blob: cfc1785e49efbb81128688941cac79fecb4394ed [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -03001<?php
2require_once 'vendor/autoload.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +03003include 'config.php';
matheusfillipeabd513e2021-05-11 03:29:11 -03004include_once 'redis.php';
5include_once 'utils.php';
Matheus Fillipe301684b2021-05-14 09:09:43 +03006include_once 'mail.php';
7include_once 'ldap.php';
8include_once 'validators.php';
Marc Kupietzd871d882023-03-05 18:34:16 +01009include_once 'User.php';
10require __DIR__ . '/vendor/autoload.php';
11use Monolog\Level;
12use Monolog\Logger as Logger;
13use Monolog\Handler\StreamHandler;
14use Monolog\Handler\RotatingFileHandler;
15use \User as User;
Marc Kupietz3f6a5982023-03-06 07:04:59 +010016include $TEMPLATE . "strings.php";
Marc Kupietzd871d882023-03-05 18:34:16 +010017$log = new Logger('signup');
18$log->pushHandler(new RotatingFileHandler(__DIR__ . '/logs/signup.log', 0, Logger::DEBUG));
matheusfillipeabd513e2021-05-11 03:29:11 -030019
20if (!$DEBUG) error_reporting(0);
matheusfillipec0ce7fa2021-05-13 05:15:37 -030021else error_reporting(1);
matheusfillipeabd513e2021-05-11 03:29:11 -030022session_start();
23
matheusfillipeabd513e2021-05-11 03:29:11 -030024use Gregwar\Captcha\PhraseBuilder;
25
matheusfillipec0ce7fa2021-05-13 05:15:37 -030026$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
matheusfillipef43dd962021-05-13 23:27:01 -030027if (strlen($URI) == 2) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -030028 $GLOBALS["cc"] = $URI;
29 $_SESSION["cc"] = $URI;
30}
31
matheusfillipef43dd962021-05-13 23:27:01 -030032if (isset($_GET["lang"])) {
matheusfillipec0ce7fa2021-05-13 05:15:37 -030033 $GLOBALS["cc"] = $_GET["lang"];
34 $_SESSION["cc"] = $_GET["lang"];
35}
36
37$TEMPLATE = template_path();
38
39
Marc Kupietz3f6a5982023-03-06 07:04:59 +010040function send_welcome_email(User $user)
41{
42 global $SMTP, $SERVICE_ACRONYM, $WELCOME_TEMPLATE, $TEMPLATE;
43 $TEMPLATE = template_path();
44 include $TEMPLATE . "email.php";
45 $url = "";
46
47 send_mail($user->email, $SMTP, (object) [
48 "subject" => $WELCOME_TEMPLATE->subject,
49 "text" => replace_all_user_variables($WELCOME_TEMPLATE->text, $user, $url),
50 "html" => replace_all_user_variables($WELCOME_TEMPLATE->html, $user, $url)
51 ]);
52}
53
Marc Kupietz0375b7e2023-03-04 18:13:26 +010054function send_confirmation_email(string $mail, object $smtp, string $url, User $user)
matheusfillipef43dd962021-05-13 23:27:01 -030055{
matheusfillipeabd513e2021-05-11 03:29:11 -030056 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -030057 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +030058 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -030059
60 send_mail($mail, $smtp, (object) [
61 "subject" => $MAIL_TEMPLATE->subject,
Marc Kupietz0375b7e2023-03-04 18:13:26 +010062 "text" => replace_all_user_variables($MAIL_TEMPLATE->text, $user, $url),
63 "html" => replace_all_user_variables($MAIL_TEMPLATE->html, $user, $url)
matheusfillipef43dd962021-05-13 23:27:01 -030064 ]);
65}
66
67function send_recovery_email(string $mail, object $smtp, string $url)
68{
69 include 'config.php';
matheusfillipef43dd962021-05-13 23:27:01 -030070 $TEMPLATE = template_path();
Matheus Fillipe301684b2021-05-14 09:09:43 +030071 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -030072
73 send_mail($mail, $smtp, (object) [
74 "subject" => $RECOVERY_EMAIL_TEMPLATE->subject,
75 "text" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->text),
76 "html" => str_replace("{{url}}", $url, $RECOVERY_EMAIL_TEMPLATE->html)
77 ]);
78}
79
80function reload_captcha_script()
81{
82 include 'config.php';
Marc Kupietz3f6a5982023-03-06 07:04:59 +010083
84 if ($CAPTCHA_LENGTH > 0) {
85 $TEMPLATE = template_path();
86 include $TEMPLATE . "strings.php";
87 echo '
88 <script>
89 const reload_captcha = async (e) => {
90 var cont = document.getElementById("reload_captcha");
91 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>' . $STRINGS->reloading_captcha . '</span></div>";
92 var img = document.getElementById("captcha")
93 var url = "' . $BASE_URL . '/captcha.php?token=' . $_SESSION["captcha_token"] . '"
94 await fetch(url, { cache: "reload", mode: "no-cors" })
95 .then(() => {
96 img.src = url+"&t=" + new Date().getTime();
97 setTimeout( () => {
98 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
99 bindButton()
100 }, 500);
101 })
102 }
103 function bindButton(){
104 var button = document.getElementById("reload");
105 button.addEventListener("click", reload_captcha)
106 }
107 bindButton()
108 </script>
