':
+				$this->validateIpBan($target);
+
+				return;
+			case 'Name':
+				// No validation needed here.
+				return;
+			case 'EMail':
+				$this->validateEmailBanTarget($target);
+
+				return;
+			default:
+				throw new ApplicationLogicException("Unknown ban type");
+		}
+	}
+
+	/**
+	 * Handles the POST method on the set action
+	 *
+	 * @throws ApplicationLogicException
+	 * @throws Exception
+	 */
+	private function handlePostMethodForSetBan()
+	{
+		$this->validateCSRFToken();
+		$reason = WebRequest::postString('banreason');
+		$target = WebRequest::postString('target');
+
+		// Checks whether there is a reason entered for ban.
+		if ($reason === null || trim($reason) === "") {
+			throw new ApplicationLogicException('You must specify a ban reason');
+		}
+
+		// Checks whether there is a target entered to ban.
+		if ($target === null || trim($target) === "") {
+			throw new ApplicationLogicException('You must specify a target to be banned');
+		}
+
+		// Validate ban duration
+		$duration = $this->getBanDuration();
+
+		// Validate ban type & target for that type
+		$type = WebRequest::postString('type');
+		$this->validateBanType($type, $target);
+
+		$database = $this->getDatabase();
+
+		if (count(Ban::getActiveBans($target, $database)) > 0) {
+			throw new ApplicationLogicException('This target is already banned!');
+		}
+
+		$ban = new Ban();
+		$ban->setDatabase($database);
+		$ban->setActive(true);
+		$ban->setType($type);
+		$ban->setTarget($target);
+		$ban->setUser(User::getCurrent($database)->getId());
+		$ban->setReason($reason);
+		$ban->setDuration($duration);
+
+		$ban->save();
+
+		Logger::banned($database, $ban, $reason);
+
+		$this->getNotificationHelper()->banned($ban);
+		SessionAlert::quick('Ban has been set.');
+
+		$this->redirect('bans');
+	}
+
+	/**
+	 * Handles the GET method on the set action
+	 */
+	protected function handleGetMethodForSetBan()
+	{
+		$this->setTemplate('bans/banform.tpl');
+		$this->assignCSRFToken();
+
+		$banType = WebRequest::getString('type');
+		$banTarget = WebRequest::getInt('request');
+
+		$database = $this->getDatabase();
+
+		// if the parameters are null, skip loading a request.
+		if ($banType === null
+			|| !in_array($banType, array('IP', 'Name', 'EMail'))
+			|| $banTarget === null
+			|| $banTarget === 0
+		) {
+			$this->assign('bantarget', '');
+			$this->assign('bantype', '');
+
+			return;
+		}
+
+		// Set the ban type, which the user has indicated.
+		$this->assign('bantype', $banType);
+
+		// Attempt to resolve the correct target
+		/** @var Request $request */
+		$request = Request::getById($banTarget, $database);
+		if ($request === false) {
+			$this->assign('bantarget', '');
+
+			return;
+		}
+
+		$realTarget = '';
+		switch ($banType) {
+			case 'EMail':
+				$realTarget = $request->getEmail();
+				break;
+			case 'IP':
+				$xffProvider = $this->getXffTrustProvider();
+				$realTarget = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+				break;
+			case 'Name':
+				$realTarget = $request->getName();
+				break;
+		}
+
+		$this->assign('bantarget', $realTarget);
+	}
+
+	/**
+	 * Validates an IP ban target
+	 *
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateIpBan($target)
+	{
+		$squidIpList = $this->getSiteConfiguration()->getSquidList();
+
+		if (filter_var($target, FILTER_VALIDATE_IP) === false) {
+			throw new ApplicationLogicException('Invalid target - IP address expected.');
+		}
+
+		if (in_array($target, $squidIpList)) {
+			throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
+		}
+	}
+
+	/**
+	 * Validates an email address as a ban target
+	 *
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateEmailBanTarget($target)
+	{
+		if (filter_var($target, FILTER_VALIDATE_EMAIL) !== $target) {
+			throw new ApplicationLogicException('Invalid target - email address expected.');
+		}
+	}
+
+	/**
+	 * @return Ban
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanForUnban()
+	{
+		$banId = WebRequest::getInt('id');
+		if ($banId === null || $banId === 0) {
+			throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
+		}
+
+		$ban = Ban::getActiveId($banId, $this->getDatabase());
+
+		if ($ban === false) {
+			throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+		}
+
+		return $ban;
+	}
 }
\ No newline at end of file

