| <?php |
| require_once 'vendor/autoload.php'; |
| include 'config.php'; |
| include_once 'redis.php'; |
| include_once 'utils.php'; |
| include_once 'mail.php'; |
| include_once 'ldap.php'; |
| include_once 'validators.php'; |
| include_once 'User.php'; |
| require __DIR__ . '/vendor/autoload.php'; |
| use Monolog\Level; |
| use Monolog\Logger as Logger; |
| use Monolog\Handler\StreamHandler; |
| use Monolog\Handler\RotatingFileHandler; |
| use \User as User; |
| include $TEMPLATE . "strings.php"; |
| $log = new Logger('signup'); |
| $log->pushHandler(new RotatingFileHandler(__DIR__ . '/logs/signup.log', 0, Logger::DEBUG)); |
| |
| if (!$DEBUG) error_reporting(0); |
| else error_reporting(1); |
| session_start(); |
| |
| use Gregwar\Captcha\PhraseBuilder; |
| |
| $URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0]; |
| if (strlen($URI) == 2) { |
| $GLOBALS["cc"] = $URI; |
| $_SESSION["cc"] = $URI; |
| } |
| |
| if (isset($_GET["lang"])) { |
| $GLOBALS["cc"] = $_GET["lang"]; |
| $_SESSION["cc"] = $_GET["lang"]; |
| } |
| |
| $TEMPLATE = template_path(); |
| |
| |
| function send_welcome_email(User $user) |
| { |
| global $SMTP, $SERVICE_ACRONYM, $WELCOME_TEMPLATE, $TEMPLATE; |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "email.php"; |
| $url = ""; |
| |
| send_mail($user->email, $SMTP, (object) [ |
| "subject" => $WELCOME_TEMPLATE->subject, |
| "text" => replace_all_user_variables($WELCOME_TEMPLATE->text, $user, $url), |
| "html" => replace_all_user_variables($WELCOME_TEMPLATE->html, $user, $url) |
| ]); |
| } |
| |
| function send_confirmation_email(string $mail, object $smtp, string $url, User $user) |
| { |
| include 'config.php'; |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "email.php"; |
| |
| send_mail($mail, $smtp, (object) [ |
| "subject" => $MAIL_TEMPLATE->subject, |
| "text" => replace_all_user_variables($MAIL_TEMPLATE->text, $user, $url), |
| "html" => replace_all_user_variables($MAIL_TEMPLATE->html, $user, $url) |
| ]); |
| } |
| |
| function send_recovery_email(string $mail, object $smtp, string $url) |
| { |
| include 'config.php'; |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "email.php"; |
| |
| send_mail($mail, $smtp, (object) [ |
| "subject" => $RECOVERY_EMAIL_TEMPLATE->subject, |
| "text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text), |
| "html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html) |
| ]); |
| } |
| |
| function reload_captcha_script() |
| { |
| include 'config.php'; |
| |
| if ($CAPTCHA_LENGTH > 0) { |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "strings.php"; |
| echo ' |
| <script> |
| const reload_captcha = async (e) => { |
| var cont = document.getElementById("reload_captcha"); |
| cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>"; |
| var img = document.getElementById("captcha") |
| var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '" |
| await fetch(url, { cache: "reload", mode: "no-cors" }) |
| .then(() => { |
| img.src = url+"&t=" + new Date().getTime(); |
| setTimeout( () => { |
| cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>"; |
| bindButton() |
| }, 500); |
| }) |
| } |
| function bindButton(){ |
| var button = document.getElementById("reload"); |
| button.addEventListener("click", reload_captcha) |
| } |
| bindButton() |
| </script> |
| '; |
| } |
| } |
| |
| function register_page($error = false) |
| { |
| $TEMPLATE = template_path(); |
| include 'config.php'; |
| if ($error) |
| include $TEMPLATE . 'error.htm'; |
| $_SESSION["captcha_token"] = generateRandomString(12); |
| include $TEMPLATE . "register.htm"; |
| reload_captcha_script(); |
| } |
| |
| |
| function verify_request(User $user) |
| { |
| $TEMPLATE = template_path(); |
| unset($_SESSION['captcha_token']); |
| include $TEMPLATE . 'strings.php'; |
