diff --git a/modules/registration/_includes.php b/modules/registration/_includes.php index 4ffa0c4e..d43a86b4 100644 --- a/modules/registration/_includes.php +++ b/modules/registration/_includes.php @@ -8,11 +8,14 @@ include($includePath . './components/RegistrationConfirmationMail/RegistrationConfirmationMail.component.php'); + include($includePath . './input/normalization.input.php'); + include($includePath . './utils/cookies.utils.php'); include($includePath . './utils/galaxy.utils.php'); include($includePath . './utils/general.utils.php'); include($includePath . './utils/queries.utils.php'); + include($includePath . './validators/validateInputs.validators.php'); include($includePath . './validators/validateTakenParams.validators.php'); include($includePath . './validators/validateReCaptcha.validators.php'); diff --git a/modules/registration/input/index.php b/modules/registration/input/index.php new file mode 100644 index 00000000..bc99142d --- /dev/null +++ b/modules/registration/input/index.php @@ -0,0 +1,5 @@ + diff --git a/modules/registration/input/normalization.input.php b/modules/registration/input/normalization.input.php new file mode 100644 index 00000000..09de3a31 --- /dev/null +++ b/modules/registration/input/normalization.input.php @@ -0,0 +1,69 @@ +escape_string($normalizedEmail); + $normalizedHasAcceptedRules = ( + isset($input['rules']) ? + ($input['rules'] == 'on') : + false + ); + $normalizedGalaxyNo = ( + isset($input['galaxy']) ? + intval($input['galaxy']) : + null + ); + $normalizedLangCode = ( + ( + isset($input['lang']) && + in_array($input['lang'], UNIENGINE_LANGS_AVAILABLE) + ) ? + $input['lang'] : + null + ); + $normalizedCaptchaResponse = ( + isset($input['captcha_response']) ? + $input['captcha_response'] : + null + ); + + return [ + 'username' => $normalizedUsername, + 'password' => $normalizedPassword, + 'email' => [ + 'original' => $normalizedEmail, + 'escaped' => $escapedEmail + ], + 'hasAcceptedRules' => $normalizedHasAcceptedRules, + 'galaxyNo' => $normalizedGalaxyNo, + 'langCode' => $normalizedLangCode, + 'captchaResponse' => $normalizedCaptchaResponse, + ]; +} + +?> diff --git a/modules/registration/utils/queries.utils.php b/modules/registration/utils/queries.utils.php index bed0b918..c18ce6bd 100644 --- a/modules/registration/utils/queries.utils.php +++ b/modules/registration/utils/queries.utils.php @@ -194,4 +194,25 @@ function incrementUsersCounterInGameConfig () { $_MemCache->GameConfig = $_GameConfig; } +// Arguments +// - $params (Object) +// - email (String) +// +function updateAllMailChanges ($params) { + // This confirmation type means that the process has been interrupted externally + $confirmType = "4"; + + $updateMailChangesQuery = ( + "UPDATE {{table}} " . + "SET " . + "`ConfirmType` = {$confirmType} " . + "WHERE " . + "`NewMail` = '{$params['email']}' AND " . + "`ConfirmType` = 0 " . + ";" + ); + + doquery($updateMailChangesQuery, 'mailchange'); +} + ?