mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
acctfuncs.inc.php: Reduce nesting in several functions
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer
parent
0a66f48aa1
commit
1aec9f7124
1 changed files with 269 additions and 262 deletions
|
|
@ -184,11 +184,14 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
|
|||
"<strong>", htmlspecialchars($E,ENT_QUOTES), "</strong>");
|
||||
}
|
||||
}
|
||||
|
||||
if ($error) {
|
||||
print "<ul class='errorlist'><li>".$error."</li></ul>\n";
|
||||
display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
|
||||
$R, $L, $I, $K, $J, $UID);
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($TYPE == "new") {
|
||||
/* Create an unprivileged user. */
|
||||
$salt = generate_salt();
|
||||
|
|
@ -216,11 +219,19 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
|
|||
if (!$result) {
|
||||
print __("Error trying to create account, %s%s%s.",
|
||||
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
print __("The account, %s%s%s, has been successfully created.",
|
||||
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
|
||||
print "<p>\n";
|
||||
if ($send_resetkey) {
|
||||
|
||||
if (!$send_resetkey) {
|
||||
print __("Click on the Login link above to use your account.");
|
||||
print "</p>\n";
|
||||
return;
|
||||
}
|
||||
|
||||
$subject = 'Welcome to the Arch User Repository';
|
||||
$body = __('Welcome to %s! In order ' .
|
||||
'to set an initial password ' .
|
||||
|
|
@ -232,13 +243,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
|
|||
'browser.',
|
||||
$AUR_LOCATION);
|
||||
send_resetkey($email, $subject, $body);
|
||||
print __("A password reset key has been sent to your e-mail address.");
|
||||
} else {
|
||||
print __("Click on the Login link above to use your account.");
|
||||
}
|
||||
print "</p>\n";
|
||||
}
|
||||
|
||||
print __("A password reset key has been sent to your e-mail address.");
|
||||
print "</p>\n";
|
||||
} else {
|
||||
/* Modify an existing account. */
|
||||
$q = "SELECT InactivityTS FROM Users WHERE ";
|
||||
|
|
@ -287,8 +294,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
|
|||
}
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the search results page
|
||||
|
|
@ -408,7 +413,10 @@ function try_login() {
|
|||
$new_sid = "";
|
||||
$userID = null;
|
||||
|
||||
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
|
||||
if (!isset($_REQUEST['user']) && !isset($_REQUEST['passwd'])) {
|
||||
return array('SID' => '', 'error' => null);
|
||||
}
|
||||
|
||||
if (is_ipbanned()) {
|
||||
$login_error = __('The login form is currently disabled ' .
|
||||
'for your IP address, probably due ' .
|
||||
|
|
@ -416,14 +424,27 @@ function try_login() {
|
|||
'inconvenience.');
|
||||
return array('SID' => '', 'error' => $login_error);
|
||||
}
|
||||
|
||||
$dbh = DB::connect();
|
||||
$userID = valid_user($_REQUEST['user']);
|
||||
|
||||
if (user_suspended($userID)) {
|
||||
$login_error = __('Account suspended');
|
||||
return array('SID' => '', 'error' => $login_error);
|
||||
} elseif (passwd_is_empty($userID)) {
|
||||
$login_error = __('Your password has been reset. ' .
|
||||
'If you just created a new account, please ' .
|
||||
'use the link from the confirmation email ' .
|
||||
'to set an initial password. Otherwise, ' .
|
||||
'please request a reset key on the %s' .
|
||||
'Password Reset%s page.', '<a href="' .
|
||||
htmlspecialchars(get_uri('/passreset')) . '">',
|
||||
'</a>');
|
||||
return array('SID' => '', 'error' => $login_error);
|
||||
} elseif (!valid_passwd($userID, $_REQUEST['passwd'])) {
|
||||
$login_error = __("Bad username or password.");
|
||||
return array('SID' => '', 'error' => $login_error);
|
||||
}
|
||||
elseif ( $userID && isset($_REQUEST['passwd'])
|
||||
&& valid_passwd($userID, $_REQUEST['passwd']) ) {
|
||||
|
||||
$logged_in = 0;
|
||||
$num_tries = 0;
|
||||
|
|
@ -460,15 +481,18 @@ function try_login() {
|
|||
$num_tries++;
|
||||
}
|
||||
|
||||
if ($logged_in) {
|
||||
if (!$logged_in) {
|
||||
$login_error = __('An error occurred trying to generate a user session.');
|
||||
return array('SID' => $new_sid, 'error' => $login_error);
|
||||
}
|
||||
|
||||
$q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
|
||||
$q.= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
|
||||
$q.= "WHERE ID = '$userID'";
|
||||
$dbh->exec($q);
|
||||
|
||||
/* Set the SID cookie. */
|
||||
if (isset($_POST['remember_me']) &&
|
||||
$_POST['remember_me'] == "on") {
|
||||
if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
|
||||
/* Set cookies for 30 days. */
|
||||
$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
|
||||
|
||||
|
|
@ -476,32 +500,13 @@ function try_login() {
|
|||
$q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
|
||||
$q.= "WHERE SessionID = '$new_sid'";
|
||||
$dbh->exec($q);
|
||||
}
|
||||
else
|
||||
} else {
|
||||
$cookie_time = 0;
|
||||
}
|
||||
|
||||
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
|
||||
header("Location: " . get_uri('/'));
|
||||
$login_error = "";
|
||||
|
||||
}
|
||||
else {
|
||||
$login_error = __('An error occurred trying to generate a user session.');
|
||||
}
|
||||
} elseif (passwd_is_empty($userID)) {
|
||||
$login_error = __('Your password has been reset. ' .
