[SUCS Devel] [Git][sucssite/sucs-site][beta] 41 commits: Merge branch 'beta' into sucs-site
Isabel Jenkins
unreturnable at sucs.org
Fri Oct 20 17:56:43 BST 2017
Isabel Jenkins pushed to branch beta at sucssite / sucs-site
Commits:
13e9a0fd by Imran Hussain at 2016-09-20T16:15:56+01:00
Merge branch 'beta' into sucs-site
- - - - -
a297fa5b by Imran Hussain at 2016-10-03T16:31:19+01:00
fix suapi
- - - - -
2d1b2e2b by Imran Hussain at 2016-10-03T19:51:06+01:00
Write a function to work around broken msl shit
- - - - -
8bf3ac4b by Imran Hussain at 2016-10-13T11:01:44+01:00
Fix old student members coming back with the same student id after thier account has been deleted and they paid via the su
- - - - -
ff575957 by Imran Hussain at 2016-10-13T11:01:44+01:00
It's not my morning...
- - - - -
7eee2a8f by Imran Hussain at 2016-10-13T14:14:45+01:00
Don't need to check if they aren't in the singup table if we know they aren't in the members table
- - - - -
9a485814 by Andy Pover at 2017-01-21T20:06:18+00:00
Merge branch 'beta' into 'sucs-site'
Beta hasn't exploded, lets push these to live
See merge request !55
- - - - -
3e35d149 by Imran Hussain at 2017-03-31T12:40:17+01:00
Merge branch 'beta' into sucs-site
- - - - -
40c1079f by Imran Hussain at 2017-04-01T18:33:45+01:00
Merge branch 'beta' into sucs-site
- - - - -
e9f4c2f2 by Imran Hussain at 2017-06-30T12:35:30+01:00
Switch to using debian jessie docker image
- - - - -
f02fdd0a by Imran Hussain at 2017-06-30T12:37:47+01:00
That didn't work so lets go back to using the default ruby image and test php against php7
- - - - -
264f2e52 by Imran Hussain at 2017-06-30T12:43:38+01:00
npm is part of nodejs
- - - - -
c37b71d1 by Imran Hussain at 2017-06-30T12:46:42+01:00
install nodejs from the main site, debian stable packages are screweed up
- - - - -
5f3d26d1 by Imran Hussain at 2017-06-30T12:48:51+01:00
need curl, doh!
- - - - -
270d2208 by Imran Hussain at 2017-06-30T12:50:36+01:00
forgot a -y
- - - - -
cfc77876 by Imran Hussain at 2017-06-30T12:53:31+01:00
nodejs install that is supposed to install deps doesn't actually do so, install gnupg manually
- - - - -
43ea7d60 by Imran Hussain at 2017-06-30T12:59:07+01:00
the script to install nodejs DOESN'T INSTALL NODEJS!
- - - - -
1a4237a8 by Isabel Jenkins at 2017-09-24T12:57:09+01:00
Update Live chat link
- - - - -
b02c75c6 by Imran Hussain at 2017-09-26T11:38:53+01:00
Update sucs iss ldap info for signup system
- - - - -
52510509 by Imran Hussain at 2017-09-26T11:49:54+01:00
shitty iss dropped uid for EDUPERSONTARGETEDID
- - - - -
653b406c by Imran Hussain at 2017-09-26T11:50:09+01:00
shitty iss dropped uid for EDUPERSONTARGETEDID
- - - - -
620c9b63 by gigosaurus at 2017-09-26T21:59:10+01:00
Fix signup validation. Emails, names and addresses are now much less strict, and more valid postcodes are allowed.
