1
0
Fork 0

Add minimum password length requirement

master
Anonymous Contributor 2023-08-23 18:16:36 +02:00
parent 8946511d46
commit 5d6b6565cd
3 changed files with 45 additions and 41 deletions

View File

@ -22,4 +22,6 @@ $RUNTIME['SIDOMAN']['PASSWORD'] = "...";
$RUNTIME['DOMAIN'] = "mcp.4creative.net"; $RUNTIME['DOMAIN'] = "mcp.4creative.net";
$RUNTIME['IAR']['BASEURL'] = "https://mcp.4creative.net/data/"; $RUNTIME['IAR']['BASEURL'] = "https://mcp.4creative.net/data/";
$RUNTIME['PASSWORD_MIN_LENGTH'] = 8;
?> ?>

View File

@ -1,5 +1,7 @@
<?php <?php
function setNamePart(string $part, string $value, string $otherPart, string $otherValue) { function setNamePart(string $part, string $value, string $otherPart, string $otherValue) {
global $RUNTIME;
$query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?'); $query = $RUNTIME['PDO']->prepare('SELECT 1 FROM UserAccounts WHERE '.$part.' = ? AND '.$otherPart.' = ?');
$query->execute(array($value, $otherValue)); $query->execute(array($value, $otherValue));
@ -49,7 +51,7 @@
$NewFirstName = trim($_POST['formInputFeldVorname']); $NewFirstName = trim($_POST['formInputFeldVorname']);
if($NewFirstName != "" && $_SESSION['FIRSTNAME'] != $NewFirstName) { if($NewFirstName != "" && $_SESSION['FIRSTNAME'] != $NewFirstName) {
if(setNamePart('FirstName', $NewFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && trim($_POST['formInputFeldNachname']) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) { if(setNamePart('FirstName', $NewFirstName, 'LastName', isset($_POST['formInputFeldNachname']) && strlen(trim($_POST['formInputFeldNachname'])) > 0 ? $_POST['formInputFeldNachname'] : $_SESSION['LASTNAME'])) {
$_SESSION['FIRSTNAME'] = $NewFirstName; $_SESSION['FIRSTNAME'] = $NewFirstName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME']; $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']); $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
@ -64,7 +66,7 @@
$NewLastName = trim($_POST['formInputFeldNachname']); $NewLastName = trim($_POST['formInputFeldNachname']);
if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) { if($NewLastName != "" && $_SESSION['LASTNAME'] != $NewLastName) {
if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && trim($_POST['formInputFeldVorname']) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) { if(setNamePart('LastName', $NewLastName, 'FirstName', isset($_POST['formInputFeldVorname']) && strlen(trim($_POST['formInputFeldVorname'])) > 0 ? $_POST['formInputFeldVorname'] : $_SESSION['FIRSTNAME'])) {
$_SESSION['LASTNAME'] = $NewLastName; $_SESSION['LASTNAME'] = $NewLastName;
$_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME']; $_SESSION['USERNAME'] = $_SESSION['FIRSTNAME']." ".$_SESSION['LASTNAME'];
$_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']); $_SESSION['DISPLAYNAME'] = strtoupper($_SESSION['USERNAME']);
@ -98,11 +100,13 @@
} }
if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") { if(isset($_POST['formInputFeldPartnerName']) && $_POST['formInputFeldPartnerName'] != "") {
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
$NewPartner = trim($_POST['formInputFeldPartnerName']); $NewPartner = trim($_POST['formInputFeldPartnerName']);
$CurrentPartner = $opensim->getPartner($_SESSION['UUID']); $CurrentPartner = $opensim->getPartner($_SESSION['UUID']);
include_once 'app/OpenSim.php'; if($CurrentPartner != "")$CurrentPartner = $opensim->getUserName($CurrentPartner);
if($CurrentPartner != "")$CurrentPartner = (new OpenSim())->getUserName($CurrentPartner);
if($NewPartner != "" && $CurrentPartner != $NewPartner) { if($NewPartner != "" && $CurrentPartner != $NewPartner) {
$newPartnerUUID = $opensim->getUserUUID($NewPartner); $newPartnerUUID = $opensim->getUserUUID($NewPartner);
@ -127,6 +131,7 @@
if($validator->isValid($_POST)) { if($validator->isValid($_POST)) {
if($_POST['newPasswordRepeat'] == $_POST['newPassword']) { if($_POST['newPasswordRepeat'] == $_POST['newPassword']) {
if(strlen(trim($_POST['newPassword'])) >= $RUNTIME['PASSWORD_MIN_LENGTH']) {
if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) { if(password_verify($_POST['oldPassword'], $_SESSION['PASSWORD'])) {
$hash = password_hash($NewPassword, PASSWORD_ARGON2ID); $hash = password_hash($NewPassword, PASSWORD_ARGON2ID);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
@ -138,6 +143,10 @@
$_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!'; $_SESSION['profile_info'] = 'Das alte Passwort ist nicht richtig!';
} }
} }
else {
$_SESSION['profile_info'] = 'Das neue Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.';
}
}
else { else {
$_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!'; $_SESSION['profile_info'] = 'Die neuen Passwörter stimmen nicht überein!';
} }

