mdaniels5757 / waca

includes/Validation/ValidationError.php

Indentation +92 added lines, -92 removed lines

@@ -12,102 +12,102 @@
 
 class ValidationError
 {
-    const NAME_EMPTY = "name_empty";
-    const NAME_TOO_LONG = "name_too_long";
-    const NAME_EXISTS = "name_exists";
-    const NAME_EXISTS_SUL = "name_exists_sul";
-    const NAME_NUMONLY = "name_numonly";
-    const NAME_INVALIDCHAR = "name_invalidchar";
-    const NAME_SANITISED = "name_sanitised";
-    const NAME_IP = "name_ip";
-    const EMAIL_EMPTY = "email_empty";
-    const EMAIL_WIKIMEDIA = "email_wikimedia";
-    const EMAIL_INVALID = "email_invalid";
-    const EMAIL_MISMATCH = "email_mismatch";
-    const OPEN_REQUEST_NAME = "open_request_name";
-    const BANNED = "banned";
-    const BANNED_TOR = "banned_tor";
-    /**
-     * @var array Error text for the above
-     */
-    private static $errorText = array(
-        self::NAME_EMPTY        => 'You\'ve not chosen a username!',
-        self::NAME_TOO_LONG     => 'Your chosen username is too long. Please choose a shorter one.',
-        self::NAME_EXISTS       => 'I\'m sorry, but the username you selected is already taken. Please try another. '
-            . 'Please note that Wikipedia automatically capitalizes the first letter of any user name, therefore '
-            . '[[User:example]] would become [[User:Example]].',
-        self::NAME_EXISTS_SUL   => 'I\'m sorry, but the username you selected is already taken. Please try another. '
-            . 'Please note that Wikipedia automatically capitalizes the first letter of any user name, therefore '
-            . '[[User:example]] would become [[User:Example]].',
-        self::NAME_NUMONLY      => 'The username you chose is invalid: it consists entirely of numbers. Please retry '
-            . 'with a valid username.',
-        self::NAME_INVALIDCHAR  => 'There appears to be an invalid character in your username. Please note that the '
-            . 'following characters are not allowed: <code># @ / &lt; &gt; [ ] | { }</code>',
-        self::NAME_SANITISED    => 'Your requested username has been automatically adjusted due to technical '
-            . 'restrictions. Underscores have been replaced with spaces, and the first character has been capitalised.',
-        self::NAME_IP           => 'The username you chose is invalid: it cannot be an IP address',
-        self::EMAIL_EMPTY       => 'You need to supply an email address.',
-        self::EMAIL_WIKIMEDIA   => 'Please provide your email address here.',
-        self::EMAIL_INVALID     => 'Invalid E-mail address supplied. Please check you entered it correctly.',
-        self::EMAIL_MISMATCH    => 'The email addresses you entered do not match. Please try again.',
-        self::OPEN_REQUEST_NAME => 'There is already an open request with this name in this system.',
-        self::BANNED            => 'Sorry, you are currently banned from requesting accounts using this tool.',
-        self::BANNED_TOR        => 'Tor exit nodes are currently banned from using this tool due to excessive abuse. '
-            . 'Please note that Tor is also currently banned from editing Wikipedia.',
-    );
-    /**
-     * Summary of $errorCode
-     * @var string
-     */
-    private $errorCode;
-    /**
-     * Summary of $isError
-     * @var bool
-     */
-    private $isError;
+	const NAME_EMPTY = "name_empty";
+	const NAME_TOO_LONG = "name_too_long";
+	const NAME_EXISTS = "name_exists";
+	const NAME_EXISTS_SUL = "name_exists_sul";
+	const NAME_NUMONLY = "name_numonly";
+	const NAME_INVALIDCHAR = "name_invalidchar";
+	const NAME_SANITISED = "name_sanitised";
+	const NAME_IP = "name_ip";
+	const EMAIL_EMPTY = "email_empty";
+	const EMAIL_WIKIMEDIA = "email_wikimedia";
+	const EMAIL_INVALID = "email_invalid";
+	const EMAIL_MISMATCH = "email_mismatch";
+	const OPEN_REQUEST_NAME = "open_request_name";
+	const BANNED = "banned";
+	const BANNED_TOR = "banned_tor";
+	/**
+	 * @var array Error text for the above
+	 */
+	private static $errorText = array(
+		self::NAME_EMPTY        => 'You\'ve not chosen a username!',
+		self::NAME_TOO_LONG     => 'Your chosen username is too long. Please choose a shorter one.',
+		self::NAME_EXISTS       => 'I\'m sorry, but the username you selected is already taken. Please try another. '
+			. 'Please note that Wikipedia automatically capitalizes the first letter of any user name, therefore '
+			. '[[User:example]] would become [[User:Example]].',
+		self::NAME_EXISTS_SUL   => 'I\'m sorry, but the username you selected is already taken. Please try another. '
+			. 'Please note that Wikipedia automatically capitalizes the first letter of any user name, therefore '
+			. '[[User:example]] would become [[User:Example]].',
+		self::NAME_NUMONLY      => 'The username you chose is invalid: it consists entirely of numbers. Please retry '
+			. 'with a valid username.',
+		self::NAME_INVALIDCHAR  => 'There appears to be an invalid character in your username. Please note that the '
+			. 'following characters are not allowed: <code># @ / &lt; &gt; [ ] | { }</code>',
+		self::NAME_SANITISED    => 'Your requested username has been automatically adjusted due to technical '
+			. 'restrictions. Underscores have been replaced with spaces, and the first character has been capitalised.',
+		self::NAME_IP           => 'The username you chose is invalid: it cannot be an IP address',
+		self::EMAIL_EMPTY       => 'You need to supply an email address.',
+		self::EMAIL_WIKIMEDIA   => 'Please provide your email address here.',
+		self::EMAIL_INVALID     => 'Invalid E-mail address supplied. Please check you entered it correctly.',
+		self::EMAIL_MISMATCH    => 'The email addresses you entered do not match. Please try again.',
+		self::OPEN_REQUEST_NAME => 'There is already an open request with this name in this system.',
+		self::BANNED            => 'Sorry, you are currently banned from requesting accounts using this tool.',
+		self::BANNED_TOR        => 'Tor exit nodes are currently banned from using this tool due to excessive abuse. '
+			. 'Please note that Tor is also currently banned from editing Wikipedia.',
+	);
+	/**
+	 * Summary of $errorCode
+	 * @var string
+	 */
+	private $errorCode;
+	/**
+	 * Summary of $isError
+	 * @var bool
+	 */
+	private $isError;
 
-    /**
-     * Summary of __construct
-     *
-     * @param string $errorCode
-     * @param bool   $isError
-     */
-    public function __construct($errorCode, $isError = true)
-    {
-        $this->errorCode = $errorCode;
-        $this->isError = $isError;
-    }
+	/**
+	 * Summary of __construct
+	 *
+	 * @param string $errorCode
+	 * @param bool   $isError
+	 */
+	public function __construct($errorCode, $isError = true)
+	{
+		$this->errorCode = $errorCode;
+		$this->isError = $isError;
+	}
 
-    /**
-     * Summary of getErrorCode
-     * @return string
-     */
-    public function getErrorCode()
-    {
-        return $this->errorCode;
-    }
+	/**
+	 * Summary of getErrorCode
+	 * @return string
+	 */
+	public function getErrorCode()
+	{
+		return $this->errorCode;
+	}
 
-    /**
-     * @return string
-     * @throws Exception
-     */
-    public function getErrorMessage()
-    {
-        $text = self::$errorText[$this->errorCode];
+	/**
+	 * @return string
+	 * @throws Exception
+	 */
+	public function getErrorMessage()
+	{
+		$text = self::$errorText[$this->errorCode];
 
-        if ($text == null) {
-            throw new Exception('Unknown validation error');
-        }
+		if ($text == null) {
+			throw new Exception('Unknown validation error');
+		}
 
-        return $text;
-    }
+		return $text;
+	}
 
-    /**
-     * Summary of isError
-     * @return bool
-     */
-    public function isError()
-    {
-        return $this->isError;
-    }
+	/**
+	 * Summary of isError
+	 * @return bool
+	 */
+	public function isError()
+	{
+		return $this->isError;
+	}
 }

includes/Pages/PageWelcomeTemplateManagement.php

Indentation +191 added lines, -191 removed lines

@@ -22,258 +22,258 @@
 
 class PageWelcomeTemplateManagement extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $database = $this->getDatabase();
-        $templateList = WelcomeTemplate::getAll($database, 1); // FIXME: domains
-        $preferenceManager = PreferenceManager::getForCurrent($database);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$database = $this->getDatabase();
+		$templateList = WelcomeTemplate::getAll($database, 1); // FIXME: domains
+		$preferenceManager = PreferenceManager::getForCurrent($database);
 
-        $this->setHtmlTitle('Welcome Templates');
+		$this->setHtmlTitle('Welcome Templates');
 
-        $this->assignCSRFToken();
+		$this->assignCSRFToken();
 
-        $user = User::getCurrent($database);
+		$user = User::getCurrent($database);
 
-        $currentTemplate = $preferenceManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
-        $this->assign('currentTemplate', $currentTemplate);
+		$currentTemplate = $preferenceManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
+		$this->assign('currentTemplate', $currentTemplate);
 
-        $this->assign('canEdit', $this->barrierTest('edit', $user));
-        $this->assign('canAdd', $this->barrierTest('add', $user));
-        $this->assign('canSelect', $this->barrierTest('select', $user));
+		$this->assign('canEdit', $this->barrierTest('edit', $user));
+		$this->assign('canAdd', $this->barrierTest('add', $user));
+		$this->assign('canSelect', $this->barrierTest('select', $user));
 
