replace tabs with spaces
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
diff --git a/site_login/createaccount.php b/site_login/createaccount.php
index e5789b0..198ca04 100755
--- a/site_login/createaccount.php
+++ b/site_login/createaccount.php
@@ -1,4 +1,4 @@
-<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); $App = new App(); $Nav = new Nav(); $Menu = new Menu(); include("_projectCommon.php"); # All on the same line to unclutter the user's desktop'
+<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); $App = new App(); $Nav = new Nav(); $Menu = new Menu(); include("_projectCommon.php"); # All on the same line to unclutter the user's desktop'
/*******************************************************************************
* Copyright (c) 2012 Eclipse Foundation and others.
* All rights reserved. This program and the accompanying materials
@@ -9,367 +9,367 @@
* Contributors:
* Denis Roy (Eclipse Foundation)- initial API and implementation
*******************************************************************************/
- $App->preventCaching();
+ $App->preventCaching();
- $pageTitle = "Eclipse.org account";
- $pageKeywords = "eclipse,friends,login,account,signon,sign-on,register";
- $pageAuthor = "Eclipse Foundation, Inc.";
- header("Content-type: text/html; charset=utf-8");
- header("Cache-Control: no-cache, must-revalidate");
+ $pageTitle = "Eclipse.org account";
+ $pageKeywords = "eclipse,friends,login,account,signon,sign-on,register";
+ $pageAuthor = "Eclipse Foundation, Inc.";
+ header("Content-type: text/html; charset=utf-8");
+ header("Cache-Control: no-cache, must-revalidate");
- $username = $App->getHTTPParameter("username", "POST");
- $submit = $App->getHTTPParameter("submit", "POST");
- $fname = $App->getHTTPParameter("fname", "POST");
- $lname = $App->getHTTPParameter("lname", "POST");
- $password1 = $App->getHTTPParameter("password1", "POST");
- $password2 = $App->getHTTPParameter("password2", "POST");
- $skill = $App->getHTTPParameter("skill", "POST");
- $agree = $App->getHTTPParameter("agree", "POST");
- $stage = $App->getHTTPParameter("stage");
- $token = $App->getHTTPParameter("t");
- $p = $App->getHTTPParameter("p");
+ $username = $App->getHTTPParameter("username", "POST");
+ $submit = $App->getHTTPParameter("submit", "POST");
+ $fname = $App->getHTTPParameter("fname", "POST");
+ $lname = $App->getHTTPParameter("lname", "POST");
+ $password1 = $App->getHTTPParameter("password1", "POST");
+ $password2 = $App->getHTTPParameter("password2", "POST");
+ $skill = $App->getHTTPParameter("skill", "POST");
+ $agree = $App->getHTTPParameter("agree", "POST");
+ $stage = $App->getHTTPParameter("stage");
+ $token = $App->getHTTPParameter("t");
+ $p = $App->getHTTPParameter("p");
- $error = "";
- $reset_error = "";
+ $error = "";
+ $reset_error = "";
- # Sanitize for XSS
- $username = preg_replace($xss_patterns, '', $username);
- $fname = preg_replace($name_regexp, '', $fname);
- $lname = preg_replace($name_regexp, '', $lname);
- $password1 = preg_replace($xss_patterns, '', $password1);
- $password2 = preg_replace($xss_patterns, '', $password2);
- $token = preg_replace("/[^a-zA-Z0-9]/", "", $token);
+ # Sanitize for XSS
+ $username = preg_replace($xss_patterns, '', $username);
+ $fname = preg_replace($name_regexp, '', $fname);
+ $lname = preg_replace($name_regexp, '', $lname);
+ $password1 = preg_replace($xss_patterns, '', $password1);
+ $password2 = preg_replace($xss_patterns, '', $password2);
+ $token = preg_replace("/[^a-zA-Z0-9]/", "", $token);
- if($token != "" && $stage == "") {
- $stage = "confirm";
- }
+ if($token != "" && $stage == "") {
+ $stage = "confirm";
+ }
- if($token != "" && $p == "p") {
- $stage = "reset2";
- }
- if($token != "" && $password1 != "") {
- $stage = "reset3";
- }
+ if($token != "" && $p == "p") {
+ $stage = "reset2";
+ }
+ if($token != "" && $password1 != "") {
+ $stage = "reset3";
+ }
- $includefile = "content/en_" . $App->getScriptName();
- if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
- $password1 = stripslashes($password1);
- }
+ $includefile = "content/en_" . $App->getScriptName();
+ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
+ $password1 = stripslashes($password1);
+ }
- require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
- require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
- require_once '/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php';
