* This class contains all contact related functions that are called using AJAX (jQuery)
*/
class CRM_Contact_Page_AJAX {
+ /**
+ * When a user chooses a username, CHECK_USERNAME_TTL
+ * is the time window in which they can check usernames
+ * (without reloading the overall form).
+ */
+ const CHECK_USERNAME_TTL = 10800; // 3hr; 3*60*60
+
static function getContactList() {
// if context is 'customfield'
if (CRM_Utils_Array::value('context', $_GET) == 'customfield') {
*
*/
static public function checkUserName() {
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts'));
+ if (
+ CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL
+ || $_REQUEST['for'] != 'civicrm/ajax/cmsuser'
+ || !$signer->validate($_REQUEST['sig'], $_REQUEST)
+ ) {
+ $user = array('name' => 'error');
+ echo json_encode($user);
+ CRM_Utils_System::civiExit();
+ }
+
$config = CRM_Core_Config::singleton();
$username = trim($_REQUEST['cms_name']);
--- /dev/null
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | CiviCRM version 4.4 |
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC (c) 2004-2013 |
+ +--------------------------------------------------------------------+
+ | This file is a part of CiviCRM. |
+ | |
+ | CiviCRM is free software; you can copy, modify, and distribute it |
+ | under the terms of the GNU Affero General Public License |
+ | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
+ | |
+ | CiviCRM is distributed in the hope that it will be useful, but |
+ | WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
+ | See the GNU Affero General Public License for more details. |
+ | |
+ | You should have received a copy of the GNU Affero General Public |
+ | License and the CiviCRM Licensing Exception along |
+ | with this program; if not, contact CiviCRM LLC |
+ | at info[AT]civicrm[DOT]org. If you have questions about the |
+ | GNU Affero General Public License or the licensing of CiviCRM, |
+ | see the CiviCRM license FAQ at http://civicrm.org/licensing |
+ +--------------------------------------------------------------------+
+*/
+
+/**
+ *
+ * @package CRM
+ * @copyright CiviCRM LLC
+ * $Id$
+ *
+ */
+
+/**
+ * Generate a secure signature
+ *
+ * {code}
+ * {crmSigner var=mySig extra=123}
+ * var urlParams = ts={$mySig.ts}&extra={$mySig.extra}&sig={$mySig.signature}
+ * {endcode}
+ *
+ * @param $params array with keys:
+ * - var: string, a smarty variable to generate
+ * - ts: int, the current time (if omitted, autogenerated)
+ * - any other vars are put into the signature (sorted)
+ */
+function smarty_function_crmSigner($params, &$smarty) {
+ $var = $params['var'];
+ unset($params['var']);
+ $params['ts'] = CRM_Utils_Time::getTimeRaw();
+
+ $fields = array_keys($params);
+ sort($fields);
+
+ $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), $fields);
+ $params['signature'] = $signer->sign($params);
+ $smarty->assign($var, $params);
+}
+--------------------------------------------------------------------+
*}
{* This included tpl checks if a given username is taken or available. *}
+{crmSigner var=checkUserSig for=civicrm/ajax/cmsuser}
{literal}
var lastName = null;
cj("#checkavailability").click(function() {
var check = "{/literal}{ts escape='js'}Checking...{/ts}{literal}";
var available = "{/literal}{ts escape='js'}This username is currently available.{/ts}{literal}";
var notavailable = "{/literal}{ts escape='js'}This username is taken.{/ts}{literal}";
+ var errorMsg = "{/literal}{ts escape='js'}Error checking username. Please reload the form and try again.{/ts}{literal}";
//remove all the class add the messagebox classes and start fading
cj("#msgbox").removeClass().addClass('cmsmessagebox').css({"color":"#000","backgroundColor":"#FFC","border":"1px solid #c93"}).text(check).fadeIn("slow");
//check the username exists or not from ajax
var contactUrl = {/literal}"{crmURL p='civicrm/ajax/cmsuser' h=0 }"{literal};
- cj.post(contactUrl,{ cms_name:cj("#cms_name").val() } ,function(data) {
+ var checkUserParams = {
+ cms_name: cj("#cms_name").val(),
+ ts: {/literal}"{$checkUserSig.ts}"{literal},
+ sig: {/literal}"{$checkUserSig.signature}"{literal},
+ for: 'civicrm/ajax/cmsuser'
+ };
+ cj.post(contactUrl, checkUserParams ,function(data) {
if ( data.name == "no") {/*if username not avaiable*/
cj("#msgbox").fadeTo(200,0.1,function() {
cj(this).html(notavailable).addClass('cmsmessagebox').css({"color":"#CC0000","backgroundColor":"#F7CBCA","border":"1px solid #CC0000"}).fadeTo(900,1);
});
+ } else if ( data.name == "error") {/*if username not avaiable*/
+ cj("#msgbox").fadeTo(200,0.1,function() {
+ cj(this).html(errorMsg).addClass('cmsmessagebox').css({"color":"#CC0000","backgroundColor":"#F7CBCA","border":"1px solid #CC0000"}).fadeTo(900,1);
+ });
} else {
cj("#msgbox").fadeTo(200,0.1,function() {
cj(this).html(available).addClass('cmsmessagebox').css({"color":"#008000","backgroundColor":"#C9FFCA", "border": "1px solid #349534"}).fadeTo(900,1);
projects / civicrm-core.git / commitdiff