includes/Pages/PageLogin.php

Indentation +143 added lines, -143 removed lines

@@ -21,147 +21,147 @@
  */
 class PageLogin extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        // Start by enforcing HTTPS
-        if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
-            if (WebRequest::isHttps()) {
-                // Client can clearly use HTTPS, so let's enforce it for all connections.
-                if (!headers_sent()) {
-                    header("Strict-Transport-Security: max-age=15768000");
-                }
-            }
-            else {
-                // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
-
-                return;
-            }
-        }
-
-        if (WebRequest::wasPosted()) {
-            // POST. Do some authentication.
-            $this->validateCSRFToken();
-
-            $user = null;
-            try {
-                $user = $this->getAuthenticatingUser();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('login');
-
-                return;
-            }
-
-            // Touch force logout
-            $user->setForceLogout(false);
-            $user->save();
-
-            if ($this->getSiteConfiguration()->getEnforceOAuth()) {
-                if (!$user->isOAuthLinked()) {
-                    $oauthHelper = $this->getOAuthHelper();
-
-                    $requestToken = $oauthHelper->getRequestToken();
-                    $user->setOAuthRequestToken($requestToken->key);
-                    $user->setOAuthRequestSecret($requestToken->secret);
-                    $user->save();
-
-                    WebRequest::setPartialLogin($user);
-                    $this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
-
-                    return;
-                }
-            }
-
-            // User is partially linked to OAuth. This is not allowed. Enforce it for this user.
-            if ($user->getOnWikiName() === '##OAUTH##') {
-                $oauthHelper = $this->getOAuthHelper();
-
-                $requestToken = $oauthHelper->getRequestToken();
-                $user->setOAuthRequestToken($requestToken->key);
-                $user->setOAuthRequestSecret($requestToken->secret);
-                $user->save();
-
-                WebRequest::setPartialLogin($user);
-                $this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
-
-                return;
-            }
-
-            WebRequest::setLoggedInUser($user);
-
-            $this->goBackWhenceYouCame($user);
-        }
-        else {
-            // GET. Show the form
-            $this->assignCSRFToken();
-            $this->setTemplate("login.tpl");
-        }
-    }
-
-    /**
-     * @return User
-     * @throws ApplicationLogicException
-     */
-    private function getAuthenticatingUser()
-    {
-        $username = WebRequest::postString("username");
-        $password = WebRequest::postString("password");
-
-        if ($username === null || $password === null || $username === "" || $password === "") {
-            throw new ApplicationLogicException("No username/password specified");
-        }
-
-        /** @var User $user */
-        $user = User::getByUsername($username, $this->getDatabase());
-
-        if ($user == false || !$user->authenticate($password)) {
-            throw new ApplicationLogicException("Authentication failed");
-        }
-
-        return $user;
-    }
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        // Login pages, by definition, have to be accessible to the public
-        return $this->getSecurityManager()->configure()->asPublicPage();
-    }
-
-    /**
-     * Redirect the user back to wherever they came from after a successful login
-     *
-     * @param User $user
-     */
-    private function goBackWhenceYouCame(User $user)
-    {
-        // Redirect to wherever the user came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            if ($user->isNewUser()) {
