Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / 8e6a8dfe891432442fc3b46d9d3f84d8b198d49d / . / index.php
blob: d4310c8ec077834bb888d96534babfd844a436d2 [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]1<?php
2require_once 'vendor/autoload.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]3include 'config.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]4include_once 'redis.php';
5include_once 'utils.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]6include_once 'mail.php';
7include_once 'ldap.php';
8include_once 'validators.php';
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]9include_once 'User.php';
10require __DIR__ . '/vendor/autoload.php';
11use Monolog\Level;
12use Monolog\Logger as Logger;
13use Monolog\Handler\StreamHandler;
14use Monolog\Handler\RotatingFileHandler;
15use \User as User;
Marc Kupietza7074402023-03-06 07:04:59 +0100[diff] [blame]16include $TEMPLATE . "strings.php";
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]17$log = new Logger('signup');
18$log->pushHandler(new RotatingFileHandler(__DIR__ . '/logs/signup.log', 0, Logger::DEBUG));
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]19
20if (!$DEBUG) error_reporting(0);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]21else error_reporting(1);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]22session_start();
23
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]24use Gregwar\Captcha\PhraseBuilder;
25
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]26$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]27if (strlen($URI) == 2) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]28 $GLOBALS["cc"] = $URI;
29 $_SESSION["cc"] = $URI;
30}
31
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]32if (isset($_GET["lang"])) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]33 $GLOBALS["cc"] = $_GET["lang"];
34 $_SESSION["cc"] = $_GET["lang"];
35}
36
37$TEMPLATE = template_path();
38
39
Marc Kupietza7074402023-03-06 07:04:59 +0100[diff] [blame]40function send_welcome_email(User $user)
41{
42 global $SMTP, $SERVICE_ACRONYM, $WELCOME_TEMPLATE, $TEMPLATE;
43 $TEMPLATE = template_path();
44 include $TEMPLATE . "email.php";
45 $url = "";
46
47 send_mail($user->email, $SMTP, (object) [
48 "subject" => $WELCOME_TEMPLATE->subject,
49 "text" => replace_all_user_variables($WELCOME_TEMPLATE->text, $user, $url),
50 "html" => replace_all_user_variables($WELCOME_TEMPLATE->html, $user, $url)
51 ]);
52}
53
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]54function send_confirmation_email(string $mail, object $smtp, string $url, User $user)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]55{
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]56 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]57 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]58 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]59
60 send_mail($mail, $smtp, (object) [
61 "subject" => $MAIL_TEMPLATE->subject,
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]62 "text" => replace_all_user_variables($MAIL_TEMPLATE->text, $user, $url),
63 "html" => replace_all_user_variables($MAIL_TEMPLATE->html, $user, $url)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]64 ]);
65}
66
67function send_recovery_email(string $mail, object $smtp, string $url)
68{
69 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]70 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]71 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]72
73 send_mail($mail, $smtp, (object) [
74 "subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
75 "text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text),
76 "html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html)
77 ]);
78}
79
80function reload_captcha_script()
81{
82 include 'config.php';
Marc Kupietza7074402023-03-06 07:04:59 +0100[diff] [blame]83
84 if ($CAPTCHA_LENGTH > 0) {
85 $TEMPLATE = template_path();
86 include $TEMPLATE . "strings.php";
87 echo '
88 <script>
89 const reload_captcha = async (e) => {
90 var cont = document.getElementById("reload_captcha");
91 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>";
92 var img = document.getElementById("captcha")
93 var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '"
94 await fetch(url, { cache: "reload", mode: "no-cors" })
95 .then(() => {
96 img.src = url+"&t=" + new Date().getTime();
97 setTimeout( () => {
98 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
99 bindButton()
100 }, 500);
101 })
102 }
103 function bindButton(){
104 var button = document.getElementById("reload");
105 button.addEventListener("click", reload_captcha)
106 }
107 bindButton()
108 </script>
109 ';
110 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]111}
112
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]113function register_page($error = false)
114{
115 $TEMPLATE = template_path();
116 include 'config.php';
117 if ($error)
118 include $TEMPLATE . 'error.htm';
119 $_SESSION["captcha_token"] = generateRandomString(12);
120 include $TEMPLATE . "register.htm";
121 reload_captcha_script();
122}
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]123
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]124
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]125function verify_request(User $user)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]126{
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]127 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]128 unset($_SESSION['captcha_token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]129 include $TEMPLATE . 'strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]130 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]131 $error = "";
132
Marc Kupietzade9e3c2023-03-06 21:39:23 +0100[diff] [blame]133 $error .= validate_username($user->username);
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]134 $error .= validate_name($user->first_name, $FIRST_NAME_VALIDATION_ERROR);
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]135 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
136 $error .= validate_email($user->email);
137 $error .= validate_password($password);
138
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]139
Marc Kupietz493198f2023-03-04 14:59:16 +0100[diff] [blame]140 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]141 $error = $error . $STRINGS->wrong_captcha;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]142 }
143 unset($_SESSION["captcha"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]144
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]145 return $error;
146}
147
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]148
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]149function approve_request(User $user)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]150{
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]151 include 'config.php';
Marc Kupietz8e6a8df2023-03-07 13:05:23 +0100[diff] [blame^]152 global $log, $_SESSION;
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]153
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]154 $token = generateRandomString();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]155 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
156 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]157 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]158 $maillist = $pending->mails;
159 array_push($maillist, $user->email);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]160 } else
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]161 $maillist = [$user->email];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]162 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]163
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]164 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]165 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
166 $smtp = $FALLBACK_SMTP;
167 else
168 $smtp = $SMTP;
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]169 send_confirmation_email($user->email, $smtp, $url, $user);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]170 $_SESSION['resend'] = generateRandomString(12);
171 $_SESSION['token'] = $token;
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]172 $user->backup_in_session();
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame]173 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]174 include $TEMPLATE . "confirm_your_email.htm";
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]175 $log->info("Registration process started for " . $user->to_string());
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]176}
177
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]178function recover_form($error = null)
179{
180 $TEMPLATE = template_path();
181 include 'config.php';
182 $_SESSION["captcha_token"] = generateRandomString(12);
183 if ($error)
184 include $TEMPLATE . 'error.htm';
185 include $TEMPLATE . "recover_email_form.htm";
186 reload_captcha_script();
187}
188
189function new_password_form($error = null)
190{
191 $TEMPLATE = template_path();
192 if ($error)
193 include $TEMPLATE . 'error.htm';
194 include $TEMPLATE . "recover_new_password_form.htm";
195}
196
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]197
198// PAGE
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]199include $TEMPLATE . "header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]200
201if ($_SERVER["REQUEST_METHOD"] == "POST") {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]202 if (isset($_POST['type'])) {
203 switch ($_POST['type']) {
204 case "register":
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]205 $log->info("Registration request from " . array_to_string($_POST));
206 $user = new User();
207 $user->init_from_array($_POST);
208 $log->info("Registration request from " . $user->to_string());
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]209 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
210 include $TEMPLATE . "registration_limit.htm";
211 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]212 $error = verify_request($user);
213 if ($error)
214 register_page($error);
215 else
216 approve_request($user);
217 }
218 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]219 case "recover":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]220 $TEMPLATE = template_path();
221 unset($_SESSION['captcha_token']);
222 include $TEMPLATE . 'strings.php';
223
224 $email = $_POST["email"];
225 if (!ldap_mail_count($email)) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]226 unset($_POST['email']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]227 $error = $error . $STRINGS->recover_email_not_registered;
228 }
229
Marc Kupietz493198f2023-03-04 14:59:16 +0100[diff] [blame]230 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]231 $error = $error . $STRINGS->wrong_captcha;
232 }
233
234 unset($_SESSION["captcha"]);
235 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
236 include $TEMPLATE . "registration_limit.htm";
237 } else {
238 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]239 recover_form($error);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]240 } else {
241 include $TEMPLATE . 'strings.php';
242 $token = generateRandomString();
243 redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY);
244
245 $url = $BASE_URL . "?type=password_change&token=" . $token;
246 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
247 $smtp = $FALLBACK_SMTP;
248 else
249 $smtp = $SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]250 $_SESSION['resend'] = generateRandomString(12);
251 $_SESSION['token'] = $token;
252 $_SESSION['email'] = $email;
253 $_SESSION['recover'] = $email;
254 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]255 send_recovery_email($email, $smtp, $url);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]256 include $TEMPLATE . "confirm_your_email.htm";
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]257 $log->info("Password recovery email sent to " . $email);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]258 }
259 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]260 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]261
262 case "password_change":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]263 $password = $_POST['password'];
264 $error = validate_password($password);
265 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]266 new_password_form($error);
267 } else {
268 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]269 include $TEMPLATE . "recover_success.htm";