- - - - -
777965c6 by Kit Manners at 2017-09-27T00:07:42+01:00
Fix typo in signup completion
- - - - -
fcfabbae by Kit Manners at 2017-09-27T01:13:07+01:00
Fix retrieving full name from campus ldap
- - - - -
86ccc6b7 by Kit Manners at 2017-09-27T01:20:53+01:00
Add missing space in error message
- - - - -
4063d666 by gigosaurus at 2017-09-27T02:40:47+01:00
Remember the student number if they entered it in a previous form
- - - - -
07f6b98f by gigosaurus at 2017-09-27T02:42:05+01:00
Merge branch 'master' of projects.sucs.org:gigosaurus/sucs-site
- - - - -
ea4cbf7c by Imran Hussain at 2017-09-27T10:41:03+01:00
Merge branch 'gigosaurus/sucs-site-master'
- - - - -
3eb75c79 by Imran Hussain at 2017-09-27T10:44:26+01:00
if you're a student then you don't get to choose your real name
- - - - -
7a325c26 by Kit Manners at 2017-09-27T10:49:34+01:00
Fix typo in signup completion
- - - - -
68a40e7c by Kit Manners at 2017-09-27T10:49:34+01:00
Fix retrieving full name from campus ldap
- - - - -
459d1ed8 by Kit Manners at 2017-09-27T10:49:34+01:00
Add missing space in error message
- - - - -
b9db1f21 by gigosaurus at 2017-09-27T10:49:34+01:00
Remember the student number if they entered it in a previous form
- - - - -
bf07b4e4 by Imran Hussain at 2017-09-27T10:51:36+01:00
if you're a student then you don't get to choose your real name
- - - - -
de4a21e5 by gigosaurus at 2017-09-27T10:52:49+01:00
Fix signup validation. Emails, names and addresses are now much less strict, and more valid postcodes are allowed.
- - - - -
fbac2096 by Kit Manners at 2017-09-27T12:30:00+01:00
Fix retrieving student number
- - - - -
2b0cf0ed by Imran Hussain at 2017-09-27T12:36:55+01:00
Merge branch 'gigosaurus/sucs-site-patch-1'
- - - - -
5c2bcecf by Kit Manners at 2017-09-27T12:37:39+01:00
Fix retrieving student number
- - - - -
68376cf8 by Ciaran Crocker at 2017-10-20T17:49:07+01:00
Merge branch 'sucs-site'
- - - - -
3b3b9d96 by Ciaran Crocker at 2017-10-20T17:50:37+01:00
Merge branch 'master' into beta
- - - - -
824dce40 by Isabel Jenkins at 2017-10-20T17:56:34+01:00
Merge branch 'beta' into 'beta'
Tidy up branches (1/3)
See merge request sucssite/sucs-site!69
- - - - -
8 changed files:
- components/front.php
- components/signup.php
- components/signupajax.php
- components/susignup.php
- lib/validation.php
- lib/validationData.php
- templates/signup.tpl
- templates/susignup.tpl
Changes:
=====================================
components/front.php
=====================================
--- a/components/front.php
+++ b/components/front.php
@@ -9,7 +9,7 @@ if (!$session->loggedin) {
$output = file_get_contents("../static/fragments/Join.txt");
} else {
$output = "<div class=\"cbb\"><h3>You are logged in</h3><p>If you would like to contribute to the site or report a bug, please contact imranh.</p></div>";
- $output = "<div class=\"cbb\"><h3>You are logged in</h3><p style=\"text-align: center;\">Why not join our <a href=\"#\" onclick=\"window.open('/mw/','Milliways','height=600,width=800,menubar=no,resizable=yes,location=no,directories=no,scrollbars=yes,status=no,toolbar=no')\" style=\"font-size: 150%; font-weight: bold; color: #ffc62b;\">Live Chat</a>?</p></div>";
+ $output = "<div class=\"cbb\"><h3>You are logged in</h3><p style=\"text-align: center;\">Why not join our <a href=\"https://chat.sucs.org\" target=\"_blank\">Live Chat</a>?</p></div>";
//include('users.php');
//$output .= $result;
include('electionreminder.php');
=====================================
components/signup.php
=====================================
--- a/components/signup.php
+++ b/components/signup.php
@@ -50,6 +50,10 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) {
// pass on the id and passwd and id the validation is overridable
$smarty->assign("signupid", $signupid);
$smarty->assign("signuppw", $signuppw);
+ // pass on the student id if it exists
+ if (isset($_REQUEST['signupsid'])) {
+ $smarty->assign("signupsid", $_REQUEST['signupsid']);
+ }
$smarty->assign("overridable", $overridable);
$smarty->assign("usertype", $row[type]);
// if accepting the form
@@ -80,18 +84,18 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) {
$errors['address'] = $error;
}
$fields['address'] = sanitizeAddress($_POST['address']);
- if (!validRealName($_REQUEST['realname'], $override)) {