-                // home page isn't allowed, go to preferences instead
-                $this->redirect('preferences');
-            }
-            else {
-                // go to the home page
-                $this->redirect('');
-            }
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		// Start by enforcing HTTPS
+		if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
+			if (WebRequest::isHttps()) {
+				// Client can clearly use HTTPS, so let's enforce it for all connections.
+				if (!headers_sent()) {
+					header("Strict-Transport-Security: max-age=15768000");
+				}
+			}
+			else {
+				// This is the login form, not the request form. We need protection here.
+				$this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+
+				return;
+			}
+		}
+
+		if (WebRequest::wasPosted()) {
+			// POST. Do some authentication.
+			$this->validateCSRFToken();
+
+			$user = null;
+			try {
+				$user = $this->getAuthenticatingUser();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('login');
+
+				return;
+			}
+
+			// Touch force logout
+			$user->setForceLogout(false);
+			$user->save();
+
+			if ($this->getSiteConfiguration()->getEnforceOAuth()) {
+				if (!$user->isOAuthLinked()) {
+					$oauthHelper = $this->getOAuthHelper();
+
+					$requestToken = $oauthHelper->getRequestToken();
+					$user->setOAuthRequestToken($requestToken->key);
+					$user->setOAuthRequestSecret($requestToken->secret);
+					$user->save();
+
+					WebRequest::setPartialLogin($user);
+					$this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
+
+					return;
+				}
+			}
+
+			// User is partially linked to OAuth. This is not allowed. Enforce it for this user.
+			if ($user->getOnWikiName() === '##OAUTH##') {
+				$oauthHelper = $this->getOAuthHelper();
+
+				$requestToken = $oauthHelper->getRequestToken();
+				$user->setOAuthRequestToken($requestToken->key);
+				$user->setOAuthRequestSecret($requestToken->secret);
+				$user->save();
+
+				WebRequest::setPartialLogin($user);
+				$this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
+
+				return;
+			}
+
+			WebRequest::setLoggedInUser($user);
+
+			$this->goBackWhenceYouCame($user);
+		}
+		else {
+			// GET. Show the form
+			$this->assignCSRFToken();
+			$this->setTemplate("login.tpl");
+		}
+	}
+
+	/**
+	 * @return User
+	 * @throws ApplicationLogicException
+	 */
+	private function getAuthenticatingUser()
+	{
+		$username = WebRequest::postString("username");
+		$password = WebRequest::postString("password");
+
+		if ($username === null || $password === null || $username === "" || $password === "") {
+			throw new ApplicationLogicException("No username/password specified");
+		}
+
+		/** @var User $user */
+		$user = User::getByUsername($username, $this->getDatabase());
+
+		if ($user == false || !$user->authenticate($password)) {
+			throw new ApplicationLogicException("Authentication failed");
+		}
+
+		return $user;
+	}
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		// Login pages, by definition, have to be accessible to the public
+		return $this->getSecurityManager()->configure()->asPublicPage();
+	}
+
+	/**
+	 * Redirect the user back to wherever they came from after a successful login
+	 *
+	 * @param User $user
+	 */
+	private function goBackWhenceYouCame(User $user)
+	{
+		// Redirect to wherever the user came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			if ($user->isNewUser()) {
+				// home page isn't allowed, go to preferences instead
+				$this->redirect('preferences');
+			}
+			else {
+				// go to the home page
+				$this->redirect('');
+			}
+		}
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -36,7 +36,7 @@
             }
             else {
                 // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+                $this->redirectUrl('https://'.WebRequest::serverName().WebRequest::requestUri());
 
