2016-04-19 03:38:38 +00:00
< ? php
2021-12-03 03:01:39 +00:00
2022-02-16 04:08:28 +00:00
namespace Code\Module ;
use Code\Lib\Account ;
use Code\Web\Controller ;
use Code\Lib\Channel ;
use Code\Lib\Config ;
use Code\Access\PermissionRoles ;
use Code\Render\Theme ;
2022-02-12 20:43:29 +00:00
2016-04-19 03:38:38 +00:00
2019-05-11 01:34:27 +00:00
require_once ( 'include/security.php' );
2016-04-19 03:38:38 +00:00
2021-12-02 23:02:31 +00:00
class Register extends Controller
{
public function init ()
{
$result = null ;
$cmd = (( argc () > 1 ) ? argv ( 1 ) : '' );
// Provide a stored request for somebody desiring a connection
// when they first need to register someplace. Once they've
// created a channel, we'll try to revive the connection request
// and process it.
if ( $_REQUEST [ 'connect' ]) {
$_SESSION [ 'connect' ] = $_REQUEST [ 'connect' ];
}
switch ( $cmd ) {
case 'invite_check.json' :
2022-01-25 01:26:12 +00:00
$result = Account :: check_invite ( $_REQUEST [ 'invite_code' ]);
2021-12-02 23:02:31 +00:00
break ;
case 'email_check.json' :
2022-01-25 01:26:12 +00:00
$result = Account :: check_email ( $_REQUEST [ 'email' ]);
2021-12-02 23:02:31 +00:00
break ;
case 'password_check.json' :
2022-01-25 01:26:12 +00:00
$result = Account :: check_password ( $_REQUEST [ 'password1' ]);
2021-12-02 23:02:31 +00:00
break ;
default :
break ;
}
if ( $result ) {
json_return_and_die ( $result );
}
}
public function post ()
{
2022-01-26 19:14:52 +00:00
// security token is session_id() based and we have a transient session, so we can't use it here.
//check_form_security_token_redirectOnErr('/register', 'register');
2021-12-02 23:02:31 +00:00
$max_dailies = intval ( get_config ( 'system' , 'max_daily_registrations' ));
if ( $max_dailies ) {
2021-12-03 03:01:39 +00:00
$r = q (
" select count(account_id) as total from account where account_created > %s - INTERVAL %s " ,
db_utcnow (),
db_quoteinterval ( '1 day' )
2021-12-02 23:02:31 +00:00
);
if ( $r && intval ( $r [ 0 ][ 'total' ]) >= $max_dailies ) {
notice ( t ( 'Maximum daily site registrations exceeded. Please try again tomorrow.' ) . EOL );
return ;
}
}
2022-02-16 03:52:32 +00:00
if ( Config :: Get ( 'system' , 'tos_required' ) && ! ( isset ( $_POST [ 'tos' ]) && intval ( $_POST [ 'tos' ]))) {
2021-12-02 23:02:31 +00:00
notice ( t ( 'Please indicate acceptance of the Terms of Service. Registration failed.' ) . EOL );
return ;
}
$policy = get_config ( 'system' , 'register_policy' );
$email_verify = get_config ( 'system' , 'verify_email' );
switch ( $policy ) {
case REGISTER_OPEN :
$flags = ACCOUNT_OK ;
break ;
case REGISTER_APPROVE :
$flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING ;
break ;
default :
case REGISTER_CLOSED :
if ( ! is_site_admin ()) {
notice ( t ( 'Permission denied.' ) . EOL );
return ;
}
$flags = ACCOUNT_BLOCKED ;
break ;
}
if ( $email_verify && $policy == REGISTER_OPEN ) {
$flags = $flags | ACCOUNT_UNVERIFIED ;
}
if (( ! $_POST [ 'password' ]) || ( $_POST [ 'password' ] !== $_POST [ 'password2' ])) {
notice ( t ( 'Passwords do not match.' ) . EOL );
return ;
}
$arr = $_POST ;
$arr [ 'account_flags' ] = $flags ;
2022-01-25 01:26:12 +00:00
$result = Account :: create ( $arr );
2021-12-02 23:02:31 +00:00
if ( ! $result [ 'success' ]) {
notice ( $result [ 'message' ]);
return ;
}
require_once ( 'include/security.php' );
if ( $_REQUEST [ 'name' ]) {
set_aconfig ( $result [ 'account' ][ 'account_id' ], 'register' , 'channel_name' , $_REQUEST [ 'name' ]);
}
if ( $_REQUEST [ 'nickname' ]) {
set_aconfig ( $result [ 'account' ][ 'account_id' ], 'register' , 'channel_address' , $_REQUEST [ 'nickname' ]);
}
if ( $_REQUEST [ 'permissions_role' ]) {
set_aconfig ( $result [ 'account' ][ 'account_id' ], 'register' , 'permissions_role' , $_REQUEST [ 'permissions_role' ]);
}
// At this point the account has been created without error. Purge any error messages from prior failed registration
// attempts which haven't yet been delivered to the browser and start fresh. If you're willing to figure out why they
// weren't delivered to the browser please adopt zap issue 34.
