Fixed email validation on server and web page

This commit is contained in:
Ylian Saint-Hilaire 2018-05-16 15:49:12 -07:00
parent a5d39fa250
commit 8580f54861
6 changed files with 79 additions and 108 deletions

View File

@ -132,4 +132,6 @@ module.exports.validateString = function(str, minlen, maxlen) { return ((str !=
module.exports.validateInt = function(int, minval, maxval) { return ((int != null) && (typeof int == 'number') && ((minval == null) || (int >= minval)) && ((maxval == null) || (int <= maxval))); } module.exports.validateInt = function(int, minval, maxval) { return ((int != null) && (typeof int == 'number') && ((minval == null) || (int >= minval)) && ((maxval == null) || (int <= maxval))); }
module.exports.validateArray = function (array, minlen, maxlen) { return ((array != null) && Array.isArray(array) && ((minlen == null) || (array.length >= minlen)) && ((maxlen == null) || (array.length <= maxlen))); } module.exports.validateArray = function (array, minlen, maxlen) { return ((array != null) && Array.isArray(array) && ((minlen == null) || (array.length >= minlen)) && ((maxlen == null) || (array.length <= maxlen))); }
module.exports.validateStrArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') && ((minlen == null) || (array[i].length >= minlen)) && ((maxlen == null) || (array[i].length <= maxlen))) return false; } return true; } module.exports.validateStrArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') && ((minlen == null) || (array[i].length >= minlen)) && ((maxlen == null) || (array[i].length <= maxlen))) return false; } return true; }
module.exports.validateObject = function(obj) { return ((obj != null) && (typeof obj == 'object')); } module.exports.validateObject = function (obj) { return ((obj != null) && (typeof obj == 'object')); }
module.exports.validateEmail = function (email, minlen, maxlen) { if (module.exports.validateString(email, minlen, maxlen) == false) return false; var emailReg = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/; return emailReg.test(email); }
module.exports.validateUsername = function (username, minlen, maxlen) { return (module.exports.validateString(username, minlen, maxlen) && (username.indexOf(' ') == -1)); }

View File

@ -341,41 +341,38 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
case 'changeemail': case 'changeemail':
{ {
// Change the email address // Change the email address
if (obj.common.validateString(command.email, 3, 1024) == false) return; if (obj.common.validateEmail(command.email, 1, 256) == false) return;
var x = command.email.split('@'); if (obj.parent.users[req.session.userid].email != command.email) {
if ((x.length == 2) && (x[0].length > 0) && (x[1].split('.').length > 1) && (x[1].length > 2)) { // Check if this email is already validated on a different account
if (obj.parent.users[req.session.userid].email != command.email) { obj.db.GetUserWithVerifiedEmail(domain.id, command.email, function (err, docs) {
// Check if this email is already validated on a different account if (docs.length > 0) {
obj.db.GetUserWithVerifiedEmail(domain.id, command.email, function (err, docs) { // Notify the duplicate email error
if (docs.length > 0) { ws.send(JSON.stringify({ action: 'msg', type: 'notify', value: 'Failed to change email address, another account already using: <b>' + EscapeHtml(command.email) + '</b>.' }));
// Notify the duplicate email error } else {
ws.send(JSON.stringify({ action: 'msg', type: 'notify', value: 'Failed to change email address, another account already using: <b>' + EscapeHtml(command.email) + '</b>.' })); // Update the user's email
} else { var oldemail = user.email;
// Update the user's email user.email = command.email;
var oldemail = user.email; user.emailVerified = false;
user.email = command.email; obj.parent.db.SetUser(user);
user.emailVerified = false;
obj.parent.db.SetUser(user);
