success) { Session::add('feedback_negative', 'reCAPTCHA verification failed. Please try again.'); return false; } // v3 returns a score from 0.0 to 1.0 (1.0 = likely human, 0.0 = likely bot) if (isset($response_data->score) && $response_data->score < 0.5) { Session::add('feedback_negative', 'Registration blocked due to suspicious activity.'); return false; } return true; } public static function validateUserName($user_name) { if (empty($user_name)) { Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_FIELD_EMPTY')); return false; } if (!preg_match('/^[a-zA-Z0-9]{2,64}$/', $user_name)) { Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_DOES_NOT_FIT_PATTERN')); return false; } return true; } /** * Validates the email * * @param $user_email * @param $user_email_repeat * @return bool */ public static function validateUserEmail($user_email, $user_email_repeat) { if (empty($user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } if ($user_email !== $user_email_repeat) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_REPEAT_WRONG')); return false; } // validate the email with PHP's internal filter // side-fact: Max length seems to be 254 chars // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } return true; } /** * Validates the password * * @param $user_password_new * @param $user_password_repeat * @return bool */ public static function validateUserPassword($user_password_new, $user_password_repeat) { if (empty($user_password_new) OR empty($user_password_repeat)) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY')); return false; } if ($user_password_new !== $user_password_repeat) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG')); return false; } // no minimum length restriction return true; } /** * Writes the new user's data to the database * * @param $user_name * @param $user_password_hash * @param $user_email * @param $user_creation_timestamp * @param $user_activation_hash * * @return bool */ public static function writeNewUserToDatabase($user_name, $user_password_hash, $user_email, $user_creation_timestamp, $user_activation_hash) { $database = DatabaseFactory::getFactory()->getConnection(); // write new users data into database; set user_active=1 and user_activation_hash to provided value (can be null) $sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type, user_active) VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type, 1)"; $query = $database->prepare($sql); try { $query->execute(array( ':user_name' => $user_name, ':user_password_hash' => $user_password_hash, ':user_email' => $user_email, ':user_creation_timestamp' => $user_creation_timestamp, ':user_activation_hash' => $user_activation_hash, ':user_provider_type' => 'DEFAULT' )); } catch (PDOException $e) { // only one feedback message on failure return false; } $count = $query->rowCount(); if ($count == 1) { return true; } return false; } /** * Deletes the user from users table. Currently used to rollback a registration when verification mail sending * was not successful. * * @param $user_id */ public static function rollbackRegistrationByUserId($user_id) { $database = DatabaseFactory::getFactory()->getConnection(); $query = $database->prepare("DELETE FROM users WHERE user_id = :user_id"); $query->execute(array(':user_id' => $user_id)); } /** * Sends the verification email (to confirm the account). * The construction of the mail $body looks weird at first, but it's really just a simple string. * * @param int $user_id user's id * @param string $user_email user's email * @param string $user_activation_hash user's mail verification hash string * * @return boolean gives back true if mail has been sent, gives back false if no mail could been sent */ public static function sendVerificationEmail($user_id, $user_email, $user_activation_hash) { $body = Config::get('EMAIL_VERIFICATION_CONTENT') . Config::get('URL') . Config::get('EMAIL_VERIFICATION_URL') . '/' . urlencode($user_id) . '/' . urlencode($user_activation_hash); $mail = new Mail; $mail_sent = $mail->sendMail($user_email, Config::get('EMAIL_VERIFICATION_FROM_EMAIL'), Config::get('EMAIL_VERIFICATION_FROM_NAME'), Config::get('EMAIL_VERIFICATION_SUBJECT'), $body ); if ($mail_sent) { Session::add('feedback_positive', Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_SUCCESSFUL')); return true; } else { Session::add('feedback_negative', Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR') . $mail->getError() ); return false; } } /** * checks the email/verification code combination and set the user's activation status to true in the database * * @param int $user_id user id * @param string $user_activation_verification_code verification token * * @return bool success status */ public static function verifyNewUser($user_id, $user_activation_verification_code) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "UPDATE users SET user_active = 1, user_activation_hash = NULL WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':user_id' => $user_id, ':user_activation_hash' => $user_activation_verification_code)); if ($query->rowCount() == 1) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED')); return false; } }