diff options
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 66 |
1 files changed, 31 insertions, 35 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 2272010d..1d38fe11 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -89,7 +89,7 @@ function display_account_form($A,$U="",$T="",$S="", */ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", $P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) { - global $SUPPORTED_LANGS, $AUR_LOCATION; + global $SUPPORTED_LANGS; $error = ''; @@ -118,9 +118,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", } if (!$error && !valid_username($U)) { + $length_min = config_get_int('options', 'username_min_len'); + $length_max = config_get_int('options', 'username_max_len'); + $error = __("The username is invalid.") . "<ul>\n" - ."<li>" . __("It must be between %s and %s characters long", - USERNAME_MIN_LEN, USERNAME_MAX_LEN ) + . "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max) . "</li>" . "<li>" . __("Start and end with a letter or number") . "</li>" . "<li>" . __("Can contain only one period, underscore or hyphen.") @@ -130,8 +132,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", if (!$error && $P && $C && ($P != $C)) { $error = __("Password fields do not match."); } - if (!$error && $P != '' && !good_passwd($P)) - $error = __("Your password must be at least %s characters.",PASSWD_MIN_LEN); + if (!$error && $P != '' && !good_passwd($P)) { + $length_min = config_get_int('options', 'passwd_min_len'); + $error = __("Your password must be at least %s characters.", + $length_min); + } if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); @@ -244,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", 'not work try copying and ' . 'pasting it into your ' . 'browser.', - $AUR_LOCATION); + aur_location()); send_resetkey($email, $subject, $body); print __("A password reset key has been sent to your e-mail address."); @@ -406,14 +411,9 @@ function search_results_page($O=0,$SB="",$U="",$T="", /** * Attempt to login and generate a session * - * @global int $MAX_SESSIONS_PER_USER Maximum sessions a single user may have open - * @global int $PERSISTENT_COOKIE_TIMEOUT Time until cookie expires - * * @return array Session ID for user, error message if applicable */ function try_login() { - global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT; - $login_error = ""; $new_sid = ""; $userID = null; @@ -456,16 +456,17 @@ function try_login() { /* Generate a session ID and store it. */ while (!$logged_in && $num_tries < 5) { - if ($MAX_SESSIONS_PER_USER) { + $session_limit = config_get_int('options', 'max_sessions_per_user'); + if ($session_limit) { /* * Delete all user sessions except the - * last ($MAX_SESSIONS_PER_USER - 1). + * last ($session_limit - 1). */ $q = "DELETE s.* FROM Sessions s "; $q.= "LEFT JOIN (SELECT SessionID FROM Sessions "; $q.= "WHERE UsersId = " . $userID . " "; $q.= "ORDER BY LastUpdateTS DESC "; - $q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q "; + $q.= "LIMIT " . ($session_limit - 1) . ") q "; $q.= "ON s.SessionID = q.SessionID "; $q.= "WHERE s.UsersId = " . $userID . " "; $q.= "AND q.SessionID IS NULL;"; @@ -499,7 +500,8 @@ function try_login() { /* Set the SID cookie. */ if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") { /* Set cookies for 30 days. */ - $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT; + $timeout = config_get_int('options', 'persistent_cookie_timeout'); + $cookie_time = time() + $timeout; /* Set session for 30 days. */ $q = "UPDATE Sessions SET LastUpdateTS = $cookie_time "; @@ -531,18 +533,20 @@ function is_ipbanned() { /** * Validate a username against a collection of rules * - * The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter - * or equal to USERNAME_MAX_LEN. It must start and end with either a letter or - * a number. It can contain one period, hypen, or underscore. Returns boolean - * of whether name is valid. + * The username must be longer or equal to the configured minimum length. It + * must be shorter or equal to the configured maximum length. It must start and + * end with either a letter or a number. It can contain one period, hypen, or + * underscore. Returns boolean of whether name is valid. * * @param string $user Username to validate * * @return bool True if username meets criteria, otherwise false */ function valid_username($user) { - if (strlen($user) < USERNAME_MIN_LEN || - strlen($user) > USERNAME_MAX_LEN) { + $length_min = config_get_int('options', 'username_min_len'); + $length_max = config_get_int('options', 'username_max_len'); + + if (strlen($user) < $length_min || strlen($user) > $length_max) { return false; } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) { return false; @@ -645,8 +649,6 @@ function create_resetkey($resetkey, $uid) { * @return void */ function send_resetkey($email, $subject, $body) { - global $AUR_LOCATION; - $uid = uid_from_email($email); if ($uid == null) { return; @@ -658,9 +660,8 @@ function send_resetkey($email, $subject, $body) { /* Send e-mail with confirmation link. */ $body = wordwrap($body, 70); - $body .= "\n\n". - "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?". - "resetkey={$resetkey}"; + $body .= "\n\n". aur_location() . "/" . get_uri('/passreset/') . + "?resetkey={$resetkey}"; $headers = "MIME-Version: 1.0\r\n" . "Content-type: text/plain; charset=UTF-8\r\n" . "Reply-to: noreply@aur.archlinux.org\r\n" . @@ -708,10 +709,8 @@ function password_reset($hash, $salt, $resetkey, $email) { * @return bool True if longer than minimum length, otherwise false */ function good_passwd($passwd) { - if ( strlen($passwd) >= PASSWD_MIN_LEN ) { - return true; - } - return false; + $length_min = config_get_int('options', 'passwd_min_len'); + return (strlen($passwd) >= $length_min); } /** @@ -903,16 +902,13 @@ function delete_user_sessions($uid) { /** * Remove sessions from the database that have exceed the timeout * - * @global int $LOGIN_TIMEOUT Time until session expires - * * @return void */ function clear_expired_sessions() { - global $LOGIN_TIMEOUT; - $dbh = DB::connect(); - $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)"; + $timeout = config_get_int('options', 'login_timeout'); + $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - " . $timeout . ")"; $dbh->query($q); return; |