January 28, 2014♦
☀
E
F
F
L
U
E
N
C
E
☀
<?php
namespace entities\evr\security;
class Registrar
{
public function register()
{
$this->set_username();
$this->set_password();
$this->set_email_address();
$this->set_join_flag();
if ($this->username && $this->password && $this->email)
{
if (Security::validate_key())
{
$this->add_user();
Security::remove_key();
Security::show_success($this->username . " registered");
return true;
}
}
return false;
}
private function set_username()
{
$name = Security::get_post_parameter("username");
if (!$this->check_username_length($name))
{
Security::show_error("Please change username length");
$name = null;
}
if (!$this->check_username_content($name))
{
Security::show_error("Please use only a-z, A-Z, 0-9, or _");
$name = null;
}
if (Security::find_user_directory($name))
{
Security::show_error("Username $name is already taken");
$name = null;
}
$this->username = $name;
}
private function check_username_length($name)
{
$min = $GLOBALS["USER_NAME_MIN_LENGTH"];
$max = $GLOBALS["USER_NAME_MAX_LENGTH"];
return $this->check_length($name, $min, $max);
}
private function check_length($string, $min, $max)
{
$length = strlen($string);
return $length >= $min && $length <= $max;
}
private function check_username_content($name)
{
return preg_match("/^[a-zA-Z0-9_]*$/", $name);
}
private function set_password()
{
$passwords = Security::get_post_parameter("password");
$password = $passwords[0];
if ($passwords[0] != $passwords[1])
{
Security::show_error("Two different passwords submitted");
$password = null;
}
if (!$this->check_password_length($passwords[0]))
{
Security::show_error("Please change password length");
$password = null;
}
if (!$this->check_password_characters($passwords[0]))
{
Security::show_error("Please mix letters and numbers in the password");
$password = null;
}
$this->password = $password;
}
private function check_password_length($password)
{
$min = $GLOBALS["PASSWORD_MIN_LENGTH"];
$max = $GLOBALS["PASSWORD_MAX_LENGTH"];
return $this->check_length($password, $min, $max);
}
private function check_password_characters($password)
{
$chars = "/[a-zA-Z]/";
$numerals = "/[0-9]/";
return preg_match($chars, $password) && preg_match($numerals, $password);
}
private function set_email_address()
{
$email = Security::get_post_parameter("email_address");
if (!preg_match("/.+@.+\..+/", $email))
{
Security::show_error("Please use a different e-mail address format");
$email = null;
}
$this->email = $email;
}
private function set_join_flag()
{
if (Security::get_post_parameter("join"))
{
$this->join = "1";
}
else
{
$this->join = "0";
}
}
private function add_user()
{
$this->create_user_directory();
$this->store_password();
$this->store_email_address();
$this->create_addresses_file();
$this->create_history_file();
$this->create_expert_file();
$this->initialize_progress_file();
}
private function create_user_directory()
{
$saved = umask(0);
mkdir($this->get_user_path(), 0770);
umask($saved);
}
private function store_password()
{
$hash = $this->hash_password();
$path = $this->create_file($GLOBALS["USER_HASH_PATH"]);
file_put_contents($path, $hash . "\n");
}
private function create_file($name)
{
$path = $this->get_user_path() . $name;
touch($path);
chmod($path, octdec($GLOBALS["USER_FILE_PERMISSIONS"]));
return $path;
}
private function get_user_path()
{
return $GLOBALS["USERS_PATH"] . "/" . $this->username . "/";
}
private function hash_password()
{
$salt = $this->generate_salt();
return crypt($this->password, $salt);
}
private function generate_salt()
{
return chr(rand(65, 90)) . rand(0, 9);
}
private function store_email_address()
{
$content = $this->email . " " . $this->join . "\n";
$path = $this->create_file($GLOBALS["USER_EMAIL_ADDRESS_PATH"]);
file_put_contents($path, $content);
}
private function create_addresses_file()
{
$this->create_file($GLOBALS["USER_ADDRESSES_PATH"]);
}
private function create_history_file()
{
$this->create_file($GLOBALS["USER_HISTORY_PATH"]);
}
private function create_expert_file()
{
$this->create_file($GLOBALS["USER_EXPERT_PROGRESS_PATH"]);
}
private function initialize_progress_file()
{
$path = $this->create_file($GLOBALS["USER_PROGRESS_PATH"]);
file_put_contents($path, "0\n");
}
public function change_password()
{
$this->username = Security::get_post_parameter("username");
$password = Security::get_post_parameter("old_password");
if (Security::verify_credentials($this->username, $password))
{
$this->set_password();
if ($this->password)
{
$this->store_password();
Security::show_success("password changed");
return true;
}
}
return false;
}
public function reset_password()
{
$this->username = Security::get_post_parameter("username");
$this->password = $this->generate_password();
if (Security::find_user_directory($this->username))
{
$this->store_password();
return $this->send_password($this->password);
}
Security::show_error("Username not found");
return false;
}
private function generate_password()
{
$length = $GLOBALS["GENERATED_PASSWORD_LENGTH"];
$set = $this->generate_character_set();
$password = "";
for ($ii = 0; $ii < $length; $ii++)
{
$password .= $set[rand(0, strlen($set) - 1)];
}
return $password;
}
private function generate_character_set()
{
$set = "";
for ($ii = 0; $ii <= 90 - 65; $ii++)
{
$set .= chr($ii + 65);
}
for ($ii = 0; $ii <= 122 - 97; $ii++)
{
$set .= chr($ii + 97);
}
for ($ii = 0; $ii <= 9; $ii++)
{
$set .= $ii;
}
return $set;
}
private function send_password($password)
{
$email_address = $this->get_email_address();
$mail = new Password_Mail($email_address, $password);
if ($mail->send())
{
Security::show_success("New password emailed");
return true;
}
Security::show_error("Mail delivery failed");
return false;
}
private function get_email_address()
{
$path = $this->get_user_path() . $GLOBALS["USER_EMAIL_ADDRESS_PATH"];
$fields = explode(" ", file_get_contents($path, FILE_IGNORE_NEW_LINES));
return $fields[0];
}
}