Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / 47cf90bba5841a750806533973f60bdbb36d61a8 / . / index.php
blob: 340a22eaed673cf2377926c24efa8da5ab8ec3d4 [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]1<?php
2require_once 'vendor/autoload.php';
3include_once 'config.php';
4include_once 'redis.php';
5include_once 'utils.php';
6
7if (!$DEBUG) error_reporting(0);
8session_start();
9
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]10$INCLUDE_STRINGS_PATH = "templates_".$LANG_CC;
11if (isset($LANG_CC) && !empty($LANG_CC)) $TEMPLATE = $INCLUDE_STRINGS_PATH;
12else $TEMPLATE = "templates";
13
14include_once $TEMPLATE.'/strings.php';
15
16if(!file_exists(stream_resolve_include_path($INCLUDE_STRINGS_PATH.'/strings.php'))){
17 echo format($RUNTIME_ERROR->template_not_found, ["template"=>$INCLUDE_STRINGS_PATH, "langcc"=>$LANG_CC]);
18}
19
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]20
21use Gregwar\Captcha\PhraseBuilder;
22
23
24function register_page($error=false){
25 include 'config.php';
26 if ($error)
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]27 include $TEMPLATE.'/error.htm';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]28 $_SESSION["captcha_token"] = generateRandomString(12);
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]29 include $TEMPLATE."/register.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]30 echo '
31 <script>
32 const reload_captcha = async (e) => {
33 var cont = document.getElementById("reload_captcha");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]34 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>'.$STRINGS->reloading_captcha.'</span></div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]35 var img = document.getElementById("captcha")
36 var url = "'.$BASE_URL.'/captcha.php?token='.$_SESSION["captcha_token"].'"
37 await fetch(url, { cache: "reload", mode: "no-cors" })
38 .then(() => {
39 img.src = url+"&t=" + new Date().getTime();
40 setTimeout( () => {
41 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
42 bindButton()
43 }, 500);
44 })
45 }
46 function bindButton(){
47 var button = document.getElementById("reload");
48 button.addEventListener("click", reload_captcha)
49 }
50 bindButton()
51 </script>
52 ';
53}
54
55
56function verify_request($user){
57 unset($_SESSION['captcha_token']);
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]58 include_once 'validators.php';
59 include_once $TEMPLATE.'/strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]60 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]61 $error = "";
62
63 $error .= validate_username($user->user_name);
64 $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR);
65 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
66 $error .= validate_email($user->email);
67 $error .= validate_password($password);
68
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]69
70 if (!(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
71 $error = $error."Wrong captcha!<br>";
72 }
73 unset($_SESSION["captcha"]);
74
75 return $error;
76}
77
78function approve_request($user){
79 include "mail.php";
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]80 $token = "";
81 do {
82 $token = generateRandomString();
83 } while (redis_get($token));
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]84 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
85 $pending = redis_get("pending");
86 if ($pending){
87 $maillist = $pending->mails;
88 array_push($maillist, $user->email);
89 }
90 else
91 $maillist = [$user->email];
92 redis_set("pending", (object)["mails"=>$maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
93
94 $url = $BASE_URL."?type=confirmation&token=".$token;
95 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
96 $smtp = $FALLBACK_SMTP;
97 else
98 $smtp = $SMTP;
99 send_mail($user->email, $smtp, (object) [
100 "subject" => $MAIL_TEMPLATE->subject,
101 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
102 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
103 ]);
104 $_SESSION['resend'] = generateRandomString(12);
105 $_SESSION['token'] = $token;
106 $_SESSION['email'] = $user->email;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]107 include $TEMPLATE."confirm_your_email.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]108}
109
110
111// PAGE
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]112include $TEMPLATE."/header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]113
114if ($_SERVER["REQUEST_METHOD"] == "POST") {
115 include 'ldap.php';
116 if (isset($_POST['type'])) {
117 switch ($_POST['type']) {
118 case "register":
119 $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"]);
120 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS){
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]121 include $TEMPLATE."/registration_limit.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]122 }else{
123 $error = verify_request($user);
124 if ($error)
125 register_page($error);
126 else
127 approve_request($user);
128 }
129 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]130 case "recover":
131 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]132 }
133 }
134} elseif (isset($_GET['type'])) {
135 switch ($_GET['type']) {
136 case "confirmation":
137 if (!isset($_GET["token"])){
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]138 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]139 }else{
140 include "ldap.php";
141 $token = $_GET["token"];
142 $user = redis_get($token);
143 if ($user){
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]144 if (ldap_add_user($user)){
145 if ($REDIRECT_TO)
matheusfillipe38706ea2021-05-12 02:45:42 -0300[diff] [blame]146 header( "refresh:5;url=".$REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]147
148 $pending = redis_get("pending");
149 if ($pending){
150 $maillist = $pending->mails;
151 if (in_array($user->email, $maillist)){
152 unset($maillist[array_search($user->email, $maillist)]);
153 redis_set("pending", (object)["mails"=>$maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
154 }
155 }
156 redis_inc_ipdata(getClientIP(), "register");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]157 echo $STRINGS->email_confirmation;
158 include $TEMPLATE."/mail_confirmed.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]159 }else{
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]160 echo $STRINGS->email_confirmation;
161 include $TEMPLATE."/registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]162 }
163 redis_delete($token);
164 }else{
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]165 include $TEMPLATE."/token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]166 }
167 }
168 break;
169 case "resend":
170 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']){
171 include "mail.php";
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]172 include $TEMPLATE."/resend_mail.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]173 $token = $_SESSION['token'];
174 $url = $BASE_URL."?type=confirmation&token=".$token;
175 $smtp = $FALLBACK_SMTP;
176 $mail = $_SESSION["email"];
177 send_mail($mail, $smtp, (object) [
178 "subject" => $MAIL_TEMPLATE->subject,
179 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
180 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
181 ]);
182 unset($_SESSION['resend']);
183 unset($_SESSION['token']);
184 unset($_SESSION['email']);
185 }
186 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]187 case "recover":
188 break;
189 case "confirm_recover":
190 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]191 }
192
193
194} else {
195 unset($_SESSION['captcha_token']);
196 register_page();
197}
198
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame^]199include $TEMPLATE."/bottom.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]200?>