Changeset 801 for trunk/Modules/User/User.php

Timestamp:

Mar 31, 2014, 9:10:41 AM (10 years ago)

Author:

chronos

Message:

• Fixed: Better registration form values validation.

File:

• trunk/Modules/User/User.php (modified) (16 diffs)

trunk/Modules/User/User.php

@@ -18 +18 @@
                 $this->Dependencies = array();
         }
-        
+
         function Start()
         {
@@ -38 +38 @@
       T('Translators'), array('Name'), '`User`', $this->System->Link('/userlist.php?search='));
         }
-        
+
         function ShowOnlineList()
         {
                 $Output = T('Online translators').':<br />';
-                $DbResult = $this->System->Database->query('SELECT * FROM ('. 
+                $DbResult = $this->System->Database->query('SELECT * FROM ('.
 'SELECT `User`.`Name`, `User`.`ID` FROM `UserOnline` '.
                                 'JOIN `User` ON `User`.`ID` = `UserOnline`.`User` '.
@@ -53 +53 @@
                 }
                 return($Output);
-        }       
+        }
 }
 
@@ -61 +61 @@
         {
                 $Output = '<form action="'.$this->System->Link('/?action=login').'" method="post">'.
-                        '<fieldset><legend>'.T('Login').'</legend>                      
+                        '<fieldset><legend>'.T('Login').'</legend>
                         <table>
                         <tr>
@@ -99 +99 @@
   var $OnlineStateTimeout;
   var $PreferredVersion = 0;
-  
+
   function __construct($System)
   {
@@ -105 +105 @@
     $this->Database = &$System->Database;
     $this->OnlineStateTimeout = 600; // in seconds
-    if(isset($_SESSION)) $this->Check();    
-  }
-  
+    if(isset($_SESSION)) $this->Check();
+  }
+
   function __destroy()
   {
   }
-  
+
   function Login($Name, $Password, $StayLogged = false)
   {
@@ -120 +120 @@
     {
       $User = $DbResult->fetch_assoc();
-      $this->Id = $User['ID']; 
-      
-      // Prepare cookies for permanent login     
+      $this->Id = $User['ID'];
+
+      // Prepare cookies for permanent login
       $StayLoggedSalt = $this->GetPasswordSalt();
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(
         'User' => $User['ID'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt));
-      if($StayLogged) 
+      if($StayLogged)
       {
         setcookie('LoginUserId', $User['ID'], time()+365*24*60*60);
@@ -133 +133 @@
         setcookie('LoginUserId', '', time() - 3600);
         setcookie('LoginHash', '', time() - 3600);
-      }      
-      
+      }
+
       $this->Database->query('UPDATE `UserTrace` SET '.
         '`LastLogin` = NOW(), '.
@@ -144 +144 @@
     };
   }
-  
+
   function Logout()
   {
@@ -157 +157 @@
     }
   }
-  
+
   function Load()
   {
@@ -180 +180 @@
     } else $this->SetAnonymous();
   }
-  
+
   function SetAnonymous()
   {
@@ -187 +187 @@
     $this->Role = LICENCE_ANONYMOUS;
     $this->Language = NULL;
-    $this->Redirecting = 1; 
+    $this->Redirecting = 1;
     $this->Team = '';
     $this->Email = '';
   }
-  
+
   function Licence($Licence)
   {
     if(!isset($_SERVER['REMOTE_ADDR'])) return(true); // Execution from command line
-    else return($this->Role >= $Licence);    
-  }
-  
+    else return($this->Role >= $Licence);
+  }
+
   function CheckToken($Licence, $Token)
   {
@@ -207 +207 @@
       $DbRow2 = $DbResult2->fetch_assoc();
       return($DbRow2['GM'] >= $Licence);
-    } else return(false);    
+    } else return(false);
   }
 
@@ -214 +214 @@
     return(substr(sha1(mt_rand()), 0, 8));
   }
-  
+
   function CryptPasswordSQL($Password, $Salt)
   {
     return('SHA1(CONCAT(SHA1('.$Password.'), '.$Salt.'))');
-  } 
-  
+  }
+
   function Check()
   {
@@ -229 +229 @@
       // Refresh time of last access
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
-    } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 
-      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 
-      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 
+    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
+      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
+      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
       'ScriptName' => $_SERVER['REQUEST_URI']));
-      
-    // Logged permanently? 
-          if(array_key_exists('LoginHash', $_COOKIE)) 
-          { 
-            $DbResult = $this->Database->query('SELECT * FROM `UserOnline` WHERE `User`='.$_COOKIE['LoginUserId']. 
-              ' AND `StayLogged`=1 AND SessionId!="'.$SID.'"'); 
-            if($DbResult->num_rows > 0) 
-            { 
-              $DbRow = $DbResult->fetch_assoc(); 
-              if(sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash']) 
-              {                
-                $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"'); 
-                $this->Database->query('UPDATE `UserOnline` SET `SessionId`="'.$SID.'" WHERE `Id`='.$DbRow['Id']); 
-              } 
-            } 
-    } 
-        
+
+    // Logged permanently?
+          if(array_key_exists('LoginHash', $_COOKIE))
+          {
+            $DbResult = $this->Database->query('SELECT * FROM `UserOnline` WHERE `User`='.$_COOKIE['LoginUserId'].
+              ' AND `StayLogged`=1 AND SessionId!="'.$SID.'"');
+            if($DbResult->num_rows > 0)
+            {
+              $DbRow = $DbResult->fetch_assoc();
+              if(sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
+              {
+                $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"');
+                $this->Database->query('UPDATE `UserOnline` SET `SessionId`="'.$SID.'" WHERE `Id`='.$DbRow['Id']);
+              }
+            }
+    }
+
           // Check login
     $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"');
     $Row = $Query->fetch_assoc();
-    if($Row['User'] != '') 
+    if($Row['User'] != '')
     {
         $this->Id = $Row['User'];
       $this->Load();
-    } else 
+    } else
     {
       $this->SetAnonymous();
     }
-    
+
     // Remove nonactive users
     $DbResult = $this->Database->select('UserOnline', '`Id`, `User`', '(`ActivityTime` < DATE_SUB(NOW(), INTERVAL '.$this->OnlineStateTimeout.' SECOND)) AND (`StayLogged` = 0)');
@@ -269 +269 @@
     }
   }
-  
+
   function Register($UserName, $Password, $Email, $Language, $Team, $PreferredVersion)
   {
     $Salt = $this->GetPasswordSalt();
+    if($Team == null) $Team = 'NULL';
+    if($PreferredVersion == null) $PreferredVersion = 'NULL';
     $this->Database->query('INSERT INTO `User` '.
       '(`Name` , `Pass` , `Salt`, `Email` , `Language` , `Team` , `NeedUpdate`, `RegistrationTime`, `PreferredVersion` ) '.