$_SESSION [ 'sysmsg' ] = [];
$using_invites = intval ( get_config ( 'system' , 'invitation_only' ));
$num_invites = intval ( get_config ( 'system' , 'number_invites' ));
$invite_code = (( x ( $_POST , 'invite_code' )) ? notags ( trim ( $_POST [ 'invite_code' ])) : '' );
if ( $using_invites && $invite_code && defined ( 'INVITE_WORKING' )) {
q ( " delete from register where hash = '%s' " , dbesc ( $invite_code ));
// @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php
set_aconfig ( $result [ 'account' ][ 'account_id' ], 'system' , 'invites_remaining' , $num_invites );
}
if ( $policy == REGISTER_OPEN ) {
if ( $email_verify ) {
2022-01-25 01:26:12 +00:00
$res = Account :: verify_email_address ( $result );
2021-12-02 23:02:31 +00:00
} else {
2022-01-25 01:26:12 +00:00
$res = Account :: send_register_success_email ( $result [ 'email' ], $result [ 'password' ]);
2021-12-02 23:02:31 +00:00
}
if ( $res ) {
if ( $invite_code ) {
info ( t ( 'Registration successful. Continue to create your first channel...' ) . EOL );
} else {
info ( t ( 'Registration successful. Please check your email for validation instructions.' ) . EOL );
}
}
} elseif ( $policy == REGISTER_APPROVE ) {
2022-01-25 01:26:12 +00:00
$res = Account :: send_reg_approval_email ( $result );
2021-12-02 23:02:31 +00:00
if ( $res ) {
info ( t ( 'Your registration is pending approval by the site owner.' ) . EOL );
} else {
notice ( t ( 'Your registration can not be processed.' ) . EOL );
}
goaway ( z_root ());
}
if ( $email_verify ) {
goaway ( z_root () . '/email_validation/' . bin2hex ( $result [ 'email' ]));
}
// fall through and authenticate if no approvals or verifications were required.
2022-03-15 08:42:34 +00:00
authenticate_success ( $result [ 'account' ], false , true , false , true );
2021-12-02 23:02:31 +00:00
$new_channel = false ;
$next_page = 'new_channel' ;
if ( get_config ( 'system' , 'auto_channel_create' )) {
2022-01-25 01:26:12 +00:00
$new_channel = Channel :: auto_create ( $result [ 'account' ][ 'account_id' ]);
2021-12-02 23:02:31 +00:00
if ( $new_channel [ 'success' ]) {
$channel_id = $new_channel [ 'channel' ][ 'channel_id' ];
change_channel ( $channel_id );
$next_page = '~' ;
} else {
$new_channel = false ;
}
}
$x = get_config ( 'system' , 'workflow_register_next' );
if ( $x ) {
$next_page = $x ;
$_SESSION [ 'workflow' ] = true ;
}
unset ( $_SESSION [ 'login_return_url' ]);
goaway ( z_root () . '/' . $next_page );
}
public function get ()
{
$registration_is = EMPTY_STR ;
$other_sites = false ;
if ( intval ( get_config ( 'system' , 'register_policy' )) === REGISTER_CLOSED ) {
notice ( t ( 'Registration on this website is disabled.' ) . EOL );
2022-06-07 03:41:40 +00:00
$other_sites = true ;
2021-12-02 23:02:31 +00:00
}
if ( intval ( get_config ( 'system' , 'register_policy' )) == REGISTER_APPROVE ) {
$registration_is = t ( 'Registration on this website is by approval only.' );
$other_sites = true ;
}
$invitations = false ;
if ( intval ( get_config ( 'system' , 'invitation_only' )) && defined ( 'INVITE_WORKING' )) {
$invitations = true ;
$registration_is = t ( 'Registration on this site is by invitation only.' );
$other_sites = true ;
