Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / c0ce7fa2c361e11bcf707637f33c084af7196273 / . / index.php
blob: 9b9b31a06bd983fdb99c448ce8b80613b8d1f99e [file] [log] [blame]
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]1<?php
2require_once 'vendor/autoload.php';
3include_once 'config.php';
4include_once 'redis.php';
5include_once 'utils.php';
6
7if (!$DEBUG) error_reporting(0);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]8else error_reporting(1);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]9session_start();
10
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]11use Gregwar\Captcha\PhraseBuilder;
12
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]13$URI = array_slice(explode("/", explode('?', $_SERVER['REQUEST_URI'], 2)[0]), -1)[0];
14if (strlen($URI) == 2){
15 $GLOBALS["cc"] = $URI;
16 $_SESSION["cc"] = $URI;
17}
18
19if (isset($_GET["lang"])){
20 $GLOBALS["cc"] = $_GET["lang"];
21 $_SESSION["cc"] = $_GET["lang"];
22}
23
24$TEMPLATE = template_path();
25
26
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]27
28function register_page($error=false){
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]29 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]30 include 'config.php';
31 if ($error)
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]32 include $TEMPLATE.'error.htm';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]33 $_SESSION["captcha_token"] = generateRandomString(12);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]34 include $TEMPLATE."register.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]35 echo '
36 <script>
37 const reload_captcha = async (e) => {
38 var cont = document.getElementById("reload_captcha");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]39 cont.innerHTML = "<div class=\'spinner-border text-info\' role=\'status\'><span class=\'sr-only\'>'.$STRINGS->reloading_captcha.'</span></div>";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]40 var img = document.getElementById("captcha")
41 var url = "'.$BASE_URL.'/captcha.php?token='.$_SESSION["captcha_token"].'"
42 await fetch(url, { cache: "reload", mode: "no-cors" })
43 .then(() => {
44 img.src = url+"&t=" + new Date().getTime();
45 setTimeout( () => {
46 cont.innerHTML = "<button id=\'reload\' class=\'btn btn-outline-info\' type=\'button\'> <span class=\'glyphicon glyphicon-refresh\' aria-hidden=\'true\'></span></button>";
47 bindButton()
48 }, 500);
49 })
50 }
51 function bindButton(){
52 var button = document.getElementById("reload");
53 button.addEventListener("click", reload_captcha)
54 }
55 bindButton()
56 </script>
57 ';
58}
59
60
61function verify_request($user){
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]62 $TEMPLATE = template_path();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]63 unset($_SESSION['captcha_token']);
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]64 include 'validators.php';
65 include $TEMPLATE.'strings.php';
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]66 $password = $_POST["password"];
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]67 $error = "";
68
69 $error .= validate_username($user->user_name);
70 $error .= validate_name($user->name, $FIRST_NAME_VALIDATION_ERROR);
71 $error .= validate_name($user->last_name, $LAST_NAME_VALIDATION_ERROR);
72 $error .= validate_email($user->email);
73 $error .= validate_password($password);
74
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]75
76 if (!(isset($_SESSION['captcha']) && PhraseBuilder::comparePhrases($_SESSION['captcha'], $_POST['captcha']))) {
77 $error = $error."Wrong captcha!<br>";
78 }
79 unset($_SESSION["captcha"]);
80
81 return $error;
82}
83
84function approve_request($user){
85 include "mail.php";
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]86 $token = generateRandomString();
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]87 redis_set($token, $user, $MAIL_CONFIRMATION_AWAIT_DELAY);
88 $pending = redis_get("pending");
89 if ($pending){
90 $maillist = $pending->mails;
91 array_push($maillist, $user->email);
92 }
93 else
94 $maillist = [$user->email];
95 redis_set("pending", (object)["mails"=>$maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
96
97 $url = $BASE_URL."?type=confirmation&token=".$token;
98 if (in_array(explode("@", $user->email)[1], $MAIL_HOST_DIRECT_FALLBACK))
99 $smtp = $FALLBACK_SMTP;
100 else