> diff --git a/modules/registration/validators/validateInputs.validators.php b/modules/registration/validators/validateInputs.validators.php new file mode 100644 index 00000000..967702ad --- /dev/null +++ b/modules/registration/validators/validateInputs.validators.php @@ -0,0 +1,210 @@ + true, + 'payload' => $payload, + ]; + }; + $createFailure = function ($payload) { + return [ + 'isSuccess' => false, + 'error' => $payload, + ]; + }; + + return $func($arguments, [ + 'createSuccess' => $createSuccess, + 'createFailure' => $createFailure, + ]); + }; +} + +function _validateUsername($normalizedInput) { + $validator = function ($input, $resultHelpers) { + $value = $input['username']; + + $minLength = 4; + $maxLenght = 64; + + if (strlen($value) < $minLength) { + return $resultHelpers['createFailure']([ + 'code' => 'USERNAME_TOO_SHORT', + 'minLength' => $minLength, + ]); + } + if (strlen($value) > $maxLenght) { + return $resultHelpers['createFailure']([ + 'code' => 'USERNAME_TOO_LONG', + 'maxLength' => $maxLenght, + ]); + } + if (!preg_match(REGEXP_USERNAME_ABSOLUTE, $value)) { + return $resultHelpers['createFailure']([ + 'code' => 'USERNAME_INVALID', + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validatePassword($normalizedInput) { + $validator = function ($input, $resultHelpers) { + $value = $input['password']; + + $minLength = 4; + + if (strlen($value) < $minLength) { + return $resultHelpers['createFailure']([ + 'code' => 'PASSWORD_TOO_SHORT', + 'minLength' => $minLength, + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validateEmail($normalizedInput) { + $validator = function ($input, $resultHelpers) { + global $_GameConfig; + + $value = $input['email']; + + $bannedDomains = str_replace('.', '\.', $_GameConfig['BannedMailDomains']); + + if (empty($value['escaped'])) { + return $resultHelpers['createFailure']([ + 'code' => 'EMAIL_EMPTY', + ]); + } + if ($value['escaped'] != $value['original']) { + return $resultHelpers['createFailure']([ + 'code' => 'EMAIL_HAS_ILLEGAL_CHARACTERS', + ]); + } + if (!is_email($value['escaped'])) { + return $resultHelpers['createFailure']([ + 'code' => 'EMAIL_INVALID', + ]); + } + if (!empty($bannedDomains) && preg_match('#('.$bannedDomains.')+#si', $value['escaped'])) { + return $resultHelpers['createFailure']([ + 'code' => 'EMAIL_ON_BANNED_DOMAIN', + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validateGalaxyNo($normalizedInput) { + $validator = function ($input, $resultHelpers) { + $value = $input['galaxyNo']; + + $minGalaxyNo = 1; + $maxGalaxyNo = MAX_GALAXY_IN_WORLD; + + if ($value < $minGalaxyNo) { + return $resultHelpers['createFailure']([ + 'code' => 'GALAXY_NO_TOO_LOW', + 'minLength' => $minGalaxyNo, + ]); + } + if ($value > $maxGalaxyNo) { + return $resultHelpers['createFailure']([ + 'code' => 'GALAXY_NO_TOO_HIGH', + 'maxLength' => $maxGalaxyNo, + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validateLangCode($normalizedInput) { + $validator = function ($input, $resultHelpers) { + $value = $input['langCode']; + + if (empty($value)) { + return $resultHelpers['createFailure']([ + 'code' => 'LANG_CODE_EMPTY', + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validateHasAcceptedRules($normalizedInput) { + $validator = function ($input, $resultHelpers) { + $value = $input['hasAcceptedRules']; + + if ($value !== true) { + return $resultHelpers['createFailure']([ + 'code' => 'RULES_NOT_ACCEPTED', + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +function _validateAntiBot($normalizedInput, $params) { + $validator = function ($input, $resultHelpers) use ($params) { + if (!REGISTER_RECAPTCHA_ENABLE) { + return $resultHelpers['createSuccess']([]); + } + + $value = $input['captchaResponse']; + + $reCaptchaValidationResult = validateReCaptcha([ + 'responseValue' => $value, + 'currentSessionIp' => $params['userSessionIp'] + ]); + + if (!