Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-12 18:36:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Empty commit

Browse Source
This commit is contained in:
Git 2015-08-22 08:00:28 +00:00
parent abbd28e076
commit f668501ef0
10 changed files with 49 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
classes/script_start.php
View File

@ -328,6 +328,20 @@ function logout() {
die(); die();
} }
/**
* Logout all sessions
*/
function logout_all_sessions() {
$UserID = G::$LoggedUser['ID'];
G::$DB->query("
DELETE FROM users_sessions
WHERE UserID = '$UserID'");
G::$Cache->delete_value('users_sessions_' . $UserID);
logout();
}
function enforce_login() { function enforce_login() {
global $SessionID; global $SessionID;
if (!$SessionID || !G::$LoggedUser) { if (!$SessionID || !G::$LoggedUser) {

4
sections/friends/index.php
View File

@ -18,9 +18,7 @@
authorize(); authorize();
include(SERVER_ROOT.'/sections/friends/comment.php'); include(SERVER_ROOT.'/sections/friends/comment.php');
break; break;
case 'whois':
include(SERVER_ROOT.'/sections/friends/whois.php');
break;
case 'Contact': case 'Contact':
header('Location: inbox.php?action=compose&to='.$_POST['friendid']); header('Location: inbox.php?action=compose&to='.$_POST['friendid']);
break; break;

3
sections/login/index.php
View File

@ -46,7 +46,7 @@
if ($UserID && strtotime($Expires) > time()) { if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired // If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, contains at least a number or symbol', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$/')); $Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) { if (!empty($_REQUEST['password'])) {
@ -65,6 +65,7 @@
i.ResetExpires = '0000-00-00 00:00:00' i.ResetExpires = '0000-00-00 00:00:00'
WHERE m.ID = '$UserID' WHERE m.ID = '$UserID'
AND i.UserID = m.ID"); AND i.UserID = m.ID");
$DB->query(" $DB->query("
INSERT INTO users_history_passwords INSERT INTO users_history_passwords
(UserID, ChangerIP, ChangeTime) (UserID, ChangerIP, ChangeTime)

2
sections/login/recover_step2.php
View File

@ -13,7 +13,7 @@
if (!empty($Err)) { if (!empty($Err)) {
?> ?>
<strong class="important_text"><?=display_str($Err)?></strong><br /><br /> <strong class="important_text"><?=display_str($Err)?></strong><br /><br />
<? } ?> A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol.<br /><br /> <? } ?> A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer.<br /><br />
<table class="layout" cellpadding="2" cellspacing="1" border="0" align="center" width="100%"> <table class="layout" cellpadding="2" cellspacing="1" border="0" align="center" width="100%">
<tr valign="top"> <tr valign="top">
<td align="right" style="width: 100px;">Password&nbsp;</td> <td align="right" style="width: 100px;">Password&nbsp;</td>

2
sections/register/index.php
View File

@ -34,7 +34,7 @@
} elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX)); $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));
$Val->SetFields('email', true, 'email', 'You did not enter a valid email address.'); $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');
$Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol', array('regex'=>'/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$/')); $Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex'=>'/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password')); $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));
$Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.'); $Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');
$Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.'); $Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');

2
sections/register/step1.php
View File

@ -41,7 +41,7 @@
<td align="right">Verify password&nbsp;</td> <td align="right">Verify password&nbsp;</td>
<td align="left"> <td align="left">
<input type="password" name="confirm_password" id="new_pass_2" class="inputtext" placeholder="Verify password" /> <strong id="pass_match"></strong> <input type="password" name="confirm_password" id="new_pass_2" class="inputtext" placeholder="Verify password" /> <strong id="pass_match"></strong>
<p>A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or a symbol.</p> <p>A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or a symbol, or is 20 characters or longer.</p>
</td> </td>
</tr> </tr>
<tr valign="top"> <tr valign="top">

5
sections/user/edit.php
View File

@ -810,9 +810,8 @@ function checked($Checked) {
<div class="setting_description"> <div class="setting_description">
A strong password: A strong password:
<ul> <ul>
<li>is 8 characters or longer</li> <li>is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol</li>
<li>contains at least 1 lowercase and uppercase letter</li> <li>Or is 20 characters or longer.</li>
<li>contains at least a number or symbol</li>
</ul> </ul>
</div> </div>
</td> </td>

14
sections/user/invite.php
View File

@ -1,4 +1,5 @@
<? <?
if (isset($_GET['userid']) && check_perms('users_view_invites')) { if (isset($_GET['userid']) && check_perms('users_view_invites')) {
if (!is_number($_GET['userid'])) { if (!is_number($_GET['userid'])) {
error(403); error(403);
@ -129,12 +130,13 @@
WHERE ID = $UserID"); WHERE ID = $UserID");
list($CanLeech) = $DB->next_record(); list($CanLeech) = $DB->next_record();
if (!$Sneaky
&& !$LoggedUser['RatioWatch'] if (!$Sneaky
&& $CanLeech && !$LoggedUser['RatioWatch']
&& empty($LoggedUser['DisableInvites']) && $CanLeech
&& ($LoggedUser['Invites'] > 0 || check_perms('site_send_unlimited_invites')) && empty($LoggedUser['DisableInvites'])
&& ($UserCount <= USER_LIMIT || USER_LIMIT == 0 || check_perms('site_can_invite_always')) && ($LoggedUser['Invites'] > 0 || check_perms('site_send_unlimited_invites'))
&& ($UserCount <= USER_LIMIT || USER_LIMIT == 0 || check_perms('site_can_invite_always'))
) { ?> ) { ?>
<div class="box pad"> <div class="box pad">
<p>Please note that the selling, trading, or publicly giving away our invitations&#8202;&mdash;&#8202;or responding to public invite requests&#8202;&mdash;&#8202;is strictly forbidden, and may result in you and your entire invite tree being banned. This includes offering to give away our invitations on any forum which is not a class-restricted forum on another private tracker.</p> <p>Please note that the selling, trading, or publicly giving away our invitations&#8202;&mdash;&#8202;or responding to public invite requests&#8202;&mdash;&#8202;is strictly forbidden, and may result in you and your entire invite tree being banned. This includes offering to give away our invitations on any forum which is not a class-restricted forum on another private tracker.</p>