// Event the change // Event the change
var userinfo = obj.common.Clone(user); var userinfo = obj.common.Clone(user);
delete userinfo.hash; delete userinfo.hash;
delete userinfo.passhint; delete userinfo.passhint;
delete userinfo.salt; delete userinfo.salt;
delete userinfo.type; delete userinfo.type;
delete userinfo.domain; delete userinfo.domain;
delete userinfo.subscriptions; delete userinfo.subscriptions;
delete userinfo.passtype; delete userinfo.passtype;
var message = { etype: 'user', username: userinfo.name, account: userinfo, action: 'accountchange', domain: domain.id }; var message = { etype: 'user', username: userinfo.name, account: userinfo, action: 'accountchange', domain: domain.id };
if (oldemail != null) { if (oldemail != null) {
message.msg = 'Changed email of user ' + userinfo.name + ' from ' + oldemail + ' to ' + user.email; message.msg = 'Changed email of user ' + userinfo.name + ' from ' + oldemail + ' to ' + user.email;
} else { } else {
message.msg = 'Set email of user ' + userinfo.name + ' to ' + user.email; message.msg = 'Set email of user ' + userinfo.name + ' to ' + user.email;
}
obj.parent.parent.DispatchEvent(['*', 'server-users', user._id], obj, message);
} }
}); obj.parent.parent.DispatchEvent(['*', 'server-users', user._id], obj, message);
} }
});
} }
break; break;
} }
@ -435,13 +432,14 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain) {
{ {
// Add a new user account // Add a new user account
if ((user.siteadmin & 2) == 0) break; if ((user.siteadmin & 2) == 0) break;
if (obj.common.validateString(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters if (obj.common.validateUsername(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces
if (obj.common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters if (obj.common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters
if ((command.email != null) && (obj.common.validateEmail(command.email, 1, 256) == false)) break; // Check if this is a valid email address
var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase(); var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase();
if (newusername == '~') break; // This is a reserved user name if (newusername == '~') break; // This is a reserved user name
if (!obj.parent.users[newuserid]) { if (!obj.parent.users[newuserid]) {
var newuser = { type: 'user', _id: newuserid, name: newusername, creation: Date.now(), domain: domain.id }; var newuser = { type: 'user', _id: newuserid, name: newusername, creation: Date.now(), domain: domain.id };
if (obj.common.validateString(command.email, 1, 256) == true) { newuser.email = command.email; } // Email is between 1 and 256 characters if (command.email != null) { newuser.email = command.email; } // Email
obj.parent.users[newuserid] = newuser; obj.parent.users[newuserid] = newuser;
// Create a user, generate a salt and hash the password // Create a user, generate a salt and hash the password
require('./pass').hash(command.pass, function (err, salt, hash) { require('./pass').hash(command.pass, function (err, salt, hash) {

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.1.7-i", "version": "0.1.7-k",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

View File

@ -1952,7 +1952,7 @@
x += "</div>"; x += "</div>";
// Linux agent install // Linux agent install
x += "<div id=agins_linux style=display:none>To add a computer to " + EscapeHtml(mesh.name) + " run the following command. Root credentails will be needed:<br />"; x += "<div id=agins_linux style=display:none>To add a computer to " + EscapeHtml(mesh.name) + " run the following command. Root credentials will be needed.<br />";
x += '<textarea id=agins_linux_area rows=2 cols=20 readonly=readonly style=width:100%;resize:none;height:120px;overflow:scroll;font-size:12px readonly></textarea>'; x += '<textarea id=agins_linux_area rows=2 cols=20 readonly=readonly style=width:100%;resize:none;height:120px;overflow:scroll;font-size:12px readonly></textarea>';