($reCaptchaValidationResult['isValid'])) { + return $resultHelpers['createFailure']([ + 'code' => 'RECAPTCHA_VALIDATION_FAILED', + ]); + } + + return $resultHelpers['createSuccess']([]); + }; + + return _createFuncWithResultHelpers($validator)($normalizedInput); +} + +// Arguments +// - $normalizedInput (Object) +// +function validateInputs($normalizedInput, $params) { + return [ + 'username' => _validateUsername($normalizedInput), + 'password' => _validatePassword($normalizedInput), + 'email' => _validateEmail($normalizedInput), + 'galaxyNo' => _validateGalaxyNo($normalizedInput), + 'langCode' => _validateLangCode($normalizedInput), + 'hasAcceptedRules' => _validateHasAcceptedRules($normalizedInput), + 'antiBot' => _validateAntiBot($normalizedInput, $params), + ]; +} + +?> diff --git a/reg_ajax.php b/reg_ajax.php index d46cdf76..d2edd7d8 100644 --- a/reg_ajax.php +++ b/reg_ajax.php @@ -17,147 +17,87 @@ header('access-control-allow-origin: *'); -if(isset($_GET['register'])) -{ - $JSONResponse = null; - $JSONResponse['Errors'] = array(); - - // User is trying to register - $Username = (isset($_GET['username']) ? trim($_GET['username']) : null); - $Password = (isset($_GET['password']) ? trim($_GET['password']) : null); - $Email = (isset($_GET['email']) ? trim($_GET['email']) : null); - $CheckEmail = $Email; - $Email = getDBLink()->escape_string($Email); - $Rules = (isset($_GET['rules']) ? $_GET['rules'] : null); - $GalaxyNo = (isset($_GET['galaxy']) ? intval($_GET['galaxy']) : null); - $LangCode = ( - ( - isset($_GET['lang']) && - in_array($_GET['lang'], UNIENGINE_LANGS_AVAILABLE) - ) ? - $_GET['lang'] : - null - ); - $userSessionIP = Users\Session\getCurrentIP(); - - // Check if Username is correct - $UsernameGood = false; - if(strlen($Username) < 4) - { - // Username is too short - $JSONResponse['Errors'][] = 1; - $JSONResponse['BadFields'][] = 'username'; - } - else if(strlen($Username) > 64) - { - // Username is too long - $JSONResponse['Errors'][] = 2; - $JSONResponse['BadFields'][] = 'username'; - } - else if(!preg_match(REGEXP_USERNAME_ABSOLUTE, $Username)) - { - // Username has illegal signs - $JSONResponse['Errors'][] = 3; - $JSONResponse['BadFields'][] = 'username'; - } - else - { - $UsernameGood = true; - } - - // Check if Password is correct - if(strlen($Password) < 4) - { - // Password is too short - $JSONResponse['Errors'][] = 4; - $JSONResponse['BadFields'][] = 'password'; - } - - // Check if EMail is correct - $EmailGood = false; - $BannedDomains = str_replace('.', '\.', $_GameConfig['BannedMailDomains']); - if(empty($Email)) - { - // EMail is empty - $JSONResponse['Errors'][] = 5; - $JSONResponse['BadFields'][] = 'email'; - } - else if($Email != $CheckEmail) - { - // EMail has illegal signs - $JSONResponse['Errors'][] = 6; - $JSONResponse['BadFields'][] = 'email'; - } - else if(!is_email($Email)) - { - // EMail is incorrect - $JSONResponse['Errors'][] = 7; - $JSONResponse['BadFields'][] = 'email'; - } - else if(!empty($BannedDomains) && preg_match('#('.$BannedDomains.')