- $Friend = new Friend();
+ require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
+ require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
+ require_once '/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php';
+ $Friend = new Friend();
- if($stage == "create") {
- if($username != "" && $fname != "" && $lname != "" && $password1 != "") {
- # Create an account. Check to ensure this IP address hasn't flooded us with requests
- # or that this email address doesn't already have an account
- $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] >= 25) {
- $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8723s)";
- }
- else {
- $error = "<b>An unknown error has ocurred. Please try later.";
- # Check LDAP
- $ldap = new LDAPConnection();
- if(! $ldap->checkEmailAvailable($username)) {
- $error = "<b>That account already exists. If you cannot remember your password, please use the password reset option below.</b> (8725s)";
- # Jot this down to avoid repetitively polling ldap
- $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ",
- '',
- " . $App->returnQuotedString($App->sqlSanitize($fname)) . ",
- " . $App->returnQuotedString($App->sqlSanitize($lname)) . ",
- '',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- " . $App->returnQuotedString("CREATE_FAILED") . ")");
+ if($stage == "create") {
+ if($username != "" && $fname != "" && $lname != "" && $password1 != "") {
+ # Create an account. Check to ensure this IP address hasn't flooded us with requests
+ # or that this email address doesn't already have an account
+ $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] >= 25) {
+ $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8723s)";
+ }
+ else {
+ $error = "<b>An unknown error has ocurred. Please try later.";
+ # Check LDAP
+ $ldap = new LDAPConnection();
+ if(! $ldap->checkEmailAvailable($username)) {
+ $error = "<b>That account already exists. If you cannot remember your password, please use the password reset option below.</b> (8725s)";
+ # Jot this down to avoid repetitively polling ldap
+ $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ",
+ '',
+ " . $App->returnQuotedString($App->sqlSanitize($fname)) . ",
+ " . $App->returnQuotedString($App->sqlSanitize($lname)) . ",
+ '',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ " . $App->returnQuotedString("CREATE_FAILED") . ")");
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($username);
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("ACCT_CREATE_ALREADY_EXISTS");
- $EventLog->insertModLog("apache");
- }
- else {
- $error = "";
- if($agree != 1) {
- $error .= "- You must agree to the terms and contitions of use<br />";
- }
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($username);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("ACCT_CREATE_ALREADY_EXISTS");
+ $EventLog->insertModLog("apache");
+ }
+ else {
+ $error = "";
+ if($agree != 1) {
+ $error .= "- You must agree to the terms and contitions of use<br />";
+ }
- if(!preg_match($email_regexp, $username)) {
- $error .= "- Your email address is not formatted correctly<br />";
- }
+ if(!preg_match($email_regexp, $username)) {
+ $error .= "- Your email address is not formatted correctly<br />";
+ }
- if($skill != 16) {
- $error .= "- You haven't answered the mathematical question correctly<br />";
- }
- if(!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $password1)) {
- $error .= "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />";
- }
+ if($skill != 16) {
+ $error .= "- You haven't answered the mathematical question correctly<br />";
+ }
+ if(!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $password1)) {
+ $error .= "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />";
+ }
- # Houston, we have a problem.
- if($error != "") {
- $error = "<b>Your request could not be processed for the following reason(s):<br/>" . $error . "</b>";
- }
- else {
- # Add request to database
- $token = $App->getAlphaCode(64);
- mysql_set_charset('utf8');
- $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize(trim($username))) . ",
- '',
- " . $App->returnQuotedString($App->sqlSanitize(trim($fname))) . ",
- " . $App->returnQuotedString($App->sqlSanitize(trim($lname))) . ",
- '" . $App->sqlSanitize($password1) . "',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- " . $App->returnQuotedString($token) . ")");
+ # Houston, we have a problem.