x += "</div>"; x += "</div>";
@ -1963,7 +1963,7 @@
x += "</div>"; x += "</div>";
// Linux agent uninstall // Linux agent uninstall
x += "<div id=agins_linux_un style=display:none>To remove a mesh agent, run the following command. Root credentails will be needed:<br />"; x += "<div id=agins_linux_un style=display:none>To remove a mesh agent, run the following command. Root credentials will be needed.<br />";
x += '<textarea id=agins_linux_area_un rows=2 cols=20 readonly=readonly style=width:100%;resize:none;height:120px;overflow:scroll;font-size:12px readonly></textarea>'; x += '<textarea id=agins_linux_area_un rows=2 cols=20 readonly=readonly style=width:100%;resize:none;height:120px;overflow:scroll;font-size:12px readonly></textarea>';
x += "</div>"; x += "</div>";
@ -4505,7 +4505,7 @@
function account_showChangeEmail() { function account_showChangeEmail() {
if (xxdialogMode) return; if (xxdialogMode) return;
var x = "Change your account e-mail address here.<br /><br />"; var x = "Change your account e-mail address here.<br /><br />";
x += addHtmlValue('Email', '<input id=dp2email style=width:230px maxlength=32 onchange=account_validateEmail() onkeyup=account_validateEmail(event) />'); x += addHtmlValue('Email', '<input id=dp2email style=width:230px maxlength=256 onchange=account_validateEmail() onkeyup=account_validateEmail(event) />');
setDialogMode(2, "Email Address Change", 3, account_changeEmail, x); setDialogMode(2, "Email Address Change", 3, account_changeEmail, x);
if (userinfo.email != null) { Q('dp2email').value = userinfo.email; } if (userinfo.email != null) { Q('dp2email').value = userinfo.email; }
account_validateEmail(); account_validateEmail();
@ -4513,9 +4513,7 @@
} }
function account_validateEmail(e, email) { function account_validateEmail(e, email) {
var x = Q('dp2email').value.split('@'); QE('idx_dlgOkButton', validateEmail(Q('dp2email').value) && (Q('dp2email').value != userinfo.email));
x = (x.length == 2) && (x[0].length > 0) && (x[1].split('.').length > 1) && (x[1].length > 2) && (Q('dp2email').value.length < 1024) && (Q('dp2email').value != userinfo.email);
QE('idx_dlgOkButton', x);
if ((x == true) && (e != null) && (e.keyCode == 13)) { dialogclose(1); } if ((x == true) && (e != null) && (e.keyCode == 13)) { dialogclose(1); }
} }
@ -4526,13 +4524,12 @@
function account_showDeleteAccount() { function account_showDeleteAccount() {
if (xxdialogMode) return; if (xxdialogMode) return;
var x = "To delete this account, type in the account password in both boxes below and hit ok.<br /><br />"; var x = "To delete this account, type in the account password in both boxes below and hit ok.<br /><br />";
x += "<form action='{{{domainurl}}}deleteaccount' method='post'><table style=margin-left:80px><tr>"; x += "<form action='{{{domainurl}}}deleteaccount' method=post><table style=margin-left:80px><tr>";
x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateDeleteAccount() onkeyup=account_validateDeleteAccount() /></td>"; x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateDeleteAccount() onkeyup=account_validateDeleteAccount() /></td>";
x += "</tr><tr>"; x += "</tr><tr><td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateDeleteAccount() onkeyup=account_validateDeleteAccount() /></td>";
x += "<td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateDeleteAccount() onkeyup=account_validateDeleteAccount() /></td>"; x += '</tr></table><br /><div style=padding:10px;margin-bottom:4px>';
x += '</tr></table><br /><div style="padding:10px;margin-bottom:4px">'; x += '<input id=account_dlgCancelButton type=button value=Cancel style=float:right;width:80px;margin-left:5px onclick=dialogclose(0)>';