9
sections/user/take_edit.php
View File

@ -31,7 +31,7 @@
$Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i")); $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i"));
$Val->SetFields('email', 1, "email", "You did not enter a valid email address."); $Val->SetFields('email', 1, "email", "You did not enter a valid email address.");
$Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32)); $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));
$Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol.", array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$/')); $Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol.", array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Val->SetFields('new_pass_2', 1, "compare", "Your passwords do not match.", array('comparefield' => 'new_pass_1')); $Val->SetFields('new_pass_2', 1, "compare", "Your passwords do not match.", array('comparefield' => 'new_pass_1'));
if (check_perms('site_advanced_search')) { if (check_perms('site_advanced_search')) {
$Val->SetFields('searchtype', 1, "number", "You forgot to select your default search preference.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('searchtype', 1, "number", "You forgot to select your default search preference.", array('minlength' => 0, 'maxlength' => 1));
@ -184,7 +184,9 @@
list($PassHash, $Secret) = $DB->next_record(); list($PassHash, $Secret) = $DB->next_record();
if (Users::check_password($_POST['cur_pass'], $PassHash, $Secret)) { if (Users::check_password($_POST['cur_pass'], $PassHash, $Secret)) {
if ($_POST['new_pass_1'] && $_POST['new_pass_2']) { if ($_POST['cur_pass'] == $_POST['new_pass_1']) {
$Err = 'Your new password cannot be the same as your old password.';
} else if ($_POST['new_pass_1'] && $_POST['new_pass_2']) {
$ResetPassword = true; $ResetPassword = true;
} }
} else { } else {
@ -333,6 +335,7 @@
$ChangerIP = db_string($LoggedUser['IP']); $ChangerIP = db_string($LoggedUser['IP']);
$PassHash = Users::make_crypt_hash($_POST['new_pass_1']); $PassHash = Users::make_crypt_hash($_POST['new_pass_1']);
$SQL.= ",m.PassHash = '".db_string($PassHash)."'"; $SQL.= ",m.PassHash = '".db_string($PassHash)."'";
$DB->query(" $DB->query("
INSERT INTO users_history_passwords INSERT INTO users_history_passwords
(UserID, ChangerIP, ChangeTime) (UserID, ChangerIP, ChangeTime)
@ -365,7 +368,7 @@
$DB->query($SQL); $DB->query($SQL);
if ($ResetPassword) { if ($ResetPassword) {
logout(); logout_all_sessions();
} }
header("Location: user.php?action=edit&userid=$UserID"); header("Location: user.php?action=edit&userid=$UserID");

15
static/functions/password_validate.js
View File

@ -11,6 +11,7 @@ var SHORT = 4;
var MATCH_IRCKEY = 5; var MATCH_IRCKEY = 5;
var MATCH_USERNAME = 6; var MATCH_USERNAME = 6;
var COMMON = 7; var COMMON = 7;
var MATCH_OLD_PASSWORD = 8;
var USER_PATH = "/user.php"; var USER_PATH = "/user.php";
@ -85,6 +86,7 @@ function validatePassword(password) {
function calculateComplexity(password) { function calculateComplexity(password) {
var length = password.length; var length = password.length;
var username; var username;
var oldPassword;
if (isUserPage()) { if (isUserPage()) {
username = $(".username").text(); username = $(".username").text();
@ -97,12 +99,13 @@ function calculateComplexity(password) {
if (isUserPage()) { if (isUserPage()) {
irckey = $("#irckey").val(); irckey = $("#irckey").val();
oldPassword =$("#cur_pass").val();
} }
if (length >= 8) { if (length >= 8 && length < 20) {
setStatus(WEAK); setStatus(WEAK);
} }
if (length >= 8 && isStrongPassword(password)) { if ((length >= 8 && isStrongPassword(password)) || length >= 20) {
setStatus(STRONG); setStatus(STRONG);
} }
if (length > 0 && length < 8) { if (length > 0 && length < 8) {
@ -117,6 +120,10 @@ function calculateComplexity(password) {
setStatus(MATCH_IRCKEY); setStatus(MATCH_IRCKEY);
} }
} }
if (oldPassword.length > 0 && password == oldPassword) {
setStatus(MATCH_OLD_PASSWORD);
}
} }
if (username.length > 0) { if (username.length > 0) {
if (password.toLowerCase() == username.toLowerCase()) { if (password.toLowerCase() == username.toLowerCase()) {
@ -175,6 +182,10 @@ function setStatus(strength) {
disableSubmit(); disableSubmit();
$("#pass_strength").text("Password is too common").css("color", "red"); $("#pass_strength").text("Password is too common").css("color", "red");
} }
if (strength == MATCH_OLD_PASSWORD) {
disableSubmit();
$("#pass_strength").text("New password cannot match old password").css("color", "red");
}
if (strength == CLEAR) { if (strength == CLEAR) {
$("#pass_strength").text(""); $("#pass_strength").text("");
} }