Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / f43dd96676fabc5004772237671cf2e08e5d1632 / . / index.php
blob: 6f8f6c471f7d1f2c9364dcb1829cf869ed686934 [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]1<?php
2require_once 'vendor/autoload.php';
3include_once 'config.php';
4include_once 'redis.php';
5include_once 'utils.php';
6
7if (!$DEBUG) error_reporting(0);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]8else error_reporting(1);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]9session_start();
10
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]11use Gregwar\Captcha\PhraseBuilder;
12
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]13$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]14if (strlen($URI) == 2) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]15 $GLOBALS["cc"] = $URI;
16 $_SESSION["cc"] = $URI;
17}
18
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]19if (isset($_GET["lang"])) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]20 $GLOBALS["cc"] = $_GET["lang"];
21 $_SESSION["cc"] = $_GET["lang"];
22}
23
24$TEMPLATE = template_path();
25
26
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]27function send_confirmation_email(string $mail, object $smtp, string $url)
28{
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]29 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]30 include 'utils.php';
31 include "mail.php";
32 $TEMPLATE = template_path();
33 include $TEMPLATE . "emails.php";
34
35 send_mail($mail, $smtp, (object) [
36 "subject" => $MAIL_TEMPLATE->subject,
37 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
38 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
39 ]);
40}
41
42function send_recovery_email(string $mail, object $smtp, string $url)
43{
44 include 'config.php';
45 include 'utils.php';
46 include "mail.php";
47 $TEMPLATE = template_path();
48 include $TEMPLATE . "emails.php";
49
50 send_mail($mail, $smtp, (object) [
51 "subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
52 "text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text),
53 "html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html)
54 ]);
55}
56
57function reload_captcha_script()
58{
59 include 'config.php';
60 $TEMPLATE = template_path();
61 include $TEMPLATE . "strings.php";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]62 echo '
63 <script>
64 const reload_captcha = async (e) => {
65 var cont = document.getElementById("reload_captcha");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]66 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]67 var img = document.getElementById("captcha")
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]68 var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '"
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]69 await fetch(url, { cache: "reload", mode: "no-cors" })
70 .then(() => {
71 img.src = url+"&t=" + new Date().getTime();
72 setTimeout( () => {
73 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
74 bindButton()
75 }, 500);
76 })
77 }
78 function bindButton(){
79 var button = document.getElementById("reload");
80 button.addEventListener("click", reload_captcha)
81 }
82 bindButton()
83 </script>
84 ';
85}
86
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]87function register_page($error = false)
88{
89 $TEMPLATE = template_path();
90 include 'config.php';
91 if ($error)
92 include $TEMPLATE . 'error.htm';
93 $_SESSION["captcha_token"] = generateRandomString(12);
94 include $TEMPLATE . "register.htm";
95 reload_captcha_script();
96}
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]97
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]98
99function verify_request($user)
100{
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]101 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]102 unset($_SESSION['captcha_token']);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]103 include 'validators.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]104 include $TEMPLATE . 'strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]105 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]106 $error = "";
107
108 $error .= validate_username($user->user_name);
109 $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR);
110 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
111 $error .= validate_email($user->email);
112 $error .= validate_password($password);
113
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]114
115 if (!(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]116 $error = $error . $STRINGS->wrong_captcha;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]117 }
118 unset($_SESSION["captcha"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]119
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]120 return $error;
121}
122
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]123function approve_request($user)
124{
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]125 include "mail.php";
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]126 $token = generateRandomString();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]127 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
128 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]129 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]130 $maillist = $pending->mails;
131 array_push($maillist, $user->email);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]132 } else
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]133 $maillist = [$user->email];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]134 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]135
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]136 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]137 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
138 $smtp = $FALLBACK_SMTP;
139 else
140 $smtp = $SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]141 send_confirmation_email($user->email, $smtp, $url);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]142 $_SESSION['resend'] = generateRandomString(12);
143 $_SESSION['token'] = $token;
144 $_SESSION['email'] = $user->email;
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]145 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]146 include $TEMPLATE . "confirm_your_email.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]147}
148
149
150// PAGE
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]151include $TEMPLATE . "header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]152
153if ($_SERVER["REQUEST_METHOD"] == "POST") {
154 include 'ldap.php';
155 if (isset($_POST['type'])) {
156 switch ($_POST['type']) {
157 case "register":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]158 $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"]);