x += '<input id="account_dlgCancelButton" type="button" value="Cancel" style="float:right;width:80px;margin-left:5px" onclick="dialogclose(0)">'; x += '<input id=account_dlgOkButton type=submit value=OK style="float:right;width:80px" onclick=dialogclose(1)>';
x += '<input id="account_dlgOkButton" type="submit" value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
x += '</div><br /></form>'; x += '</div><br /></form>';
setDialogMode(2, "Delete Account", 0, null, x); setDialogMode(2, "Delete Account", 0, null, x);
account_validateDeleteAccount(); account_validateDeleteAccount();
@ -4542,15 +4539,13 @@
function account_showChangePassword() { function account_showChangePassword() {
if (xxdialogMode) return; if (xxdialogMode) return;
var x = "Change your account password by entering the new password twice in the boxes below.<br /><br />"; var x = "Change your account password by entering the new password twice in the boxes below.<br /><br />";
x += "<form action='{{{domainurl}}}changepassword' method='post'><table style=margin-left:60px><tr>"; x += "<form action='{{{domainurl}}}changepassword' method=post><table style=margin-left:60px><tr>";
x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /> <b><span id=dxPassWarn></span></b></td>"; x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /> <b><span id=dxPassWarn></span></b></td>";
x += "</tr><tr>"; x += "</tr><tr><td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /></td>";
x += "<td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /></td>"; x += "</tr><tr><td align=right>Password Hint:</td><td><input id=apasswordhint name=apasswordhint maxlength=250 type=text autocomplete=off /></td>";
x += "</tr><tr>"; x += '</tr></table><br /><div style=padding:10px;margin-bottom:4px>';
x += "<td align=right>Password Hint:</td><td><input id=apasswordhint name=apasswordhint maxlength=250 type=text autocomplete=off /></td>"; x += '<input id=account_dlgCancelButton type=button value=Cancel style=float:right;width:80px;margin-left:5px onclick=dialogclose(0)>';
x += '</tr></table><br /><div style="padding:10px;margin-bottom:4px">'; x += '<input id=account_dlgOkButton type=submit value=OK style="float:right;width:80px" onclick=dialogclose(1)>';
x += '<input id=account_dlgCancelButton type=button value="Cancel" style="float:right;width:80px;margin-left:5px" onclick=dialogclose(0)>';
x += '<input id=account_dlgOkButton type=submit value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
x += '</div><br /></form>'; x += '</div><br /></form>';
setDialogMode(2, "Change Password", 0, null, x); setDialogMode(2, "Change Password", 0, null, x);
account_validateDeleteAccount(); account_validateDeleteAccount();
@ -4704,13 +4699,17 @@
x += '<table style="color:black;background-color:#EEE;border-color:#AAA;border-width:1px;border-style:solid;border-collapse:collapse" border=0 cellpadding=2 cellspacing=0 width=100%><tbody><tr style=background-color:#AAAAAA;font-weight:bold><th scope=col style=text-align:left;width:430px>User Authorizations</th><th scope=col style=text-align:left></th></tr>'; x += '<table style="color:black;background-color:#EEE;border-color:#AAA;border-width:1px;border-style:solid;border-collapse:collapse" border=0 cellpadding=2 cellspacing=0 width=100%><tbody><tr style=background-color:#AAAAAA;font-weight:bold><th scope=col style=text-align:left;width:430px>User Authorizations</th><th scope=col style=text-align:left></th></tr>';
var count = 1; // Sort the users for this mesh
for (var i in currentMesh.links) { var count = 1, sortedusers = [];
var rights = 'Partial Rights', r = currentMesh.links[i].rights, xusername = i.split('/')[2]; for (var i in currentMesh.links) { sortedusers.push({ id: i, name: i.split('/')[2], rights: currentMesh.links[i].rights }); }
sortedusers.sort(function(a, b) { if (a.name > b.name) return 1; if (a.name < b.name) return -1; return 0; });
// Display all users for this mesh
for (var i in sortedusers) {
var trash = '', rights = 'Partial Rights', r = sortedusers[i].rights;
if (r == 0xFFFFFFFF) rights = 'Full Administrator'; else if (r == 0) rights = 'No Rights'; if (r == 0xFFFFFFFF) rights = 'Full Administrator'; else if (r == 0) rights = 'No Rights';
var trash = ''; if ((i != userinfo._id) && (meshrights == 0xFFFFFFFF || (((meshrights & 2) != 0)))) { trash = '<a onclick=p20deleteUser(event,"' + encodeURIComponent(sortedusers[i].id) + '") title="Remote user rights to this mesh" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>'; }
if ((i != userinfo._id) && (meshrights == 0xFFFFFFFF || (((meshrights & 2) != 0) && (rights != 0xFFFFFFFF)))) { trash = '<a onclick=p20deleteUser(event,"' + i + '") title="Remote user rights to this mesh" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>'; } x += '<tr onclick=p20viewuser("' + encodeURIComponent(sortedusers[i].id) + '") style=cursor:pointer' + (((count % 2) == 0)?';background-color:#DDD':'') + '><td><div title="Mesh User" class=m2></div><div>&nbsp;' + sortedusers[i].name + '<div></div></div></td><td><div style=float:right>' + trash + '</div><div>' + rights + '</div></td></tr>';
x += '<tr onclick=p20viewuser("' + i + '") style=cursor:pointer' + (((count % 2) == 0)?';background-color:#DDD':'') + '><td><div title="Mesh User" class=m2></div><div>&nbsp;' + xusername + '<div></div></div></td><td><div style=float:right>' + trash + '</div><div>' + rights + '</div></td></tr>';
++count; ++count;
} }
@ -4809,9 +4808,8 @@
function p20viewuser(userid) { function p20viewuser(userid) {
if (xxdialogMode) return; if (xxdialogMode) return;
var cmeshrights = currentMesh.links['user/{{{domain}}}/' + userinfo.name.toLowerCase()].rights; userid = decodeURIComponent(userid);
var meshrights = currentMesh.links[userid].rights; var r = '', cmeshrights = currentMesh.links['user/{{{domain}}}/' + userinfo.name.toLowerCase()].rights, meshrights = currentMesh.links[userid].rights;
var r = '';
if (meshrights == 0xFFFFFFFF) r = ', Full Administrator (all rights)'; else { if (meshrights == 0xFFFFFFFF) r = ', Full Administrator (all rights)'; else {
if ((meshrights & 1) != 0) r += ', Edit Mesh'; if ((meshrights & 1) != 0) r += ', Edit Mesh';
if ((meshrights & 2) != 0) r += ', Manage Mesh Users'; if ((meshrights & 2) != 0) r += ', Manage Mesh Users';
@ -4824,26 +4822,15 @@
} }
r = r.substring(2); r = r.substring(2);
if (r == '') { r = 'No Rights'; } if (r == '') { r = 'No Rights'; }
var x = addHtmlValue('User Name', userid.split('/')[2]); var buttons = 1, x = addHtmlValue('User Name', userid.split('/')[2]);
x += addHtmlValue('Permissions', r); x += addHtmlValue('Permissions', r);
var buttons = 1;
if ((('user/{{{domain}}}/' + userinfo.name.toLowerCase()) != userid) && (cmeshrights == 0xFFFFFFFF || (((cmeshrights & 2) != 0) && (meshrights != 0xFFFFFFFF)))) buttons += 4; if ((('user/{{{domain}}}/' + userinfo.name.toLowerCase()) != userid) && (cmeshrights == 0xFFFFFFFF || (((cmeshrights & 2) != 0) && (meshrights != 0xFFFFFFFF)))) buttons += 4;
setDialogMode(2, "Mesh User", buttons, p20viewuserEx, x, userid); setDialogMode(2, "Mesh User", buttons, p20viewuserEx, x, userid);
} }
function p20viewuserEx(button, userid) { function p20viewuserEx(button, userid) { if (button != 2) return; setDialogMode(2, "Remote Mesh User", 3, p20viewuserEx2, "Confirm removal of user " + userid.split('/')[2] + "?", userid); }
if (button != 2) return; function p20deleteUser(e, userid) { haltEvent(e); p20viewuserEx(2, decodeURIComponent(userid)); }
setDialogMode(2, "Remote Mesh User", 3, p20viewuserEx2, "Confirm removal of user " + userid.split('/')[2] + "?", userid); function p20viewuserEx2(button, userid) { meshserver.send({ action: 'removemeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userid: userid}); }
}
function p20deleteUser(e, userid) {
haltEvent(e);
p20viewuserEx(2, userid);
}
