From 9f624560ffb625d7766480c4621169025df32c33 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 31 Jul 2015 15:30:32 +0200 Subject: checking password with cracklib now added printName (the visible name of the user in registration and login) --- src/user.cpp | 53 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 14 deletions(-) (limited to 'src/user.cpp') diff --git a/src/user.cpp b/src/user.cpp index 33e7296..64154a7 100644 --- a/src/user.cpp +++ b/src/user.cpp @@ -2,6 +2,7 @@ #include "user.hpp" #include "strusCms.hpp" #include "captcha.hpp" +#include "cracklib.hpp" #include #include @@ -42,6 +43,23 @@ user::user( strusCms &cms ) cms.dispatcher( ).assign( "/api/user/(\\w+)", &user::api_user, this, 1 ); } +User user::getUserData( const std::string username ) +{ + User user; + + cppdb::session sql( cms.conn ); + cppdb::result r; + r = sql << "SELECT username, printname, email FROM user WHERE username=?" << username << cppdb::row; + if( r.empty( ) ) { + return user; + } + r >> user.name; + r >> user.printName; + r >> user.email; + + return user; +} + void user::login( ) { content::user c( cms ); @@ -53,6 +71,9 @@ void user::login( ) session( ).erase( "prelogin" ); session( )["username"] = c.login.username.value( ); session( ).expose( "username" ); + User u = getUserData( c.login.username.value( ) ); + session( )["printName"] = u.printName; + session( ).expose( "printName" ); response( ).set_redirect_header( cms.root( ) ); } else { booster::ptime::sleep( booster::ptime( 5, 0 ) ); @@ -79,7 +100,8 @@ void user::register_user( ) c.register_user.load( context( ) ); if( c.register_user.validate( ) ) { std::string code = registration_start( c.register_user.username.value( ), - c.register_user.password.value( ), c.register_user.email.value( ) ); + c.register_user.password.value( ), c.register_user.printName.value( ), + c.register_user.email.value( ) ); cms.mail.subject = "Registration request"; @@ -131,11 +153,12 @@ void user::api_users( ) { cppdb::session sql( cms.conn ); cppdb::result r; - r = sql << "SELECT username, email FROM user"; + r = sql << "SELECT username, printname, email FROM user"; std::vector users; while( r.next( ) ) { User user; r >> user.name; + r >> user.printName; r >> user.email; users.push_back( user ); } @@ -149,15 +172,7 @@ void user::api_users( ) void user::api_user( std::string username ) { - cppdb::session sql( cms.conn ); - cppdb::result r; - r = sql << "SELECT username, email FROM user WHERE username=?" << username << cppdb::row; - if( r.empty( ) ) { - return; - } - User user; - r >> user.name; - r >> user.email; + User user = getUserData( username ); cppcms::json::value j; @@ -248,7 +263,7 @@ std::string compute_token_hash( const std::string user, const std::string token } -std::string user::registration_start( const std::string user, const std::string password, const std::string email ) +std::string user::registration_start( const std::string user, const std::string password, const std::string printName, const std::string email ) { std::time_t now_time = std::time( 0 ); std::tm now = *std::localtime( &now_time ); @@ -257,8 +272,8 @@ std::string user::registration_start( const std::string user, const std::string cppdb::session sql( cms.conn ); cppdb::statement stmt; - stmt = sql << "INSERT INTO user(username, password, email, status, registration_start, code ) VALUES( ?, ?, ?, 'R', ?, ? )" - << user << password << email << now << code; + stmt = sql << "INSERT INTO user(username, password, printName, email, status, registration_start, code ) VALUES( ?, ?, ?, ?, 'R', ?, ? )" + << user << password << printName << email << now << code; stmt.exec( ); return code; @@ -349,6 +364,7 @@ register_user_form::register_user_form( apps::strusCms &cms ) { username.message( "Your login" ); username.error_message( "Your login is illegal" ); + printName.message( "Your real name (optional)" ); password.message( "Your password" ); password.error_message( "Your password is illegal" ); password2.message( "Your password (again)" ); @@ -360,6 +376,7 @@ register_user_form::register_user_form( apps::strusCms &cms ) submit.value( "Register user" ); add( username ); + add( printName ); add( password ); add( password2 ); add( email ); @@ -392,6 +409,14 @@ bool register_user_form::validate( ) password2.error_message( "Passwords didn't match" ); return false; } + + PasswordCheck check = checkPassword( username.value( ), printName.value( ), password.value( ) ); + if( !check.ok ) { + password.valid( false ); + password2.valid( false ); + password.error_message( check.msg ); + password2.error_message( check.msg ); + } if( captcha.value( ).compare( cms.user.last_captcha ) != 0 ) { captcha.valid( false ); -- cgit v1.2.3-54-g00ecf