+#si', $Email)) - { - // EMail is on banned domains list - $JSONResponse['Errors'][] = 8; - $JSONResponse['BadFields'][] = 'email'; - } - else - { - $EmailGood = true; - } +if (isset($_GET['register'])) { + $JSONResponse = [ + 'Errors' => [], + 'BadFields' => [], + ]; - // PreCheck Galaxy - if($GalaxyNo < 1) - { - // Galaxy not given - $JSONResponse['Errors'][] = 13; - $JSONResponse['BadFields'][] = 'galaxy'; - } - else if($GalaxyNo > MAX_GALAXY_IN_WORLD) - { - // GalaxyNo is too high - $JSONResponse['Errors'][] = 14; - $JSONResponse['BadFields'][] = 'galaxy'; - } - - // Check if valid language has been selected - if(empty($LangCode)) - { - // Invalid language selected - $JSONResponse['Errors'][] = 16; - } + $normalizedInput = Registration\Input\normalizeUserInput($_GET); + $userSessionIP = Users\Session\getCurrentIP(); - // Check if Rules has been accepted - if($Rules != 'on') - { - // Rules are not accepted - $JSONResponse['Errors'][] = 9; - } + $validationResults = Registration\Validators\validateInputs( + $normalizedInput, + [ + 'userSessionIp' => $userSessionIP + ] + ); - if (REGISTER_RECAPTCHA_ENABLE) { - // TODO: Verify whether this needs sanitization - $captchaUserValue = ( - isset($_GET['captcha_response']) ? - $_GET['captcha_response'] : - null - ); - $reCaptchaValidationResult = Registration\Validators\validateReCaptcha([ - 'responseValue' => $captchaUserValue, - 'currentSessionIp' => $userSessionIP - ]); + foreach ($validationResults as $fieldName => $fieldValidationResult) { + if ($fieldValidationResult['isSuccess']) { + continue; + } - if (!($reCaptchaValidationResult['isValid'])) { - // ReCaptcha validation failed - $JSONResponse['Errors'][] = 10; + switch ($fieldValidationResult['error']['code']) { + case 'USERNAME_TOO_SHORT': + $JSONResponse['Errors'][] = 1; + $JSONResponse['BadFields'][] = 'username'; + break; + case 'USERNAME_TOO_LONG': + $JSONResponse['Errors'][] = 2; + $JSONResponse['BadFields'][] = 'username'; + break; + case 'USERNAME_INVALID': + $JSONResponse['Errors'][] = 3; + $JSONResponse['BadFields'][] = 'username'; + break; + case 'PASSWORD_TOO_SHORT': + $JSONResponse['Errors'][] = 4; + $JSONResponse['BadFields'][] = 'password'; + break; + case 'EMAIL_EMPTY': + $JSONResponse['Errors'][] = 5; + $JSONResponse['BadFields'][] = 'email'; + break; + case 'EMAIL_HAS_ILLEGAL_CHARACTERS': + $JSONResponse['Errors'][] = 6; + $JSONResponse['BadFields'][] = 'email'; + break; + case 'EMAIL_INVALID': + $JSONResponse['Errors'][] = 7; + $JSONResponse['BadFields'][] = 'email'; + break; + case 'EMAIL_ON_BANNED_DOMAIN': + $JSONResponse['Errors'][] = 8; + $JSONResponse['BadFields'][] = 'email'; + break; + case 'GALAXY_NO_TOO_LOW': + $JSONResponse['Errors'][] = 13; + $JSONResponse['BadFields'][] = 'galaxy'; + break; + case 'GALAXY_NO_TOO_HIGH': + $JSONResponse['Errors'][] = 14; + $JSONResponse['BadFields'][] = 'galaxy'; + break; + case 'LANG_CODE_EMPTY': + $JSONResponse['Errors'][] = 16; + break; + case 'RULES_NOT_ACCEPTED': + $JSONResponse['Errors'][] = 9; + break; + case 'RECAPTCHA_VALIDATION_FAILED': + $JSONResponse['Errors'][] = 10; + break; } } if ( - $EmailGood === true && - $UsernameGood === true + $validationResults['email']['isSuccess'] === true && + $validationResults['username']['isSuccess'] === true ) { $takenParamsValidationResult = Registration\Validators\validateTakenParams([ - 'username' => $Username, - 'email' => $Email, + 'username' => $normalizedInput['username'], + 'email' => $normalizedInput['email']['escaped'], ]); if ($takenParamsValidationResult['isUsernameTaken']) { @@ -174,37 +114,40 @@ unset($JSONResponse['Errors']); $newPlanetCoordinates = Registration\Utils\Galaxy\findNewPlanetPosition([ - 'preferredGalaxy' => $GalaxyNo + 'preferredGalaxy' => $normalizedInput['galaxyNo'] ]); if ($newPlanetCoordinates !