function p20viewuserEx2(button, userid) {
meshserver.send({ action: 'removemeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userid: userid});
}
// //
// MY FILES // MY FILES
@ -5216,7 +5203,8 @@
} }
function showCreateNewAccountDialogValidate() { function showCreateNewAccountDialogValidate() {
QE('idx_dlgOkButton', (!Q('p4name') || (Q('p4name').value.length > 0)) && Q('p4pass1').value.length > 0 && Q('p4pass1').value == Q('p4pass2').value); if ((Q('p4email').value.length > 0) && (validateEmail(Q('p4email').value)) == false) { QE('idx_dlgOkButton', false); return; }
QE('idx_dlgOkButton', (!Q('p4name') || ((Q('p4name').value.length > 0) && (Q('p4name').value.indexOf(' ') == -1))) && Q('p4pass1').value.length > 0 && Q('p4pass1').value == Q('p4pass2').value);
} }
function showCreateNewAccountDialogEx() { function showCreateNewAccountDialogEx() {
@ -5784,6 +5772,7 @@
function addHtmlValue2(t, v) { return '<div><div style=display:inline-block;float:right>' + v + '</div><div style=display:inline-block>' + t + '</div></div>'; } function addHtmlValue2(t, v) { return '<div><div style=display:inline-block;float:right>' + v + '</div><div style=display:inline-block>' + t + '</div></div>'; }
function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } } } return r; } function parseUriArgs() { var name, r = {}, parsedUri = window.document.location.href.split(/[\?&|\=]/); parsedUri.splice(0, 1); for (x in parsedUri) { switch (x % 2) { case 0: { name = parsedUri[x]; break; } case 1: { r[name] = parsedUri[x]; var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } break; } } } return r; }
function focusTextBox(x) { setTimeout(function(){ Q(x).selectionStart = Q(x).selectionEnd = 65535; Q(x).focus(); }, 0); } function focusTextBox(x) { setTimeout(function(){ Q(x).selectionStart = Q(x).selectionEnd = 65535; Q(x).focus(); }, 0); }
function validateEmail(v) { var emailReg = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/; return emailReg.test(v); }
</script> </script>
</body> </body>

View File

@ -215,19 +215,16 @@
} }
function validateLogin(box, e) { function validateLogin(box, e) {
var ok = (Q('username').value.length > 0 && Q('password').value.length > 0); var ok = ((Q('username').value.length > 0) && (Q('username').value.indexOf(' ') == -1) && (Q('password').value.length > 0));
QE('loginButton', ok); QE('loginButton', ok);
setDialogMode(0); setDialogMode(0);
if ((e != null) && (e.keyCode == 13)) { if ((e != null) && (e.keyCode == 13)) { if (box == 1) { Q('password').focus(); } else if (box == 2) { Q('loginButton').click(); } }
if (box == 1) { Q('password').focus(); }
if (box == 2) { Q('loginButton').click(); }
}
if (e != null) { haltEvent(e); } if (e != null) { haltEvent(e); }
} }
function validateCreate(box,e) { function validateCreate(box,e) {
setDialogMode(0); setDialogMode(0);
var ok = ((Q('ausername').value.length > 0) && (checkEmail(Q('aemail').value) == true) && (Q('apassword1').value.length > 0) && (Q('apassword2').value == Q('apassword1').value)); var ok = ((Q('ausername').value.length > 0) && (Q('ausername').value.indexOf(' ') == -1) && (validateEmail(Q('aemail').value) == true) && (Q('apassword1').value.length > 0) && (Q('apassword2').value == Q('apassword1').value));
if ((newAccountPass == 1) && (Q('anewaccountpass').value.length == 0)) { ok = false; } if ((newAccountPass == 1) && (Q('anewaccountpass').value.length == 0)) { ok = false; }
QE('createButton', ok); QE('createButton', ok);
if (Q('apassword1').value == '') { if (Q('apassword1').value == '') {
@ -243,23 +240,15 @@
if (box == 2) { Q('apassword1').focus(); } if (box == 2) { Q('apassword1').focus(); }
if (box == 3) { Q('apassword2').focus(); } if (box == 3) { Q('apassword2').focus(); }
if (box == 4) { Q('apasswordhint').focus(); } if (box == 4) { Q('apasswordhint').focus(); }
if (box == 5) { if (box == 5) { if (newAccountPass == 1) { Q('anewaccountpass').focus(); } else { Q('createButton').click(); } }