+ if($error != "") {
+ $error = "<b>Your request could not be processed for the following reason(s):<br/>" . $error . "</b>";
+ }
+ else {
+ # Add request to database
+ $token = $App->getAlphaCode(64);
+ mysql_set_charset('utf8');
+ $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize(trim($username))) . ",
+ '',
+ " . $App->returnQuotedString($App->sqlSanitize(trim($fname))) . ",
+ " . $App->returnQuotedString($App->sqlSanitize(trim($lname))) . ",
+ '" . $App->sqlSanitize($password1) . "',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ " . $App->returnQuotedString($token) . ")");
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($token);
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("ACCT_CREATE_REQ_SUCCESS");
- $EventLog->insertModLog($username);
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($token);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("ACCT_CREATE_REQ_SUCCESS");
+ $EventLog->insertModLog($username);
- # Send mail to dest
- $mail = "Dear $fname,\n\n";
- $mail .= "Thank you for registering for an account at Eclipse.org. Before we can activate your account one last step must be taken to complete your registration.\n\n";
- $mail .= "To complete your registration, please visit this URL:\nhttps://dev.eclipse.org/site_login/r.php?t=$token\n\n";
- $mail .= "Your Username is: $username\n\n";
- $mail .= "If you have any problems signing up please contact webmaster@eclipse.org\n\n";
- $mail .= " -- Eclipse webmaster\n";
- $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8';
- mail($username, "Eclipse Account Registration", $mail, $headers);
+ # Send mail to dest
+ $mail = "Dear $fname,\n\n";
+ $mail .= "Thank you for registering for an account at Eclipse.org. Before we can activate your account one last step must be taken to complete your registration.\n\n";
+ $mail .= "To complete your registration, please visit this URL:\nhttps://dev.eclipse.org/site_login/r.php?t=$token\n\n";
+ $mail .= "Your Username is: $username\n\n";
+ $mail .= "If you have any problems signing up please contact webmaster@eclipse.org\n\n";
+ $mail .= " -- Eclipse webmaster\n";
+ $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>' . "\n" . 'Content-Type: text/plain; charset=UTF-8';
+ mail($username, "Eclipse Account Registration", $mail, $headers);
- $includefile = "content/en_createsuccess.php";
- }
+ $includefile = "content/en_createsuccess.php";
+ }
}
ldap_close($ds);
- }
- }
- else {
- $error = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (8726s)";
- }
- }
- if($stage == "reset") {
- # reset stage 1. We got an email address, create token and email to user
- # make sure someone isn't blasting us. We disregard "token failed" since a common use-case
- # is to click the reset link after it has expired.
- $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token <> 'TOKEN_FAILED' AND fname = 'RESET' AND lname = 'RESET' AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] >= 13) {
- $error = "<b>We were unable to determine your identity after several attempts. Subsequent inquiries will be ignored for our protection. Please try later, or contact webmaster@eclipse.org for support.</b> (8727s)";
- $includefile = "content/en_reset_error.php";
- }
- else {
- # Check to see if we're trying to reset the password of a valid account.
- $ldap = new LDAPConnection();
- $token = $App->getAlphaCode(64);
- $App->eclipse_sql("INSERT IGNORE INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ",
- '',
- " . $App->returnQuotedString("RESET") . ",
- " . $App->returnQuotedString("RESET") . ",
- '" . $App->sqlSanitize($password1) . "',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- " . $App->returnQuotedString($token) . ")");
+ }
+ }
+ else {
+ $error = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again. (8726s)";
+ }
+ }
+ if($stage == "reset") {
+ # reset stage 1. We got an email address, create token and email to user
+ # make sure someone isn't blasting us. We disregard "token failed" since a common use-case
+ # is to click the reset link after it has expired.
+ $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token <> 'TOKEN_FAILED' AND fname = 'RESET' AND lname = 'RESET' AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] >= 13) {
+ $error = "<b>We were unable to determine your identity after several attempts. Subsequent inquiries will be ignored for our protection. Please try later, or contact webmaster@eclipse.org for support.</b> (8727s)";
+ $includefile = "content/en_reset_error.php";
+ }
+ else {
+ # Check to see if we're trying to reset the password of a valid account.
