Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / 493198fced74fc7d8d828c4959cc0acba7548b0b / . / index.php
blob: ec70b9fb6a5638bc4d969de730aa661c7349a7dd [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]1<?php
2require_once 'vendor/autoload.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]3include 'config.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]4include_once 'redis.php';
5include_once 'utils.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]6include_once 'mail.php';
7include_once 'ldap.php';
8include_once 'validators.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]9
10if (!$DEBUG) error_reporting(0);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]11else error_reporting(1);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]12session_start();
13
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]14use Gregwar\Captcha\PhraseBuilder;
15
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]16$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]17if (strlen($URI) == 2) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]18 $GLOBALS["cc"] = $URI;
19 $_SESSION["cc"] = $URI;
20}
21
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]22if (isset($_GET["lang"])) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]23 $GLOBALS["cc"] = $_GET["lang"];
24 $_SESSION["cc"] = $_GET["lang"];
25}
26
27$TEMPLATE = template_path();
28
29
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]30function send_confirmation_email(string $mail, object $smtp, string $url)
31{
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]32 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]33 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]34 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]35
36 send_mail($mail, $smtp, (object) [
37 "subject" => $MAIL_TEMPLATE->subject,
38 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
39 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
40 ]);
41}
42
43function send_recovery_email(string $mail, object $smtp, string $url)
44{
45 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]46 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]47 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]48
49 send_mail($mail, $smtp, (object) [
50 "subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
51 "text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text),
52 "html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html)
53 ]);
54}
55
56function reload_captcha_script()
57{
58 include 'config.php';
59 $TEMPLATE = template_path();
60 include $TEMPLATE . "strings.php";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]61 echo '
62 <script>
63 const reload_captcha = async (e) => {
64 var cont = document.getElementById("reload_captcha");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]65 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]66 var img = document.getElementById("captcha")
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]67 var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '"
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]68 await fetch(url, { cache: "reload", mode: "no-cors" })
69 .then(() => {
70 img.src = url+"&t=" + new Date().getTime();
71 setTimeout( () => {
72 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
73 bindButton()
74 }, 500);
75 })
76 }
77 function bindButton(){
78 var button = document.getElementById("reload");
79 button.addEventListener("click", reload_captcha)
80 }
81 bindButton()
82 </script>
83 ';
84}
85
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]86function register_page($error = false)
87{
88 $TEMPLATE = template_path();
89 include 'config.php';
90 if ($error)
91 include $TEMPLATE . 'error.htm';
92 $_SESSION["captcha_token"] = generateRandomString(12);
93 include $TEMPLATE . "register.htm";
94 reload_captcha_script();
95}
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]96
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]97
98function verify_request($user)
99{
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]100 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]101 unset($_SESSION['captcha_token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]102 include $TEMPLATE . 'strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]103 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]104 $error = "";
105
106 $error .= validate_username($user->user_name);
107 $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR);
108 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
109 $error .= validate_email($user->email);
110 $error .= validate_password($password);
111
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]112
Marc Kupietz493198f2023-03-04 14:59:16 +0100[diff] [blame^]113 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]114 $error = $error . $STRINGS->wrong_captcha;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]115 }
116 unset($_SESSION["captcha"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]117
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]118 return $error;
119}
120
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]121function approve_request($user)
122{
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]123 include 'config.php';
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]124 $token = generateRandomString();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]125 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
126 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]127 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]128 $maillist = $pending->mails;
129 array_push($maillist, $user->email);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]130 } else
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]131 $maillist = [$user->email];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]132 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]133
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]134 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]135 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
136 $smtp = $FALLBACK_SMTP;
137 else
138 $smtp = $SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]139 send_confirmation_email($user->email, $smtp, $url);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]140 $_SESSION['resend'] = generateRandomString(12);
141 $_SESSION['token'] = $token;
142 $_SESSION['email'] = $user->email;
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]143 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]144 include $TEMPLATE . "confirm_your_email.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]145}
146
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]147function recover_form($error = null)
148{
149 $TEMPLATE = template_path();
150 include 'config.php';
151 $_SESSION["captcha_token"] = generateRandomString(12);
152 if ($error)
153 include $TEMPLATE . 'error.htm';
154 include $TEMPLATE . "recover_email_form.htm";
155 reload_captcha_script();
156}
157
158function new_password_form($error = null)
159{
160 $TEMPLATE = template_path();
161 if ($error)
162 include $TEMPLATE . 'error.htm';
163 include $TEMPLATE . "recover_new_password_form.htm";
164}
165
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]166
167// PAGE
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]168include $TEMPLATE . "header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]169
170if ($_SERVER["REQUEST_METHOD"] == "POST") {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]171 if (isset($_POST['type'])) {
172 switch ($_POST['type']) {
173 case "register":