View File

@ -54,40 +54,34 @@
die(); die();
} }
$RUNTIME['REGISTER']['Name'] = null;
$RUNTIME['REGISTER']['PASS'] = null;
$RUNTIME['REGISTER']['EMAIL'] = null;
$RUNTIME['REGISTER']['AVATAR'] = null;
$RUNTIME['REGISTER']['TOS'] = true;
$name = trim($_POST['username']); $name = trim($_POST['username']);
if($name != "") $nameParts;
{ if($name != "") {
$nameParts = explode(" ", $name); $nameParts = explode(" ", $name);
if(count($nameParts) == 1) if(count($nameParts) == 1) {
{
$name .= " Resident"; $name .= " Resident";
$nameParts = explode(" ", $name); $nameParts = explode(" ", $name);
} }
$statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1"); $statementAvatarName = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserAccounts WHERE FirstName = :FirstName AND LastName = :LastName LIMIT 1");
$statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]); $statementAvatarName->execute(['FirstName' => $nameParts[0], 'LastName' => $nameParts[1]]);
if($statementAvatarName->rowCount() == 0) if($statementAvatarName->rowCount() > 0) {
{
$RUNTIME['REGISTER']['Name'] = $name;
}
else
{
displayPage("Der gewählte Name ist bereits vergeben."); displayPage("Der gewählte Name ist bereits vergeben.");
} }
} }
$RUNTIME['REGISTER']['PASS'] = trim($_POST['password']);
$RUNTIME['REGISTER']['EMAIL'] = trim($_POST['email']); $pass = trim($_POST['password']);
if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) if(strlen($pass) < $RUNTIME['PASSWORD_MIN_LENGTH']) {
{ displayPage('Dein Passwort muss mindestens '.$RUNTIME['PASSWORD_MIN_LENGTH'].' Zeichen lang sein.');
$RUNTIME['REGISTER']['AVATAR'] = trim($_POST['avatar']);
} }
else
{ $email = trim($_POST['email']);
$avatar;
if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID'])) {
$avatar = trim($_POST['avatar']);
}
else {
displayPage("Der gewählte Standardavatar existiert nicht."); displayPage("Der gewählte Standardavatar existiert nicht.");
} }
@ -95,12 +89,11 @@
$opensim = new OpenSim(); $opensim = new OpenSim();
$avatarUUID = $opensim->gen_uuid(); $avatarUUID = $opensim->gen_uuid();
$passwordHash = password_hash($RUNTIME['REGISTER']['PASS'], PASSWORD_ARGON2ID); $passwordHash = password_hash($pass, PASSWORD_ARGON2ID);
$avatarNameParts = explode(" ", $RUNTIME['REGISTER']['Name']);
$statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :WEBKEY, :ACCTYPE)'); $statementAuth = $RUNTIME['PDO']->prepare('INSERT INTO `auth` (`UUID`, `passwordHash`, `webLoginKey`, `accountType`) VALUES (:UUID, :HASHVALUE, :WEBKEY, :ACCTYPE)');
$statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]); $statementAuth->execute(['UUID' => $avatarUUID, 'HASHVALUE' => $passwordHash, 'WEBKEY' => "00000000-0000-0000-0000-000000000000", 'ACCTYPE' => "UserAccount"]);
$statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )'); $statementAccounts = $RUNTIME['PDO']->prepare('INSERT INTO `UserAccounts` (`PrincipalID`, `ScopeID`, `FirstName`, `LastName`, `Email`, `ServiceURLs`, `Created`, `UserLevel`, `UserFlags`, `UserTitle`, `active`) VALUES (:PrincipalID, :ScopeID, :FirstName, :LastName, :Email, :ServiceURLs, :Created, :UserLevel, :UserFlags, :UserTitle, :active )');
$statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $avatarNameParts[0], 'LastName' => $avatarNameParts[1], 'Email' => $RUNTIME['REGISTER']['EMAIL'], 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]); $statementAccounts->execute(['PrincipalID' => $avatarUUID, 'ScopeID' => "00000000-0000-0000-0000-000000000000", 'FirstName' => $nameParts[0], 'LastName' => $nameParts[1], 'Email' => $email, 'ServiceURLs' => "HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI= ", 'Created' => time(), 'UserLevel' => 0, 'UserFlags' => 0, 'UserTitle' => "", 'active' => 1]);
$statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileFirstImage`) VALUES (:useruuid, :profilePartner, :profileImage, :profileFirstImage)'); $statementProfile = $RUNTIME['PDO']->prepare('INSERT INTO `userprofile` (`useruuid`, `profilePartner`, `profileImage`, `profileFirstImage`) VALUES (:useruuid, :profilePartner, :profileImage, :profileFirstImage)');
$statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileFirstImage' => "00000000-0000-0000-0000-000000000000"]); $statementProfile->execute(['useruuid' => $avatarUUID, 'profilePartner' => "00000000-0000-0000-0000-000000000000", 'profileImage' => "00000000-0000-0000-0000-000000000000", 'profileFirstImage' => "00000000-0000-0000-0000-000000000000"]);
$Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20); $Inventory = array('Calling Cards' => 2, 'Objects' => 6, 'Landmarks' => 3, 'Clothing' => 5, 'Gestures' => 21, 'Body Parts' => 13, 'Textures' => 0, 'Scripts' => 10, 'Photo Album' => 15, 'Lost And Found' => 16, 'Trash' => 14, 'Notecards' => 7, 'My Inventory' => 8, 'Sounds' => 1, 'Animations' => 20);
@ -121,14 +114,14 @@
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); $statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]); $statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']); $_SESSION['USERNAME'] = trim($name);
$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]); $_SESSION['FIRSTNAME'] = trim($nameParts[0]);
$_SESSION['LASTNAME'] = trim($avatarNameParts[1]); $_SESSION['LASTNAME'] = trim($nameParts[1]);
$_SESSION['EMAIL'] = trim($RUNTIME['REGISTER']['EMAIL']); $_SESSION['EMAIL'] = $email;
$_SESSION['PASSWORD'] = $passwordHash; $_SESSION['PASSWORD'] = $passwordHash;
$_SESSION['UUID'] = $avatarUUID; $_SESSION['UUID'] = $avatarUUID;
$_SESSION['LEVEL'] = 0; $_SESSION['LEVEL'] = 0;
$_SESSION['DISPLAYNAME'] = strtoupper(trim($RUNTIME['REGISTER']['Name'])); $_SESSION['DISPLAYNAME'] = strtoupper($name);
$_SESSION['LOGIN'] = 'true'; $_SESSION['LOGIN'] = 'true';
header('Location: index.php?page=dashboard'); header('Location: index.php?page=dashboard');