From a297fa5b5098117b5c85f567743311fad238c569 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Mon, 3 Oct 2016 16:31:19 +0100 Subject: [PATCH 01/31] fix suapi --- lib/suapiv2.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/suapiv2.php b/lib/suapiv2.php index 4bf5db8..b11c5fb 100644 --- a/lib/suapiv2.php +++ b/lib/suapiv2.php @@ -31,8 +31,10 @@ $membership_data = $formated_raw_data["table1"]["table1_Product_Collection"]["ta // make a new array that just contains *every* member no matter what they bought $just_members = array(); -foreach ($membership_data["Detail_Collection"]["Detail"] as $member) { - array_push($just_members, $member["@attributes"]); +foreach ($membership_data as $typeOfMember) { + foreach ($typeOfMember["Detail_Collection"]["Detail"] as $member) { + array_push($just_members, $member["@attributes"]); + } } /* You can now use $just_members to probe member detials. It's an array of arrays which each contain: -- GitLab From 2d1b2e2b19ac22722e979fad30b52b8fc48e6054 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Mon, 3 Oct 2016 19:50:27 +0100 Subject: [PATCH 02/31] Write a function to work around broken msl shit --- lib/suapiv2.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/suapiv2.php b/lib/suapiv2.php index b11c5fb..ea04bfb 100644 --- a/lib/suapiv2.php +++ b/lib/suapiv2.php @@ -31,12 +31,29 @@ $membership_data = $formated_raw_data["table1"]["table1_Product_Collection"]["ta // make a new array that just contains *every* member no matter what they bought $just_members = array(); -foreach ($membership_data as $typeOfMember) { - foreach ($typeOfMember["Detail_Collection"]["Detail"] as $member) { - array_push($just_members, $member["@attributes"]); + +function filter_array($data){ + global $just_members; + // we have more than one type of member if this is true + if (count($data[0]["Detail_Collection"]["Detail"][0]["@attributes"]) == 7){ + //split them up then feed them back + foreach ($data as $membershipType){ + filter_array($membershipType); + } + // we have more then 1 of the same type of member if this is true + } else if (count($data["Detail_Collection"]["Detail"][0]["@attributes"]) == 7) { + //wack them onto the used array + foreach ($data["Detail_Collection"]["Detail"] as $member) { + array_push($just_members, $member["@attributes"]); + } + // we have 1 member :( + } else if (count($data["Detail_Collection"]["Detail"]["@attributes"]) == 7) { + array_push($just_members, $data["Detail_Collection"]["Detail"]["@attributes"]); } } +filter_array($membership_data); + /* You can now use $just_members to probe member detials. It's an array of arrays which each contain: * transaction_id (recepit id) * purchaser (full name) -- GitLab From 8bf3ac4bb5dc23df2ba154e3ab29bdc189b53e15 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Thu, 13 Oct 2016 10:47:11 +0100 Subject: [PATCH 03/31] Fix old student members coming back with the same student id after thier account has been deleted and they paid via the su --- components/susignup.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/components/susignup.php b/components/susignup.php index 4d7d4b8..6566f26 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -40,19 +40,18 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())) { // let them know they are already signed up and renewed message_flash("You are a numpty and have already signed up and paid for this year."); - // else if check to see if they have signedup and paid for the new year but haven't renewed + // else if check to see if they have signedup and paid for the new year but haven't renewed } else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())) { // renew them! renew_membership($tmpresult->fields["username"]); // let them know that their account has been renewed message_flash("Your SUCS account has been renewed."); - // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup - // I don't know how you would end up in a state like this but the old code dealt with it so I will as well - } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) { + // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup + } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid && $signuptmpresult->fields["activated"] != NULL) { $mode = "form"; $smarty->assign("id", $signuptmpresult->fields["id"]); $smarty->assign("pass", $signuptmpresult->fields["password"]); - // else if they aren't in the SUCS DB, then bootstrap signup process + // else if they aren't in the SUCS DB, then bootstrap signup process } else if ($tmpresult->fields == false && $signuptmpresult->fields == false) { $mode = "form"; $pass = make_password(); -- GitLab From ff57595761944ee38896b3cbabf57348c107a447 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Thu, 13 Oct 2016 10:50:04 +0100 Subject: [PATCH 04/31] It's not my morning... --- components/susignup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/susignup.php b/components/susignup.php index 6566f26..1e3393a 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -47,7 +47,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { // let them know that their account has been renewed message_flash("Your SUCS account has been renewed."); // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup - } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid && $signuptmpresult->fields["activated"] != NULL) { + } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid && $signuptmpresult->fields["activated"] == NULL) { $mode = "form"; $smarty->assign("id", $signuptmpresult->fields["id"]); $smarty->assign("pass", $signuptmpresult->fields["password"]); -- GitLab From 7eee2a8fb9959649af1e892975cfc85165889fcc Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Thu, 13 Oct 2016 14:13:53 +0100 Subject: [PATCH 05/31] Don't need to check if they aren't in the singup table if we know they aren't in the members table --- components/susignup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/susignup.php b/components/susignup.php index 1e3393a..f33cdb4 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -52,7 +52,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { $smarty->assign("id", $signuptmpresult->fields["id"]); $smarty->assign("pass", $signuptmpresult->fields["password"]); // else if they aren't in the SUCS DB, then bootstrap signup process - } else if ($tmpresult->fields == false && $signuptmpresult->fields == false) { + } else if ($tmpresult->fields == false) { $mode = "form"; $pass = make_password(); $iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id", array($pass, $sid, "99999")); -- GitLab From e9f4c2f21cff702c13197425c2fa6fd03b6a6c7d Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:35:30 +0100 Subject: [PATCH 06/31] Switch to using debian jessie docker image --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index df19a98..ae16b4e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,6 @@ # specify what docker image # go with the default image for now and mangle it -#image: ruby:2.1 +image: debian:jessie stages: - test -- GitLab From f02fdd0a8d6a41424434c2c5158d3bc6d5c97b1d Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:37:47 +0100 Subject: [PATCH 07/31] That didn't work so lets go back to using the default ruby image and test php against php7 --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ae16b4e..e58fac6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,6 @@ # specify what docker image # go with the default image for now and mangle it -image: debian:jessie +#image: debian:jessie stages: - test @@ -14,7 +14,7 @@ php-syntax-check: script: - apt-get clean - apt-get update - - apt-get install -y php5-cli + - apt-get install -y php-cli - php -l htdocs/index.php - find components -name *.php | xargs -n 1 php -l - find plugins -name *.php | xargs -n 1 php -l -- GitLab From 264f2e520176db5022de9722769c5b56c9ee7afe Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:43:38 +0100 Subject: [PATCH 08/31] npm is part of nodejs --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e58fac6..7b8777d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,7 +25,7 @@ js-syntax-check: script: - apt-get clean - apt-get update - - apt-get install -y npm + - apt-get install -y nodejs - ln -s /usr/bin/nodejs /usr/bin/node - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From c37b71d17a2bcf5f59d0afac8dcd6abdf9e2b217 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:46:42 +0100 Subject: [PATCH 09/31] install nodejs from the main site, debian stable packages are screweed up --- .gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7b8777d..1436ce9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,8 +25,9 @@ js-syntax-check: script: - apt-get clean - apt-get update - - apt-get install -y nodejs - - ln -s /usr/bin/nodejs /usr/bin/node +# - apt-get install -y nodejs +# - ln -s /usr/bin/nodejs /usr/bin/node + - curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From 5f3d26d1f9ea7dfe19754841ac81cf89d54c2ea5 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:48:51 +0100 Subject: [PATCH 10/31] need curl, doh! --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1436ce9..e92303c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,7 +27,8 @@ js-syntax-check: - apt-get update # - apt-get install -y nodejs # - ln -s /usr/bin/nodejs /usr/bin/node - - curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - + - apt-get install curl + - curl -sL https://deb.nodesource.com/setup_8.x | bash - - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From 270d22086010a0b166604a3946278f3ea6333f43 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:50:36 +0100 Subject: [PATCH 11/31] forgot a -y --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e92303c..d79bcbd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,7 +27,7 @@ js-syntax-check: - apt-get update # - apt-get install -y nodejs # - ln -s /usr/bin/nodejs /usr/bin/node - - apt-get install curl + - apt-get install -y curl - curl -sL https://deb.nodesource.com/setup_8.x | bash - - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From cfc7787611156358604ae613331a89a82d8a3f8f Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:53:31 +0100 Subject: [PATCH 12/31] nodejs install that is supposed to install deps doesn't actually do so, install gnupg manually --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d79bcbd..7d0a717 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,7 +27,7 @@ js-syntax-check: - apt-get update # - apt-get install -y nodejs # - ln -s /usr/bin/nodejs /usr/bin/node - - apt-get install -y curl + - apt-get install -y curl gnupg - curl -sL https://deb.nodesource.com/setup_8.x | bash - - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From 43ea7d60369d9dec7112abbca50a9ae4475f9199 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Fri, 30 Jun 2017 12:59:07 +0100 Subject: [PATCH 13/31] the script to install nodejs DOESN'T INSTALL NODEJS! --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7d0a717..0dbc258 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -29,6 +29,7 @@ js-syntax-check: # - ln -s /usr/bin/nodejs /usr/bin/node - apt-get install -y curl gnupg - curl -sL https://deb.nodesource.com/setup_8.x | bash - + - apt-get install -y nodejs - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose -- GitLab From 1a4237a8d48046bcd4cfc452fcbfc886db8bfef7 Mon Sep 17 00:00:00 2001 From: Isabel Jenkins Date: Sun, 24 Sep 2017 12:57:09 +0100 Subject: [PATCH 14/31] Update Live chat link --- components/front.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/front.php b/components/front.php index 30cc90e..116aa32 100644 --- a/components/front.php +++ b/components/front.php @@ -9,7 +9,7 @@ if (!$session->loggedin) { $output = file_get_contents("../static/fragments/Join.txt"); } else { $output = "