+ $ldap = new LDAPConnection();
+ $token = $App->getAlphaCode(64);
+ $App->eclipse_sql("INSERT IGNORE INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($username)) . ",
+ '',
+ " . $App->returnQuotedString("RESET") . ",
+ " . $App->returnQuotedString("RESET") . ",
+ '" . $App->sqlSanitize($password1) . "',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ " . $App->returnQuotedString($token) . ")");
- if(!preg_match($email_regexp, $username)) {
- $reset_error = "<b>Your email address is not formatted correctly.</b><br />";
- }
- elseif($ldap->checkEmailAvailable($username)) {
- $reset_error = "<b>We were unable to determine your identity with the information you've supplied.</b> Perhaps you don't have an Eclipse.org account, or your account is under a different email address.(8x27s)";
- }
- else {
- # Send mail to dest
- $mail = "You (or someone pretending to be you) has requested a password reset from:\n";
- $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n";
- $mail .= "To change your password, please visit this URL:\nhttps://dev.eclipse.org/site_login/p.php?t=$token\n\n";
- $mail .= "If you have not requested this change, you can safely let it expire. If you have any problems signing in please contact webmaster@eclipse.org\n\n";
- $mail .= " -- Eclipse webmaster\n";
- $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>';
- mail($username, "Eclipse Account Password Reset", $mail, $headers);
- $pageTitle = "Password reset";
- $includefile = "content/en_reset.php";
+ if(!preg_match($email_regexp, $username)) {
+ $reset_error = "<b>Your email address is not formatted correctly.</b><br />";
+ }
+ elseif($ldap->checkEmailAvailable($username)) {
+ $reset_error = "<b>We were unable to determine your identity with the information you've supplied.</b> Perhaps you don't have an Eclipse.org account, or your account is under a different email address.(8x27s)";
+ }
+ else {
+ # Send mail to dest
+ $mail = "You (or someone pretending to be you) has requested a password reset from:\n";
+ $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n";
+ $mail .= "To change your password, please visit this URL:\nhttps://dev.eclipse.org/site_login/p.php?t=$token\n\n";
+ $mail .= "If you have not requested this change, you can safely let it expire. If you have any problems signing in please contact webmaster@eclipse.org\n\n";
+ $mail .= " -- Eclipse webmaster\n";
+ $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>';
+ mail($username, "Eclipse Account Password Reset", $mail, $headers);
+ $pageTitle = "Password reset";
+ $includefile = "content/en_reset.php";
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($token);
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("PASSWD_RESET_REQ");
- $EventLog->insertModLog($username);
- }
- }
- }
- if($stage == "reset2") {
- # reset stage 2. We got an token back. If we find a record, allow user to reset password, then proceed to stage3
- $includefile = "content/en_reset.php";
- if($token != "") {
- $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] <= 0) {
- $error = "<b>The supplied reset token is invalid; perhaps it has expired? Please wait 5 minutes and try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8129rs)";
- $includefile = "content/en_reset_error.php";
- # If we can't find a record, insert a record preventing this dude from bombing us
- $token = $App->getAlphaCode(64);
- $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
- '',
- 'token_failed',
- 'token_failed',
- 'token_failed',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- 'TOKEN_FAILED')"
- );
- }
- else {
- # display password reset page.
- $includefile = "content/en_reset.php";
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($token);
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("PASSWD_RESET_CONF");
- $EventLog->insertModLog($myrow['email']);
- # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing
- # $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
- # . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- #$rs = $App->eclipse_sql($SQL);
- }
- }
- }
- if($stage == "reset3") {
- # reset stage 3. We got a token back, and user is submitting a password.