-        $this->assign('templateList', $templateList);
-        $this->setTemplate('welcome-template/list.tpl');
-    }
+		$this->assign('templateList', $templateList);
+		$this->setTemplate('welcome-template/list.tpl');
+	}
 
-    /**
-     * Handles the requests for selecting a template to use.
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function select()
-    {
-        // get rid of GETs
-        if (!WebRequest::wasPosted()) {
-            $this->redirect('welcomeTemplates');
-        }
+	/**
+	 * Handles the requests for selecting a template to use.
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function select()
+	{
+		// get rid of GETs
+		if (!WebRequest::wasPosted()) {
+			$this->redirect('welcomeTemplates');
+		}
 
-        $this->validateCSRFToken();
+		$this->validateCSRFToken();
 
-        $database = $this->getDatabase();
-        $user = User::getCurrent($database);
-        $preferenceManager = PreferenceManager::getForCurrent($database);
+		$database = $this->getDatabase();
+		$user = User::getCurrent($database);
+		$preferenceManager = PreferenceManager::getForCurrent($database);
 
-        if (WebRequest::postBoolean('disable')) {
-            $preferenceManager->setLocalPreference(PreferenceManager::PREF_WELCOMETEMPLATE, null);
+		if (WebRequest::postBoolean('disable')) {
+			$preferenceManager->setLocalPreference(PreferenceManager::PREF_WELCOMETEMPLATE, null);
 
-            SessionAlert::success('Disabled automatic user welcoming.');
-            $this->redirect('welcomeTemplates');
+			SessionAlert::success('Disabled automatic user welcoming.');
+			$this->redirect('welcomeTemplates');
 
-            return;
-        }
+			return;
+		}
 
-        $templateId = WebRequest::postInt('template');
-        /** @var false|WelcomeTemplate $template */
-        $template = WelcomeTemplate::getById($templateId, $database);
+		$templateId = WebRequest::postInt('template');
+		/** @var false|WelcomeTemplate $template */
+		$template = WelcomeTemplate::getById($templateId, $database);
 
-        if ($template === false || $template->isDeleted()) {
-            throw new ApplicationLogicException('Unknown template');
-        }
+		if ($template === false || $template->isDeleted()) {
+			throw new ApplicationLogicException('Unknown template');
+		}
 
-        $preferenceManager->setLocalPreference(PreferenceManager::PREF_WELCOMETEMPLATE, $template->getId());
+		$preferenceManager->setLocalPreference(PreferenceManager::PREF_WELCOMETEMPLATE, $template->getId());
 
-        SessionAlert::success("Updated selected welcome template for automatic welcoming.");
+		SessionAlert::success("Updated selected welcome template for automatic welcoming.");
 
-        $this->redirect('welcomeTemplates');
-    }
+		$this->redirect('welcomeTemplates');
+	}
 
-    /**
-     * Handles the requests for viewing a template.
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function view()
-    {
-        $this->setHtmlTitle('View Welcome Template');
+	/**
+	 * Handles the requests for viewing a template.
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function view()
+	{
+		$this->setHtmlTitle('View Welcome Template');
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $templateId = WebRequest::getInt('template');
+		$templateId = WebRequest::getInt('template');
 
-        /** @var false|WelcomeTemplate $template */
-        $template = WelcomeTemplate::getById($templateId, $database);
+		/** @var false|WelcomeTemplate $template */
+		$template = WelcomeTemplate::getById($templateId, $database);
 
-        if ($template === false) {
-            throw new ApplicationLogicException('Cannot find requested template');
-        }
+		if ($template === false) {
+			throw new ApplicationLogicException('Cannot find requested template');
+		}
 
-        $currentUser = User::getCurrent($database);
+		$currentUser = User::getCurrent($database);
 
-        // This includes a section header, because we use the "new section" API call.
-        $wikiText = "== " . $template->getSectionHeader() . "==\n" . $template->getBotCodeForWikiSave('Example User', $currentUser->getOnWikiName());
+		// This includes a section header, because we use the "new section" API call.
+		$wikiText = "== " . $template->getSectionHeader() . "==\n" . $template->getBotCodeForWikiSave('Example User', $currentUser->getOnWikiName());
 
-        $oauth = new OAuthUserHelper($currentUser, $database, $this->getOauthProtocolHelper(),
-            $this->getSiteConfiguration());
-        $mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
+		$oauth = new OAuthUserHelper($currentUser, $database, $this->getOauthProtocolHelper(),
+			$this->getSiteConfiguration());
+		$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
 
-        $templateHtml = $mediaWikiHelper->getHtmlForWikiText($wikiText);
+		$templateHtml = $mediaWikiHelper->getHtmlForWikiText($wikiText);
         
-        // Add site to relevant links, since the MediaWiki parser returns, eg, `/wiki/Help:Introduction`
-        // and we want to link to <https://en.wikipedia.org/wiki/Help:Introduction> rather than
-        // <https://accounts.wmflabs.org/wiki/Help:Introduction>
-        // The code currently assumes that the template was parsed for enwiki, and will need to be
-        // updated once other wikis are supported.
-        $templateHtml = preg_replace('/(<a href=")(\/wiki\/)/', '$1//en.wikipedia.org$2', $templateHtml);
-
-        $this->assign('templateHtml', $templateHtml);
-        $this->assign('template', $template);
-        $this->setTemplate('welcome-template/view.tpl');
-    }
-
-    /**
-     * Handler for the add action to create a new welcome template
-     *
-     * @throws Exception
-     */
-    protected function add()
-    {
-        $this->assign('createmode', true);
+		// Add site to relevant links, since the MediaWiki parser returns, eg, `/wiki/Help:Introduction`
+		// and we want to link to <https://en.wikipedia.org/wiki/Help:Introduction> rather than
+		// <https://accounts.wmflabs.org/wiki/Help:Introduction>
+		// The code currently assumes that the template was parsed for enwiki, and will need to be
+		// updated once other wikis are supported.
+		$templateHtml = preg_replace('/(<a href=")(\/wiki\/)/', '$1//en.wikipedia.org$2', $templateHtml);
+
+		$this->assign('templateHtml', $templateHtml);
+		$this->assign('template', $template);
+		$this->setTemplate('welcome-template/view.tpl');
+	}
+
+	/**
+	 * Handler for the add action to create a new welcome template
+	 *
+	 * @throws Exception
+	 */
+	protected function add()
+	{
+		$this->assign('createmode', true);
 
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $database = $this->getDatabase();
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$database = $this->getDatabase();
 
-            $userCode = WebRequest::postString('usercode');
-            $botCode = WebRequest::postString('botcode');
+			$userCode = WebRequest::postString('usercode');
+			$botCode = WebRequest::postString('botcode');
 
-            $this->validate($userCode, $botCode);
+			$this->validate($userCode, $botCode);
 
-            $template = new WelcomeTemplate();
-            $template->setDatabase($database);
-            $template->setUserCode($userCode);
-            $template->setBotCode($botCode);
-            $template->setDomain(1); // FIXME: domains!
-            $template->save();
+			$template = new WelcomeTemplate();
+			$template->setDatabase($database);
+			$template->setUserCode($userCode);
+			$template->setBotCode($botCode);
+			$template->setDomain(1); // FIXME: domains!
+			$template->save();
 
-            Logger::welcomeTemplateCreated($database, $template);
+			Logger::welcomeTemplateCreated($database, $template);
 
-            $this->getNotificationHelper()->welcomeTemplateCreated($template);
+			$this->getNotificationHelper()->welcomeTemplateCreated($template);
 
-            SessionAlert::success("Template successfully created.");
+			SessionAlert::success("Template successfully created.");
 
-            $this->redirect('welcomeTemplates');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('template', new WelcomeTemplate());
-            $this->setTemplate("welcome-template/edit.tpl");
-        }
-    }
+			$this->redirect('welcomeTemplates');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('template', new WelcomeTemplate());
+			$this->setTemplate("welcome-template/edit.tpl");
+		}
+	}
 
-    /**
-     * Handler for editing templates
-     */
-    protected function edit()
-    {
-        $database = $this->getDatabase();
+	/**
+	 * Handler for editing templates
+	 */
+	protected function edit()
+	{
+		$database = $this->getDatabase();
 
-        $templateId = WebRequest::getInt('template');
+		$templateId = WebRequest::getInt('template');
 
-        /** @var false|WelcomeTemplate $template */
-        $template = WelcomeTemplate::getById($templateId, $database);
+		/** @var false|WelcomeTemplate $template */
+		$template = WelcomeTemplate::getById($templateId, $database);
 
-        if ($template === false) {
-            throw new ApplicationLogicException('Cannot find requested template');
-        }
+		if ($template === false) {
+			throw new ApplicationLogicException('Cannot find requested template');
+		}
 
-        if ($template->isDeleted()) {
-            throw new ApplicationLogicException('The specified template has been deleted');
-        }
+		if ($template->isDeleted()) {
+			throw new ApplicationLogicException('The specified template has been deleted');
+		}
 
-        $this->assign('createmode', false);
+		$this->assign('createmode', false);
 
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
 
-            $userCode = WebRequest::postString('usercode');
-            $botCode = WebRequest::postString('botcode');
+			$userCode = WebRequest::postString('usercode');
+			$botCode = WebRequest::postString('botcode');
 
-            $this->validate($userCode, $botCode);
+			$this->validate($userCode, $botCode);
 
-            $template->setUserCode($userCode);
-            $template->setBotCode($botCode);
-            $template->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $template->save();
+			$template->setUserCode($userCode);
+			$template->setBotCode($botCode);
+			$template->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$template->save();
 
-            Logger::welcomeTemplateEdited($database, $template);
+			Logger::welcomeTemplateEdited($database, $template);
 
-            SessionAlert::success("Template updated.");
+			SessionAlert::success("Template updated.");
 