|
||||
'If you just created a new account, please ' .
|
||||
'use the link from the confirmation email ' .
|
||||
'to set an initial password. Otherwise, ' .
|
||||
'please request a reset key on the %s' .
|
||||
'Password Reset%s page.', '<a href="' .
|
||||
htmlspecialchars(get_uri('/passreset')) . '">',
|
||||
'</a>');
|
||||
} else {
|
||||
$login_error = __("Bad username or password.");
|
||||
}
|
||||
}
|
||||
return array('SID' => $new_sid, 'error' => $login_error);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -515,11 +520,7 @@ function is_ipbanned() {
|
|||
$q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR']));
|
||||
$result = $dbh->query($q);
|
||||
|
||||
if ($result->fetchColumn()) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return ($result->fetchColumn() ? true : false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -553,18 +554,22 @@ function valid_username($user) {
|
|||
* @return string|void Return user ID if in database, otherwise void
|
||||
*/
|
||||
function valid_user($user) {
|
||||
if ($user) {
|
||||
if (!$user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$dbh = DB::connect();
|
||||
|
||||
$q = "SELECT ID FROM Users WHERE ";
|
||||
$q.= "Username = " . $dbh->quote($user);
|
||||
$result = $dbh->query($q);
|
||||
if ($result) {
|
||||
if (!$result) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$row = $result->fetch(PDO::FETCH_NUM);
|
||||
return $row[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a user already has a proposal open about themselves
|
||||
|
|
@ -578,12 +583,8 @@ function open_user_proposals($user) {
|
|||
$q = "SELECT * FROM TU_VoteInfo WHERE User = " . $dbh->quote($user) . " ";
|
||||
$q.= "AND End > UNIX_TIMESTAMP()";
|
||||
$result = $dbh->query($q);
|
||||
if ($result->fetchColumn()) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
|
||||
return ($result->fetchColumn() ? true : false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -642,13 +643,14 @@ function send_resetkey($email, $subject, $body) {
|
|||
global $AUR_LOCATION;
|
||||
|
||||
$uid = uid_from_email($email);
|
||||
if ($uid != null) {
|
||||
/*
|
||||
* We (ab)use new_sid() to get a random 32 characters long
|
||||
* string.
|
||||
*/
|
||||
if ($uid == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* We (ab)use new_sid() to get a random 32 characters long string. */
|
||||
$resetkey = new_sid();
|
||||
create_resetkey($resetkey, $uid);
|
||||
|
||||
/* Send e-mail with confirmation link. */
|
||||
$body = wordwrap($body, 70);
|
||||
$body .= "\n\n".
|
||||
|
|
@ -662,7 +664,6 @@ function send_resetkey($email, $subject, $body) {
|
|||
"X-MimeOLE: Produced By AUR";
|
||||
@mail($email, $subject, $body, $headers);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Change a user's password in the database if reset key and e-mail are correct
|
||||
|
|
@ -718,7 +719,10 @@ function good_passwd($passwd) {
|
|||
*/
|
||||
function valid_passwd($userID, $passwd) {
|
||||
$dbh = DB::connect();
|
||||
if ( strlen($passwd) > 0 ) {
|
||||
if ($passwd == "") {
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Get salt for this user. */
|
||||
$salt = get_salt($userID);
|
||||
if ($salt) {
|
||||
|
|
@ -726,34 +730,37 @@ function valid_passwd($userID, $passwd) {
|
|||
$q.= "WHERE ID = " . $userID . " ";
|
||||
$q.= "AND Passwd = " . $dbh->quote(salted_hash($passwd, $salt));
|
||||
$result = $dbh->query($q);
|
||||
if ($result) {
|
||||
if (!$result) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = $result->fetch(PDO::FETCH_NUM);
|
||||
if ($row[0]) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return ($row[0] > 0);
|
||||
} else {
|
||||
/* Check password without using salt. */
|
||||
$q = "SELECT ID FROM Users ";
|
||||
$q.= "WHERE ID = " . $userID . " ";
|
||||
$q.= "AND Passwd = " . $dbh->quote(md5($passwd));
|
||||
$result = $dbh->query($q);
|
||||
if ($result) {
|
||||
if (!$result) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = $result->fetch(PDO::FETCH_NUM);
|
||||
if ($row[0]) {
|
||||
if (!$row[0]) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Password correct, but salt it first! */
|
||||
if (!save_salt($userID, $passwd)) {
|
||||
trigger_error("Unable to salt user's password;" .
|
||||
" ID " . $userID, E_USER_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a user's password is empty
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue