From 079e0d3de915d643e6612a1fda78f84ed51b1e6e Mon Sep 17 00:00:00 2001 From: printempw Date: Wed, 3 Feb 2016 21:15:29 +0800 Subject: [PATCH] added password length check --- ajax.php | 43 ++++----- assets/js/index.utils.js | 186 ++++++++++++++++++++------------------- includes/user.class.php | 11 ++- 3 files changed, 126 insertions(+), 114 deletions(-) diff --git a/ajax.php b/ajax.php index 81b2c3e4..685dea31 100644 --- a/ajax.php +++ b/ajax.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-01-16 23:01:33 * @Last Modified by: prpr - * @Last Modified time: 2016-02-03 20:26:26 + * @Last Modified time: 2016-02-03 21:10:24 * * - login, register, logout * - upload, change, delete @@ -51,31 +51,32 @@ if ($action == "login") { } } } else if ($action == "register") { - if (checkPost()) { + if (checkPost('register')) { if (!$user->is_registered) { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - // If amout of registered accounts of IP is more than allowed mounts, - // then reject the registration. - if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) { - // use once md5 to encrypt password - if ($user->register(md5($_POST['passwd']), $ip)) { - $json['errno'] = 0; - $json['msg'] = "Registered successfully."; + if (user::checkValidPwd($_POST['passwd'])) { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + // If amout of registered accounts of IP is more than allowed mounts, + // then reject the registration. + if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) { + // use once md5 to encrypt password + if ($user->register(md5($_POST['passwd']), $ip)) { + $json['errno'] = 0; + $json['msg'] = "Registered successfully."; + } else { + $json['errno'] = 1; + $json['msg'] = "Uncaught error."; + } } else { $json['errno'] = 1; - $json['msg'] = "Uncaught error."; + $json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP."; } - } else { - $json['errno'] = 1; - $json['msg'] = "You can't create more than ".REGS_PER_IP." accounts with this IP."; } - } else { $json['errno'] = 1; $json['msg'] = "User already registered."; diff --git a/assets/js/index.utils.js b/assets/js/index.utils.js index b6514dad..a5e1a500 100644 --- a/assets/js/index.utils.js +++ b/assets/js/index.utils.js @@ -2,116 +2,118 @@ * @Author: prpr * @Date: 2016-01-21 13:55:44 * @Last Modified by: prpr -* @Last Modified time: 2016-02-03 19:51:14 +* @Last Modified time: 2016-02-03 20:38:41 */ 'use strict'; $('#login').click(function(){ - $('[data-remodal-id=login-modal]').remodal().open(); + $('[data-remodal-id=login-modal]').remodal().open(); }) $('#register').click(function(){ - $('[data-remodal-id=register-modal]').remodal().open(); + $('[data-remodal-id=register-modal]').remodal().open(); }) // Login Button Click Event $("body").on("click", "#login-button", function(){ - var uname = $("#uname").val(); - var passwd = $("#passwd").val(); - if (checkForm("login", uname, passwd)) { - $.ajax({ - type: "POST", - url: "ajax.php?action=login", - dataType: "json", - data: {"uname":uname,"passwd":passwd}, - beforeSend: function() { - showMsg("alert-info", "Logging in..."); - }, - success: function(json) { - if (json.errno == 0) { - docCookies.setItem("uname", uname, null, '/'); - docCookies.setItem("token", json.token, null, '/'); - if ($("#keep").prop("checked")) { - docCookies.setItem("uname", uname, 604800, '/'); - // 设置长效 token (7天) - docCookies.setItem("token", json.token, 604800, '/'); - } - showAlert("Logging succeed!"); - window.setTimeout("window.location = './user/index.php'", 1000); - } else { - showAlert(json.msg); - showMsg('hide', ""); - } - } - }); + var uname = $("#uname").val(); + var passwd = $("#passwd").val(); + if (checkForm("login", uname, passwd)) { + $.ajax({ + type: "POST", + url: "ajax.php?action=login", + dataType: "json", + data: {"uname":uname,"passwd":passwd}, + beforeSend: function() { + showMsg("alert-info", "Logging in..."); + }, + success: function(json) { + if (json.errno == 0) { + docCookies.setItem("uname", uname, null, '/'); + docCookies.setItem("token", json.token, null, '/'); + if ($("#keep").prop("checked")) { + docCookies.setItem("uname", uname, 604800, '/'); + // 设置长效 token (7天) + docCookies.setItem("token", json.token, 604800, '/'); + } + showAlert("Logging succeed!"); + window.setTimeout("window.location = './user/index.php'", 1000); + } else { + showAlert(json.msg); + showMsg('hide', ""); + } + } + }); } }); // Register Button Click Event $("body").on("click", "#register-button", function(){ - var uname = $("#reg-uname").val(); - var passwd = $("#reg-passwd").val(); - if (checkForm("register", uname, passwd, $("#reg-passwd2").val())) { - $.ajax({ - type: "POST", - url: "ajax.php?action=register", - dataType: "json", - data: {"uname":uname, "passwd":passwd}, - beforeSend: function() { - showMsg("alert-info", "Registering..."); - }, - success: function(json) { - if (json.errno == 0) { - showAlert(json.msg + " Please log in."); - $('[data-remodal-id=register-modal]').remodal().close(); - showMsg('hide', ""); - } else { - showAlert(json.msg); - showMsg('hide', ""); - } - } - }); - } + var uname = $("#reg-uname").val(); + var passwd = $("#reg-passwd").val(); + if (checkForm("register", uname, passwd, $("#reg-passwd2").val())) { + $.ajax({ + type: "POST", + url: "ajax.php?action=register", + dataType: "json", + data: {"uname":uname, "passwd":passwd}, + beforeSend: function() { + showMsg("alert-info", "Registering..."); + }, + success: function(json) { + if (json.errno == 0) { + showAlert(json.msg + " Please log in.", function(){ + showMsg('hide', ""); + $('[data-remodal-id=register-modal]').remodal().close(); + $('[data-remodal-id=login-modal]').remodal().open(); + }); + } else { + showAlert(json.msg); + showMsg('hide', ""); + } + } + }); + } }); function checkForm(type, uname, passwd, passwd2) { - switch(type) { - case "login": - if (uname == "") { - showMsg("alert-warning", "Empty Username!"); - $("#uname").focus(); - return false; - } else if (passwd == ""){ - showMsg("alert-warning", "Empty Password!"); - $("#passwd").focus(); - return false; - } else { - return true; - } - break; - case "register": - if (uname == "") { - showMsg("alert-warning", "Empty Username!"); - $("#uname").focus(); - return false; - } else if (passwd == ""){ - showMsg("alert-warning", "Empty Password!"); - $("#passwd").focus(); - return false; - } else if (passwd2 == ""){ - showMsg("alert-warning", "Empty Confirming Password!"); - $("#cpasswd").focus(); - return false; - } else if (passwd != passwd2){ - showMsg("alert-warning", "Non-equal password confirming!"); - $("#cpasswd").focus(); - return false; - } else { - return true; - } - break; - default: - return false; - } + switch(type) { + case "login": + if (uname == "") { + showMsg("alert-warning", "Empty Username!"); + $("#uname").focus(); + return false; + } else if (passwd == ""){ + showMsg("alert-warning", "Empty Password!"); + $("#passwd").focus(); + return false; + } else { + return true; + } + break; + case "register": + if (uname == "") { + showMsg("alert-warning", "Empty Username!"); + $("#uname").focus(); + return false; + } else if (passwd == ""){ + showMsg("alert-warning", "Empty Password!"); + $("#passwd").focus(); + return false; + } else if (passwd2 == ""){ + showMsg("alert-warning", "Empty Confirming Password!"); + $("#cpasswd").focus(); + return false; + } else if (passwd != passwd2){ + showMsg("alert-warning", "Non-equal password confirming!"); + $("#cpasswd").focus(); + return false; + } else { + return true; + } + break; + default: + return false; + } } diff --git a/includes/user.class.php b/includes/user.class.php index 2cd76da2..b5faebfa 100644 --- a/includes/user.class.php +++ b/includes/user.class.php @@ -3,7 +3,7 @@ * @Author: printempw * @Date: 2016-01-16 23:01:33 * @Last Modified by: prpr - * @Last Modified time: 2016-02-03 18:06:13 + * @Last Modified time: 2016-02-03 21:13:05 */ class user @@ -37,6 +37,15 @@ class user } } + public static function checkValidPwd($passwd) { + if (strlen($passwd) > 16 || strlen($passwd) < 5) { + utils::raise(1, 'Illegal password. Password length should be in 5~16.'); + } else if (utils::convertString($passwd) != $passwd) { + utils::raise(1, 'Illegal password. Password contains unsupported characters.'); + } + return true; + } + public function changePasswd($new_passwd) { $this->db->update($this->uname, 'password', md5($new_passwd)); }