109 ';
110 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300111}
112
matheusfillipef43dd962021-05-13 23:27:01 -0300113function register_page($error = false)
114{
115 $TEMPLATE = template_path();
116 include 'config.php';
117 if ($error)
118 include $TEMPLATE . 'error.htm';
119 $_SESSION["captcha_token"] = generateRandomString(12);
120 include $TEMPLATE . "register.htm";
121 reload_captcha_script();
122}
matheusfillipeabd513e2021-05-11 03:29:11 -0300123
matheusfillipef43dd962021-05-13 23:27:01 -0300124
Marc Kupietzd871d882023-03-05 18:34:16 +0100125function verify_request(User $user)
matheusfillipef43dd962021-05-13 23:27:01 -0300126{
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300127 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300128 unset($_SESSION['captcha_token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300129 include $TEMPLATE . 'strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300130 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300131 $error = "";
132
133 $error .= validate_username($user->user_name);
134 $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR);
135 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
136 $error .= validate_email($user->email);
137 $error .= validate_password($password);
138
matheusfillipeabd513e2021-05-11 03:29:11 -0300139
Marc Kupietzd2dfa002023-03-04 14:59:16 +0100140 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300141 $error = $error . $STRINGS->wrong_captcha;
matheusfillipeabd513e2021-05-11 03:29:11 -0300142 }
143 unset($_SESSION["captcha"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300144
matheusfillipeabd513e2021-05-11 03:29:11 -0300145 return $error;
146}
147
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100148function backup_user_in_session($user)
149{
150 $_SESSION['username'] = $user->user_name;
151 $_SESSION['first_name'] = $user->first_name;
152 $_SESSION['last_name'] = $user->last_name;
153 $_SESSION['email'] = $user->email;
154 $_SESSION['organization'] = $user->organization;
155}
156
Marc Kupietzd871d882023-03-05 18:34:16 +0100157function approve_request(User $user)
matheusfillipef43dd962021-05-13 23:27:01 -0300158{
Matheus Fillipe301684b2021-05-14 09:09:43 +0300159 include 'config.php';
Marc Kupietzd871d882023-03-05 18:34:16 +0100160 global $log;
161
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300162 $token = generateRandomString();
matheusfillipeabd513e2021-05-11 03:29:11 -0300163 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
164 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300165 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300166 $maillist = $pending->mails;
167 array_push($maillist, $user->email);
matheusfillipef43dd962021-05-13 23:27:01 -0300168 } else
matheusfillipeabd513e2021-05-11 03:29:11 -0300169 $maillist = [$user->email];
matheusfillipef43dd962021-05-13 23:27:01 -0300170 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300171
matheusfillipef43dd962021-05-13 23:27:01 -0300172 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300173 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
174 $smtp = $FALLBACK_SMTP;
175 else
176 $smtp = $SMTP;
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100177 send_confirmation_email($user->email, $smtp, $url, $user);
matheusfillipeabd513e2021-05-11 03:29:11 -0300178 $_SESSION['resend'] = generateRandomString(12);
179 $_SESSION['token'] = $token;
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100180 backup_user_in_session($user);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300181 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300182 include $TEMPLATE . "confirm_your_email.htm";
Marc Kupietzd871d882023-03-05 18:34:16 +0100183 $log->info("Registration process started for " . user_to_string($user));
matheusfillipeabd513e2021-05-11 03:29:11 -0300184}
185
Matheus Fillipe301684b2021-05-14 09:09:43 +0300186function recover_form($error = null)
187{
188 $TEMPLATE = template_path();
189 include 'config.php';
190 $_SESSION["captcha_token"] = generateRandomString(12);
191 if ($error)
192 include $TEMPLATE . 'error.htm';
193 include $TEMPLATE . "recover_email_form.htm";
194 reload_captcha_script();
195}
196
197function new_password_form($error = null)
198{
199 $TEMPLATE = template_path();
200 if ($error)
201 include $TEMPLATE . 'error.htm';
202 include $TEMPLATE . "recover_new_password_form.htm";
203}
204
matheusfillipeabd513e2021-05-11 03:29:11 -0300205
206// PAGE
matheusfillipef43dd962021-05-13 23:27:01 -0300207include $TEMPLATE . "header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300208