== null) { - $Galaxy = $newPlanetCoordinates['galaxy']; - $System = $newPlanetCoordinates['system']; - $Planet = $newPlanetCoordinates['planet']; - $passwordHash = Session\Utils\LocalIdentityV1\hashPassword([ - 'password' => $Password, + 'password' => $normalizedInput['password'], ]); $insertNewUserResult = Registration\Utils\Queries\insertNewUser([ - 'username' => $Username, + 'username' => $normalizedInput['username'], 'passwordHash' => $passwordHash, - 'langCode' => $LangCode, - 'email' => $Email, + 'langCode' => $normalizedInput['langCode'], + 'email' => $normalizedInput['email']['escaped'], 'registrationIP' => $userSessionIP, 'currentTimestamp' => $Now, ]); $UserID = $insertNewUserResult['userId']; - // Update all MailChanges - doquery("UPDATE {{table}} SET `ConfirmType` = 4 WHERE `NewMail` = '{$Email}' AND `ConfirmType` = 0;", 'mailchange'); - // Create a Planet for User include($_EnginePath.'includes/functions/CreateOnePlanetRecord.php'); - $PlanetID = CreateOnePlanetRecord($Galaxy, $System, $Planet, $UserID, $_Lang['MotherPlanet'], true); + $PlanetID = CreateOnePlanetRecord( + $newPlanetCoordinates['galaxy'], + $newPlanetCoordinates['system'], + $newPlanetCoordinates['planet'], + $UserID, + $_Lang['MotherPlanet'], + true + ); Registration\Utils\Queries\incrementUsersCounterInGameConfig(); + Registration\Utils\Queries\updateAllMailChanges([ + 'email' => $normalizedInput['email']['escaped'] + ]); $referrerUserId = Registration\Utils\General\getRegistrationReferrerId(); @@ -244,9 +187,9 @@ Registration\Utils\Queries\updateUserFinalDetails([ 'userId' => $UserID, 'motherPlanetId' => $PlanetID, - 'motherPlanetGalaxy' => $Galaxy, - 'motherPlanetSystem' => $System, - 'motherPlanetPlanetPos' => $Planet, + 'motherPlanetGalaxy' => $newPlanetCoordinates['galaxy'], + 'motherPlanetSystem' => $newPlanetCoordinates['system'], + 'motherPlanetPlanetPos' => $newPlanetCoordinates['planet'], 'referrerId' => $referrerUserId, 'activationCode' => ( REGISTER_REQUIRE_EMAILCONFIRM ? @@ -268,8 +211,8 @@ $mailContent = Registration\Components\RegistrationConfirmationMail\render([ 'userId' => $UserID, - 'login' => $Username, - 'password' => $Password, + 'login' => $normalizedInput['username'], + 'password' => $normalizedInput['password'], 'gameName' => $_GameConfig['game_name'], 'universe' => $_Lang['RegMail_UniName'], 'activationCode' => $ActivationCode, @@ -282,13 +225,13 @@ ] ); - SendMail($Email, $mailTitle, $mailContent); + SendMail($normalizedInput['email']['escaped'], $mailTitle, $mailContent); } if (isGameStartTimeReached($Now)) { $sessionTokenValue = Session\Utils\Cookie\packSessionCookie([ 'userId' => $UserID, - 'username' => $Username, + 'username' => $normalizedInput['username'], 'obscuredPasswordHash' => Session\Utils\Cookie\createCookiePasswordHash([ 'passwordHash' => $passwordHash, ]),