                 return;
             }

includes/Pages/PageRegister.php

Indentation +192 added lines, -192 removed lines

@@ -18,196 +18,196 @@
 
 class PageRegister extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $useOAuthSignup = $this->getSiteConfiguration()->getUseOAuthSignup();
-
-        // Dual-mode page
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            try {
-                $this->handlePost($useOAuthSignup);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('register');
-            }
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign("useOAuthSignup", $useOAuthSignup);
-            $this->setTemplate("registration/register.tpl");
-        }
-    }
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asPublicPage();
-    }
-
-    /**
-     * Entry point for registration complete
-     */
-    protected function done()
-    {
-        $this->setTemplate('registration/alert-registrationcomplete.tpl');
-    }
-
-    /**
-     * @param string $emailAddress
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateUniqueEmail($emailAddress)
-    {
-        $query = 'SELECT COUNT(id) FROM user WHERE email = :email';
-        $statement = $this->getDatabase()->prepare($query);
-        $statement->execute(array(':email' => $emailAddress));
-
-        if ($statement->fetchColumn() > 0) {
-            throw new ApplicationLogicException('That email address is already in use on this system.');
-        }
-
-        $statement->closeCursor();
-    }
-
-    /**
-     * @param $emailAddress
-     * @param $password
-     * @param $username
-     * @param $useOAuthSignup
-     * @param $confirmationId
-     * @param $onwikiUsername
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateRequest(
-        $emailAddress,
-        $password,
-        $username,
-        $useOAuthSignup,
-        $confirmationId,
-        $onwikiUsername
-    ) {
-        if (!WebRequest::postBoolean('guidelines')) {
-            throw new ApplicationLogicException('You must read the interface guidelines before your request may be submitted.');
-        }
-
-        $this->validateGeneralInformation($emailAddress, $password, $username);
-        $this->validateUniqueEmail($emailAddress);
-        $this->validateNonOAuthFields($useOAuthSignup, $confirmationId, $onwikiUsername);
-    }
-
-    /**
-     * @param $useOAuthSignup
-     *
-     * @throws ApplicationLogicException
-     * @throws \Exception
-     */
-    protected function handlePost($useOAuthSignup)
-    {
-        // Get the data
-        $emailAddress = WebRequest::postEmail('email');
-        $password = WebRequest::postString('pass');
-        $username = WebRequest::postString('name');
-
-        // Only set if OAuth is disabled
-        $confirmationId = WebRequest::postInt('conf_revid');
-        $onwikiUsername = WebRequest::postString('wname');
-
-        // Do some validation
-        $this->validateRequest($emailAddress, $password, $username, $useOAuthSignup, $confirmationId,
-            $onwikiUsername);
-
-        $user = new User();
-        $user->setDatabase($this->getDatabase());
-
-        $user->setUsername($username);
-        $user->setPassword($password);
-        $user->setEmail($emailAddress);
-
-        if (!$useOAuthSignup) {
-            $user->setOnWikiName($onwikiUsername);
-            $user->setConfirmationDiff($confirmationId);
-        }
-
-        $user->save();
-
-        // Log now to get the signup date.
-        Logger::newUser($this->getDatabase(), $user);
-
-        if ($useOAuthSignup) {
-            $oauthHelper = $this->getOAuthHelper();
-
-            $requestToken = $oauthHelper->getRequestToken();
-            $user->setOAuthRequestToken($requestToken->key);
-            $user->setOAuthRequestSecret($requestToken->secret);
-            $user->save();
-
-            WebRequest::setPartialLogin($user);
-
-            $this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
-        }
-        else {
-            // only notify if we're not using the oauth signup.
-            $this->getNotificationHelper()->userNew($user);
-            WebRequest::setLoggedInUser($user);
-            $this->redirect('preferences');
-        }
-    }
-
-    /**
-     * @param $useOAuthSignup
-     * @param $confirmationId
-     * @param $onwikiUsername
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateNonOAuthFields($useOAuthSignup, $confirmationId, $onwikiUsername)
-    {
-        if (!$useOAuthSignup) {
-            if ($confirmationId === null || $confirmationId <= 0) {
-                throw new ApplicationLogicException('Please enter the revision id of your confirmation edit.');
-            }
-
-            if ($onwikiUsername === null) {
-                throw new ApplicationLogicException('Please specify your on-wiki username.');
-            }
-        }
-    }
-
-    /**
-     * @param $emailAddress
-     * @param $password
-     * @param $username
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateGeneralInformation($emailAddress, $password, $username)
-    {
-        if ($emailAddress === null) {
-            throw new ApplicationLogicException('Your email address appears to be invalid!');