159 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
160 include $TEMPLATE . "registration_limit.htm";
161 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]162 $error = verify_request($user);
163 if ($error)
164 register_page($error);
165 else
166 approve_request($user);
167 }
168 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]169 case "recover":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]170 $TEMPLATE = template_path();
171 unset($_SESSION['captcha_token']);
172 include $TEMPLATE . 'strings.php';
173
174 $email = $_POST["email"];
175 if (!ldap_mail_count($email)) {
176 $error = $error . $STRINGS->recover_email_not_registered;
177 }
178
179 if (!(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
180 $error = $error . $STRINGS->wrong_captcha;
181 }
182
183 unset($_SESSION["captcha"]);
184 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
185 include $TEMPLATE . "registration_limit.htm";
186 } else {
187 if ($error) {
188 include $TEMPLATE . 'error.htm';
189 include $TEMPLATE . "register.htm";
190 reload_captcha_script();
191 } else {
192 include $TEMPLATE . 'strings.php';
193 $token = generateRandomString();
194 redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY);
195
196 $url = $BASE_URL . "?type=password_change&token=" . $token;
197 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
198 $smtp = $FALLBACK_SMTP;
199 else
200 $smtp = $SMTP;
201 send_confirmation_email($user->email, $smtp, $url);
202 $_SESSION['resend'] = generateRandomString(12);
203 $_SESSION['token'] = $token;
204 $_SESSION['email'] = $email;
205 $_SESSION['recover'] = $email;
206 $TEMPLATE = template_path();
207 include $TEMPLATE . "confirm_your_email.htm";
208 send_recovery_email($email, $smtp, $url);
209 }
210 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]211 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]212
213 case "password_change":
214 include 'validators.php';
215 include 'ldap.php';
216 $TEMPLATE = template_path();
217 include $TEMPLATE . "register.htm";
218 $password = $_POST['password'];
219 $error = validate_password($password);
220 if ($error) {
221 include $TEMPLATE . 'error.htm';
222 include $TEMPLATE . "recover_new_password_form.htm";
223 }else {
224 include $TEMPLATE . "recover_success.htm";
225 include $TEMPLATE . "email.php";
226 include 'mail.php';
227 $email = $_SESSION["email_change"];
228 if (change_password($email, $password)) {
229 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
230 $smtp = $FALLBACK_SMTP;
231 else
232 $smtp = $SMTP;
233 send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
234 unset($_SESSION["email_change"]);
235 }
236 else {
237 include $TEMPLATE . "strings.php";
238 echo $STRINGS->change_password_ldap_error;
239 }
240 }
241 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]242 }
243} elseif (isset($_GET['type'])) {
244 switch ($_GET['type']) {
245 case "confirmation":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]246 if (!isset($_GET["token"])) {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]247 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]248 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]249 include "ldap.php";
250 $token = $_GET["token"];
251 $user = redis_get($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]252 if ($user && gettype($user) == "object") {
253 if (ldap_add_user($user)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]254 if ($REDIRECT_TO)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]255 header("refresh:5;url=" . $REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]256
257 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]258 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]259 $maillist = $pending->mails;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]260 if (in_array($user->email, $maillist)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]261 unset($maillist[array_search($user->email, $maillist)]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]262 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]263 }
264 }
265 redis_inc_ipdata(getClientIP(), "register");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]266 echo $STRINGS->email_confirmation;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]267 include $TEMPLATE . "mail_confirmed.htm";
268 } else {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]269 echo $STRINGS->email_confirmation;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]270 include $TEMPLATE . "registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]271 }
272 redis_delete($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]273 } else {
274 include $TEMPLATE . "token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]275 }
276 }
277 break;
278 case "resend":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]279 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) {
280 include $TEMPLATE . "resend_mail.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]281 $token = $_SESSION['token'];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]282 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]283 $smtp = $FALLBACK_SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]284 $address = $_SESSION["email"];
285 if (isset($_SESSION['recover'])){
286 $url = $BASE_URL . "?type=password_change&token=" . $token;
287 send_recovery_email($address, $smtp, $url);
288 unset($_SESSION['recover']);
289 }
290 else
291 send_confirmation_email($address, $smtp, $url);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]292 unset($_SESSION['resend']);
293 unset($_SESSION['token']);
294 unset($_SESSION['email']);
295 }
296 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]297
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]298 case "recover":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]299 $TEMPLATE = template_path();
300 include $TEMPLATE . "register.htm";
301 include 'config.php';
302 $_SESSION["captcha_token"] = generateRandomString(12);
303 reload_captcha_script();
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]304 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]305
306 case "password_change":
307 $TEMPLATE = template_path();
308 include $TEMPLATE . "register.htm";
309 $token = $_GET["token"];
310 $email = redis_get($token);
311 $_SESSION["email_change"] = $email;
312 if ($email && gettype($email) == "string"){
313 include $TEMPLATE . "recover_new_password_form.htm";
314 } else {
315 include $TEMPLATE . "token_expired.htm";
316 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]317 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]318 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]319} else {
320 unset($_SESSION['captcha_token']);
321 register_page();
322}
323
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame^]324include $TEMPLATE . "bottom.htm";