You are logged in

If you would like to contribute to the site or report a bug, please contact imranh.

"; - $output = "

You are logged in

Why not join our Live Chat?

"; + $output = "

You are logged in

Why not join our Live Chat?

"; //include('users.php'); //$output .= $result; include('electionreminder.php'); -- GitLab From b02c75c60099fcd6cefc78c6e75607a85922fae0 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Tue, 19 Sep 2017 16:49:23 +0100 Subject: [PATCH 15/31] Update sucs iss ldap info for signup system --- lib/validationData.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/validationData.php b/lib/validationData.php index 1eec498..d496789 100644 --- a/lib/validationData.php +++ b/lib/validationData.php @@ -2,14 +2,12 @@ // lookup real names from sid's using campus ldap function lookupSID($sid) { - $ds = ldap_connect("ccs-suld1.swan.ac.uk"); - $ldappw = file_get_contents("/etc/unildap.secret"); - $ldappw = trim($ldappw); - ldap_bind($ds, "cn=SUCS-BIND,ou=ServiceAccount,o=SWANUNI", $ldappw); - $sr = ldap_search($ds, "ou=students,ou=Swansea,o=swanuni", "uid=" . $sid); + $ds = ldap_connect("192.168.10.16"); + ldap_bind($ds); + $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "uid=" . $sid); $info = ldap_get_entries($ds, $sr); ldap_unbind($ds); - return ucwords(strtolower($info[0]['givenname'][0] . " " . $info[0]['sn'][0])); + return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0])); } // lookup addresses from postcodes using the university's website -- GitLab From 52510509648083629f5de76d44d017b0a38695b3 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Tue, 26 Sep 2017 11:49:54 +0100 Subject: [PATCH 16/31] shitty iss dropped uid for EDUPERSONTARGETEDID --- lib/validationData.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validationData.php b/lib/validationData.php index d496789..14c475b 100644 --- a/lib/validationData.php +++ b/lib/validationData.php @@ -4,7 +4,7 @@ function lookupSID($sid) { $ds = ldap_connect("192.168.10.16"); ldap_bind($ds); - $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "uid=" . $sid); + $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "EDUPERSONTARGETEDID=" . $sid); $info = ldap_get_entries($ds, $sr); ldap_unbind($ds); return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0])); -- GitLab From 653b406c7f439b2e8cd4a4f02b4810e6610fe160 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Tue, 26 Sep 2017 11:49:54 +0100 Subject: [PATCH 17/31] shitty iss dropped uid for EDUPERSONTARGETEDID --- lib/validationData.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validationData.php b/lib/validationData.php index d496789..14c475b 100644 --- a/lib/validationData.php +++ b/lib/validationData.php @@ -4,7 +4,7 @@ function lookupSID($sid) { $ds = ldap_connect("192.168.10.16"); ldap_bind($ds); - $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "uid=" . $sid); + $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "EDUPERSONTARGETEDID=" . $sid); $info = ldap_get_entries($ds, $sr); ldap_unbind($ds); return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0])); -- GitLab From 620c9b63aa61855cee81ac9c9ab55be6e370f69c Mon Sep 17 00:00:00 2001 From: gigosaurus Date: Tue, 26 Sep 2017 21:59:10 +0100 Subject: [PATCH 18/31] Fix signup validation. Emails, names and addresses are now much less strict, and more valid postcodes are allowed. --- components/signup.php | 6 +- components/signupajax.php | 4 +- lib/validation.php | 128 +++++++++----------------------------- 3 files changed, 34 insertions(+), 104 deletions(-) diff --git a/components/signup.php b/components/signup.php index c850da5..ddfda22 100644 --- a/components/signup.php +++ b/components/signup.php @@ -80,18 +80,18 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { $errors['address'] = $error; } $fields['address'] = sanitizeAddress($_POST['address']); - if (!validRealName($_REQUEST['realname'], $override)) { + if (!validName($_REQUEST['realname'], $override)) { $valid = false; $errors['realname'] = $error; } $fields['realname'] = $_REQUEST['realname']; } else { - if (!(validRealName($_REQUEST['contact'], false) || $override)) { + if (!(validName($_REQUEST['contact'], false) || $override)) { $valid = false; $errors['contact'] = $error; } $fields['contact'] = $_REQUEST['contact']; - if (!validSocName($_REQUEST['realname'], $override)) { + if (!validName($_REQUEST['realname'], $override)) { $valid = false; $errors['realname'] = $error; } diff --git a/components/signupajax.php b/components/signupajax.php index 3e4bca4..2da8fa2 100644 --- a/components/signupajax.php +++ b/components/signupajax.php @@ -29,7 +29,7 @@ if (isset($_GET['key'])) { break; case "realname": $realname = $_GET['value']; - if (validRealName($realname, false)) { + if (validName($realname, false)) { echo "OK"; } else { echo $error; @@ -37,7 +37,7 @@ if (isset($_GET['key'])) { break; case "socname": $socname = $_GET['value']; - if (validSocName($socname, false)) { + if (validName($socname, false)) { echo "OK"; } else { echo $error; diff --git a/lib/validation.php b/lib/validation.php index 9994eae..69d6fbf 100644 --- a/lib/validation.php +++ b/lib/validation.php @@ -7,18 +7,22 @@ require_once("sanitization.php"); function validEmail($email) { global $error; - //split user and domain - list($user, $domain) = explode("@", $email); - // check for bad characters, and check for zero length user & domain - if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email) or !$user or !