-        }
-
-        if ($password !== WebRequest::postString('pass2')) {
-            throw new ApplicationLogicException('Your passwords did not match, please try again.');
-        }
-
-        if (User::getByUsername($username, $this->getDatabase()) !== false) {
-            throw new ApplicationLogicException('That username is already in use on this system.');
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$useOAuthSignup = $this->getSiteConfiguration()->getUseOAuthSignup();
+
+		// Dual-mode page
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			try {
+				$this->handlePost($useOAuthSignup);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('register');
+			}
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign("useOAuthSignup", $useOAuthSignup);
+			$this->setTemplate("registration/register.tpl");
+		}
+	}
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asPublicPage();
+	}
+
+	/**
+	 * Entry point for registration complete
+	 */
+	protected function done()
+	{
+		$this->setTemplate('registration/alert-registrationcomplete.tpl');
+	}
+
+	/**
+	 * @param string $emailAddress
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateUniqueEmail($emailAddress)
+	{
+		$query = 'SELECT COUNT(id) FROM user WHERE email = :email';
+		$statement = $this->getDatabase()->prepare($query);
+		$statement->execute(array(':email' => $emailAddress));
+
+		if ($statement->fetchColumn() > 0) {
+			throw new ApplicationLogicException('That email address is already in use on this system.');
+		}
+
+		$statement->closeCursor();
+	}
+
+	/**
+	 * @param $emailAddress
+	 * @param $password
+	 * @param $username
+	 * @param $useOAuthSignup
+	 * @param $confirmationId
+	 * @param $onwikiUsername
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateRequest(
+		$emailAddress,
+		$password,
+		$username,
+		$useOAuthSignup,
+		$confirmationId,
+		$onwikiUsername
+	) {
+		if (!WebRequest::postBoolean('guidelines')) {
+			throw new ApplicationLogicException('You must read the interface guidelines before your request may be submitted.');
+		}
+
+		$this->validateGeneralInformation($emailAddress, $password, $username);
+		$this->validateUniqueEmail($emailAddress);
+		$this->validateNonOAuthFields($useOAuthSignup, $confirmationId, $onwikiUsername);
+	}
+
+	/**
+	 * @param $useOAuthSignup
+	 *
+	 * @throws ApplicationLogicException
+	 * @throws \Exception
+	 */
+	protected function handlePost($useOAuthSignup)
+	{
+		// Get the data
+		$emailAddress = WebRequest::postEmail('email');
+		$password = WebRequest::postString('pass');
+		$username = WebRequest::postString('name');
+
+		// Only set if OAuth is disabled
+		$confirmationId = WebRequest::postInt('conf_revid');
+		$onwikiUsername = WebRequest::postString('wname');
+
+		// Do some validation
+		$this->validateRequest($emailAddress, $password, $username, $useOAuthSignup, $confirmationId,
+			$onwikiUsername);
+
+		$user = new User();
+		$user->setDatabase($this->getDatabase());
+
+		$user->setUsername($username);
+		$user->setPassword($password);
+		$user->setEmail($emailAddress);
+
+		if (!$useOAuthSignup) {
+			$user->setOnWikiName($onwikiUsername);
+			$user->setConfirmationDiff($confirmationId);
+		}
+
+		$user->save();
+
+		// Log now to get the signup date.
+		Logger::newUser($this->getDatabase(), $user);
+
+		if ($useOAuthSignup) {
+			$oauthHelper = $this->getOAuthHelper();
+
+			$requestToken = $oauthHelper->getRequestToken();
+			$user->setOAuthRequestToken($requestToken->key);
+			$user->setOAuthRequestSecret($requestToken->secret);
+			$user->save();
+
+			WebRequest::setPartialLogin($user);
+
+			$this->redirectUrl($oauthHelper->getAuthoriseUrl($requestToken->key));
+		}
+		else {
+			// only notify if we're not using the oauth signup.
+			$this->getNotificationHelper()->userNew($user);
+			WebRequest::setLoggedInUser($user);
+			$this->redirect('preferences');
+		}
+	}
+
+	/**
+	 * @param $useOAuthSignup
+	 * @param $confirmationId
+	 * @param $onwikiUsername
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateNonOAuthFields($useOAuthSignup, $confirmationId, $onwikiUsername)
+	{
+		if (!$useOAuthSignup) {
+			if ($confirmationId === null || $confirmationId <= 0) {
+				throw new ApplicationLogicException('Please enter the revision id of your confirmation edit.');
+			}
+
+			if ($onwikiUsername === null) {
+				throw new ApplicationLogicException('Please specify your on-wiki username.');
+			}
+		}
+	}
+
+	/**
+	 * @param $emailAddress
+	 * @param $password
+	 * @param $username
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateGeneralInformation($emailAddress, $password, $username)
+	{
+		if ($emailAddress === null) {
+			throw new ApplicationLogicException('Your email address appears to be invalid!');
+		}
+
+		if ($password !== WebRequest::postString('pass2')) {
+			throw new ApplicationLogicException('Your passwords did not match, please try again.');
+		}
+
+		if (User::getByUsername($username, $this->getDatabase()) !== false) {
+			throw new ApplicationLogicException('That username is already in use on this system.');
+		}
+	}
 }
\ No newline at end of file

