added password length check
This commit is contained in:
printempw
parent
c50eeca3d8
commit
079e0d3de9
43
ajax.php
43
ajax.php
|
|
@ -3,7 +3,7 @@
|
|||
* @Author: printempw
|
||||
* @Date: 2016-01-16 23:01:33
|
||||
* @Last Modified by: prpr
|
||||
* @Last Modified time: 2016-02-03 20:26:26
|
||||
* @Last Modified time: 2016-02-03 21:10:24
|
||||
*
|
||||
* - login, register, logout
|
||||
* - upload, change, delete
|
||||
|
|
@ -51,31 +51,32 @@ if ($action == "login") {
|
|||
}
|
||||
}
|
||||
} else if ($action == "register") {
|
||||
if (checkPost()) {
|
||||
if (checkPost('register')) {
|
||||
if (!$user->is_registered) {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
// If amout of registered accounts of IP is more than allowed mounts,
|
||||
// then reject the registration.
|
||||
if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) {
|
||||
// use once md5 to encrypt password
|
||||
if ($user->register(md5($_POST['passwd']), $ip)) {
|
||||
$json['errno'] = 0;
|
||||
$json['msg'] = "Registered successfully.";
|
||||
if (user::checkValidPwd($_POST['passwd'])) {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
// If amout of registered accounts of IP is more than allowed mounts,
|
||||
// then reject the registration.
|
||||
if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) {
|
||||
// use once md5 to encrypt password
|
||||
if ($user->register(md5($_POST['passwd']), $ip)) {
|
||||
$json['errno'] = 0;
|
||||
$json['msg'] = "Registered successfully.";
|
||||
} else {
|
||||
$json['errno'] = 1;
|
||||
$json['msg'] = "Uncaught error.";
|
||||
}
|
||||
} else {
|
||||
$json['errno'] = 1;
|
||||
$json['msg'] = "Uncaught error.";
|
||||
$json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP.";
|
||||
}
|
||||
} else {
|
||||
$json['errno'] = 1;
|
||||
$json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP.";
|
||||
}
|
||||
|
||||
} else {
|
||||
$json['errno'] = 1;
|
||||
$json['msg'] = "User already registered.";
|
||||
|
|
|
|||
|
|
@ -2,116 +2,118 @@
|
|||
* @Author: prpr
|
||||
* @Date: 2016-01-21 13:55:44
|
||||
* @Last Modified by: prpr
|
||||
* @Last Modified time: 2016-02-03 19:51:14
|
||||
* @Last Modified time: 2016-02-03 20:38:41
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
$('#login').click(function(){
|
||||
$('[data-remodal-id=login-modal]').remodal().open();
|
||||
$('[data-remodal-id=login-modal]').remodal().open();
|
||||
})
|
||||
|
||||
$('#register').click(function(){
|
||||
$('[data-remodal-id=register-modal]').remodal().open();
|
||||
$('[data-remodal-id=register-modal]').remodal().open();
|
||||
})
|
||||
|
||||
// Login Button Click Event
|
||||
$("body").on("click", "#login-button", function(){
|
||||
var uname = $("#uname").val();
|
||||
var passwd = $("#passwd").val();
|
||||
if (checkForm("login", uname, passwd)) {
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "ajax.php?action=login",
|
||||
dataType: "json",
|
||||
data: {"uname":uname,"passwd":passwd},
|
||||
beforeSend: function() {
|
||||
showMsg("alert-info", "Logging in...");
|
||||
},
|
||||
success: function(json) {
|
||||
if (json.errno == 0) {
|
||||
docCookies.setItem("uname", uname, null, '/');
|
||||
docCookies.setItem("token", json.token, null, '/');
|
||||
if ($("#keep").prop("checked")) {
|
||||
docCookies.setItem("uname", uname, 604800, '/');
|
||||
// 设置长效 token (7天)
|
||||
docCookies.setItem("token", json.token, 604800, '/');
|
||||
}
|
||||
showAlert("Logging succeed!");
|
||||
window.setTimeout("window.location = './user/index.php'", 1000);
|
||||
} else {
|
||||
showAlert(json.msg);
|
||||
showMsg('hide', "");
|
||||
}
|
||||
}
|
||||
});
|
||||
var uname = $("#uname").val();
|
||||
var passwd = $("#passwd").val();
|
||||
if (checkForm("login", uname, passwd)) {
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "ajax.php?action=login",
|
||||
dataType: "json",
|
||||
data: {"uname":uname,"passwd":passwd},
|
||||
beforeSend: function() {
|
||||
showMsg("alert-info", "Logging in...");
|
||||
},
|
||||
success: function(json) {
|
||||
if (json.errno == 0) {
|
||||
docCookies.setItem("uname", uname, null, '/');
|
||||
docCookies.setItem("token", json.token, null, '/');
|
||||
if ($("#keep").prop("checked")) {
|
||||
docCookies.setItem("uname", uname, 604800, '/');
|
||||
// 设置长效 token (7天)
|
||||
docCookies.setItem("token", json.token, 604800, '/');
|
||||
}
|
||||
showAlert("Logging succeed!");
|
||||
window.setTimeout("window.location = './user/index.php'", 1000);
|
||||
} else {
|
||||