if (newAccountPass == 1) { if (box == 6) { Q('createButton').click(); }
Q('anewaccountpass').focus();
} else {
Q('createButton').click();
}
}
if (box == 6) {
Q('createButton').click();
}
} }
if (e != null) { haltEvent(e); } if (e != null) { haltEvent(e); }
} }
function validateReset(e) { function validateReset(e) {
setDialogMode(0); setDialogMode(0);
var x = checkEmail(Q('remail').value); var x = validateEmail(Q('remail').value);
QE('eresetButton', x); QE('eresetButton', x);
if ((e != null) && (e.keyCode == 13) && (x == true)) { if ((e != null) && (e.keyCode == 13) && (x == true)) {
Q('eresetButton').click(); Q('eresetButton').click();
@ -267,14 +256,6 @@
if (e != null) { haltEvent(e); } if (e != null) { haltEvent(e); }
} }
// Return true is the input string looks like an email address
function checkEmail(str) {
var x = str.split('@');
var ok = ((x.length == 2) && (x[0].length > 0) && (x[1].split('.').length > 1) && (x[1].length > 2));
if (ok == true) { var y = x[1].split('.'); for (var i in y) { if (y[i].length == 0) { ok = false; } } }
return ok;
}
// Return a password strength score // Return a password strength score
function checkPasswordStrength(password) { function checkPasswordStrength(password) {
var r = 0, letters = {}, varCount = 0, variations = { digits: /\d/.test(password), lower: /[a-z]/.test(password), upper: /[A-Z]/.test(password), nonWords: /\W/.test(password) } var r = 0, letters = {}, varCount = 0, variations = { digits: /\d/.test(password), lower: /[a-z]/.test(password), upper: /[A-Z]/.test(password), nonWords: /\W/.test(password) }
@ -328,6 +309,7 @@
function getDocWidth() { if (window.innerWidth) return window.innerWidth; if (document.documentElement && document.documentElement.clientWidth && document.documentElement.clientWidth != 0) return document.documentElement.clientWidth; return document.getElementsByTagName('body')[0].clientWidth; } function getDocWidth() { if (window.innerWidth) return window.innerWidth; if (document.documentElement && document.documentElement.clientWidth && document.documentElement.clientWidth != 0) return document.documentElement.clientWidth; return document.getElementsByTagName('body')[0].clientWidth; }
function haltEvent(e) { if (e.preventDefault) e.preventDefault(); if (e.stopPropagation) e.stopPropagation(); return false; } function haltEvent(e) { if (e.preventDefault) e.preventDefault(); if (e.stopPropagation) e.stopPropagation(); return false; }
function haltReturn(e) { if (e.keyCode == 13) { haltEvent(e); } } function haltReturn(e) { if (e.keyCode == 13) { haltEvent(e); } }
function validateEmail(v) { var emailReg = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/; return emailReg.test(v); }
</script> </script>
</body> </body>

View File

@ -350,7 +350,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
var domain = checkUserIpAddress(req, res); var domain = checkUserIpAddress(req, res);
if (domain == null) return; if (domain == null) return;
if (domain.newaccounts == 0) { res.sendStatus(401); return; } if (domain.newaccounts == 0) { res.sendStatus(401); return; }
if (!req.body.username || !req.body.email || !req.body.password1 || !req.body.password2 || (req.body.password1 != req.body.password2) || req.body.username == '~') { if (!obj.common.validateUsername(req.body.username, 1, 64) || !obj.common.validateEmail(req.body.email, 1, 256) || !obj.common.validateString(req.body.password1, 1, 256) || !obj.common.validateString(req.body.password2, 1, 256) || (req.body.password1 != req.body.password2) || req.body.username == '~') {
req.session.loginmode = 2; req.session.loginmode = 2;
req.session.error = '<b style=color:#8C001A>Unable to create account.</b>';; req.session.error = '<b style=color:#8C001A>Unable to create account.</b>';;
res.redirect(domain.url); res.redirect(domain.url);