209if ($_SERVER["REQUEST_METHOD"] == "POST") {
matheusfillipeabd513e2021-05-11 03:29:11 -0300210 if (isset($_POST['type'])) {
211 switch ($_POST['type']) {
212 case "register":
Marc Kupietza19f3072023-02-25 14:16:40 +0100213 $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"], $_POST["organization"]);
matheusfillipef43dd962021-05-13 23:27:01 -0300214 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
215 include $TEMPLATE . "registration_limit.htm";
216 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300217 $error = verify_request($user);
218 if ($error)
219 register_page($error);
220 else
221 approve_request($user);
222 }
223 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300224 case "recover":
matheusfillipef43dd962021-05-13 23:27:01 -0300225 $TEMPLATE = template_path();
226 unset($_SESSION['captcha_token']);
227 include $TEMPLATE . 'strings.php';
228
229 $email = $_POST["email"];
230 if (!ldap_mail_count($email)) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300231 unset($_POST['email']);
matheusfillipef43dd962021-05-13 23:27:01 -0300232 $error = $error . $STRINGS->recover_email_not_registered;
233 }
234
Marc Kupietzd2dfa002023-03-04 14:59:16 +0100235 if ($CAPTCHA_LENGTH > 0 && !(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
matheusfillipef43dd962021-05-13 23:27:01 -0300236 $error = $error . $STRINGS->wrong_captcha;
237 }
238
239 unset($_SESSION["captcha"]);
240 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS) {
241 include $TEMPLATE . "registration_limit.htm";
242 } else {
243 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300244 recover_form($error);
matheusfillipef43dd962021-05-13 23:27:01 -0300245 } else {
246 include $TEMPLATE . 'strings.php';
247 $token = generateRandomString();
248 redis_set($token, $email, $MAIL_CONFIRMATION_AWAIT_DELAY);
249
250 $url = $BASE_URL . "?type=password_change&token=" . $token;
251 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
252 $smtp = $FALLBACK_SMTP;
253 else
254 $smtp = $SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300255 $_SESSION['resend'] = generateRandomString(12);
256 $_SESSION['token'] = $token;
257 $_SESSION['email'] = $email;
258 $_SESSION['recover'] = $email;
259 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300260 send_recovery_email($email, $smtp, $url);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300261 include $TEMPLATE . "confirm_your_email.htm";
Marc Kupietzd871d882023-03-05 18:34:16 +0100262 $log->info("Password recovery email sent to " . $email);
matheusfillipef43dd962021-05-13 23:27:01 -0300263 }
264 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300265 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300266
267 case "password_change":
matheusfillipef43dd962021-05-13 23:27:01 -0300268 $password = $_POST['password'];
269 $error = validate_password($password);
270 if ($error) {
Matheus Fillipe301684b2021-05-14 09:09:43 +0300271 new_password_form($error);
272 } else {
273 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300274 include $TEMPLATE . "recover_success.htm";
275 include $TEMPLATE . "email.php";
matheusfillipef43dd962021-05-13 23:27:01 -0300276 $email = $_SESSION["email_change"];
277 if (change_password($email, $password)) {
278 if (in_array(explode("@", $email)[1], $MAIL_HOST_DIRECT_FALLBACK))
279 $smtp = $FALLBACK_SMTP;
280 else
281 $smtp = $SMTP;
282 send_mail($email, $smtp, $PASSWORD_CHANGED_EMAIL_TEMPLATE);
Marc Kupietzd871d882023-03-05 18:34:16 +0100283 $log->info("Password changed for " . $email);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300284 } else {
matheusfillipef43dd962021-05-13 23:27:01 -0300285 include $TEMPLATE . "strings.php";
286 echo $STRINGS->change_password_ldap_error;
287 }
Matheus Fillipe301684b2021-05-14 09:09:43 +0300288 unset($_SESSION["email_change"]);
289 redis_delete($_SESSION['token']);
matheusfillipef43dd962021-05-13 23:27:01 -0300290 }
291 break;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300292 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300293 }
294} elseif (isset($_GET['type'])) {
295 switch ($_GET['type']) {
296 case "confirmation":
matheusfillipef43dd962021-05-13 23:27:01 -0300297 if (!isset($_GET["token"])) {
matheusfillipe47cf90b2021-05-13 03:36:21 -0300298 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipef43dd962021-05-13 23:27:01 -0300299 } else {
matheusfillipeabd513e2021-05-11 03:29:11 -0300300 $token = $_GET["token"];
Marc Kupietzd871d882023-03-05 18:34:16 +0100301 $user = redis_get_user($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300302 if ($user && gettype($user) == "object") {