$domain) { - $error = 'an invalid email address (syntax)'; + + // check for valid syntax + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $error = 'Invalid email address (syntax)'; return false; } + // Syntax OK + // domain consists of any character after a '@' and cannot contain '@' + // therefore any character after the last '@' is part of the domain + $domain = substr($email, strrpos($email, '@') + 1); + // Check for an mail server - elseif (!getmxrr($domain, $mx) or !gethostbyname($domain)) { - $error = "no mail servers listed for '$domain'"; + if (!getmxrr($domain, $mx) or !gethostbyname($domain)) { + $error = "No mail servers listed for '$domain'"; return false; } else { // Email address valid from technical point of view @@ -26,41 +30,6 @@ function validEmail($email) } } -// test whether a password is considered Strong Enough -// ideally we'd want to use cracklib or something here, but no RPM for the php bindings :-( -// dont use this, use weakPassword instead it uses cracklib -function strongPassword($pass) -{ - - // you call this a password? my cat could bruteforce this. - if (strlen($pass) < 6) { - return false; - } - -// start at 0, and increment for certain features - $score = 0; - - -// greater than 8 characters - if (strlen($pass) > 8) $score++; -// includes lowercase characters - if (preg_match("/[a-z]/", $pass)) $score++; -// includes uppercase characters - if (preg_match("/[A-Z]/", $pass)) $score++; -// includes digits - if (preg_match("/\d/", $pass)) $score++; -// includes "non-word" characters - if (preg_match("/\W/", $pass)) $score++; - -// I reckons if it has at least 3 of the above it should be... adequate -// better if it checked for dictionary words too though - if ($score > 3) { - return true; - } else { - return false; - } -} - # Use cracklib to check for weak passwords. # returns FALSE if the password is good i.e. not weak # otherwise returns a string saying why its weak @@ -112,7 +81,7 @@ function isAlias($username) return $ok; } -//check if a user with a sid already exsists +//check if a user with a sid already exists function sidUsed($sid) { $sucsDB = NewADOConnection('postgres8'); @@ -127,12 +96,12 @@ function sidUsed($sid) function validUsername($username) { global $error; - // check if uname is sytactically valid + // check if uname is syntactically valid $syntax = preg_match("/^[a-z][a-z0-9_]*$/", $username); if (!$syntax || (strlen($username) < 2)) { - $error = "Usernames must start with a letter, only contain lowercase letter, numbers 0-9 and underscores (_) and be at least 2 characters."; + $error = "Usernames must start with a letter, only contain lowercase letters, numbers 0-9 and underscores (_) and be at least 2 characters."; return false; - } // check if the username already exsists + } // check if the username already exists elseif (posix_getpwnam($username)) { $error = "Username already taken"; return false; @@ -171,7 +140,7 @@ function validSID($SID, $override) } } -function validRealName($realName, $override) +function validName($realName, $override) { global $error; if ($override) { @@ -182,56 +151,12 @@ function validRealName($realName, $override) return true; } } else { - //check for enough names for real name (we insist on at least 2 - if (count(explode(" ", $realName)) < 2) { - $error = "Too few names given, please give at least two."; - return false; - } //check for a sane realname, see comment below - elseif (!preg_match("/^([A-Z]([.]+ +[A-Z])*([\']+[A-Z])*[a-z]+[ -]*)+$/", $realName)) { - $error = "Name incorrectly formatted, email admin@sucs.org if this is an error."; - return false; - } /* - * This should force sane real names, with capitals for the first letter of each word, - * Whist alowing for complex names such as Robin M. O'Leary - * - * break down of regexp - * - * ( - * [A-Z] - start with a single capital - * ([.]+ +[A-Z])* - zero or more of, (at least one "." followed by at least one space then another single capital) //we dont expect people to have initals at the end of there names so this is alright - * ([\']+[A-Z])* - zero or more of, (at least one "'"s followed by a single capital letter) - * [a-z]+ - One or more lower case letters, this forces initals to be followed by a "." - *[ -]* - zero or more " "s or "-"s so double barreled names are supported - * ) - * - * In its current state - * Robin M. O'Leary is valid - * Robin M O'Leary is not - * Robin M. OLeary is Not - * Robin M. O'LeaRy is valid (though its not meant to be.. bad side effect of not requireing at least one space...) - * BUT... this alows for McSmith's... which is rather nice :)... and of course delibrate - * RObin M O'Leary is not - * - */ - else { - return true; - } - } -} -function validSocName($socname, $override) -{ - global $error; - if ($override) { - if ($socname == "") { - $error = "You MUST provide some sort of name"; - return false; - } else { - return true; - } - } else { - if (!preg_match('/^[A-Z1-9]/', $socname) || strlen($socname) < 2) { - $error = "Must start with a capital letter or a number and be more than 1 character"; + // names can legally be really weird so just check that it is at least 1 visible character + // followed by any number of non-control characters + $realName = trim($realName); + if (!preg_match("/^[[:graph:]][[:print:]]*$/", $realName)) { + $error = "Invalid name"; return false; } else { return true; @@ -243,9 +168,11 @@ function validAddress($address) { global $error; $address = sanitizeAddress($address); - $regex = "/^([A-Z0-9]([[:alnum:]]|[ .\/'-])*\n)+[A-Z0-9]([[:alnum:]]|[ .\/'-])*$/"; + + // check that they at least entered in something. Address doesn't need to be as strict when the postcode is. + $regex = "/^.{5,}+$/s"; if (!preg_match($regex, $address)) { - $error = "Please supply at least two valid lines of address."; + $error = "Please supply a valid address."; return false; } else { return true; @@ -255,7 +182,10 @@ function validAddress($address) function validPostcode($postcode) { $postcode = sanitizePostcode($postcode); - if (!preg_match('/^[A-Z]{1,2}[0-9]{1,2}[A-Z]{0,1} [0-9][A-Z]{2}$/', $postcode)) { + + // matches all postcodes following the valid format described in a 2012 government published document + $postcodeRegex = "/^([A-Z](([0-9][0-9]?)|([A-Z][0-9][0-9]?)|([A-Z]?[0-9][A-Z])) ?[0-9][ABD-HJLNP-UW-Z]{2})$/"; + if (!preg_match($postcodeRegex, $postcode)) { return false; } else { return $postcode; -- GitLab From 777965c6a5b8f1376f205d48cf62a73a93acfd6a Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 00:07:42 +0100 Subject: [PATCH 19/31] Fix typo in signup completion --- templates/signup.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/signup.tpl b/templates/signup.tpl index f96d25e..2b97a42 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -136,7 +136,7 @@ {if !$failed}