-            $this->getNotificationHelper()->welcomeTemplateEdited($template);
+			$this->getNotificationHelper()->welcomeTemplateEdited($template);
 
-            $this->redirect('welcomeTemplates');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('template', $template);
-            $this->setTemplate('welcome-template/edit.tpl');
-        }
-    }
+			$this->redirect('welcomeTemplates');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('template', $template);
+			$this->setTemplate('welcome-template/edit.tpl');
+		}
+	}
 
-    protected function delete()
-    {
-        if (!WebRequest::wasPosted()) {
-            $this->redirect('welcomeTemplates');
-            return;
-        }
+	protected function delete()
+	{
+		if (!WebRequest::wasPosted()) {
+			$this->redirect('welcomeTemplates');
+			return;
+		}
 
-        $this->validateCSRFToken();
+		$this->validateCSRFToken();
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $templateId = WebRequest::postInt('template');
-        $updateVersion = WebRequest::postInt('updateversion');
+		$templateId = WebRequest::postInt('template');
+		$updateVersion = WebRequest::postInt('updateversion');
 
-        /** @var false|WelcomeTemplate $template */
-        $template = WelcomeTemplate::getById($templateId, $database);
+		/** @var false|WelcomeTemplate $template */
+		$template = WelcomeTemplate::getById($templateId, $database);
 
-        if ($template === false || $template->isDeleted()) {
-            throw new ApplicationLogicException('Cannot find requested template');
-        }
+		if ($template === false || $template->isDeleted()) {
+			throw new ApplicationLogicException('Cannot find requested template');
+		}
 
-        // set the update version to the version sent by the client (optimisticly lock from initial page load)
-        $template->setUpdateVersion($updateVersion);
+		// set the update version to the version sent by the client (optimisticly lock from initial page load)
+		$template->setUpdateVersion($updateVersion);
 
-        $database
-            ->prepare("UPDATE userpreference SET value = NULL, updateversion = updateversion + 1 WHERE preference = :pref and value = :id;")
-            ->execute([
-                ':id'   => $templateId,
-                ':pref' => PreferenceManager::PREF_WELCOMETEMPLATE
-            ]);
+		$database
+			->prepare("UPDATE userpreference SET value = NULL, updateversion = updateversion + 1 WHERE preference = :pref and value = :id;")
+			->execute([
+				':id'   => $templateId,
+				':pref' => PreferenceManager::PREF_WELCOMETEMPLATE
+			]);
 
-        Logger::welcomeTemplateDeleted($database, $template);
+		Logger::welcomeTemplateDeleted($database, $template);
 
-        $template->delete();
+		$template->delete();
 
-        $this->redirect('welcomeTemplates');
+		$this->redirect('welcomeTemplates');
 
-        SessionAlert::success(
-            "Template deleted. Any users who were using this template have had automatic welcoming disabled.");
-        $this->getNotificationHelper()->welcomeTemplateDeleted($templateId);
-    }
+		SessionAlert::success(
+			"Template deleted. Any users who were using this template have had automatic welcoming disabled.");
+		$this->getNotificationHelper()->welcomeTemplateDeleted($templateId);
+	}
 
-    private function validate($userCode, $botCode)
-    {
-        if ($userCode === null) {
-            throw new ApplicationLogicException('User code cannot be null');
-        }
+	private function validate($userCode, $botCode)
+	{
+		if ($userCode === null) {
+			throw new ApplicationLogicException('User code cannot be null');
+		}
 
-        if ($botCode === null) {
-            throw new ApplicationLogicException('Bot code cannot be null');
-        }
-    }
+		if ($botCode === null) {
+			throw new ApplicationLogicException('Bot code cannot be null');
+		}
+	}
 }

includes/Pages/PageXffDemo.php

Indentation +132 added lines, -132 removed lines

@@ -13,136 +13,136 @@
 
 class PageXffDemo extends InternalPageBase
 {
-    use RequestData;
-
-    /**
-     * @inheritDoc
-     */
-    protected function main()
-    {
-        $this->setTemplate('xffdemo.tpl');
-
-        // requestHasForwardedIp == false
-        // requestProxyData
-        // requestRealIp == proxy
-        // requestForwardedIp == xff header
-        // forwardedOrigin  == top of the chain, assuming xff is trusted
-
-
-        $this->assign('demo2', [
-            [
-                'trust' => true,
-                'trustedlink' => true,
-                'ip' => '172.16.0.164',
-                'routable' => false,
-
-            ], [
-                'trust' => true,
-                'ip' => '198.51.100.123',
-                'routable' => true,
-                'rdns' => 'trustedproxy.example.com',
-
-            ], [
-                'trust' => true,
-                'ip' => '192.0.2.1',
-                'routable' => true,
-                'rdns' => 'client.users.example.org',
-                'location' => [
-                    'cityName' => 'San Francisco',
-                    'regionName' => 'California',
-                    'countryName' => 'United States'
-                ],
-                'showlinks' => true
-            ]
-        ]);
-
-        $this->assign('demo3', [
-            [
-                'trust' => true,
-                'trustedlink' => true,
-                'ip' => '172.16.0.164',
-                'routable' => false,
-
-            ], [
-                'trust' => false,
-                'ip' => '198.51.100.234',
-                'routable' => true,
-                'rdns' => 'sketchyproxy.example.com',
-                'showlinks' => true
-
-            ], [
-                'trust' => false,
-                'ip' => '192.0.2.1',
-                'routable' => true,
-                'rdns' => 'client.users.example.org',
-                'location' => [
-                    'cityName' => 'San Francisco',
-                    'regionName' => 'California',
-                    'countryName' => 'United States'
-                ],
-                'showlinks' => true
-            ]
-        ]);
-
-        $this->assign('demo4', [
-            [
-                'trust' => true,
-                'trustedlink' => true,
-                'ip' => '172.16.0.164',
-                'routable' => false,
-
-            ], [
-                'trust' => true,
-                'ip' => '198.51.100.123',
-                'routable' => true,
-                'rdns' => 'trustedproxy.example.com',
-            ], [
-                'trust' => false,
-                'ip' => '198.51.100.234',
-                'routable' => true,
-                'rdns' => 'sketchyproxy.example.com',
-                'showlinks' => true
-            ], [
-                'trust' => false,
-                'trustedlink' => true,
-                'ip' => '198.51.100.124',
-                'routable' => true,
-                'rdns' => 'trustedproxy2.example.com',
-                'showlinks' => true
-            ], [
-                'trust' => false,
-                'ip' => '192.0.2.1',
-                'routable' => true,
-                'rdns' => 'client.users.example.org',
-                'location' => [
-                    'cityName' => 'San Francisco',
-                    'regionName' => 'California',
-                    'countryName' => 'United States'
-                ],
-                'showlinks' => true
-            ]
-        ]);
-
-        $this->assign('demo1', [
-            [
-                'trust' => true,
-                'trustedlink' => true,
-                'ip' => '172.16.0.164',
-                'routable' => false,
-
-            ], [
-                'trust' => true,
-                'trustedlink' => true,
-                'ip' => '192.0.2.1',
-                'routable' => true,
-                'rdns' => 'client.users.example.org',
-                'location' => [
-                    'cityName' => 'San Francisco',
-                    'regionName' => 'California',
-                    'countryName' => 'United States'
-                ],
-                'showlinks' => true
-            ]
-        ]);
-    }
+	use RequestData;
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function main()
+	{
+		$this->setTemplate('xffdemo.tpl');
+
+		// requestHasForwardedIp == false
+		// requestProxyData
+		// requestRealIp == proxy
+		// requestForwardedIp == xff header
+		// forwardedOrigin  == top of the chain, assuming xff is trusted
+
+
+		$this->assign('demo2', [
+			[
+				'trust' => true,
+				'trustedlink' => true,
+				'ip' => '172.16.0.164',
+				'routable' => false,
+
+			], [
+				'trust' => true,
+				'ip' => '198.51.100.123',
+				'routable' => true,
+				'rdns' => 'trustedproxy.example.com',
+
+			], [
+				'trust' => true,
+				'ip' => '192.0.2.1',
+				'routable' => true,
+				'rdns' => 'client.users.example.org',
+				'location' => [
+					'cityName' => 'San Francisco',
+					'regionName' => 'California',
+					'countryName' => 'United States'
+				],
+				'showlinks' => true
+			]
+		]);
+
+		$this->assign('demo3', [
+			[
+				'trust' => true,
+				'trustedlink' => true,
+				'ip' => '172.16.0.164',
+				'routable' => false,
+
+			], [
+				'trust' => false,
+				'ip' => '198.51.100.234',
+				'routable' => true,
+				'rdns' => 'sketchyproxy.example.com',
+				'showlinks' => true
+
+			], [
+				'trust' => false,
+				'ip' => '192.0.2.1',
+				'routable' => true,
+				'rdns' => 'client.users.example.org',
+				'location' => [
+					'cityName' => 'San Francisco',
+					'regionName' => 'California',
+					'countryName' => 'United States'
+				],
+				'showlinks' => true
+			]
+		]);
+
+		$this->assign('demo4', [
+			[
+				'trust' => true,
+				'trustedlink' => true,
+				'ip' => '172.16.0.164',
+				'routable' => false,
+
+			], [
+				'trust' => true,
+				'ip' => '198.51.100.123',
+				'routable' => true,
+				'rdns' => 'trustedproxy.example.com',
+			], [
+				'trust' => false,
+				'ip' => '198.51.100.234',
+				'routable' => true,
+				'rdns' => 'sketchyproxy.example.com',
+				'showlinks' => true
+			], [
+				'trust' => false,
+				'trustedlink' => true,
+				'ip' => '198.51.100.124',
+				'routable' => true,
+				'rdns' => 'trustedproxy2.example.com',
+				'showlinks' => true
+			], [
+				'trust' => false,
+				'ip' => '192.0.2.1',
+				'routable' => true,
+				'rdns' => 'client.users.example.org',
+				'location' => [
+					'cityName' => 'San Francisco',
+					'regionName' => 'California',
+					'countryName' => 'United States'
+				],
+				'showlinks' => true
+			]
+		]);
+
+		$this->assign('demo1', [
+			[
+				'trust' => true,
+				'trustedlink' => true,
+				'ip' => '172.16.0.164',
+				'routable' => false,
+
+			], [
+				'trust' => true,
+				'trustedlink' => true,
+				'ip' => '192.0.2.1',
+				'routable' => true,
+				'rdns' => 'client.users.example.org',
+				'location' => [
+					'cityName' => 'San Francisco',
+					'regionName' => 'California',
+					'countryName' => 'United States'
+				],
+				'showlinks' => true
+			]
+		]);
+	}
 }