+ if (!validName($_REQUEST['realname'], $override)) {
$valid = false;
$errors['realname'] = $error;
}
$fields['realname'] = $_REQUEST['realname'];
} else {
- if (!(validRealName($_REQUEST['contact'], false) || $override)) {
+ if (!(validName($_REQUEST['contact'], false) || $override)) {
$valid = false;
$errors['contact'] = $error;
}
$fields['contact'] = $_REQUEST['contact'];
- if (!validSocName($_REQUEST['realname'], $override)) {
+ if (!validName($_REQUEST['realname'], $override)) {
$valid = false;
$errors['realname'] = $error;
}
=====================================
components/signupajax.php
=====================================
--- a/components/signupajax.php
+++ b/components/signupajax.php
@@ -29,7 +29,7 @@ if (isset($_GET['key'])) {
break;
case "realname":
$realname = $_GET['value'];
- if (validRealName($realname, false)) {
+ if (validName($realname, false)) {
echo "OK";
} else {
echo $error;
@@ -37,7 +37,7 @@ if (isset($_GET['key'])) {
break;
case "socname":
$socname = $_GET['value'];
- if (validSocName($socname, false)) {
+ if (validName($socname, false)) {
echo "OK";
} else {
echo $error;
=====================================
components/susignup.php
=====================================
--- a/components/susignup.php
+++ b/components/susignup.php
@@ -51,6 +51,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) {
$mode = "form";
$smarty->assign("id", $signuptmpresult->fields["id"]);
$smarty->assign("pass", $signuptmpresult->fields["password"]);
+ $smarty->assign("sid", $signuptmpresult->fields["sid"]);
// else if they aren't in the SUCS DB, then bootstrap signup process
} else if ($tmpresult->fields == false) {
$mode = "form";
@@ -59,6 +60,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) {
$id = $iddata->fields['id'];
$smarty->assign("id", $id);
$smarty->assign("pass", $pass);
+ $smarty->assign("sid", $sid);
} else {
// they should never get here
die("You'll see this if there has been a database error. Someone probably knows and is trying to fix it. Sorry.");
=====================================
lib/validation.php
=====================================
--- a/lib/validation.php
+++ b/lib/validation.php
@@ -7,18 +7,22 @@ require_once("sanitization.php");
function validEmail($email)
{
global $error;
- //split user and domain
- list($user, $domain) = explode("@", $email);
- // check for bad characters, and check for zero length user & domain
- if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email) or !$user or !$domain) {
- $error = 'an invalid email address (syntax)';
+
+ // check for valid syntax
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+ $error = 'Invalid email address (syntax)';
return false;
}
+
// Syntax OK
+ // domain consists of any character after a '@' and cannot contain '@'
+ // therefore any character after the last '@' is part of the domain
+ $domain = substr($email, strrpos($email, '@') + 1);
+
// Check for an mail server
- elseif (!getmxrr($domain, $mx) or !gethostbyname($domain)) {
- $error = "no mail servers listed for '$domain'";
+ if (!getmxrr($domain, $mx) or !gethostbyname($domain)) {
+ $error = "No mail servers listed for '$domain'";
return false;
} else {
// Email address valid from technical point of view
@@ -26,41 +30,6 @@ function validEmail($email)
}
}
-// test whether a password is considered Strong Enough
-// ideally we'd want to use cracklib or something here, but no RPM for the php bindings :-(
-// dont use this, use weakPassword instead it uses cracklib
-function strongPassword($pass)
-{
-
- // you call this a password? my cat could bruteforce this.
- if (strlen($pass) < 6) {
- return false;
- }
-
-// start at 0, and increment for certain features
- $score = 0;
-
-
-// greater than 8 characters
- if (strlen($pass) > 8) $score++;
-// includes lowercase characters
- if (preg_match("/[a-z]/", $pass)) $score++;
-// includes uppercase characters
- if (preg_match("/[A-Z]/", $pass)) $score++;
-// includes digits
- if (preg_match("/\d/", $pass)) $score++;
-// includes "non-word" characters
- if (preg_match("/\W/", $pass)) $score++;
-
-// I reckons if it has at least 3 of the above it should be... adequate
-// better if it checked for dictionary words too though
- if ($score > 3) {
- return true;
- } else {
- return false;