Welcome to SUCS

Signup is complete, please see below for your password, a copy has also been send to {$email}, we request you - change this immediatley. See our Getting Started page for some + change this immediately. See our Getting Started page for some ways you can start using your new SUCS account!

Username: {$username}
-- GitLab From fcfabbae140b7ba17f7f03a575e73c45b7cffe79 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 01:13:07 +0100 Subject: [PATCH 20/31] Fix retrieving full name from campus ldap --- lib/validationData.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validationData.php b/lib/validationData.php index 14c475b..06d16cb 100644 --- a/lib/validationData.php +++ b/lib/validationData.php @@ -7,7 +7,7 @@ function lookupSID($sid) $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "EDUPERSONTARGETEDID=" . $sid); $info = ldap_get_entries($ds, $sr); ldap_unbind($ds); - return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0])); + return ucwords(strtolower($info[0]['givenname'][0] . " " . $info[0]['sn'][0])); } // lookup addresses from postcodes using the university's website -- GitLab From 86ccc6b7187951a49ec8875e755fa68174c6551f Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 01:20:53 +0100 Subject: [PATCH 21/31] Add missing space in error message --- lib/validation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validation.php b/lib/validation.php index 69d6fbf..b981c9a 100644 --- a/lib/validation.php +++ b/lib/validation.php @@ -132,7 +132,7 @@ function validSID($SID, $override) $error = "A user with that student ID already exists, email admin@sucs.org if this is an error."; return false; } elseif (lookupSID($SID) == " ") { - $error = "Student not found, emailadmin@sucs.org if this is an error."; + $error = "Student not found, email admin@sucs.org if this is an error."; return false; } else { return true; -- GitLab From 4063d666a99a4f452b0036d409634fc7ccd826a5 Mon Sep 17 00:00:00 2001 From: gigosaurus Date: Wed, 27 Sep 2017 02:11:31 +0100 Subject: [PATCH 22/31] Remember the student number if they entered it in a previous form --- components/signup.php | 4 ++++ components/susignup.php | 2 ++ templates/signup.tpl | 2 +- templates/susignup.tpl | 3 ++- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/components/signup.php b/components/signup.php index ddfda22..27b3c79 100644 --- a/components/signup.php +++ b/components/signup.php @@ -50,6 +50,10 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { // pass on the id and passwd and id the validation is overridable $smarty->assign("signupid", $signupid); $smarty->assign("signuppw", $signuppw); + // pass on the student id if it exists + if (isset($_REQUEST['signupsid'])) { + $smarty->assign("signupsid", $signupsid); + } $smarty->assign("overridable", $overridable); $smarty->assign("usertype", $row[type]); // if accepting the form diff --git a/components/susignup.php b/components/susignup.php index f33cdb4..0bfde55 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -51,6 +51,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { $mode = "form"; $smarty->assign("id", $signuptmpresult->fields["id"]); $smarty->assign("pass", $signuptmpresult->fields["password"]); + $smarty->assign("sid", $signuptmpresult->fields["sid"]); // else if they aren't in the SUCS DB, then bootstrap signup process } else if ($tmpresult->fields == false) { $mode = "form"; @@ -59,6 +60,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { $id = $iddata->fields['id']; $smarty->assign("id", $id); $smarty->assign("pass", $pass); + $smarty->assign("sid", $sid); } else { // they should never get here die("You'll see this if there has been a database error. Someone probably knows and is trying to fix it. Sorry."); diff --git a/templates/signup.tpl b/templates/signup.tpl index f96d25e..c144585 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -36,7 +36,7 @@

+ {if $mode=='re-form'}value='{$fields.studentid}'{elseif isset($signupsid)}value='{$signupsid}'{/if} />
{$errors.studentid}{else} style="color:green; diff --git a/templates/susignup.tpl b/templates/susignup.tpl index 322625f..abde068 100644 --- a/templates/susignup.tpl +++ b/templates/susignup.tpl @@ -39,6 +39,7 @@
+
{else} @@ -49,4 +50,4 @@ An error occured during signup, please email, with as much information as you can provide, admin@sucs.org for assistance. -{/if} \ No newline at end of file +{/if} -- GitLab From 3eb75c79ec5dca889b3baac4a7142796dfa3ac06 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Wed, 27 Sep 2017 10:44:26 +0100 Subject: [PATCH 23/31] if you're a student then you don't get to choose your real name --- templates/signup.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/signup.tpl b/templates/signup.tpl index b8b93db..2e77ae6 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -55,7 +55,7 @@
+ {if $mode=='re-form'}value='{$fields.realname}'{/if} {if $usertype==1}readonly{/if}/>
{$errors.realname}{else} style="color:green; float:right; -- GitLab From 7a325c26f1c7d6d117d778c841bb8f572dcf68e0 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 00:07:42 +0100 Subject: [PATCH 24/31] Fix typo in signup completion --- templates/signup.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/signup.tpl b/templates/signup.tpl index f96d25e..2b97a42 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -136,7 +136,7 @@ {if !$failed}