| $password = $_POST["password"]; |
| $error = ""; |
| |
| $error .= validate_username($user->user_name); |
| $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR); |
| $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR); |
| $error .= validate_email($user->email); |
| $error .= validate_password($password); |
| |
| |
| if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) { |
| $error = $error . $STRINGS->wrong_captcha; |
| } |
| unset($_SESSION["captcha"]); |
| |
| return $error; |
| } |
| |
| function backup_user_in_session($user) |
| { |
| $_SESSION['username'] = $user->user_name; |
| $_SESSION['first_name'] = $user->first_name; |
| $_SESSION['last_name'] = $user->last_name; |
| $_SESSION['email'] = $user->email; |
| $_SESSION['organization'] = $user->organization; |
| } |
| |
| function approve_request(User $user) |
| { |
| include 'config.php'; |
| global $log; |
| |
| $token = generateRandomString(); |
| redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY); |
| $pending = redis_get("pending"); |
| if ($pending) { |
| $maillist = $pending->mails; |
| array_push($maillist, $user->email); |
| } else |
| $maillist = [$user->email]; |
| redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY); |
| |
| $url = $BASE_URL . "?type=confirmation&token=" . $token; |
| if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK)) |
| $smtp = $FALLBACK_SMTP; |
| else |
| $smtp = $SMTP; |
| send_confirmation_email($user->email, $smtp, $url, $user); |
| $_SESSION['resend'] = generateRandomString(12); |
| $_SESSION['token'] = $token; |
| backup_user_in_session($user); |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "confirm_your_email.htm"; |
| $log->info("Registration process started for " . user_to_string($user)); |
| } |
| |
| function recover_form($error = null) |
| { |
| $TEMPLATE = template_path(); |
| include 'config.php'; |
| $_SESSION["captcha_token"] = generateRandomString(12); |
| if ($error) |
| include $TEMPLATE . 'error.htm'; |
| include $TEMPLATE . "recover_email_form.htm"; |
| reload_captcha_script(); |
| } |
| |
| function new_password_form($error = null) |
| { |
| $TEMPLATE = template_path(); |
| if ($error) |
| include $TEMPLATE . 'error.htm'; |
| include $TEMPLATE . "recover_new_password_form.htm"; |
| } |
| |
| |
| // PAGE |
| include $TEMPLATE . "header.htm"; |
| |
| if ($_SERVER["REQUEST_METHOD"] == "POST") { |
| if (isset($_POST['type'])) { |
| switch ($_POST['type']) { |
| case "register": |
| $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"], $_POST["organization"]); |
| if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) { |
| include $TEMPLATE . "registration_limit.htm"; |
| } else { |
| $error = verify_request($user); |
| if ($error) |
| register_page($error); |
| else |
| approve_request($user); |
| } |
| break; |
| case "recover": |
| $TEMPLATE = template_path(); |
| unset($_SESSION['captcha_token']); |
| include $TEMPLATE . 'strings.php'; |
| |
| $email = $_POST["email"]; |
| if (!ldap_mail_count($email)) { |
| unset($_POST['email']); |
| $error = $error . $STRINGS->recover_email_not_registered; |
| } |
| |
| if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) { |
| $error = $error . $STRINGS->wrong_captcha; |
| } |
| |
| unset($_SESSION["captcha"]); |
| if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) { |
| include $TEMPLATE . "registration_limit.htm"; |
| } else { |
| if ($error) { |
| recover_form($error); |
| } else { |
| include $TEMPLATE . 'strings.php'; |
| $token = generateRandomString(); |
| redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY); |
| |
| $url = $BASE_URL . "?type=password_change&token=" . $token; |
| if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK)) |
| $smtp = $FALLBACK_SMTP; |
| else |
| $smtp = $SMTP; |
| $_SESSION['resend'] = generateRandomString(12); |