includes/Pages/PageLogout.php

Indentation +21 added lines, -21 removed lines

@@ -14,26 +14,26 @@
 
 class PageLogout extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        Session::destroy();
-        $this->redirect("login");
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		Session::destroy();
+		$this->redirect("login");
+	}
 
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asPublicPage();
-    }
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asPublicPage();
+	}
 }
\ No newline at end of file

includes/Pages/PageEmailManagement.php

Indentation +191 added lines, -191 removed lines

@@ -18,195 +18,195 @@
 
 class PageEmailManagement extends InternalPageBase
 {
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return \Waca\Security\SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        switch ($this->getRouteName()) {
-            case 'edit':
-            case 'create':
-                return $this->getSecurityManager()->configure()->asAdminPage();
-            case 'view':
-            case 'main':
-                return $this->getSecurityManager()->configure()->asInternalPage();
-        }
-
-        // deny all
-        return $this->getSecurityManager()->configure()->asNone();
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Close Emails');
-
-        // Get all active email templates
-        $activeTemplates = EmailTemplate::getAllActiveTemplates(null, $this->getDatabase());
-        $inactiveTemplates = EmailTemplate::getAllInactiveTemplates($this->getDatabase());
-
-        $this->assign('activeTemplates', $activeTemplates);
-        $this->assign('inactiveTemplates', $inactiveTemplates);
-
-        $this->setTemplate('email-management/main.tpl');
-    }
-
-    protected function view()
-    {
-        $this->setHtmlTitle('Close Emails');
-
-        $database = $this->getDatabase();
-        $template = $this->getTemplate($database);
-
-        $createdId = $this->getSiteConfiguration()->getDefaultCreatedTemplateId();
-        $requestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        $this->assign('id', $template->getId());
-        $this->assign('emailTemplate', $template);
-        $this->assign('createdid', $createdId);
-        $this->assign('requeststates', $requestStates);
-
-        $this->setTemplate('email-management/view.tpl');
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate
-     * @throws ApplicationLogicException
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::getInt('id');
-        if ($templateId === null) {
-            throw new ApplicationLogicException('Template not specified');
-        }
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !is_a($template, EmailTemplate::class)) {
-            throw new ApplicationLogicException('Template not found');
-        }
-
-        return $template;
-    }
-
-    protected function edit()
-    {
-        $this->setHtmlTitle('Close Emails');
-
-        $database = $this->getDatabase();
-        $template = $this->getTemplate($database);
-
-        $createdId = $this->getSiteConfiguration()->getDefaultCreatedTemplateId();
-        $requestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $this->modifyTemplateData($template);
-
-            $other = EmailTemplate::getByName($template->getName(), $database);
-            if ($other !== false && $other->getId() !== $template->getId()) {
-                throw new ApplicationLogicException('A template with this name already exists');
-            }
-
-            if ($template->getId() === $createdId) {
-                $template->setDefaultAction(EmailTemplate::CREATED);
-                $template->setActive(true);
-                $template->setPreloadOnly(false);
-            }
-
-            // optimistically lock on load of edit form
-            $updateVersion = WebRequest::postInt('updateversion');