Welcome to SUCS

Signup is complete, please see below for your password, a copy has also been send to {$email}, we request you - change this immediatley. See our Getting Started page for some + change this immediately. See our Getting Started page for some ways you can start using your new SUCS account!

Username: {$username}
-- GitLab From 68a40e7c75efdf3cc517023f3423d3b2319ae4e7 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 01:13:07 +0100 Subject: [PATCH 25/31] Fix retrieving full name from campus ldap --- lib/validationData.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validationData.php b/lib/validationData.php index 14c475b..06d16cb 100644 --- a/lib/validationData.php +++ b/lib/validationData.php @@ -7,7 +7,7 @@ function lookupSID($sid) $sr = ldap_search($ds, "ou=Active,ou=Resources,o=Swansea", "EDUPERSONTARGETEDID=" . $sid); $info = ldap_get_entries($ds, $sr); ldap_unbind($ds); - return ucwords(strtolower($info[0]['givenName'][0] . " " . $info[0]['sn'][0])); + return ucwords(strtolower($info[0]['givenname'][0] . " " . $info[0]['sn'][0])); } // lookup addresses from postcodes using the university's website -- GitLab From 459d1ed862c26a90dc22436d8dff633e422642f2 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 01:20:53 +0100 Subject: [PATCH 26/31] Add missing space in error message --- lib/validation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validation.php b/lib/validation.php index 9994eae..a594bb0 100644 --- a/lib/validation.php +++ b/lib/validation.php @@ -163,7 +163,7 @@ function validSID($SID, $override) $error = "A user with that student ID already exists, email admin@sucs.org if this is an error."; return false; } elseif (lookupSID($SID) == " ") { - $error = "Student not found, emailadmin@sucs.org if this is an error."; + $error = "Student not found, email admin@sucs.org if this is an error."; return false; } else { return true; -- GitLab From b9db1f21b5fda4b9d215699089ee4590fc40e5ec Mon Sep 17 00:00:00 2001 From: gigosaurus Date: Wed, 27 Sep 2017 02:11:31 +0100 Subject: [PATCH 27/31] Remember the student number if they entered it in a previous form --- components/signup.php | 4 ++++ components/susignup.php | 2 ++ templates/signup.tpl | 2 +- templates/susignup.tpl | 3 ++- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/components/signup.php b/components/signup.php index c850da5..9717a33 100644 --- a/components/signup.php +++ b/components/signup.php @@ -50,6 +50,10 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { // pass on the id and passwd and id the validation is overridable $smarty->assign("signupid", $signupid); $smarty->assign("signuppw", $signuppw); + // pass on the student id if it exists + if (isset($_REQUEST['signupsid'])) { + $smarty->assign("signupsid", $signupsid); + } $smarty->assign("overridable", $overridable); $smarty->assign("usertype", $row[type]); // if accepting the form diff --git a/components/susignup.php b/components/susignup.php index f33cdb4..0bfde55 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -51,6 +51,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { $mode = "form"; $smarty->assign("id", $signuptmpresult->fields["id"]); $smarty->assign("pass", $signuptmpresult->fields["password"]); + $smarty->assign("sid", $signuptmpresult->fields["sid"]); // else if they aren't in the SUCS DB, then bootstrap signup process } else if ($tmpresult->fields == false) { $mode = "form"; @@ -59,6 +60,7 @@ if (!empty($_REQUEST['sid']) && !empty($_REQUEST['transactionID'])) { $id = $iddata->fields['id']; $smarty->assign("id", $id); $smarty->assign("pass", $pass); + $smarty->assign("sid", $sid); } else { // they should never get here die("You'll see this if there has been a database error. Someone probably knows and is trying to fix it. Sorry."); diff --git a/templates/signup.tpl b/templates/signup.tpl index 2b97a42..b8b93db 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -36,7 +36,7 @@