includes/Pages/PageErrorLogViewer.php

Indentation +123 added lines, -123 removed lines

@@ -14,127 +14,127 @@
 
 class PageErrorLogViewer extends InternalPageBase
 {
-    /**
-     * @inheritDoc
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Exception viewer');
-
-        $user = User::getCurrent($this->getDatabase());
-        $this->assign('canView', $this->barrierTest('view', $user));
-        $this->assign('canRemove', $this->barrierTest('remove', $user));
-
-        // Get the list of exception logs from the error log directory
-        $errorLogDirectory = $this->getSiteConfiguration()->getErrorLog();
-        $files = scandir($errorLogDirectory);
-
-        // Exclude the files we know should be there
-        $filteredFiles = array_filter($files, function($file) {
-            return !in_array($file, ['.', '..', 'README.md']);
-        });
-
-        $exceptionDetails = array_map(function($item) use ($errorLogDirectory) {
-            $filename = realpath($errorLogDirectory) . DIRECTORY_SEPARATOR . $item;
-
-            return [
-                'id'   => str_replace('.log', '', $item),
-                'date' => date('Y-m-d H:i:s', filemtime($filename)),
-                'data' => str_replace($this->getSiteConfiguration()->getFilePath(), '.',
-                    unserialize(file_get_contents($filename))),
-            ];
-        }, $filteredFiles);
-
-        $this->assign('exceptionEntries', $exceptionDetails);
-        $this->setTemplate('errorlog/main.tpl');
-    }
-
-    protected function view()
-    {
-        $this->setHtmlTitle('Exception viewer');
-
-        $requestedErrorId = WebRequest::getString('id');
-        $safeFilename = $this->safetyCheck($requestedErrorId);
-
-        if ($safeFilename === false) {
-            $this->redirect('errorLog');
-
-            return;
-        }
-
-        // note: at this point we've done sufficient sanity checks that we can be confident this value is safe to echo
-        // back to the user.
-        $this->assign('id', $requestedErrorId);
-        $this->assign('date', date('Y-m-d H:i:s', filemtime($safeFilename)));
-
-        $data = unserialize(file_get_contents($safeFilename));
-        $this->assign('server', $data['server']);
-        $this->assign('get', $data['get']);
-        $this->assign('post', $data['post']);
-
-        $this->assign('globalHandler', $data['globalHandler']);
-
-        $exceptionList = [];
-        $current = $data;
-        do {
-            $ex = [
-                'exception' => $current['exception'],
-                'message'   => str_replace($this->getSiteConfiguration()->getFilePath(), '.', $current['message']),
-                'stack'     => str_replace($this->getSiteConfiguration()->getFilePath(), '.', $current['stack']),
-            ];
-            $exceptionList[] = $ex;
-
-            $current = $current['previous'];
-        }
-        while ($current !== null);
-
-        $this->assign('exceptionList', $exceptionList);
-
-        $this->setTemplate('errorlog/details.tpl');
-    }
-
-    public function remove()
-    {
-        $safeFilename = $this->safetyCheck(WebRequest::getString('id'));
-
-        if ($safeFilename === false) {
-            $this->redirect('errorLog');
-
-            return;
-        }
-
-        unlink($safeFilename);
-
-        $this->redirect('errorLog');
-
-        return;
-    }
-
-    /**
-     * @param string|null $requestedErrorId
-     *
-     * @return bool|string
-     */
-    protected function safetyCheck(?string $requestedErrorId)
-    {
-        if ($requestedErrorId === null) {
-            return false;
-        }
-
-        // security - only allow hex-encoded filenames, as this is what is generated.
-        // This is prefixed with the configured directory. Path traversal is protected against due to . and / not being
-        // part of the hex character set.
-        if (!preg_match('/^[a-f0-9]{40}$/', $requestedErrorId)) {
-            return false;
-        }
-
-        $errorLogDirectory = $this->getSiteConfiguration()->getErrorLog();
-        $filename = realpath($errorLogDirectory) . DIRECTORY_SEPARATOR . $requestedErrorId . '.log';
-
-        if (!file_exists($filename)) {
-            return false;
-        }
-
-        return $filename;
-    }
+	/**
+	 * @inheritDoc
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Exception viewer');
+
+		$user = User::getCurrent($this->getDatabase());
+		$this->assign('canView', $this->barrierTest('view', $user));
+		$this->assign('canRemove', $this->barrierTest('remove', $user));
+
+		// Get the list of exception logs from the error log directory
+		$errorLogDirectory = $this->getSiteConfiguration()->getErrorLog();
+		$files = scandir($errorLogDirectory);
+
+		// Exclude the files we know should be there
+		$filteredFiles = array_filter($files, function($file) {
+			return !in_array($file, ['.', '..', 'README.md']);
+		});
+
+		$exceptionDetails = array_map(function($item) use ($errorLogDirectory) {
+			$filename = realpath($errorLogDirectory) . DIRECTORY_SEPARATOR . $item;
+
+			return [
+				'id'   => str_replace('.log', '', $item),
+				'date' => date('Y-m-d H:i:s', filemtime($filename)),
+				'data' => str_replace($this->getSiteConfiguration()->getFilePath(), '.',
+					unserialize(file_get_contents($filename))),
+			];
+		}, $filteredFiles);
+
+		$this->assign('exceptionEntries', $exceptionDetails);
+		$this->setTemplate('errorlog/main.tpl');
+	}
+
+	protected function view()
+	{
+		$this->setHtmlTitle('Exception viewer');
+
+		$requestedErrorId = WebRequest::getString('id');
+		$safeFilename = $this->safetyCheck($requestedErrorId);
+
+		if ($safeFilename === false) {
+			$this->redirect('errorLog');
+
+			return;
+		}
+
+		// note: at this point we've done sufficient sanity checks that we can be confident this value is safe to echo
+		// back to the user.
+		$this->assign('id', $requestedErrorId);
+		$this->assign('date', date('Y-m-d H:i:s', filemtime($safeFilename)));
+
+		$data = unserialize(file_get_contents($safeFilename));
+		$this->assign('server', $data['server']);
+		$this->assign('get', $data['get']);
+		$this->assign('post', $data['post']);
+
+		$this->assign('globalHandler', $data['globalHandler']);
+
+		$exceptionList = [];
+		$current = $data;
+		do {
+			$ex = [
+				'exception' => $current['exception'],
+				'message'   => str_replace($this->getSiteConfiguration()->getFilePath(), '.', $current['message']),
+				'stack'     => str_replace($this->getSiteConfiguration()->getFilePath(), '.', $current['stack']),
+			];
+			$exceptionList[] = $ex;
+
+			$current = $current['previous'];
+		}
+		while ($current !== null);
+
+		$this->assign('exceptionList', $exceptionList);
+
+		$this->setTemplate('errorlog/details.tpl');
+	}
+
+	public function remove()
+	{
+		$safeFilename = $this->safetyCheck(WebRequest::getString('id'));
+
+		if ($safeFilename === false) {
+			$this->redirect('errorLog');
+
+			return;
+		}
+
+		unlink($safeFilename);
+
+		$this->redirect('errorLog');
+
+		return;
+	}
+
+	/**
+	 * @param string|null $requestedErrorId
+	 *
+	 * @return bool|string
+	 */
+	protected function safetyCheck(?string $requestedErrorId)
+	{
+		if ($requestedErrorId === null) {
+			return false;
+		}
+
+		// security - only allow hex-encoded filenames, as this is what is generated.
+		// This is prefixed with the configured directory. Path traversal is protected against due to . and / not being
+		// part of the hex character set.
+		if (!preg_match('/^[a-f0-9]{40}$/', $requestedErrorId)) {
+			return false;
+		}
+
+		$errorLogDirectory = $this->getSiteConfiguration()->getErrorLog();
+		$filename = realpath($errorLogDirectory) . DIRECTORY_SEPARATOR . $requestedErrorId . '.log';
+
+		if (!file_exists($filename)) {
+			return false;
+		}
+
+		return $filename;
+	}
 }
\ No newline at end of file

includes/Pages/PageExpandedRequestList.php

Indentation +42 added lines, -42 removed lines

@@ -18,59 +18,59 @@
 
 class PageExpandedRequestList extends InternalPageBase
 {
-    use RequestListData;
+	use RequestListData;
 
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     * @todo This is very similar to the PageMain code, we could probably generalise this somehow
-     */
-    protected function main()
-    {
-        if (WebRequest::getString('queue') === null) {
-            $this->redirect('');
-            return;
-        }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 * @todo This is very similar to the PageMain code, we could probably generalise this somehow
+	 */
+	protected function main()
+	{
+		if (WebRequest::getString('queue') === null) {
+			$this->redirect('');
+			return;
+		}
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        // FIXME: domains
-        $queue = RequestQueue::getByApiName($database, WebRequest::getString('queue'), 1);
+		// FIXME: domains
+		$queue = RequestQueue::getByApiName($database, WebRequest::getString('queue'), 1);
 