270 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]271 $email = $_SESSION["email_change"];
272 if (change_password($email, $password)) {
273 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
274 $smtp = $FALLBACK_SMTP;
275 else
276 $smtp = $SMTP;
277 send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]278 $log->info("Password changed for " . $email);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]279 } else {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]280 include $TEMPLATE . "strings.php";
281 echo $STRINGS->change_password_ldap_error;
282 }
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]283 unset($_SESSION["email_change"]);
284 redis_delete($_SESSION['token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]285 }
286 break;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]287 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]288 }
289} elseif (isset($_GET['type'])) {
290 switch ($_GET['type']) {
291 case "confirmation":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]292 if (!isset($_GET["token"])) {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]293 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]294 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]295 $token = $_GET["token"];
Marc Kupietz0215a442023-03-05 18:34:16 +0100[diff] [blame]296 $user = redis_get_user($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]297 if ($user && gettype($user) == "object") {
298 if (ldap_add_user($user)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]299 if ($REDIRECT_TO)
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]300 header("refresh:5;url=" . $REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]301
302 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]303 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]304 $maillist = $pending->mails;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]305 if (in_array($user->email, $maillist)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]306 unset($maillist[array_search($user->email, $maillist)]);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]307 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]308 }
309 }
310 redis_inc_ipdata(getClientIP(), "register");
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]311 $log->info("User registered: " . $user->to_string());
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]312 echo $STRINGS->email_confirmation;
Matheus Fillipe5ad0cd52022-05-05 06:10:41 +0300[diff] [blame]313 if (isset($POST_REGISTER_HOOK)) $POST_REGISTER_HOOK($user);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]314 include $TEMPLATE . "mail_confirmed.htm";
315 } else {
Marc Kupietz03146622023-03-07 12:03:21 +0100[diff] [blame]316 $log->error("User registration failed for: " . $user->to_string());
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]317 echo $STRINGS->email_confirmation;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]318 include $TEMPLATE . "registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]319 }
320 redis_delete($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]321 } else {
322 include $TEMPLATE . "token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]323 }
324 }
325 break;
326 case "resend":
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]327 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) {
Marc Kupietz8e6a8df2023-03-07 13:05:23 +0100[diff] [blame^]328 $log->info("Resending confirmation email to " . $_SESSION['email']);
329 $user = new User();
330 $user->init_from_array($_SESSION);
331 $log->info("Resending confirmation email to " . $user->to_string());
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]332 $token = $_SESSION['token'];
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]333 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]334 $smtp = $FALLBACK_SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]335 $address = $_SESSION["email"];
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]336 if (isset($_SESSION['recover'])) {
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]337 $url = $BASE_URL . "?type=password_change&token=" . $token;
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]338 send_recovery_email($address, $smtp, $url, $user);
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]339 unset($_SESSION['recover']);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]340 } else
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]341 send_confirmation_email($address, $smtp, $url, $user);
Marc Kupietz8e6a8df2023-03-07 13:05:23 +0100[diff] [blame^]342 echo "<div class='alert alert-info' role='alert'> Another email has been sent to ". $_SESSION['email']. " </div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]343 unset($_SESSION['resend']);
344 unset($_SESSION['token']);
Marc Kupietza3f3fdb2023-03-04 18:13:26 +0100[diff] [blame]345 # unset($_SESSION['email']);
346 } else {
Marc Kupietz8e6a8df2023-03-07 13:05:23 +0100[diff] [blame^]347 echo "<div class='alert alert-warning' role='alert'>A second email has already been sent.</div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]348 }
349 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]350
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]351 case "recover":
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]352 recover_form();
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]353 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]354
355 case "password_change":
356 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]357 $token = $_GET["token"];
358 $email = redis_get($token);
359 $_SESSION["email_change"] = $email;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300[diff] [blame]360 $_SESSION["token"] = $token;
361 if ($email && gettype($email) == "string") {
362 new_password_form();
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]363 } else {
364 include $TEMPLATE . "token_expired.htm";
365 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]366 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]367 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]368} else {
369 unset($_SESSION['captcha_token']);
370 register_page();
371}
372
matheusfillipef43dd962021-05-13 23:27:01 -0300[diff] [blame]373include $TEMPLATE . "bottom.htm";