+ {if $mode=='re-form'}value='{$fields.studentid}'{elseif isset($signupsid)}value='{$signupsid}'{/if} />
{$errors.studentid}{else} style="color:green; diff --git a/templates/susignup.tpl b/templates/susignup.tpl index 322625f..abde068 100644 --- a/templates/susignup.tpl +++ b/templates/susignup.tpl @@ -39,6 +39,7 @@
+
{else} @@ -49,4 +50,4 @@ An error occured during signup, please email, with as much information as you can provide, admin@sucs.org for assistance. -{/if} \ No newline at end of file +{/if} -- GitLab From bf07b4e41d11ea6ac42fb1e4f03d818d6d37c619 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Wed, 27 Sep 2017 10:44:26 +0100 Subject: [PATCH 28/31] if you're a student then you don't get to choose your real name --- templates/signup.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/signup.tpl b/templates/signup.tpl index b8b93db..2e77ae6 100644 --- a/templates/signup.tpl +++ b/templates/signup.tpl @@ -55,7 +55,7 @@
+ {if $mode=='re-form'}value='{$fields.realname}'{/if} {if $usertype==1}readonly{/if}/>
{$errors.realname}{else} style="color:green; float:right; -- GitLab From de4a21e51999ec60a3a7baac346c7b4564b705c2 Mon Sep 17 00:00:00 2001 From: gigosaurus Date: Tue, 26 Sep 2017 21:59:10 +0100 Subject: [PATCH 29/31] Fix signup validation. Emails, names and addresses are now much less strict, and more valid postcodes are allowed. --- components/signup.php | 6 +- components/signupajax.php | 4 +- lib/validation.php | 128 +++++++++----------------------------- 3 files changed, 34 insertions(+), 104 deletions(-) diff --git a/components/signup.php b/components/signup.php index 9717a33..27b3c79 100644 --- a/components/signup.php +++ b/components/signup.php @@ -84,18 +84,18 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { $errors['address'] = $error; } $fields['address'] = sanitizeAddress($_POST['address']); - if (!validRealName($_REQUEST['realname'], $override)) { + if (!validName($_REQUEST['realname'], $override)) { $valid = false; $errors['realname'] = $error; } $fields['realname'] = $_REQUEST['realname']; } else { - if (!(validRealName($_REQUEST['contact'], false) || $override)) { + if (!(validName($_REQUEST['contact'], false) || $override)) { $valid = false; $errors['contact'] = $error; } $fields['contact'] = $_REQUEST['contact']; - if (!validSocName($_REQUEST['realname'], $override)) { + if (!validName($_REQUEST['realname'], $override)) { $valid = false; $errors['realname'] = $error; } diff --git a/components/signupajax.php b/components/signupajax.php index 3e4bca4..2da8fa2 100644 --- a/components/signupajax.php +++ b/components/signupajax.php @@ -29,7 +29,7 @@ if (isset($_GET['key'])) { break; case "realname": $realname = $_GET['value']; - if (validRealName($realname, false)) { + if (validName($realname, false)) { echo "OK"; } else { echo $error; @@ -37,7 +37,7 @@ if (isset($_GET['key'])) { break; case "socname": $socname = $_GET['value']; - if (validSocName($socname, false)) { + if (validName($socname, false)) { echo "OK"; } else { echo $error; diff --git a/lib/validation.php b/lib/validation.php index a594bb0..b981c9a 100644 --- a/lib/validation.php +++ b/lib/validation.php @@ -7,18 +7,22 @@ require_once("sanitization.php"); function validEmail($email) { global $error; - //split user and domain - list($user, $domain) = explode("@", $email); - // check for bad characters, and check for zero length user & domain - if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email) or !$user or !$domain) { - $error = 'an invalid email address (syntax)'; + + // check for valid syntax + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $error = 'Invalid email address (syntax)'; return false; } + // Syntax OK + // domain consists of any character after a '@' and cannot contain '@' + // therefore any character after the last '@' is part of the domain + $domain = substr($email, strrpos($email, '@') + 1); + // Check for an mail server - elseif (!getmxrr($domain, $mx) or !gethostbyname($domain)) { - $error = "no mail servers listed for '$domain'"; + if (!getmxrr($domain, $mx) or !gethostbyname($domain)) { + $error = "No mail servers listed for '$domain'"; return false; } else { // Email address valid from technical point of view @@ -26,41 +30,6 @@ function validEmail($email) } } -// test whether a password is considered Strong Enough -// ideally we'd want to use cracklib or something here, but no RPM for the php bindings :-( -// dont use this, use weakPassword instead it uses cracklib -function strongPassword($pass) -{ - - // you call this a password? my cat could bruteforce this. - if (strlen($pass) < 6) { - return false; - } - -// start at 0, and increment for certain features - $score = 0; - - -// greater than 8 characters - if (strlen($pass) > 8) $score++; -// includes lowercase characters - if (preg_match("/[a-z]/", $pass)) $score++; -// includes uppercase characters - if (preg_match("/[A-Z]/", $pass)) $score++; -// includes digits - if (preg_match("/\d/", $pass)) $score++; -// includes "non-word" characters - if (preg_match("/\W/", $pass)) $score++; - -// I reckons if it has at least 3 of the above it should be... adequate -// better if it checked for dictionary words too though - if ($score > 3) { - return true; - } else { - return false; - } -} - # Use cracklib to check for weak passwords. # returns FALSE if the password is good i.e. not weak # otherwise returns a string saying why its weak @@ -112,7 +81,7 @@ function isAlias($username) return $ok; } -//check if a user with a sid already exsists +//check if a user with a sid already exists function sidUsed($sid) { $sucsDB = NewADOConnection('postgres8'); @@ -127,12 +96,12 @@ function sidUsed($sid) function validUsername($username) { global $error; - // check if uname is sytactically valid + // check if uname is syntactically valid $syntax = preg_match("/^[a-z][a-z0-9_]*$/", $username); if (!