- $includefile = "content/en_reset.php";
- if($token != "" && $password1 != "") {
- $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] <= 0) {
- $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8329rs)";
- # If we can't find a record, insert a record preventing this dude from bombing us
- $token = $App->getAlphaCode(64);
- $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
- '',
- 'token_failed',
- 'token_failed',
- 'token_failed',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- 'TOKEN_FAILED')"
- );
- }
- else {
- if(!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $password1)) {
- $error .= "- Your password does not meet the complexity requirements<br />";
- }
- else {
- # Update this row, change IP address to reflect that of the person who successfully confirmed this password to avoid bombing
- $SQL = "UPDATE account_requests SET token = 'PASSWORD_SUCCESS', password='" . $App->sqlSanitize($password1) . "', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
- . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- $rs = $App->eclipse_sql($SQL);
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($token);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("PASSWD_RESET_REQ");
+ $EventLog->insertModLog($username);
+ }
+ }
+ }
+ if($stage == "reset2") {
+ # reset stage 2. We got an token back. If we find a record, allow user to reset password, then proceed to stage3
+ $includefile = "content/en_reset.php";
+ if($token != "") {
+ $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] <= 0) {
+ $error = "<b>The supplied reset token is invalid; perhaps it has expired? Please wait 5 minutes and try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8129rs)";
+ $includefile = "content/en_reset_error.php";
+ # If we can't find a record, insert a record preventing this dude from bombing us
+ $token = $App->getAlphaCode(64);
+ $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
+ '',
+ 'token_failed',
+ 'token_failed',
+ 'token_failed',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ 'TOKEN_FAILED')"
+ );
+ }
+ else {
+ # display password reset page.
+ $includefile = "content/en_reset.php";
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($token);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("PASSWD_RESET_CONF");
+ $EventLog->insertModLog($myrow['email']);
+ # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing
+ # $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
+ # . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ #$rs = $App->eclipse_sql($SQL);
+ }
+ }
+ }
+ if($stage == "reset3") {
+ # reset stage 3. We got a token back, and user is submitting a password.
+ $includefile = "content/en_reset.php";
+ if($token != "" && $password1 != "") {
+ $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] <= 0) {
+ $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try to <a href='createaccount.php'>reset your password again</a>. If the problem persits, please contact webmaster@eclipse.org.</b> (8329rs)";
+ # If we can't find a record, insert a record preventing this dude from bombing us
+ $token = $App->getAlphaCode(64);
+ $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
+ '',
+ 'token_failed',
+ 'token_failed',
+ 'token_failed',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ 'TOKEN_FAILED')"
+ );
+ }
+ else {
+ if(!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $password1)) {
+ $error .= "- Your password does not meet the complexity requirements<br />";
+ }
+ else {
+ # Update this row, change IP address to reflect that of the person who successfully confirmed this password to avoid bombing
+ $SQL = "UPDATE account_requests SET token = 'PASSWORD_SUCCESS', password='" . $App->sqlSanitize($password1) . "', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
+ . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ $rs = $App->eclipse_sql($SQL);
- $bzpass = &generateBugzillaSHA256Password($password1);
- $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($myrow['email'])) . " LIMIT 1";
- $App->bugzilla_sql($SQL);
- $App->ipzilla_sql($SQL);
+ $bzpass = &generateBugzillaSHA256Password($password1);
+ $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($myrow['email'])) . " LIMIT 1";
+ $App->bugzilla_sql($SQL);
+ $App->ipzilla_sql($SQL);
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($token);
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("PASSWD_RESET_SUCCESS");
- $EventLog->insertModLog($myrow['email']);
- }
- }
- }
- }
- if($stage == "confirm") {
- $includefile = "content/en_confirm.php";
- $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token IN ('TOKEN_FAILED', 'CONFIRM_SUCCESS') AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] > 0) {
- $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8728s)";
- }
- else {
- if($token != "") {
- $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- $rs = $App->eclipse_sql($SQL);
- $myrow = mysql_fetch_assoc($rs);
- if($myrow['RecordCount'] <= 0) {
- $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try creating your account again, and contact webmaster@eclipse.org if the problem persists.</b> (8729s)";