- }
-}
-
# Use cracklib to check for weak passwords.
# returns FALSE if the password is good i.e. not weak
# otherwise returns a string saying why its weak
@@ -112,7 +81,7 @@ function isAlias($username)
return $ok;
}
-//check if a user with a sid already exsists
+//check if a user with a sid already exists
function sidUsed($sid)
{
$sucsDB = NewADOConnection('postgres8');
@@ -127,12 +96,12 @@ function sidUsed($sid)
function validUsername($username)
{
global $error;
- // check if uname is sytactically valid
+ // check if uname is syntactically valid
$syntax = preg_match("/^[a-z][a-z0-9_]*$/", $username);
if (!$syntax || (strlen($username) < 2)) {
- $error = "Usernames must start with a letter, only contain lowercase letter, numbers 0-9 and underscores (_) and be at least 2 characters.";
+ $error = "Usernames must start with a letter, only contain lowercase letters, numbers 0-9 and underscores (_) and be at least 2 characters.";
return false;
- } // check if the username already exsists
+ } // check if the username already exists
elseif (posix_getpwnam($username)) {
$error = "Username already taken";
return false;
@@ -163,7 +132,7 @@ function validSID($SID, $override)
$error = "A user with that student ID already exists, email <a href=\"mailto:admin at sucs.org\">admin at sucs.org</a> if this is an error.";
return false;
} elseif (lookupSID($SID) == " ") {
- $error = "Student not found, email<a href=\"mailto:admin at sucs.org\">admin at sucs.org</a> if this is an error.";
+ $error = "Student not found, email <a href=\"mailto:admin at sucs.org\">admin at sucs.org</a> if this is an error.";
return false;
} else {
return true;
@@ -171,7 +140,7 @@ function validSID($SID, $override)
}
}
-function validRealName($realName, $override)
+function validName($realName, $override)
{
global $error;
if ($override) {
@@ -182,56 +151,12 @@ function validRealName($realName, $override)
return true;
}
} else {
- //check for enough names for real name (we insist on at least 2
- if (count(explode(" ", $realName)) < 2) {
- $error = "Too few names given, please give at least two.";
- return false;
- } //check for a sane realname, see comment below
- elseif (!preg_match("/^([A-Z]([.]+ +[A-Z])*([\']+[A-Z])*[a-z]+[ -]*)+$/", $realName)) {
- $error = "Name incorrectly formatted, email <a href=\"mailto:admin at sucs.org\">admin at sucs.org</a> if this is an error.";
- return false;
- } /*
- * This should force sane real names, with capitals for the first letter of each word,
- * Whist alowing for complex names such as Robin M. O'Leary
- *
- * break down of regexp
- *
- * (
- * [A-Z] - start with a single capital
- * ([.]+ +[A-Z])* - zero or more of, (at least one "." followed by at least one space then another single capital) //we dont expect people to have initals at the end of there names so this is alright
- * ([\']+[A-Z])* - zero or more of, (at least one "'"s followed by a single capital letter)
- * [a-z]+ - One or more lower case letters, this forces initals to be followed by a "."
- *[ -]* - zero or more " "s or "-"s so double barreled names are supported
- * )
- *
- * In its current state
- * Robin M. O'Leary is valid
- * Robin M O'Leary is not
- * Robin M. OLeary is Not
- * Robin M. O'LeaRy is valid (though its not meant to be.. bad side effect of not requireing at least one space...)
- * BUT... this alows for McSmith's... which is rather nice :)... and of course delibrate
- * RObin M O'Leary is not
- *
- */
- else {
- return true;
- }
- }
-}
-function validSocName($socname, $override)
-{
- global $error;
- if ($override) {
- if ($socname == "") {
- $error = "You MUST provide some sort of name";
- return false;
- } else {
- return true;
- }
- } else {
- if (!preg_match('/^[A-Z1-9]/', $socname) || strlen($socname) < 2) {
- $error = "Must start with a capital letter or a number and be more than 1 character";
+ // names can legally be really weird so just check that it is at least 1 visible character
+ // followed by any number of non-control characters
+ $realName = trim($realName);
+ if (!preg_match("/^[[:graph:]][[:print:]]*$/", $realName)) {
+ $error = "Invalid name";
return false;
} else {
return true;
@@ -243,9 +168,11 @@ function validAddress($address)
{
global $error;
$address = sanitizeAddress($address);
- $regex = "/^([A-Z0-9]([[:alnum:]]|[ .\/'-])*\n)+[A-Z0-9]([[:alnum:]]|[ .\/'-])*$/";
+
+ // check that they at least entered in something. Address doesn't need to be as strict when the postcode is.