$syntax || (strlen($username) < 2)) { - $error = "Usernames must start with a letter, only contain lowercase letter, numbers 0-9 and underscores (_) and be at least 2 characters."; + $error = "Usernames must start with a letter, only contain lowercase letters, numbers 0-9 and underscores (_) and be at least 2 characters."; return false; - } // check if the username already exsists + } // check if the username already exists elseif (posix_getpwnam($username)) { $error = "Username already taken"; return false; @@ -171,7 +140,7 @@ function validSID($SID, $override) } } -function validRealName($realName, $override) +function validName($realName, $override) { global $error; if ($override) { @@ -182,56 +151,12 @@ function validRealName($realName, $override) return true; } } else { - //check for enough names for real name (we insist on at least 2 - if (count(explode(" ", $realName)) < 2) { - $error = "Too few names given, please give at least two."; - return false; - } //check for a sane realname, see comment below - elseif (!preg_match("/^([A-Z]([.]+ +[A-Z])*([\']+[A-Z])*[a-z]+[ -]*)+$/", $realName)) { - $error = "Name incorrectly formatted, email admin@sucs.org if this is an error."; - return false; - } /* - * This should force sane real names, with capitals for the first letter of each word, - * Whist alowing for complex names such as Robin M. O'Leary - * - * break down of regexp - * - * ( - * [A-Z] - start with a single capital - * ([.]+ +[A-Z])* - zero or more of, (at least one "." followed by at least one space then another single capital) //we dont expect people to have initals at the end of there names so this is alright - * ([\']+[A-Z])* - zero or more of, (at least one "'"s followed by a single capital letter) - * [a-z]+ - One or more lower case letters, this forces initals to be followed by a "." - *[ -]* - zero or more " "s or "-"s so double barreled names are supported - * ) - * - * In its current state - * Robin M. O'Leary is valid - * Robin M O'Leary is not - * Robin M. OLeary is Not - * Robin M. O'LeaRy is valid (though its not meant to be.. bad side effect of not requireing at least one space...) - * BUT... this alows for McSmith's... which is rather nice :)... and of course delibrate - * RObin M O'Leary is not - * - */ - else { - return true; - } - } -} -function validSocName($socname, $override) -{ - global $error; - if ($override) { - if ($socname == "") { - $error = "You MUST provide some sort of name"; - return false; - } else { - return true; - } - } else { - if (!preg_match('/^[A-Z1-9]/', $socname) || strlen($socname) < 2) { - $error = "Must start with a capital letter or a number and be more than 1 character"; + // names can legally be really weird so just check that it is at least 1 visible character + // followed by any number of non-control characters + $realName = trim($realName); + if (!preg_match("/^[[:graph:]][[:print:]]*$/", $realName)) { + $error = "Invalid name"; return false; } else { return true; @@ -243,9 +168,11 @@ function validAddress($address) { global $error; $address = sanitizeAddress($address); - $regex = "/^([A-Z0-9]([[:alnum:]]|[ .\/'-])*\n)+[A-Z0-9]([[:alnum:]]|[ .\/'-])*$/"; + + // check that they at least entered in something. Address doesn't need to be as strict when the postcode is. + $regex = "/^.{5,}+$/s"; if (!preg_match($regex, $address)) { - $error = "Please supply at least two valid lines of address."; + $error = "Please supply a valid address."; return false; } else { return true; @@ -255,7 +182,10 @@ function validAddress($address) function validPostcode($postcode) { $postcode = sanitizePostcode($postcode); - if (!preg_match('/^[A-Z]{1,2}[0-9]{1,2}[A-Z]{0,1} [0-9][A-Z]{2}$/', $postcode)) { + + // matches all postcodes following the valid format described in a 2012 government published document + $postcodeRegex = "/^([A-Z](([0-9][0-9]?)|([A-Z][0-9][0-9]?)|([A-Z]?[0-9][A-Z])) ?[0-9][ABD-HJLNP-UW-Z]{2})$/"; + if (!preg_match($postcodeRegex, $postcode)) { return false; } else { return $postcode; -- GitLab From fbac20963e0d091e0ebf070655fbab492a2df654 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 12:30:00 +0100 Subject: [PATCH 30/31] Fix retrieving student number --- components/signup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/signup.php b/components/signup.php index 27b3c79..31633b9 100644 --- a/components/signup.php +++ b/components/signup.php @@ -52,7 +52,7 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { $smarty->assign("signuppw", $signuppw); // pass on the student id if it exists if (isset($_REQUEST['signupsid'])) { - $smarty->assign("signupsid", $signupsid); + $smarty->assign("signupsid", $_REQUEST['signupsid']); } $smarty->assign("overridable", $overridable); $smarty->assign("usertype", $row[type]); -- GitLab From 5c2bcecf13ac8abf8802f84ae1464718a5189f88 Mon Sep 17 00:00:00 2001 From: Kit Manners Date: Wed, 27 Sep 2017 12:30:00 +0100 Subject: [PATCH 31/31] Fix retrieving student number --- components/signup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/signup.php b/components/signup.php index 27b3c79..31633b9 100644 --- a/components/signup.php +++ b/components/signup.php @@ -52,7 +52,7 @@ if (isset($_REQUEST['signupid']) && isset($_REQUEST['signuppw'])) { $smarty->assign("signuppw", $signuppw); // pass on the student id if it exists if (isset($_REQUEST['signupsid'])) { - $smarty->assign("signupsid", $signupsid); + $smarty->assign("signupsid", $_REQUEST['signupsid']); } $smarty->assign("overridable", $overridable); $smarty->assign("usertype", $row[type]); -- GitLab