-        if ($queue === false) {
-            $this->redirect('');
-            return;
-        }
+		if ($queue === false) {
+			$this->redirect('');
+			return;
+		}
 
-        /** @var SiteConfiguration $config */
-        $config = $this->getSiteConfiguration();
+		/** @var SiteConfiguration $config */
+		$config = $this->getSiteConfiguration();
 
-        $this->assignCSRFToken();
+		$this->assignCSRFToken();
 
-        $this->assign('queuehelp', $queue->getHelp());
+		$this->assign('queuehelp', $queue->getHelp());
 
-        // FIXME: domains
-        $search = RequestSearchHelper::get($database, 1);
-        $search->byStatus(RequestStatus::OPEN);
+		// FIXME: domains
+		$search = RequestSearchHelper::get($database, 1);
+		$search->byStatus(RequestStatus::OPEN);
 
-        list($defaultSort, $defaultSortDirection) = WebRequest::requestListDefaultSort();
-        $this->assign('defaultSort', $defaultSort);
-        $this->assign('defaultSortDirection', $defaultSortDirection);
+		list($defaultSort, $defaultSortDirection) = WebRequest::requestListDefaultSort();
+		$this->assign('defaultSort', $defaultSort);
+		$this->assign('defaultSortDirection', $defaultSortDirection);
 
-        if ($config->getEmailConfirmationEnabled()) {
-            $search->withConfirmedEmail();
-        }
+		if ($config->getEmailConfirmationEnabled()) {
+			$search->withConfirmedEmail();
+		}
 
-        $queuesById = [$queue->getId() => $queue];
-        $requestsByQueue = $search->fetchByQueue(array_keys($queuesById));
-        $requestData = $requestsByQueue[$queue->getId()];
+		$queuesById = [$queue->getId() => $queue];
+		$requestsByQueue = $search->fetchByQueue(array_keys($queuesById));
+		$requestData = $requestsByQueue[$queue->getId()];
 
-        $this->assign('requests', $this->prepareRequestData($requestData['data']));
-        $this->assign('totalRequests', $requestData['count']);
-        $this->assign('header', $queue->getHeader());
-        $this->assign('requestLimitShowOnly', $config->getMiserModeLimit());
+		$this->assign('requests', $this->prepareRequestData($requestData['data']));
+		$this->assign('totalRequests', $requestData['count']);
+		$this->assign('header', $queue->getHeader());
+		$this->assign('requestLimitShowOnly', $config->getMiserModeLimit());
 
-        $this->setHtmlTitle('{$header|escape}{if $totalRequests > 0} [{$totalRequests|escape}]{/if}');
-        $this->setTemplate('mainpage/expandedrequestlist.tpl');
-    }
+		$this->setHtmlTitle('{$header|escape}{if $totalRequests > 0} [{$totalRequests|escape}]{/if}');
+		$this->setTemplate('mainpage/expandedrequestlist.tpl');
+	}
 }

includes/Pages/PageFlagComment.php

Indentation +51 added lines, -51 removed lines

@@ -19,67 +19,67 @@
 
 class PageFlagComment extends InternalPageBase
 {
-    /**
-     * @inheritDoc
-     */
-    protected function main()
-    {
-        if (!WebRequest::wasPosted()) {
-            throw new ApplicationLogicException('This page does not support GET methods.');
-        }
+	/**
+	 * @inheritDoc
+	 */
+	protected function main()
+	{
+		if (!WebRequest::wasPosted()) {
+			throw new ApplicationLogicException('This page does not support GET methods.');
+		}
 
-        $this->validateCSRFToken();
+		$this->validateCSRFToken();
 
-        $flagState = WebRequest::postInt('flag');
-        $commentId = WebRequest::postInt('comment');
-        $updateVersion = WebRequest::postInt('updateversion');
+		$flagState = WebRequest::postInt('flag');
+		$commentId = WebRequest::postInt('comment');
+		$updateVersion = WebRequest::postInt('updateversion');
 
-        if ($flagState !== 0 && $flagState !== 1) {
-            throw new ApplicationLogicException('Flag status not valid');
-        }
+		if ($flagState !== 0 && $flagState !== 1) {
+			throw new ApplicationLogicException('Flag status not valid');
+		}
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        /** @var Comment|false $comment */
-        $comment = Comment::getById($commentId, $database);
-        if ($comment === false) {
-            throw new ApplicationLogicException('Unknown comment');
-        }
+		/** @var Comment|false $comment */
+		$comment = Comment::getById($commentId, $database);
+		if ($comment === false) {
+			throw new ApplicationLogicException('Unknown comment');
+		}
 
-        $currentUser = User::getCurrent($database);
+		$currentUser = User::getCurrent($database);
 
-        if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) {
-            // user isn't allowed to unflag comments
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
+		if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) {
+			// user isn't allowed to unflag comments
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
 
-        /** @var Request $request */
-        $request = Request::getById($comment->getRequest(), $database);
+		/** @var Request $request */
+		$request = Request::getById($comment->getRequest(), $database);
 
-        if ($comment->getFlagged()
-            && !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')
-            && $request->getReserved() !== $currentUser->getId()
-        ) {
-            // can't unflag if you can't see it.
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
+		if ($comment->getFlagged()
+			&& !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')
+			&& $request->getReserved() !== $currentUser->getId()
+		) {
+			// can't unflag if you can't see it.
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
 
-        $comment->setFlagged($flagState == 1);
-        $comment->setUpdateVersion($updateVersion);
-        $comment->save();
+		$comment->setFlagged($flagState == 1);
+		$comment->setUpdateVersion($updateVersion);
+		$comment->save();
 
-        if ($flagState === 1) {
-            Logger::flaggedComment($database, $comment, $request->getDomain());
-        }
-        else {
-            Logger::unflaggedComment($database, $comment, $request->getDomain());
-        }
+		if ($flagState === 1) {
+			Logger::flaggedComment($database, $comment, $request->getDomain());
+		}
+		else {
+			Logger::unflaggedComment($database, $comment, $request->getDomain());
+		}
 
-        if (WebRequest::postString('return') == 'list') {
-            $this->redirect('flaggedComments');
-        }
-        else {
-            $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]);
-        }
-    }
+		if (WebRequest::postString('return') == 'list') {
+			$this->redirect('flaggedComments');
+		}
+		else {
+			$this->redirect('viewRequest', null, ['id' => $comment->getRequest()]);
+		}
+	}
 }
\ No newline at end of file

