Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / c3e2861a95076fdeb5060c590bce59fd2cddad22 / . / index.php
blob: 9f75d0cfe3bee6fe504544361c775c8bc9484f1b [file] [log] [blame]
<?php
require_once 'vendor/autoload.php';
include 'config.php';
include_once 'redis.php';
include_once 'utils.php';
include_once 'mail.php';
include_once 'ldap.php';
include_once 'db_backend.php';
include_once 'validators.php';
include_once 'User.php';
include_once 'invoice.php';
require __DIR__ . '/vendor/autoload.php';
use Monolog\Level;
use Monolog\Logger as Logger;
use Monolog\Handler\StreamHandler;
use Monolog\Handler\RotatingFileHandler;
use \User as User;
use \DB as DB;
include $TEMPLATE . "strings.php";
$log = new Logger('signup');
$log->pushHandler(new RotatingFileHandler(__DIR__ . '/logs/signup.log', 0, Logger::DEBUG));
if (!$DEBUG) error_reporting(0);
else error_reporting(1);
session_start();
use Gregwar\Captcha\PhraseBuilder;
$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
if (strlen($URI) == 2) {
$GLOBALS["cc"] = $URI;
$_SESSION["cc"] = $URI;
}
if (isset($_GET["lang"])) {
$GLOBALS["cc"] = $_GET["lang"];
$_SESSION["cc"] = $_GET["lang"];
}
$TEMPLATE = template_path();
function send_welcome_email(User $user)
{
global $SMTP, $SERVICE_ACRONYM, $WELCOME_TEMPLATE, $TEMPLATE;
$TEMPLATE = template_path();
include $TEMPLATE . "email.php";
$url = "";
send_mail($user->email, $SMTP, (object) [
"subject" => $WELCOME_TEMPLATE->subject,
"text" => replace_all_user_variables($WELCOME_TEMPLATE->text, $user, $url),
"html" => replace_all_user_variables($WELCOME_TEMPLATE->html, $user, $url)
], $user);
}
function send_confirmation_email(string $mail, object $smtp, string $url, User $user)
{
include 'config.php';
$TEMPLATE = template_path();
include $TEMPLATE . "email.php";
send_mail($mail, $smtp, (object) [
"subject" => $MAIL_TEMPLATE->subject,
"text" => replace_all_user_variables($MAIL_TEMPLATE->text, $user, $url),
"html" => replace_all_user_variables($MAIL_TEMPLATE->html, $user, $url)
]);
}
function send_recovery_email(string $mail, object $smtp, string $url)
{
include 'config.php';
$TEMPLATE = template_path();
include $TEMPLATE . "email.php";
send_mail($mail, $smtp, (object) [
"subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
"text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text),
"html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html)
]);
}
function reload_captcha_script()
{
include 'config.php';
if ($CAPTCHA_LENGTH > 0) {
$TEMPLATE = template_path();
include $TEMPLATE . "strings.php";
echo '
<script>
const reload_captcha = async (e) => {
var cont = document.getElementById("reload_captcha");
cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>";
var img = document.getElementById("captcha")
var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '"
await fetch(url, { cache: "reload", mode: "no-cors" })
.then(() => {
img.src = url+"&t=" + new Date().getTime();
setTimeout( () => {
cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
bindButton()
}, 500);
})
}
function bindButton(){
var button = document.getElementById("reload");
button.addEventListener("click", reload_captcha)
}
bindButton()
</script>
';
}
}
function register_page($error = false)
{
$TEMPLATE = template_path();
include 'config.php';
if ($error)
include $TEMPLATE . 'error.htm';
$_SESSION["captcha_token"] = generateRandomString(12);
include $TEMPLATE . "register.htm";
reload_captcha_script();
}
function verify_request(User $user)
{
global $log, $CONFERENCE_REGISTRATION, $CAPTCHA_LENGTH, $DEBUG;
$TEMPLATE = template_path();
unset($_SESSION['captcha_token']);
include $TEMPLATE . 'strings.php';
$password = $_POST["password"];
$error = "";
if (!$CONFERENCE_REGISTRATION) {
$error .= validate_username($user->username);
$error .= validate_password($password);
}
$log->debug("validating request");
$error .= validate_name($user->first_name, $FIRST_NAME_VALIDATION_ERROR);
$error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
$log->debug("request validated: $error");
$error .= validate_email($user->email);
if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
$error = $error . $STRINGS->wrong_captcha . ($DEBUG ? " expected: " . $_SESSION['captcha'] . " actual: " . $_POST['captcha'] : "");
}
unset($_SESSION["captcha"]);
return $error;
}
function approve_request(User $user)
{
include 'config.php';
global $log, $_SESSION;
$token = generateRandomString();
redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
$pending = redis_get("pending");
if ($pending) {
$maillist = $pending->mails;
if(is_array($maillist))
array_push($maillist, $user->email);
} else
$maillist = [$user->email];
redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
$url = $BASE_URL . "?type=confirmation&token=" . $token;
if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
$smtp = $FALLBACK_SMTP;
else
$smtp = $SMTP;
send_confirmation_email($user->email, $smtp, $url, $user);
$_SESSION['resend'] = generateRandomString(12);
$_SESSION['token'] = $token;
$user->backup_in_session();
$TEMPLATE = template_path();
include $TEMPLATE . "confirm_your_email.htm";
$log->info("Registration process started for " . $user->to_string());
}
function recover_form($error = null)
{
$TEMPLATE = template_path();
include 'config.php';
$_SESSION["captcha_token"] = generateRandomString(12);
if ($error)
include $TEMPLATE . 'error.htm';