-            $template->setUpdateVersion($updateVersion);
-
-            $template->save();
-            Logger::editedEmail($database, $template);
-            $this->getNotificationHelper()->emailEdited($template);
-            SessionAlert::success("Email template has been saved successfully.");
-
-            $this->redirect('emailManagement');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('id', $template->getId());
-            $this->assign('emailTemplate', $template);
-            $this->assign('createdid', $createdId);
-            $this->assign('requeststates', $requestStates);
-
-            $this->setTemplate('email-management/edit.tpl');
-        }
-    }
-
-    /**
-     * @param EmailTemplate $template
-     *
-     * @throws ApplicationLogicException
-     */
-    private function modifyTemplateData(EmailTemplate $template)
-    {
-        $name = WebRequest::postString('name');
-        if ($name === null || $name === '') {
-            throw new ApplicationLogicException('Name not specified');
-        }
-
-        $template->setName($name);
-
-        $text = WebRequest::postString('text');
-        if ($text === null || $text === '') {
-            throw new ApplicationLogicException('Text not specified');
-        }
-
-        $template->setText($text);
-
-        $template->setJsquestion(WebRequest::postString('jsquestion'));
-
-        $template->setDefaultAction(WebRequest::postString('defaultaction'));
-        $template->setActive(WebRequest::postBoolean('active'));
-        $template->setPreloadOnly(WebRequest::postBoolean('preloadonly'));
-    }
-
-    protected function create()
-    {
-        $this->setHtmlTitle('Close Emails');
-
-        $database = $this->getDatabase();
-
-        $requestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $template = new EmailTemplate();
-            $template->setDatabase($database);
-
-            $this->modifyTemplateData($template);
-
-            $other = EmailTemplate::getByName($template->getName(), $database);
-            if ($other !== false) {
-                throw new ApplicationLogicException('A template with this name already exists');
-            }
-
-            $template->save();
-
-            Logger::createEmail($database, $template);
-            $this->getNotificationHelper()->emailCreated($template);
-
-            SessionAlert::success("Email template has been saved successfully.");
-
-            $this->redirect('emailManagement');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('requeststates', $requestStates);
-            $this->setTemplate('email-management/create.tpl');
-        }
-    }
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return \Waca\Security\SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		switch ($this->getRouteName()) {
+			case 'edit':
+			case 'create':
+				return $this->getSecurityManager()->configure()->asAdminPage();
+			case 'view':
+			case 'main':
+				return $this->getSecurityManager()->configure()->asInternalPage();
+		}
+
+		// deny all
+		return $this->getSecurityManager()->configure()->asNone();
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Close Emails');
+
+		// Get all active email templates
+		$activeTemplates = EmailTemplate::getAllActiveTemplates(null, $this->getDatabase());
+		$inactiveTemplates = EmailTemplate::getAllInactiveTemplates($this->getDatabase());
+
+		$this->assign('activeTemplates', $activeTemplates);
+		$this->assign('inactiveTemplates', $inactiveTemplates);
+
+		$this->setTemplate('email-management/main.tpl');
+	}
+
+	protected function view()
+	{
+		$this->setHtmlTitle('Close Emails');
+
+		$database = $this->getDatabase();
+		$template = $this->getTemplate($database);
+
+		$createdId = $this->getSiteConfiguration()->getDefaultCreatedTemplateId();
+		$requestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		$this->assign('id', $template->getId());