showAlert(json.msg);
|
||||
showMsg('hide', "");
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
// Register Button Click Event
|
||||
$("body").on("click", "#register-button", function(){
|
||||
var uname = $("#reg-uname").val();
|
||||
var passwd = $("#reg-passwd").val();
|
||||
if (checkForm("register", uname, passwd, $("#reg-passwd2").val())) {
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "ajax.php?action=register",
|
||||
dataType: "json",
|
||||
data: {"uname":uname, "passwd":passwd},
|
||||
beforeSend: function() {
|
||||
showMsg("alert-info", "Registering...");
|
||||
},
|
||||
success: function(json) {
|
||||
if (json.errno == 0) {
|
||||
showAlert(json.msg + " Please log in.");
|
||||
$('[data-remodal-id=register-modal]').remodal().close();
|
||||
showMsg('hide', "");
|
||||
} else {
|
||||
showAlert(json.msg);
|
||||
showMsg('hide', "");
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
var uname = $("#reg-uname").val();
|
||||
var passwd = $("#reg-passwd").val();
|
||||
if (checkForm("register", uname, passwd, $("#reg-passwd2").val())) {
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "ajax.php?action=register",
|
||||
dataType: "json",
|
||||
data: {"uname":uname, "passwd":passwd},
|
||||
beforeSend: function() {
|
||||
showMsg("alert-info", "Registering...");
|
||||
},
|
||||
success: function(json) {
|
||||
if (json.errno == 0) {
|
||||
showAlert(json.msg + " Please log in.", function(){
|
||||
showMsg('hide', "");
|
||||
$('[data-remodal-id=register-modal]').remodal().close();
|
||||
$('[data-remodal-id=login-modal]').remodal().open();
|
||||
});
|
||||
} else {
|
||||
showAlert(json.msg);
|
||||
showMsg('hide', "");
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
function checkForm(type, uname, passwd, passwd2) {
|
||||
switch(type) {
|
||||
case "login":
|
||||
if (uname == "") {
|
||||
showMsg("alert-warning", "Empty Username!");
|
||||
$("#uname").focus();
|
||||
return false;
|
||||
} else if (passwd == ""){
|
||||
showMsg("alert-warning", "Empty Password!");
|
||||
$("#passwd").focus();
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
case "register":
|
||||
if (uname == "") {
|
||||
showMsg("alert-warning", "Empty Username!");
|
||||
$("#uname").focus();
|
||||
return false;
|
||||
} else if (passwd == ""){
|
||||
showMsg("alert-warning", "Empty Password!");
|
||||
$("#passwd").focus();
|
||||
return false;
|
||||
} else if (passwd2 == ""){
|
||||
showMsg("alert-warning", "Empty Confirming Password!");
|
||||
$("#cpasswd").focus();
|
||||
return false;
|
||||
} else if (passwd != passwd2){
|
||||
showMsg("alert-warning", "Non-equal password confirming!");
|
||||
$("#cpasswd").focus();
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
switch(type) {
|
||||
case "login":
|
||||
if (uname == "") {
|
||||
showMsg("alert-warning", "Empty Username!");
|
||||
$("#uname").focus();
|
||||
return false;
|
||||
} else if (passwd == ""){
|
||||
showMsg("alert-warning", "Empty Password!");
|
||||
$("#passwd").focus();
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
case "register":
|
||||
if (uname == "") {
|
||||
showMsg("alert-warning", "Empty Username!");
|
||||
$("#uname").focus();
|
||||
return false;
|
||||
} else if (passwd == ""){
|
||||
showMsg("alert-warning", "Empty Password!");
|
||||
$("#passwd").focus();
|
||||
return false;
|
||||
} else if (passwd2 == ""){
|
||||
showMsg("alert-warning", "Empty Confirming Password!");
|
||||
$("#cpasswd").focus();
|
||||
return false;
|
||||
} else if (passwd != passwd2){
|
||||
showMsg("alert-warning", "Non-equal password confirming!");
|
||||
$("#cpasswd").focus();
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
* @Author: printempw
|
||||
* @Date: 2016-01-16 23:01:33
|
||||
* @Last Modified by: prpr
|
||||
* @Last Modified time: 2016-02-03 18:06:13
|
||||
* @Last Modified time: 2016-02-03 21:13:05
|
||||
*/
|
||||
|
||||
class user
|
||||
|
|
@ -37,6 +37,15 @@ class user
|
|||
}
|
||||
}
|
||||
|
||||
public static function checkValidPwd($passwd) {
|
||||
if (strlen($passwd) > 16 || strlen($passwd) < 5) {
|
||||
utils::raise(1, 'Illegal password. Password length should be in 5~16.');
|
||||
} else if (utils::convertString($passwd) != $passwd) {
|
||||
utils::raise(1, 'Illegal password. Password contains unsupported characters.');
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function changePasswd($new_passwd) {
|
||||
$this->db->update($this->uname, 'password', md5($new_passwd));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user