includes/Pages/PageRequestFormManagement.php

Indentation +288 added lines, -288 removed lines

@@ -22,292 +22,292 @@
 
 class PageRequestFormManagement extends InternalPageBase
 {
-    protected function main()
-    {
-        $this->setHtmlTitle('Request Form Management');
-
-        $database = $this->getDatabase();
-        $domainId = Domain::getCurrent($database)->getId();
-        $forms = RequestForm::getAllForms($database, $domainId);
-        $this->assign('forms', $forms);
-
-        $queues = [];
-        foreach ($forms as $f) {
-            $queueId = $f->getOverrideQueue();
-            if ($queueId !== null) {
-                if (!isset($queues[$queueId])) {
-                    /** @var RequestQueue $queue */
-                    $queue = RequestQueue::getById($queueId, $this->getDatabase());
-
-                    if ($queue->getDomain() == $domainId) {
-                        $queues[$queueId] = $queue;
-                    }
-                }
-            }
-        }
-
-        $this->assign('queues', $queues);
-
-        $user = User::getCurrent($database);
-        $this->assign('canCreate', $this->barrierTest('create', $user));
-        $this->assign('canEdit', $this->barrierTest('edit', $user));
-        $this->assign('canView', $this->barrierTest('view', $user));
-
-        $this->setTemplate('form-management/main.tpl');
-    }
-
-    protected function preview() {
-        $previewContent = WebRequest::getSessionContext('preview');
-
-        $renderer = new MarkdownRenderingHelper();
-        $this->assign('renderedContent', $renderer->doRender($previewContent['main']));
-        $this->assign('username', $renderer->doRenderInline($previewContent['username']));
-        $this->assign('email', $renderer->doRenderInline($previewContent['email']));
-        $this->assign('comment', $renderer->doRenderInline($previewContent['comment']));
-
-        $this->setTemplate('form-management/preview.tpl');
-    }
-
-    protected function create()
-    {
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $database = $this->getDatabase();
-            $domainId = Domain::getCurrent($database)->getId();
-
-            $form = new RequestForm();
-
-            $form->setDatabase($database);
-            $form->setDomain($domainId);
-
-            $this->setupObjectFromPost($form);
-            $form->setPublicEndpoint(WebRequest::postString('endpoint'));
-
-            if (WebRequest::postString("preview") === "preview") {
-                $this->populateFromObject($form);
-
-                WebRequest::setSessionContext('preview', [
-                    'main' => $form->getFormContent(),
-                    'username' => $form->getUsernameHelp(),
-                    'email' => $form->getEmailHelp(),
-                    'comment' => $form->getCommentHelp(),
-                ]);
-
-                $this->assign('createMode', true);
-                $this->setTemplate('form-management/edit.tpl');
-
-                return;
-            }
-
-            $proceed = true;
-
-            if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) {
-                SessionAlert::error("The chosen public endpoint is already in use. Please choose another.");
-                $proceed = false;
-            }
-
-            if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) {
-                SessionAlert::error("The chosen public endpoint contains invalid characters");
-                $proceed = false;
-            }
-
-            if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) {
-                SessionAlert::error("The chosen name is already in use. Please choose another.");
-                $proceed = false;
-            }
-
-            if ($form->getOverrideQueue() !== null) {
-                /** @var RequestQueue|bool $queue */
-                $queue = RequestQueue::getById($form->getOverrideQueue(), $database);
-                if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) {
-                    SessionAlert::error("The chosen queue does not exist or is disabled.");
-                    $proceed = false;
-                }
-            }
-
-            if ($proceed) {
-                $form->save();
-                Logger::requestFormCreated($database, $form);
-                $this->redirect('requestFormManagement');
-            }
-            else {
-                $this->populateFromObject($form);
-                WebRequest::setSessionContext('preview', [
-                    'main' => $form->getFormContent(),
-                    'username' => $form->getUsernameHelp(),
-                    'email' => $form->getEmailHelp(),
-                    'comment' => $form->getCommentHelp(),
-                ]);
-
-                $this->assign('createMode', true);
-                $this->setTemplate('form-management/edit.tpl');
-            }
-        }
-        else {
-            $this->populateFromObject(new RequestForm());
-            WebRequest::setSessionContext('preview', null);
-            $this->assign('hidePreview', true);
-
-            $this->assignCSRFToken();
-            $this->assign('createMode', true);
-            $this->setTemplate('form-management/edit.tpl');
-        }
-    }
-
-    protected function view()
-    {
-        $database = $this->getDatabase();
-
-        /** @var RequestForm $form */
-        $form = RequestForm::getById(WebRequest::getInt('form'), $database);
-
-        if ($form->getDomain() !== Domain::getCurrent($database)->getId()) {
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
-
-        $this->populateFromObject($form);
-
-        if ($form->getOverrideQueue() !== null) {
-            $this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database));
-        }
-
-        WebRequest::setSessionContext('preview', [
-            'main' => $form->getFormContent(),
-            'username' => $form->getUsernameHelp(),
-            'email' => $form->getEmailHelp(),
-            'comment' => $form->getCommentHelp(),
-        ]);
-
-        $renderer = new MarkdownRenderingHelper();
-        $this->assign('renderedContent', $renderer->doRender($form->getFormContent()));
-
-        $this->setTemplate('form-management/view.tpl');
-    }
-
-    protected function edit()
-    {
-        $database = $this->getDatabase();
-
-        /** @var RequestForm $form */
-        $form = RequestForm::getById(WebRequest::getInt('form'), $database);
-
-        if ($form->getDomain() !== Domain::getCurrent($database)->getId()) {
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $this->setupObjectFromPost($form);
-
-            if (WebRequest::postString("preview") === "preview") {
-                $this->populateFromObject($form);
-
-                WebRequest::setSessionContext('preview', [
-                    'main' => $form->getFormContent(),
-                    'username' => $form->getUsernameHelp(),
-                    'email' => $form->getEmailHelp(),
-                    'comment' => $form->getCommentHelp(),
-                ]);
-
-                $this->assign('createMode', false);
-                $this->setTemplate('form-management/edit.tpl');
-
-                return;
-            }
-
-            $proceed = true;
-
-            $foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain());
-            if ($foundForm !== false && $foundForm->getId() !== $form->getId()) {
-                SessionAlert::error("The chosen name is already in use. Please choose another.");
-                $proceed = false;
-            }
-
-            if ($form->getOverrideQueue() !== null) {
-                /** @var RequestQueue $queue */
-                $queue = RequestQueue::getById($form->getOverrideQueue(), $database);
-                if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) {
-                    SessionAlert::error("The chosen queue does not exist or is disabled.");
-                    $proceed = false;
-                }
-            }
-
-            if ($proceed) {
-                Logger::requestFormEdited($database, $form);
-                $form->save();
-                $this->redirect('requestFormManagement');
-            }
-            else {
-                $this->populateFromObject($form);
-                WebRequest::setSessionContext('preview', [
-                    'main' => $form->getFormContent(),
-                    'username' => $form->getUsernameHelp(),
-                    'email' => $form->getEmailHelp(),
-                    'comment' => $form->getCommentHelp(),
-                ]);
-
-                $this->assign('createMode', false);
-                $this->setTemplate('form-management/edit.tpl');
-            }
-        }
-        else {
-            $this->populateFromObject($form);
-            WebRequest::setSessionContext('preview', [
-                'main' => $form->getFormContent(),
-                'username' => $form->getUsernameHelp(),
-                'email' => $form->getEmailHelp(),
-                'comment' => $form->getCommentHelp(),
-            ]);
-
-            $this->assign('createMode', false);
-            $this->setTemplate('form-management/edit.tpl');
-        }
-    }
-
-    /**
-     * @param RequestForm $form
-     */
-    protected function populateFromObject(RequestForm $form): void
-    {
-        $this->assignCSRFToken();
-
-        $this->assign('name', $form->getName());
-        $this->assign('enabled', $form->isEnabled());
-        $this->assign('endpoint', $form->getPublicEndpoint());
-        $this->assign('queue', $form->getOverrideQueue());
-        $this->assign('content', $form->getFormContent());
-        $this->assign('username', $form->getUsernameHelp());
-        $this->assign('email', $form->getEmailHelp());
-        $this->assign('comment', $form->getCommentHelp());
-
-        $this->assign('domain', $form->getDomainObject());
-