+ $regex = "/^.{5,}+$/s";
if (!preg_match($regex, $address)) {
- $error = "Please supply at least two valid lines of address.";
+ $error = "Please supply a valid address.";
return false;
} else {
return true;
@@ -255,7 +182,10 @@ function validAddress($address)
function validPostcode($postcode)
{
$postcode = sanitizePostcode($postcode);
- if (!preg_match('/^[A-Z]{1,2}[0-9]{1,2}[A-Z]{0,1} [0-9][A-Z]{2}$/', $postcode)) {
+
+ // matches all postcodes following the valid format described in a 2012 government published document
+ $postcodeRegex = "/^([A-Z](([0-9][0-9]?)|([A-Z][0-9][0-9]?)|([A-Z]?[0-9][A-Z])) ?[0-9][ABD-HJLNP-UW-Z]{2})$/";
+ if (!preg_match($postcodeRegex, $postcode)) {
return false;
} else {
return $postcode;
=====================================
lib/validationData.php
=====================================
--- a/lib/validationData.php
+++ b/lib/validationData.php
@@ -4,10 +4,10 @@ function lookupSID($sid)
{
$ds = ldap_connect("192.168.10.16");
ldap_bind($ds);
- $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "uid=" . $sid);
+ $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "EDUPERSONTARGETEDID=" . $sid);
$info = ldap_get_entries($ds, $sr);
ldap_unbind($ds);
- return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0]));
+ return ucwords(strtolower($info[0]['givenname'][0] . " " . $info[0]['sn'][0]));
}
// lookup addresses from postcodes using the university's website
=====================================
templates/signup.tpl
=====================================
--- a/templates/signup.tpl
+++ b/templates/signup.tpl
@@ -36,7 +36,7 @@
<div class="row" id="studentiddiv">
<label for="studentid">Student Number</label>
<span class="textinput"><input type="text" id="studentid" name="studentid" size="30"
- {if $mode=='re-form'}value='{$fields.studentid}'{/if} /></span>
+ {if $mode=='re-form'}value='{$fields.studentid}'{elseif isset($signupsid)}value='{$signupsid}'{/if} /></span>
<div id="studentidmessage"{if $mode=='re-form'}{if isset($errors.studentid)}
style="color:red; float:right; clear:right;">{$errors.studentid}{else} style="color:green;
@@ -55,7 +55,7 @@
<div class="row" id="realnamediv">
<label for="realname">{if $usertype!=2}Real Name{else}Society Name{/if}</label>
<span class="textinput"><input type="text" id="realname" name="realname" size="30"
- {if $mode=='re-form'}value='{$fields.realname}'{/if}/></span>
+ {if $mode=='re-form'}value='{$fields.realname}'{/if} {if $usertype==1}readonly{/if}/></span>
<div id="realnamemessage"{if $mode=='re-form'}{if isset($errors.realname)}
style="color:red; float:right; clear:right;">{$errors.realname}{else} style="color:green; float:right;
@@ -136,7 +136,7 @@
{if !$failed}
<h1>Welcome to SUCS</h1>
<p>Signup is complete, please see below for your password, a copy has also been send to {$email}, we request you
- change this immediatley. See our <a href="{$baseurl}/Getting%20Started">Getting Started</a> page for some
+ change this immediately. See our <a href="{$baseurl}/Getting%20Started">Getting Started</a> page for some
ways you can start using your new SUCS account!</p>
<p>
Username: <strong>{$username}</strong><br/>
=====================================
templates/susignup.tpl
=====================================
--- a/templates/susignup.tpl
+++ b/templates/susignup.tpl
@@ -39,6 +39,7 @@
<form action="{$baseurl}/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$id}"/>
<input type=hidden name="signuppw" id="pass" value="{$pass}"/>
+ <input type=hidden name="signupsid" id="sid" value="{$sid}"/>
<input type=submit name="submit" value="Proceed"/>
</form>
{else}
@@ -49,4 +50,4 @@
An error occured during signup, please email, with as much information as you can provide,
<a href='mailto:admin at sucs.org'>admin at sucs.org</a>
for assistance.
-{/if}
\ No newline at end of file
+{/if}
View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/compare/c4c4b758dd1b3782ca5c992cd2e9466cce2a9ffc...824dce407341abe90f161c4f665af3ded54b8ef9
---
View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/compare/c4c4b758dd1b3782ca5c992cd2e9466cce2a9ffc...824dce407341abe90f161c4f665af3ded54b8ef9
You're receiving this email because of your account on projects.sucs.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20171020/05f8c34c/attachment-0001.html>
More information about the Devel
mailing list