| $_SESSION['token'] = $token; |
| $_SESSION['email'] = $email; |
| $_SESSION['recover'] = $email; |
| $TEMPLATE = template_path(); |
| send_recovery_email($email, $smtp, $url); |
| include $TEMPLATE . "confirm_your_email.htm"; |
| $log->info("Password recovery email sent to " . $email); |
| } |
| } |
| break; |
| |
| case "password_change": |
| $password = $_POST['password']; |
| $error = validate_password($password); |
| if ($error) { |
| new_password_form($error); |
| } else { |
| $TEMPLATE = template_path(); |
| include $TEMPLATE . "recover_success.htm"; |
| include $TEMPLATE . "email.php"; |
| $email = $_SESSION["email_change"]; |
| if (change_password($email, $password)) { |
| if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK)) |
| $smtp = $FALLBACK_SMTP; |
| else |
| $smtp = $SMTP; |
| send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE); |
| $log->info("Password changed for " . $email); |
| } else { |
| include $TEMPLATE . "strings.php"; |
| echo $STRINGS->change_password_ldap_error; |
| } |
| unset($_SESSION["email_change"]); |
| redis_delete($_SESSION['token']); |
| } |
| break; |
| } |
| } |
| } elseif (isset($_GET['type'])) { |
| switch ($_GET['type']) { |
| case "confirmation": |
| if (!isset($_GET["token"])) { |
| echo $RUNTIME_ERROR->user_trying_invalid_get; |
| } else { |
| $token = $_GET["token"]; |
| $user = redis_get_user($token); |
| if ($user && gettype($user) == "object") { |
| if (ldap_add_user($user)) { |
| if ($REDIRECT_TO) |
| header("refresh:5;url=" . $REDIRECT_TO); |
| |
| $pending = redis_get("pending"); |
| if ($pending) { |
| $maillist = $pending->mails; |
| if (in_array($user->email, $maillist)) { |
| unset($maillist[array_search($user->email, $maillist)]); |
| redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY); |
| } |
| } |
| redis_inc_ipdata(getClientIP(), "register"); |
| $log->info("User registered: " . user_to_string($user)); |
| echo $STRINGS->email_confirmation; |
| if (isset($POST_REGISTER_HOOK)) $POST_REGISTER_HOOK($user); |
| include $TEMPLATE . "mail_confirmed.htm"; |
| } else { |
| $log->error("User registration failed for: " . user_to_string($user)); |
| echo $STRINGS->email_confirmation; |
| include $TEMPLATE . "registration_error.htm"; |
| } |
| redis_delete($token); |
| } else { |
| include $TEMPLATE . "token_expired.htm"; |
| } |
| } |
| break; |
| case "resend": |
| if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) { |
| include $TEMPLATE . "resend_mail.htm"; |
| $user = new User($_SESSION["username"], $_SESSION["first_name"], $_SESSION["last_name"], $_SESSION["email"], "", $_SESSION["organization"]); |
| $token = $_SESSION['token']; |
| $url = $BASE_URL . "?type=confirmation&token=" . $token; |
| $smtp = $FALLBACK_SMTP; |
| $address = $_SESSION["email"]; |
| if (isset($_SESSION['recover'])) { |
| $url = $BASE_URL . "?type=password_change&token=" . $token; |
| send_recovery_email($address, $smtp, $url, $user); |
| unset($_SESSION['recover']); |
| } else |
| send_confirmation_email($address, $smtp, $url, $user); |
| unset($_SESSION['resend']); |
| unset($_SESSION['token']); |
| # unset($_SESSION['email']); |
| } else { |
| echo "<h2>A second email has already been sent to " . $_SESSION['email'] .".</h2>"; |
| } |
| break; |
| |
| case "recover": |
| recover_form(); |
| break; |
| |
| case "password_change": |
| $TEMPLATE = template_path(); |
| $token = $_GET["token"]; |
| $email = redis_get($token); |
| $_SESSION["email_change"] = $email; |
| $_SESSION["token"] = $token; |
| if ($email && gettype($email) == "string") { |
| new_password_form(); |
| } else { |
| include $TEMPLATE . "token_expired.htm"; |
| } |
| break; |
| } |
| } else { |
| unset($_SESSION['captcha_token']); |
| register_page(); |
| } |
| |
| include $TEMPLATE . "bottom.htm"; |