Code Vault

xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)

Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.

Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

<root> / tests / http_create_account.php (80e2fd11f547a91e3a6ec4c855c761e88624b3f9) (2,502B) (mode 100644) [raw]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97

<?php
error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");

$test_normal = TRUE;

$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/util.inc.php");
require_once("http.inc.php");

rg_log_set_file("http_create_account.log");

require_once("common.php");

$_testns = 'http_create_account';

prepare_http();

rg_log("Test create account");

// First we need to load the form so we can get the token
$r = do_req($test_url . "/op/create_account", $data, $headers);
if ($r === FALSE) {
	rg_log("Cannot load create_account page!");
	exit(1);
}
$good_token = $r['tokens']['user_edit_hl'];
$gen = $r['inputs']['gen'];

$uniq = rg_id(16);

sleep(2); // bot protection
rg_log('Adding an account without accepting tos...');
$username = "http1-$uniq<xss>";
$data = array(
	"uid" => 0,
	"doit" => 1,
	"token" => $good_token,
	"username" => $username,
	"realname" => "http1-$uniq real name<xss>",
	"email" => "http_create_account_$uniq<xss>@embedromix.ro",
	"pass" => "cucurigu<xss>",
	"pass2" => "cucurigu<xss>",
	"plan_id" => 9,
	"session_time" => 60,
	'gen' => $gen
);
$headers = array();
$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
if (!strstr($r['body'], "without accepting")) {
	rg_log("Seems we could create an account without accepting ToS. Bad!");
	exit(1);
}

rg_log('Adding an account accepting tos...');
$data['token'] = $r['tokens']['user_edit_hl'];
$data['tos'] = 1;
$headers = array();
$r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
if (!strstr($r['body'], "Your account has been successfully created")) {
	rg_log_ml('body: ' . print_r($r['body'], TRUE));
	rg_log("Cannot create account");
	exit(1);
}

$sql = "SELECT * FROM users WHERE username = '$username'";
$res = rg_sql_query($db, $sql);
if ($res === FALSE)
	exit(1);
$rows = rg_sql_num_rows($res);
if ($rows === 0) {
	rg_log("Seems the account is not created: rows == 0!");
	exit(1);
}
$row = rg_sql_fetch_array($res);
rg_sql_free_result($res);

$data['pass'] = rg_user_pass($row['salt'], $data['pass']);
$data['is_admin'] = 0; // to be sure we do not create admin accounts
foreach ($data as $k => $v) {
	if (!isset($row[$k]))
		continue;

	if (strcmp($k, "uid") == 0)
		continue;
	if (strcmp($k, "pass") == 0)
		continue;

	if (strcmp($row[$k], $v) != 0) {
		rg_log("Key $k does not match: row=" . $row[$k] . " data=" . $data[$k]);
		exit(1);
	}
}

rg_log("OK!");

Hints

Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:

... clone the repository ...
... make some changes and some commits ...
git push origin master