+		$this->assign('emailTemplate', $template);
+		$this->assign('createdid', $createdId);
+		$this->assign('requeststates', $requestStates);
+
+		$this->setTemplate('email-management/view.tpl');
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate
+	 * @throws ApplicationLogicException
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::getInt('id');
+		if ($templateId === null) {
+			throw new ApplicationLogicException('Template not specified');
+		}
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !is_a($template, EmailTemplate::class)) {
+			throw new ApplicationLogicException('Template not found');
+		}
+
+		return $template;
+	}
+
+	protected function edit()
+	{
+		$this->setHtmlTitle('Close Emails');
+
+		$database = $this->getDatabase();
+		$template = $this->getTemplate($database);
+
+		$createdId = $this->getSiteConfiguration()->getDefaultCreatedTemplateId();
+		$requestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$this->modifyTemplateData($template);
+
+			$other = EmailTemplate::getByName($template->getName(), $database);
+			if ($other !== false && $other->getId() !== $template->getId()) {
+				throw new ApplicationLogicException('A template with this name already exists');
+			}
+
+			if ($template->getId() === $createdId) {
+				$template->setDefaultAction(EmailTemplate::CREATED);
+				$template->setActive(true);
+				$template->setPreloadOnly(false);
+			}
+
+			// optimistically lock on load of edit form
+			$updateVersion = WebRequest::postInt('updateversion');
+			$template->setUpdateVersion($updateVersion);
+
+			$template->save();
+			Logger::editedEmail($database, $template);
+			$this->getNotificationHelper()->emailEdited($template);
+			SessionAlert::success("Email template has been saved successfully.");
+
+			$this->redirect('emailManagement');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('id', $template->getId());
+			$this->assign('emailTemplate', $template);
+			$this->assign('createdid', $createdId);
+			$this->assign('requeststates', $requestStates);
+
+			$this->setTemplate('email-management/edit.tpl');
+		}
+	}
+
+	/**
+	 * @param EmailTemplate $template
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function modifyTemplateData(EmailTemplate $template)
+	{
+		$name = WebRequest::postString('name');
+		if ($name === null || $name === '') {
+			throw new ApplicationLogicException('Name not specified');
+		}
+
+		$template->setName($name);
+
+		$text = WebRequest::postString('text');
+		if ($text === null || $text === '') {
+			throw new ApplicationLogicException('Text not specified');
+		}
+
+		$template->setText($text);
+
+		$template->setJsquestion(WebRequest::postString('jsquestion'));
+
+		$template->setDefaultAction(WebRequest::postString('defaultaction'));
+		$template->setActive(WebRequest::postBoolean('active'));
+		$template->setPreloadOnly(WebRequest::postBoolean('preloadonly'));
+	}
+
+	protected function create()
+	{
+		$this->setHtmlTitle('Close Emails');
+
+		$database = $this->getDatabase();
+
+		$requestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$template = new EmailTemplate();
+			$template->setDatabase($database);
+
+			$this->modifyTemplateData($template);
+
+			$other = EmailTemplate::getByName($template->getName(), $database);
+			if ($other !== false) {
+				throw new ApplicationLogicException('A template with this name already exists');
+			}
+
+			$template->save();
+
+			Logger::createEmail($database, $template);
+			$this->getNotificationHelper()->emailCreated($template);
+
+			SessionAlert::success("Email template has been saved successfully.");
+
+			$this->redirect('emailManagement');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('requeststates', $requestStates);
+			$this->setTemplate('email-management/create.tpl');
+		}
+	}
 }
\ No newline at end of file