include $TEMPLATE . "recover_email_form.htm";
reload_captcha_script();
}
function new_password_form($error = null)
{
$TEMPLATE = template_path();
if ($error)
include $TEMPLATE . 'error.htm';
include $TEMPLATE . "recover_new_password_form.htm";
}
// PAGE
include $TEMPLATE . "header.htm";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['type'])) {
switch ($_POST['type']) {
case "register":
$log->info("Registration request from " . array_to_string($_POST));
$user = new User();
$user->init_from_array($_POST);
$log->info("Registration request from " . $user->to_string());
if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
include $TEMPLATE . "registration_limit.htm";
} else {
$error = verify_request($user);
if ($error)
register_page($error);
else
approve_request($user);
}
break;
case "recover":
if ($CONFERENCE_REGISTRATION)
break;
$TEMPLATE = template_path();
unset($_SESSION['captcha_token']);
include $TEMPLATE . 'strings.php';
$email = $_POST["email"];
if (($CONFERENCE_REGISTRATION & ! (new DB($log))->mail_count($email)) || !ldap_mail_count($email)) {
unset($_POST['email']);
$error = $error . $STRINGS->recover_email_not_registered;
}
if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
$error = $error . $STRINGS->wrong_captcha;
}
unset($_SESSION["captcha"]);
if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
include $TEMPLATE . "registration_limit.htm";
} else {
if ($error) {
recover_form($error);
} else {
include $TEMPLATE . 'strings.php';
$token = generateRandomString();
redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY);
$url = $BASE_URL . "?type=password_change&token=" . $token;
if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
$smtp = $FALLBACK_SMTP;
else
$smtp = $SMTP;
$_SESSION['resend'] = generateRandomString(12);
$_SESSION['token'] = $token;
$_SESSION['email'] = $email;
$_SESSION['recover'] = $email;
$TEMPLATE = template_path();
send_recovery_email($email, $smtp, $url);
include $TEMPLATE . "confirm_your_email.htm";
$log->info("Password recovery email sent to " . $email);
}
}
break;
case "password_change":
if ($CONFERENCE_REGISTRATION)
break;
$password = $_POST['password'];
$error = validate_password($password);
if ($error) {
new_password_form($error);
} else {
$TEMPLATE = template_path();
include $TEMPLATE . "recover_success.htm";
include $TEMPLATE . "email.php";
$email = $_SESSION["email_change"];
if (change_password($email, $password)) {
if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
$smtp = $FALLBACK_SMTP;
else
$smtp = $SMTP;
send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
$log->info("Password changed for " . $email);
} else {
include $TEMPLATE . "strings.php";
echo $STRINGS->change_password_ldap_error;
}
unset($_SESSION["email_change"]);
redis_delete($_SESSION['token']);
}
break;
}
}
} elseif (isset($_GET['type'])) {
switch ($_GET['type']) {
case "confirmation":
if (!isset($_GET["token"])) {
echo $RUNTIME_ERROR->user_trying_invalid_get;
} else {
$token = $_GET["token"];
$user = redis_get_user($token);
if ($user && gettype($user) == "object") {
if (($CONFERENCE_REGISTRATION && (new DB($log))->add_user($user)) || (!$CONFERENCE_REGISTRATION && ldap_add_user($user))) {
if ($REDIRECT_TO)
header("refresh:5;url=" . $REDIRECT_TO);
$pending = redis_get("pending");
if ($pending) {
$maillist = $pending->mails;
if (is_array($maillist) && in_array($user->email, $maillist)) {
unset($maillist[array_search($user->email, $maillist)]);
redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
}
}
redis_inc_ipdata(getClientIP(), "register");
$log->info("User registration completed: " . $user->to_string());
echo $STRINGS->email_confirmation;
if (isset($POST_REGISTER_HOOK)) $POST_REGISTER_HOOK($user);
include $TEMPLATE . "mail_confirmed.htm";
} else {
$log->error("User registration failed for: " . $user->to_string());
echo $STRINGS->email_confirmation;
include $TEMPLATE . "registration_error.htm";
}
redis_delete($token);
} else {
include $TEMPLATE . "token_expired.htm";
}
}
break;
case "resend":
if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) {
$log->info("Resending confirmation email to " . $_SESSION['email']);
$user = new User();
$user->init_from_array($_SESSION);
$log->info("Resending confirmation email to " . $user->to_string());
$token = $_SESSION['token'];
$url = $BASE_URL . "?type=confirmation&token=" . $token;
$smtp = $FALLBACK_SMTP;
$address = $_SESSION["email"];
if (isset($_SESSION['recover'])) {
$url = $BASE_URL . "?type=password_change&token=" . $token;
send_recovery_email($address, $smtp, $url, $user);
unset($_SESSION['recover']);
} else
send_confirmation_email($address, $smtp, $url, $user);
echo "<div class='alert alert-info' role='alert'> Another email has been sent to ". $_SESSION['email']. " </div>";
unset($_SESSION['resend']);
unset($_SESSION['token']);
# unset($_SESSION['email']);
} else {
echo "<div class='alert alert-warning' role='alert'>A second email has already been sent.</div>";
}
break;
case "recover":
recover_form();
break;
case "password_change":
$TEMPLATE = template_path();
$token = $_GET["token"];
$email = redis_get($token);
$_SESSION["email_change"] = $email;
$_SESSION["token"] = $token;
if ($email && gettype($email) == "string") {
new_password_form();
} else {
include $TEMPLATE . "token_expired.htm";
}
break;
}
} else {
unset($_SESSION['captcha_token']);
register_page();
}
include $TEMPLATE . "bottom.htm";