-        $this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase()));
-    }
-
-    /**
-     * @param RequestForm $form
-     *
-     * @return void
-     * @throws ApplicationLogicException
-     */
-    protected function setupObjectFromPost(RequestForm $form): void
-    {
-        if (WebRequest::postString('content') === null
-            || WebRequest::postString('username') === null
-            || WebRequest::postString('email') === null
-            || WebRequest::postString('comment') === null
-        ) {
-            throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields.");
-        }
-
-        $form->setName(WebRequest::postString('name'));
-        $form->setEnabled(WebRequest::postBoolean('enabled'));
-        $form->setFormContent(WebRequest::postString('content'));
-        $form->setOverrideQueue(WebRequest::postInt('queue'));
-        $form->setUsernameHelp(WebRequest::postString('username'));
-        $form->setEmailHelp(WebRequest::postString('email'));
-        $form->setCommentHelp(WebRequest::postString('comment'));
-    }
+	protected function main()
+	{
+		$this->setHtmlTitle('Request Form Management');
+
+		$database = $this->getDatabase();
+		$domainId = Domain::getCurrent($database)->getId();
+		$forms = RequestForm::getAllForms($database, $domainId);
+		$this->assign('forms', $forms);
+
+		$queues = [];
+		foreach ($forms as $f) {
+			$queueId = $f->getOverrideQueue();
+			if ($queueId !== null) {
+				if (!isset($queues[$queueId])) {
+					/** @var RequestQueue $queue */
+					$queue = RequestQueue::getById($queueId, $this->getDatabase());
+
+					if ($queue->getDomain() == $domainId) {
+						$queues[$queueId] = $queue;
+					}
+				}
+			}
+		}
+
+		$this->assign('queues', $queues);
+
+		$user = User::getCurrent($database);
+		$this->assign('canCreate', $this->barrierTest('create', $user));
+		$this->assign('canEdit', $this->barrierTest('edit', $user));
+		$this->assign('canView', $this->barrierTest('view', $user));
+
+		$this->setTemplate('form-management/main.tpl');
+	}
+
+	protected function preview() {
+		$previewContent = WebRequest::getSessionContext('preview');
+
+		$renderer = new MarkdownRenderingHelper();
+		$this->assign('renderedContent', $renderer->doRender($previewContent['main']));
+		$this->assign('username', $renderer->doRenderInline($previewContent['username']));
+		$this->assign('email', $renderer->doRenderInline($previewContent['email']));
+		$this->assign('comment', $renderer->doRenderInline($previewContent['comment']));
+
+		$this->setTemplate('form-management/preview.tpl');
+	}
+
+	protected function create()
+	{
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$database = $this->getDatabase();
+			$domainId = Domain::getCurrent($database)->getId();
+
+			$form = new RequestForm();
+
+			$form->setDatabase($database);
+			$form->setDomain($domainId);
+
+			$this->setupObjectFromPost($form);
+			$form->setPublicEndpoint(WebRequest::postString('endpoint'));
+
+			if (WebRequest::postString("preview") === "preview") {
+				$this->populateFromObject($form);
+
+				WebRequest::setSessionContext('preview', [
+					'main' => $form->getFormContent(),
+					'username' => $form->getUsernameHelp(),
+					'email' => $form->getEmailHelp(),
+					'comment' => $form->getCommentHelp(),
+				]);
+
+				$this->assign('createMode', true);
+				$this->setTemplate('form-management/edit.tpl');
+
+				return;
+			}
+
+			$proceed = true;
+
+			if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) {
+				SessionAlert::error("The chosen public endpoint is already in use. Please choose another.");
+				$proceed = false;
+			}
+
+			if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) {
+				SessionAlert::error("The chosen public endpoint contains invalid characters");
+				$proceed = false;
+			}
+
+			if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) {
+				SessionAlert::error("The chosen name is already in use. Please choose another.");
+				$proceed = false;
+			}
+
+			if ($form->getOverrideQueue() !== null) {
+				/** @var RequestQueue|bool $queue */
+				$queue = RequestQueue::getById($form->getOverrideQueue(), $database);
+				if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) {
+					SessionAlert::error("The chosen queue does not exist or is disabled.");
+					$proceed = false;
+				}
+			}
+
+			if ($proceed) {
+				$form->save();
+				Logger::requestFormCreated($database, $form);
+				$this->redirect('requestFormManagement');
+			}
+			else {
+				$this->populateFromObject($form);
+				WebRequest::setSessionContext('preview', [
+					'main' => $form->getFormContent(),
+					'username' => $form->getUsernameHelp(),
+					'email' => $form->getEmailHelp(),
+					'comment' => $form->getCommentHelp(),
+				]);
+
+				$this->assign('createMode', true);
+				$this->setTemplate('form-management/edit.tpl');
+			}
+		}
+		else {
+			$this->populateFromObject(new RequestForm());
+			WebRequest::setSessionContext('preview', null);
+			$this->assign('hidePreview', true);
+
+			$this->assignCSRFToken();
+			$this->assign('createMode', true);
+			$this->setTemplate('form-management/edit.tpl');
+		}
+	}
+
+	protected function view()
+	{
+		$database = $this->getDatabase();
+
+		/** @var RequestForm $form */
+		$form = RequestForm::getById(WebRequest::getInt('form'), $database);
+
+		if ($form->getDomain() !== Domain::getCurrent($database)->getId()) {
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
+
+		$this->populateFromObject($form);
+
+		if ($form->getOverrideQueue() !== null) {
+			$this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database));
+		}
+
+		WebRequest::setSessionContext('preview', [
+			'main' => $form->getFormContent(),
+			'username' => $form->getUsernameHelp(),
+			'email' => $form->getEmailHelp(),
+			'comment' => $form->getCommentHelp(),
+		]);
+
+		$renderer = new MarkdownRenderingHelper();
+		$this->assign('renderedContent', $renderer->doRender($form->getFormContent()));
+
+		$this->setTemplate('form-management/view.tpl');
+	}
+
+	protected function edit()
+	{
+		$database = $this->getDatabase();
+
+		/** @var RequestForm $form */
+		$form = RequestForm::getById(WebRequest::getInt('form'), $database);
+
+		if ($form->getDomain() !== Domain::getCurrent($database)->getId()) {
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$this->setupObjectFromPost($form);
+
+			if (WebRequest::postString("preview") === "preview") {
+				$this->populateFromObject($form);
+
+				WebRequest::setSessionContext('preview', [
+					'main' => $form->getFormContent(),
+					'username' => $form->getUsernameHelp(),
+					'email' => $form->getEmailHelp(),
+					'comment' => $form->getCommentHelp(),
+				]);
+
+				$this->assign('createMode', false);
+				$this->setTemplate('form-management/edit.tpl');
+
+				return;
+			}
+
+			$proceed = true;
+
+			$foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain());
+			if ($foundForm !== false && $foundForm->getId() !== $form->getId()) {
+				SessionAlert::error("The chosen name is already in use. Please choose another.");
+				$proceed = false;
+			}
+
+			if ($form->getOverrideQueue() !== null) {
+				/** @var RequestQueue $queue */
+				$queue = RequestQueue::getById($form->getOverrideQueue(), $database);
+				if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) {
+					SessionAlert::error("The chosen queue does not exist or is disabled.");
+					$proceed = false;
+				}
+			}
+
+			if ($proceed) {
+				Logger::requestFormEdited($database, $form);
+				$form->save();
+				$this->redirect('requestFormManagement');
+			}
+			else {
+				$this->populateFromObject($form);
+				WebRequest::setSessionContext('preview', [
+					'main' => $form->getFormContent(),
+					'username' => $form->getUsernameHelp(),
+					'email' => $form->getEmailHelp(),
+					'comment' => $form->getCommentHelp(),
+				]);
+
+				$this->assign('createMode', false);
+				$this->setTemplate('form-management/edit.tpl');
+			}
+		}
+		else {
+			$this->populateFromObject($form);
+			WebRequest::setSessionContext('preview', [
+				'main' => $form->getFormContent(),
+				'username' => $form->getUsernameHelp(),
+				'email' => $form->getEmailHelp(),
+				'comment' => $form->getCommentHelp(),
+			]);
+
+			$this->assign('createMode', false);
+			$this->setTemplate('form-management/edit.tpl');
+		}
+	}
+
+	/**
+	 * @param RequestForm $form
+	 */
+	protected function populateFromObject(RequestForm $form): void
+	{
+		$this->assignCSRFToken();
+
+		$this->assign('name', $form->getName());
+		$this->assign('enabled', $form->isEnabled());
+		$this->assign('endpoint', $form->getPublicEndpoint());
+		$this->assign('queue', $form->getOverrideQueue());
+		$this->assign('content', $form->getFormContent());
+		$this->assign('username', $form->getUsernameHelp());
+		$this->assign('email', $form->getEmailHelp());
+		$this->assign('comment', $form->getCommentHelp());
+
+		$this->assign('domain', $form->getDomainObject());
+
+		$this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase()));
+	}
+
+	/**
+	 * @param RequestForm $form
+	 *
+	 * @return void
+	 * @throws ApplicationLogicException
+	 */
+	protected function setupObjectFromPost(RequestForm $form): void
+	{
+		if (WebRequest::postString('content') === null
+			|| WebRequest::postString('username') === null
+			|| WebRequest::postString('email') === null
+			|| WebRequest::postString('comment') === null
+		) {
+			throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields.");
+		}
+
+		$form->setName(WebRequest::postString('name'));
+		$form->setEnabled(WebRequest::postBoolean('enabled'));
+		$form->setFormContent(WebRequest::postString('content'));
+		$form->setOverrideQueue(WebRequest::postInt('queue'));
+		$form->setUsernameHelp(WebRequest::postString('username'));
+		$form->setEmailHelp(WebRequest::postString('email'));
+		$form->setCommentHelp(WebRequest::postString('comment'));
+	}
 }