303 if (ldap_add_user($user)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300304 if ($REDIRECT_TO)
matheusfillipef43dd962021-05-13 23:27:01 -0300305 header("refresh:5;url=" . $REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300306
307 $pending = redis_get("pending");
matheusfillipef43dd962021-05-13 23:27:01 -0300308 if ($pending) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300309 $maillist = $pending->mails;
matheusfillipef43dd962021-05-13 23:27:01 -0300310 if (in_array($user->email, $maillist)) {
matheusfillipeabd513e2021-05-11 03:29:11 -0300311 unset($maillist[array_search($user->email, $maillist)]);
matheusfillipef43dd962021-05-13 23:27:01 -0300312 redis_set("pending", (object)["mails" => $maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
matheusfillipeabd513e2021-05-11 03:29:11 -0300313 }
314 }
315 redis_inc_ipdata(getClientIP(), "register");
Marc Kupietzd871d882023-03-05 18:34:16 +0100316 $log->info("User registered: " . user_to_string($user));
matheusfillipe47cf90b2021-05-13 03:36:21 -0300317 echo $STRINGS->email_confirmation;
Matheus Fillipe5ad0cd52022-05-05 06:10:41 +0300318 if (isset($POST_REGISTER_HOOK)) $POST_REGISTER_HOOK($user);
matheusfillipef43dd962021-05-13 23:27:01 -0300319 include $TEMPLATE . "mail_confirmed.htm";
320 } else {
Marc Kupietzd871d882023-03-05 18:34:16 +0100321 $log->error("User registration failed for: " . user_to_string($user));
matheusfillipe47cf90b2021-05-13 03:36:21 -0300322 echo $STRINGS->email_confirmation;
matheusfillipef43dd962021-05-13 23:27:01 -0300323 include $TEMPLATE . "registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300324 }
325 redis_delete($token);
matheusfillipef43dd962021-05-13 23:27:01 -0300326 } else {
327 include $TEMPLATE . "token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300328 }
329 }
330 break;
331 case "resend":
matheusfillipef43dd962021-05-13 23:27:01 -0300332 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']) {
333 include $TEMPLATE . "resend_mail.htm";
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100334 $user = new User($_SESSION["username"], $_SESSION["first_name"], $_SESSION["last_name"], $_SESSION["email"], "", $_SESSION["organization"]);
matheusfillipeabd513e2021-05-11 03:29:11 -0300335 $token = $_SESSION['token'];
matheusfillipef43dd962021-05-13 23:27:01 -0300336 $url = $BASE_URL . "?type=confirmation&token=" . $token;
matheusfillipeabd513e2021-05-11 03:29:11 -0300337 $smtp = $FALLBACK_SMTP;
matheusfillipef43dd962021-05-13 23:27:01 -0300338 $address = $_SESSION["email"];
Matheus Fillipe301684b2021-05-14 09:09:43 +0300339 if (isset($_SESSION['recover'])) {
matheusfillipef43dd962021-05-13 23:27:01 -0300340 $url = $BASE_URL . "?type=password_change&token=" . $token;
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100341 send_recovery_email($address, $smtp, $url, $user);
matheusfillipef43dd962021-05-13 23:27:01 -0300342 unset($_SESSION['recover']);
Matheus Fillipe301684b2021-05-14 09:09:43 +0300343 } else
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100344 send_confirmation_email($address, $smtp, $url, $user);
matheusfillipeabd513e2021-05-11 03:29:11 -0300345 unset($_SESSION['resend']);
346 unset($_SESSION['token']);
Marc Kupietz0375b7e2023-03-04 18:13:26 +0100347 # unset($_SESSION['email']);
348 } else {
349 echo "<h2>A second email has already been sent to " . $_SESSION['email'] .".</h2>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300350 }
351 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300352
matheusfillipe47cf90b2021-05-13 03:36:21 -0300353 case "recover":
Matheus Fillipe301684b2021-05-14 09:09:43 +0300354 recover_form();
matheusfillipe47cf90b2021-05-13 03:36:21 -0300355 break;
matheusfillipef43dd962021-05-13 23:27:01 -0300356
357 case "password_change":
358 $TEMPLATE = template_path();
matheusfillipef43dd962021-05-13 23:27:01 -0300359 $token = $_GET["token"];
360 $email = redis_get($token);
361 $_SESSION["email_change"] = $email;
Matheus Fillipe301684b2021-05-14 09:09:43 +0300362 $_SESSION["token"] = $token;
363 if ($email && gettype($email) == "string") {
364 new_password_form();
matheusfillipef43dd962021-05-13 23:27:01 -0300365 } else {
366 include $TEMPLATE . "token_expired.htm";
367 }
matheusfillipe47cf90b2021-05-13 03:36:21 -0300368 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300369 }
matheusfillipeabd513e2021-05-11 03:29:11 -0300370} else {
371 unset($_SESSION['captcha_token']);
372 register_page();
373}
374
matheusfillipef43dd962021-05-13 23:27:01 -0300375include $TEMPLATE . "bottom.htm";