101 $smtp = $SMTP;
102 send_mail($user->email, $smtp, (object) [
103 "subject" => $MAIL_TEMPLATE->subject,
104 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
105 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
106 ]);
107 $_SESSION['resend'] = generateRandomString(12);
108 $_SESSION['token'] = $token;
109 $_SESSION['email'] = $user->email;
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]110 $TEMPLATE = template_path();
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]111 include $TEMPLATE."confirm_your_email.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]112}
113
114
115// PAGE
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]116include $TEMPLATE."header.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]117
118if ($_SERVER["REQUEST_METHOD"] == "POST") {
119 include 'ldap.php';
120 if (isset($_POST['type'])) {
121 switch ($_POST['type']) {
122 case "register":
123 $user = new User($_POST["username"], $_POST["name"], $_POST["last_name"], $_POST["email"], $_POST["password"]);
124 if (redis_inc_ipdata(getClientIP(), "register", true) > $HOURLY_REGISTRATIONS){
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]125 include $TEMPLATE."registration_limit.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]126 }else{
127 $error = verify_request($user);
128 if ($error)
129 register_page($error);
130 else
131 approve_request($user);
132 }
133 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]134 case "recover":
135 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]136 }
137 }
138} elseif (isset($_GET['type'])) {
139 switch ($_GET['type']) {
140 case "confirmation":
141 if (!isset($_GET["token"])){
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]142 echo $RUNTIME_ERROR->user_trying_invalid_get;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]143 }else{
144 include "ldap.php";
145 $token = $_GET["token"];
146 $user = redis_get($token);
147 if ($user){
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]148 if (ldap_add_user($user)){
149 if ($REDIRECT_TO)
matheusfillipe38706ea2021-05-12 02:45:42 -0300[diff] [blame]150 header( "refresh:5;url=".$REDIRECT_TO);
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]151
152 $pending = redis_get("pending");
153 if ($pending){
154 $maillist = $pending->mails;
155 if (in_array($user->email, $maillist)){
156 unset($maillist[array_search($user->email, $maillist)]);
157 redis_set("pending", (object)["mails"=>$maillist], $MAIL_CONFIRMATION_AWAIT_DELAY);
158 }
159 }
160 redis_inc_ipdata(getClientIP(), "register");
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]161 echo $STRINGS->email_confirmation;
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]162 include $TEMPLATE."mail_confirmed.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]163 }else{
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]164 echo $STRINGS->email_confirmation;
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]165 include $TEMPLATE."registration_error.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]166 }
167 redis_delete($token);
168 }else{
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]169 include $TEMPLATE."token_expired.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]170 }
171 }
172 break;
173 case "resend":
174 if (isset($_GET['token']) && isset($_SESSION['resend']) && $_GET['token'] == $_SESSION['resend']){
175 include "mail.php";
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]176 include $TEMPLATE."resend_mail.htm";
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]177 $token = $_SESSION['token'];
178 $url = $BASE_URL."?type=confirmation&token=".$token;
179 $smtp = $FALLBACK_SMTP;
180 $mail = $_SESSION["email"];
181 send_mail($mail, $smtp, (object) [
182 "subject" => $MAIL_TEMPLATE->subject,
183 "text" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->text),
184 "html" => str_replace("{{url}}", $url, $MAIL_TEMPLATE->html)
185 ]);
186 unset($_SESSION['resend']);
187 unset($_SESSION['token']);
188 unset($_SESSION['email']);
189 }
190 break;
matheusfillipe47cf90b2021-05-13 03:36:21 -0300[diff] [blame]191 case "recover":
192 break;
193 case "confirm_recover":
194 break;
matheusfillipeabd513e2021-05-11 03:29:11 -0300[diff] [blame]195 }
196
197
198} else {
199 unset($_SESSION['captcha_token']);
200 register_page();
201}
202
matheusfillipec0ce7fa2021-05-13 05:15:37 -0300[diff] [blame^]203include $TEMPLATE."bottom.htm";