Marc Kupietza19f3072023-02-25 14:16:40 +0100[diff] [blame]174 $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"], $_POST["organization"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]175 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
176 include $TEMPLATE . "registration_limit.htm";
177 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]178 $error = verify_request($user);
179 if ($error)
180 register_page($error);
181 else
182 approve_request($user);
183 }
184 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]185 case "recover":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]186 $TEMPLATE = template_path();
187 unset($_SESSION['captcha_token']);
188 include $TEMPLATE . 'strings.php';
189
190 $email = $_POST["email"];
191 if (!ldap_mail_count($email)) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]192 unset($_POST['email']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]193 $error = $error . $STRINGS->recover_email_not_registered;
194 }
195
Marc Kupietz493198f2023-03-04 14:59:16 +0100[diff] [blame^]196 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]197 $error = $error . $STRINGS->wrong_captcha;
198 }
199
200 unset($_SESSION["captcha"]);
201 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
202 include $TEMPLATE . "registration_limit.htm";
203 } else {
204 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]205 recover_form($error);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]206 } else {
207 include $TEMPLATE . 'strings.php';
208 $token = generateRandomString();
209 redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY);
210
211 $url = $BASE_URL . "?type=password_change&token=" . $token;
212 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
213 $smtp = $FALLBACK_SMTP;
214 else
215 $smtp = $SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]216 $_SESSION['resend'] = generateRandomString(12);
217 $_SESSION['token'] = $token;
218 $_SESSION['email'] = $email;
219 $_SESSION['recover'] = $email;
220 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]221 send_recovery_email($email, $smtp, $url);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]222 include $TEMPLATE . "confirm_your_email.htm";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]223 }
224 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]225 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]226
227 case "password_change":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]228 $password = $_POST['password'];
229 $error = validate_password($password);
230 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]231 new_password_form($error);
232 } else {
233 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]234 include $TEMPLATE . "recover_success.htm";
235 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]236 $email = $_SESSION["email_change"];
237 if (change_password($email, $password)) {
238 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
239 $smtp = $FALLBACK_SMTP;
240 else
241 $smtp = $SMTP;
242 send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]243 } else {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]244 include $TEMPLATE . "strings.php";
245 echo $STRINGS->change_password_ldap_error;
246 }
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]247 unset($_SESSION["email_change"]);
248 redis_delete($_SESSION['token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]249 }
250 break;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]251 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]252 }
253} elseif (isset($_GET['type'])) {
254 switch ($_GET['type']) {
255 case "confirmation":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]256 if (!isset($_GET["token"])) {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]257 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]258 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]259 $token = $_GET["token"];
260 $user = redis_get($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]261 if ($user && gettype($user) == "object") {
262 if (ldap_add_user($user)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]263 if ($REDIRECT_TO)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]264 header("refresh:5;url=" . $REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]265
266 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]267 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]268 $maillist = $pending->mails;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]269 if (in_array($user->email, $maillist)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]270 unset($maillist[array_search($user->email, $maillist)]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]271 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]272 }
273 }
274 redis_inc_ipdata(getClientIP(), "register");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]275 echo $STRINGS->email_confirmation;
Matheus Fillipe5ad0cd52022-05-05 06:10:41 +0300[diff] [blame]276 if (isset($POST_REGISTER_HOOK)) $POST_REGISTER_HOOK($user);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]277 include $TEMPLATE . "mail_confirmed.htm";
278 } else {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]279 echo $STRINGS->email_confirmation;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]280 include $TEMPLATE . "registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]281 }
282 redis_delete($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]283 } else {
284 include $TEMPLATE . "token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]285 }
286 }
287 break;
288 case "resend":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]289 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) {
290 include $TEMPLATE . "resend_mail.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]291 $token = $_SESSION['token'];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]292 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]293 $smtp = $FALLBACK_SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]294 $address = $_SESSION["email"];
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]295 if (isset($_SESSION['recover'])) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]296 $url = $BASE_URL . "?type=password_change&token=" . $token;
297 send_recovery_email($address, $smtp, $url);
298 unset($_SESSION['recover']);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]299 } else
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]300 send_confirmation_email($address, $smtp, $url);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]301 unset($_SESSION['resend']);
302 unset($_SESSION['token']);
303 unset($_SESSION['email']);
304 }
305 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]306
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]307 case "recover":
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]308 recover_form();
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]309 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]310
311 case "password_change":
312 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]313 $token = $_GET["token"];
314 $email = redis_get($token);
315 $_SESSION["email_change"] = $email;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]316 $_SESSION["token"] = $token;
317 if ($email && gettype($email) == "string") {
318 new_password_form();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]319 } else {
320 include $TEMPLATE . "token_expired.htm";
321 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]322 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]323 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]324} else {
325 unset($_SESSION['captcha_token']);
326 register_page();
327}
328
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]329include $TEMPLATE . "bottom.htm";