- # If we can't find a record, insert a record preventing this dude from bombing us
- $token = $App->getAlphaCode(64);
- $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
- '',
- 'token_failed',
- 'token_failed',
- 'token_failed',
- " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
- NOW(),
- 'TOKEN_FAILED')"
- );
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($App->sqlSanitize($token));
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("ACCT_CREATE_TOKEN_FAILED");
- $EventLog->insertModLog("apache");
- }
- else {
- # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing
- $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
- . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
- $rs = $App->eclipse_sql($SQL);
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($token);
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("PASSWD_RESET_SUCCESS");
+ $EventLog->insertModLog($myrow['email']);
+ }
+ }
+ }
+ }
+ if($stage == "confirm") {
+ $includefile = "content/en_confirm.php";
+ $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE token IN ('TOKEN_FAILED', 'CONFIRM_SUCCESS') AND ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']);
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] > 0) {
+ $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b> (8728s)";
+ }
+ else {
+ if($token != "") {
+ $SQL = "SELECT /* USE MASTER */ email, COUNT(1) AS RecordCount FROM account_requests WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ $rs = $App->eclipse_sql($SQL);
+ $myrow = mysql_fetch_assoc($rs);
+ if($myrow['RecordCount'] <= 0) {
+ $error = "<b>We were unable to validate your request. The supplied token is invalid; perhaps it has expired? Please try creating your account again, and contact webmaster@eclipse.org if the problem persists.</b> (8729s)";
+ # If we can't find a record, insert a record preventing this dude from bombing us
+ $token = $App->getAlphaCode(64);
+ $App->eclipse_sql("INSERT INTO account_requests VALUES (" . $App->returnQuotedString($App->sqlSanitize($token)) . ",
+ '',
+ 'token_failed',
+ 'token_failed',
+ 'token_failed',
+ " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ",
+ NOW(),
+ 'TOKEN_FAILED')"
+ );
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($App->sqlSanitize($token));
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("ACCT_CREATE_TOKEN_FAILED");
+ $EventLog->insertModLog("apache");
+ }
+ else {
+ # Update this row, change IP address to reflect that of the person who successfully confirmed this email to avoid bombing
+ $SQL = "UPDATE account_requests SET token = 'CONFIRM_SUCCESS', ip = " . $App->returnQuotedString($App->sqlSanitize($_SERVER['REMOTE_ADDR']))
+ . " WHERE token = " . $App->returnQuotedString($App->sqlSanitize($token));
+ $rs = $App->eclipse_sql($SQL);
- $EventLog = new EvtLog();
- $EventLog->setLogTable("__ldap");
- $EventLog->setPK1($App->sqlSanitize($token));
- $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
- $EventLog->setLogAction("ACCT_CREATE_CONFIRM_SUCCESS");
- $EventLog->insertModLog($myrow['email']);
- }
- }
- else {
- $error = "<b>We were unable to validate your request. The supplied token is invalid. Please contact webmaster@eclipse.org.</b>";
- }
- }
- }
+ $EventLog = new EvtLog();
+ $EventLog->setLogTable("__ldap");
+ $EventLog->setPK1($App->sqlSanitize($token));
+ $EventLog->setPK2($_SERVER['REMOTE_ADDR']);
+ $EventLog->setLogAction("ACCT_CREATE_CONFIRM_SUCCESS");
+ $EventLog->insertModLog($myrow['email']);
+ }
+ }
+ else {
+ $error = "<b>We were unable to validate your request. The supplied token is invalid. Please contact webmaster@eclipse.org.</b>";
+ }
+ }
+ }
- include($includefile);
- # Generate the web page
- $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
+ include($includefile);
+ # Generate the web page
+ $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
- function generatePassword($_num_chars) {
- global $App;
- $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1023456789,.;:/@#$%^&*()-_=+";
- srand((double)microtime()*1000000);
- $loopcount = 0;
- $rValue = "";
- while (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $rValue)) {
- $rValue = "";
- $i = 0;
- $loopcount++;
- srand((double)microtime()*1000000);
- while ($i <= $_num_chars) {
- $num = rand() % strlen($chars);
- $rValue .= substr($chars, $num, 1);
- $i++;
- }
- # antilooper
- if($loopcount > 1000) {
- $rValue = "aA1$" . $App->getAlphaCode(4);
- }
- }
- return $rValue;
+ function generatePassword($_num_chars) {
+ global $App;
+ $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1023456789,.;:/@#$%^&*()-_=+";
+ srand((double)microtime()*1000000);
+ $loopcount = 0;
+ $rValue = "";
+ while (!preg_match("/(?=^.{6,}$)(?=.*\d)(?=.*[A-Za-z]).*$/", $rValue)) {
+ $rValue = "";
+ $i = 0;
+ $loopcount++;
+ srand((double)microtime()*1000000);
+ while ($i <= $_num_chars) {
+ $num = rand() % strlen($chars);
+ $rValue .= substr($chars, $num, 1);
+ $i++;
+ }
+ # antilooper
+ if($loopcount > 1000) {
+ $rValue = "aA1$" . $App->getAlphaCode(4);
+ }
+ }
+ return $rValue;
}