includes/Pages/UserAuth/PageForgotPassword.php

Indentation +209 added lines, -209 removed lines

@@ -23,213 +23,213 @@
 
 class PageForgotPassword extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     *
-     * This is the forgotten password reset form
-     * @category Security-Critical
-     */
-    protected function main()
-    {
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $username = WebRequest::postString('username');
-            $email = WebRequest::postEmail('email');
-            $database = $this->getDatabase();
-
-            if ($username === null || trim($username) === "" || $email === null || trim($email) === "") {
-                throw new ApplicationLogicException("Both username and email address must be specified!");
-            }
-
-            $user = User::getByUsername($username, $database);
-            $this->sendResetMail($user, $email);
-
-            SessionAlert::success('<strong>Your password reset request has been completed.</strong> If the details you have provided match our records, you should receive an email shortly.');
-
-            $this->redirect('login');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('forgot-password/forgotpw.tpl');
-        }
-    }
-
-    /**
-     * Sends a reset email if the user is authenticated
-     *
-     * @param User|boolean $user  The user located from the database, or false. Doesn't really matter, since we do the
-     *                            check anyway within this method and silently skip if we don't have a user.
-     * @param string       $email The provided email address
-     */
-    private function sendResetMail($user, $email)
-    {
-        // If the user isn't found, or the email address is wrong, skip sending the details silently.
-        if (!$user instanceof User) {
-            return;
-        }
-
-        if (strtolower($user->getEmail()) === strtolower($email)) {
-            $clientIp = $this->getXffTrustProvider()
-                ->getTrustedClientIp(WebRequest::remoteAddress(), WebRequest::forwardedAddress());
-
-            $this->cleanExistingTokens($user);
-
-            $hash = Base32::encodeUpper(openssl_random_pseudo_bytes(30));
-
-            $encryptionHelper = new EncryptionHelper($this->getSiteConfiguration());
-
-            $cred = new Credential();
-            $cred->setDatabase($this->getDatabase());
-            $cred->setFactor(-1);
-            $cred->setUserId($user->getId());
-            $cred->setType('reset');
-            $cred->setData($encryptionHelper->encryptData($hash));
-            $cred->setVersion(0);
-            $cred->setDisabled(0);
-            $cred->setTimeout(new DateTimeImmutable('+ 1 hour'));
-            $cred->setPriority(9);
-            $cred->save();
-
-            $this->assign("user", $user);
-            $this->assign("hash", $hash);
-            $this->assign("remoteAddress", $clientIp);
-
-            $emailContent = $this->fetchTemplate('forgot-password/reset-mail.tpl');
-
-            // FIXME: domains!
-            /** @var Domain $domain */
-            $domain = Domain::getById(1, $this->getDatabase());
-            $this->getEmailHelper()->sendMail(
-                null, $user->getEmail(), "WP:ACC password reset", $emailContent);
-        }
-    }
-
-    /**
-     * Entry point for the reset action
-     *
-     * This is the reset password part of the form.
-     * @category Security-Critical
-     */
-    protected function reset()
-    {
-        $si = WebRequest::getString('si');
-        $id = WebRequest::getString('id');
-
-        if ($si === null || trim($si) === "" || $id === null || trim($id) === "") {
-            throw new ApplicationLogicException("Link not valid, please ensure it has copied correctly");
-        }
-
-        $database = $this->getDatabase();
-        $user = $this->getResettingUser($id, $database, $si);
-
-        // Dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            try {
-                $this->doReset($user);
-                $this->cleanExistingTokens($user);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('forgotPassword', 'reset', array('si' => $si, 'id' => $id));
-
-                return;
-            }
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('user', $user);
-            $this->setTemplate('forgot-password/forgotpwreset.tpl');
-            $this->addJs("/vendor/dropbox/zxcvbn/dist/zxcvbn.js");
-        }
-    }
-
-    /**
-     * Gets the user resetting their password from the database, or throwing an exception if that is not possible.
-     *
-     * @param integer     $id       The ID of the user to retrieve
-     * @param PdoDatabase $database The database object to use
-     * @param string      $si       The reset hash provided
-     *
-     * @return User
-     * @throws ApplicationLogicException
-     */
-    private function getResettingUser($id, $database, $si)
-    {
-        $user = User::getById($id, $database);
-
-        if ($user === false || $user->isCommunityUser()) {
-            throw new ApplicationLogicException("Password reset failed. Please try again.");
-        }
-
-        $statement = $database->prepare("SELECT * FROM credential WHERE type = 'reset' AND user = :user;");
-        $statement->execute([':user' => $user->getId()]);
-
-        /** @var Credential $credential */
-        $credential = $statement->fetchObject(Credential::class);
-
-        $statement->closeCursor();
-
-        if ($credential === false) {
-            throw new ApplicationLogicException("Password reset failed. Please try again.");
-        }
-
-        $credential->setDatabase($database);
-
-        $encryptionHelper = new EncryptionHelper($this->getSiteConfiguration());
-        if ($encryptionHelper->decryptData($credential->getData()) != $si) {
-            throw new ApplicationLogicException("Password reset failed. Please try again.");
-        }
-
-        if ($credential->getTimeout() < new DateTimeImmutable()) {
-            $credential->delete();
-            throw new ApplicationLogicException("Password reset token expired. Please try again.");
-        }
-
-        return $user;
-    }
-
-    /**
-     * Performs the setting of the new password
-     *
-     * @param User $user The user to set the password for
-     *
-     * @throws ApplicationLogicException
-     */
-    private function doReset(User $user)
-    {
-        $pw = WebRequest::postString('newpassword');
-        $pw2 = WebRequest::postString('newpasswordconfirm');
-
-        if ($pw !== $pw2) {
-            throw new ApplicationLogicException('Passwords do not match!');
-        }
-
-        $passwordCredentialProvider = new PasswordCredentialProvider($user->getDatabase(), $this->getSiteConfiguration());
-        $passwordCredentialProvider->setCredential($user, 1, $pw);
-
-        SessionAlert::success('You may now log in!');
-        $this->redirect('login');
-    }
-
-    protected function isProtectedPage()
-    {
-        return false;
-    }
-
-    /**
-     * @param $user
-     */
-    private function cleanExistingTokens($user): void
-    {
-        // clean out existing reset tokens
-        $statement = $this->getDatabase()->prepare("SELECT * FROM credential WHERE type = 'reset' AND user = :user;");
-        $statement->execute([':user' => $user->getId()]);
-        $existing = $statement->fetchAll(PdoDatabase::FETCH_CLASS, Credential::class);
-
-        foreach ($existing as $c) {
-            $c->setDatabase($this->getDatabase());
-            $c->delete();
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 *
+	 * This is the forgotten password reset form
+	 * @category Security-Critical
+	 */
+	protected function main()
+	{
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$username = WebRequest::postString('username');
+			$email = WebRequest::postEmail('email');
+			$database = $this->getDatabase();
+
+			if ($username === null || trim($username) === "" || $email === null || trim($email) === "") {
+				throw new ApplicationLogicException("Both username and email address must be specified!");
+			}
+
+			$user = User::getByUsername($username, $database);
+			$this->sendResetMail($user, $email);
+
+			SessionAlert::success('<strong>Your password reset request has been completed.</strong> If the details you have provided match our records, you should receive an email shortly.');
+
+			$this->redirect('login');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('forgot-password/forgotpw.tpl');
+		}
+	}
+
+	/**
+	 * Sends a reset email if the user is authenticated
+	 *
+	 * @param User|boolean $user  The user located from the database, or false. Doesn't really matter, since we do the
+	 *                            check anyway within this method and silently skip if we don't have a user.
+	 * @param string       $email The provided email address
+	 */
+	private function sendResetMail($user, $email)
+	{
+		// If the user isn't found, or the email address is wrong, skip sending the details silently.
+		if (!$user instanceof User) {
+			return;
+		}
+
+		if (strtolower($user->getEmail()) === strtolower($email)) {
+			$clientIp = $this->getXffTrustProvider()
+				->getTrustedClientIp(WebRequest::remoteAddress(), WebRequest::forwardedAddress());
+
+			$this->cleanExistingTokens($user);
+
+			$hash = Base32::encodeUpper(openssl_random_pseudo_bytes(30));
+
+			$encryptionHelper = new EncryptionHelper($this->getSiteConfiguration());
+
+			$cred = new Credential();
+			$cred->setDatabase($this->getDatabase());
+			$cred->setFactor(-1);
+			$cred->setUserId($user->getId());
+			$cred->setType('reset');
+			$cred->setData($encryptionHelper->encryptData($hash));
+			$cred->setVersion(0);
+			$cred->setDisabled(0);
+			$cred->setTimeout(new DateTimeImmutable('+ 1 hour'));
+			$cred->setPriority(9);
+			$cred->save();
+
+			$this->assign("user", $user);
+			$this->assign("hash", $hash);
+			$this->assign("remoteAddress", $clientIp);
+
+			$emailContent = $this->fetchTemplate('forgot-password/reset-mail.tpl');
+
+			// FIXME: domains!
+			/** @var Domain $domain */
+			$domain = Domain::getById(1, $this->getDatabase());
+			$this->getEmailHelper()->sendMail(
+				null, $user->getEmail(), "WP:ACC password reset", $emailContent);
+		}
+	}
+
+	/**
+	 * Entry point for the reset action
+	 *
+	 * This is the reset password part of the form.
+	 * @category Security-Critical
+	 */
+	protected function reset()
+	{
+		$si = WebRequest::getString('si');
+		$id = WebRequest::getString('id');
+
+		if ($si === null || trim($si) === "" || $id === null || trim($id) === "") {
+			throw new ApplicationLogicException("Link not valid, please ensure it has copied correctly");
+		}
+
+		$database = $this->getDatabase();
+		$user = $this->getResettingUser($id, $database, $si);
+
+		// Dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			try {
+				$this->doReset($user);
+				$this->cleanExistingTokens($user);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('forgotPassword', 'reset', array('si' => $si, 'id' => $id));
+
+				return;
+			}
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('user', $user);
+			$this->setTemplate('forgot-password/forgotpwreset.tpl');
+			$this->addJs("/vendor/dropbox/zxcvbn/dist/zxcvbn.js");
+		}
+	}
+
+	/**
+	 * Gets the user resetting their password from the database, or throwing an exception if that is not possible.
+	 *
+	 * @param integer     $id       The ID of the user to retrieve
+	 * @param PdoDatabase $database The database object to use
+	 * @param string      $si       The reset hash provided
+	 *
+	 * @return User
+	 * @throws ApplicationLogicException
+	 */
+	private function getResettingUser($id, $database, $si)
+	{
+		$user = User::getById($id, $database);
+
+		if ($user === false || $user->isCommunityUser()) {
+			throw new ApplicationLogicException("Password reset failed. Please try again.");
+		}
+
+		$statement = $database->prepare("SELECT * FROM credential WHERE type = 'reset' AND user = :user;");
+		$statement->execute([':user' => $user->getId()]);
+
+		/** @var Credential $credential */
+		$credential = $statement->fetchObject(Credential::class);
+
+		$statement->closeCursor();
+
+		if ($credential === false) {
+			throw new ApplicationLogicException("Password reset failed. Please try again.");
+		}
+
+		$credential->setDatabase($database);
+
+		$encryptionHelper = new EncryptionHelper($this->getSiteConfiguration());
+		if ($encryptionHelper->decryptData($credential->getData()) != $si) {
+			throw new ApplicationLogicException("Password reset failed. Please try again.");
+		}
+
+		if ($credential->getTimeout() < new DateTimeImmutable()) {
+			$credential->delete();
+			throw new ApplicationLogicException("Password reset token expired. Please try again.");
+		}
+
+		return $user;
+	}
+
+	/**
+	 * Performs the setting of the new password
+	 *
+	 * @param User $user The user to set the password for
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function doReset(User $user)
+	{
+		$pw = WebRequest::postString('newpassword');
+		$pw2 = WebRequest::postString('newpasswordconfirm');
+
+		if ($pw !== $pw2) {
+			throw new ApplicationLogicException('Passwords do not match!');
+		}
+
+		$passwordCredentialProvider = new PasswordCredentialProvider($user->getDatabase(), $this->getSiteConfiguration());
+		$passwordCredentialProvider->setCredential($user, 1, $pw);
+
+		SessionAlert::success('You may now log in!');
+		$this->redirect('login');
+	}
+
+	protected function isProtectedPage()
+	{
+		return false;
+	}
+
+	/**
+	 * @param $user
+	 */
+	private function cleanExistingTokens($user): void
+	{
+		// clean out existing reset tokens
+		$statement = $this->getDatabase()->prepare("SELECT * FROM credential WHERE type = 'reset' AND user = :user;");
+		$statement->execute([':user' => $user->getId()]);
+		$existing = $statement->fetchAll(PdoDatabase::FETCH_CLASS, Credential::class);
+
+		foreach ($existing as $c) {
+			$c->setDatabase($this->getDatabase());
+			$c->delete();
+		}
+	}
 }

includes/Pages/UserAuth/Login/PagePasswordLogin.php

Indentation +27 added lines, -27 removed lines

@@ -13,31 +13,31 @@
 
 class PagePasswordLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-
-        if ($partialId !== null && $partialStage > 1) {
-            $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
-            $statement = $this->getDatabase()->prepare($sql);
-            $statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
-            $nextStage = $statement->fetchColumn();
-            $statement->closeCursor();
-
-            $this->redirect("login/" . $this->nextPageMap[$nextStage]);
-            return;
-        }
-
-        $this->setTemplate('login/password.tpl');
-    }
-
-    protected function getProviderCredentials()
-    {
-        $password = WebRequest::postString("password");
-        if ($password === null || $password === "") {
-            throw new ApplicationLogicException("No password specified");
-        }
-
-        return $password;
-    }
+	protected function providerSpecificSetup()
+	{
+		list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+
+		if ($partialId !== null && $partialStage > 1) {
+			$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
+			$statement = $this->getDatabase()->prepare($sql);
+			$statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
+			$nextStage = $statement->fetchColumn();
+			$statement->closeCursor();
+
+			$this->redirect("login/" . $this->nextPageMap[$nextStage]);
+			return;
+		}
+
+		$this->setTemplate('login/password.tpl');
+	}
+
+	protected function getProviderCredentials()
+	{
+		$password = WebRequest::postString("password");
+		if ($password === null || $password === "") {
+			throw new ApplicationLogicException("No password specified");
+		}
+
+		return $password;
+	}
 }
\ No newline at end of file