X-Git-Url: https://projects.mako.cc/source/scuttle/blobdiff_plain/c20b44263a89d8bf1a78bfa632daaae3cb4f1da2..9fb4123e6cab33ba5b0aaa893edbffc6b3a8e139:/services/userservice.php?ds=inline diff --git a/services/userservice.php b/services/userservice.php index 1e7ed46..dde67b5 100644 --- a/services/userservice.php +++ b/services/userservice.php @@ -1,24 +1,25 @@ 'uId', - 'username' => 'username', - 'password' => 'password' - ); - var $profileurl; - var $tablename; - var $sessionkey; - var $cookiekey; - var $cookietime = 1209600; // 2 weeks + return $instance; + } + + var $fields = array( + 'primary' => 'uId', + 'username' => 'username', + 'password' => 'password' + ); + var $profileurl; + var $tablename; + var $sessionkey; + var $cookiekey; + var $cookietime = 1209600; // 2 weeks function UserService(&$db) { $this->db =& $db; @@ -40,7 +41,7 @@ class UserService { if(!empty($host)) { @exec("nslookup -type=$type $host", $output); while(list($k, $line) = each($output)) { - if(eregi("^$host", $line)) { + if(preg_match("/^$host/i", $line)) { //eregi("^$host", $line) return true; } } @@ -62,9 +63,16 @@ class UserService { return false; } + function _in_regex_array($value, $array) { + foreach ($array as $key => $pattern) { + if (preg_match($pattern, $value)) { + return TRUE; + } + } + return FALSE; + } + function _randompassword() { - $seed = (integer) md5(microtime()); - mt_srand($seed); $password = mt_rand(1, 99999999); $password = substr(md5($password), mt_rand(0, 19), mt_rand(6, 12)); return $password; @@ -124,7 +132,7 @@ class UserService { if (isset($_SESSION[$this->getSessionKey()])) { return $_SESSION[$this->getSessionKey()]; } else if (isset($_COOKIE[$this->getCookieKey()])) { - $cook = split(':', $_COOKIE[$this->getCookieKey()]); + $cook = explode(':', $_COOKIE[$this->getCookieKey()]); //split(':', $_COOKIE[$this->getCookieKey()]); //cookie looks like this: 'id:md5(username+password)' $query = 'SELECT * FROM '. $this->getTableName() . ' WHERE MD5(CONCAT('.$this->getFieldName('username') . @@ -145,7 +153,7 @@ class UserService { return false; } - function login($username, $password, $remember = FALSE) { + function login($username, $password, $remember = FALSE, $path = '/') { $password = $this->sanitisePassword($password); $query = 'SELECT '. $this->getFieldName('primary') .' FROM '. $this->getTableName() .' WHERE '. $this->getFieldName('username') .' = "'. $this->db->sql_escape($username) .'" AND '. $this->getFieldName('password') .' = "'. $this->db->sql_escape($password) .'"'; @@ -158,7 +166,7 @@ class UserService { $id = $_SESSION[$this->getSessionKey()] = $row[$this->getFieldName('primary')]; if ($remember) { $cookie = $id .':'. md5($username.$password); - setcookie($this->cookiekey, $cookie, time() + $this->cookietime); + setcookie($this->cookiekey, $cookie, time() + $this->cookietime, $path); } return true; } else { @@ -166,8 +174,8 @@ class UserService { } } - function logout() { - @setcookie($this->cookiekey, NULL, time() - 1); + function logout($path = '/') { + @setcookie($this->cookiekey, NULL, time() - 1, $path); unset($_COOKIE[$this->cookiekey]); session_unset(); $this->getCurrentUser(TRUE, false); @@ -326,6 +334,29 @@ class UserService { return false; } + function isBlockedEmail($email) { + // Check whitelist + $whitelist = $GLOBALS['email_whitelist']; + if (!is_null($whitelist) && is_array($whitelist)) { + if (!$this->_in_regex_array($email, $whitelist)) { + // Not in whitelist -> blocked + return TRUE; + } + } + + // Check blacklist + $blacklist = $GLOBALS['email_blacklist']; + if (!is_null($blacklist) && is_array($blacklist)) { + if ($this->_in_regex_array($email, $blacklist)) { + // In blacklist -> blocked + return TRUE; + } + } + + // Not blocked + return FALSE; + } + function isReserved($username) { if (in_array($username, $GLOBALS['reservedusers'])) { return true; @@ -335,8 +366,8 @@ class UserService { } function isValidEmail($email) { - if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", $email)) { - list($emailUser, $emailDomain) = split("@", $email); + if (preg_match("/^((?:(?:(?:\w[\.\-\+_]?)*)\w)+)\@((?:(?:(?:\w[\.\-_]?){0,62})\w)+)\.(\w{2,6})$/i", $email) > 0) { + list($emailUser, $emailDomain) = explode("@", $email); // Check if the email domain has a DNS record if ($this->_checkdns($emailDomain)) { @@ -359,4 +390,3 @@ class UserService { function getCookieKey() { return $this->cookiekey; } function setCookieKey($value) { $this->cookiekey = $value; } } -?>