}
$max_dailies = intval ( get_config ( 'system' , 'max_daily_registrations' ));
if ( $max_dailies ) {
2021-12-03 03:01:39 +00:00
$r = q (
" select count(account_id) as total from account where account_created > %s - INTERVAL %s " ,
db_utcnow (),
db_quoteinterval ( '1 day' )
2021-12-02 23:02:31 +00:00
);
if ( $r && $r [ 0 ][ 'total' ] >= $max_dailies ) {
logger ( 'max daily registrations exceeded.' );
notice ( t ( 'This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.' ) . EOL );
2022-12-31 07:54:22 +00:00
return '' ;
2021-12-02 23:02:31 +00:00
}
}
$privacy_role = (( x ( $_REQUEST , 'permissions_role' )) ? $_REQUEST [ 'permissions_role' ] : " " );
$perm_roles = PermissionRoles :: roles ();
// Configurable terms of service link
$tosurl = get_config ( 'system' , 'tos_url' );
if ( ! $tosurl ) {
2022-08-30 05:06:51 +00:00
$tosurl = z_root () . '/legal' ;
2021-12-02 23:02:31 +00:00
}
$toslink = '<a href="' . $tosurl . '" target="_blank">' . t ( 'Terms of Service' ) . '</a>' ;
// Configurable whether to restrict age or not - default is based on international legal requirements
// This can be relaxed if you are on a restricted server that does not share with public servers
if ( get_config ( 'system' , 'no_age_restriction' )) {
$label_tos = sprintf ( t ( 'I accept the %s for this website' ), $toslink );
} else {
$age = get_config ( 'system' , 'minimum_age' );
if ( ! $age ) {
$age = 13 ;
}
$label_tos = sprintf ( t ( 'I am over %s years of age and accept the %s for this website' ), $age , $toslink );
}
2022-02-16 03:52:32 +00:00
$enable_tos = Config :: Get ( 'system' , 'tos_required' );
2021-12-02 23:02:31 +00:00
$email = [ 'email' , t ( 'Your email address' ), (( x ( $_REQUEST , 'email' )) ? strip_tags ( trim ( $_REQUEST [ 'email' ])) : " " ), '' , '' , ' required ' ];
$password = [ 'password' , t ( 'Choose a password' ), '' , '' , '' , ' required ' ];
$password2 = [ 'password2' , t ( 'Please re-enter your password' ), '' , '' , '' , ' required ' ];
$invite_code = [ 'invite_code' , t ( 'Please enter your invitation code' ), (( x ( $_REQUEST , 'invite_code' )) ? strip_tags ( trim ( $_REQUEST [ 'invite_code' ])) : " " )];
$name = [ 'name' , t ( 'Your Name' ), (( x ( $_REQUEST , 'name' )) ? $_REQUEST [ 'name' ] : '' ), t ( 'Real names are preferred.' )];
$nickhub = '@' . str_replace ( array ( 'http://' , 'https://' , '/' ), '' , get_config ( 'system' , 'baseurl' ));
$nickname = [ 'nickname' , t ( 'Choose a short nickname' ), (( x ( $_REQUEST , 'nickname' )) ? $_REQUEST [ 'nickname' ] : '' ), sprintf ( t ( 'Your nickname will be used to create an easy to remember channel address e.g. nickname%s' ), $nickhub )];
$role = [ 'permissions_role' , t ( 'Channel role and privacy' ), ( $privacy_role ) ? $privacy_role : 'social' , t ( 'Select a channel permission role for your usage needs and privacy requirements.' ), $perm_roles ];
$tos = [ 'tos' , $label_tos , '' , '' , [ t ( 'no' ), t ( 'yes' )], ' required ' ];
$auto_create = ( get_config ( 'system' , 'auto_channel_create' ) ? true : false );
$default_role = get_config ( 'system' , 'default_permissions_role' );
$email_verify = get_config ( 'system' , 'verify_email' );
2022-02-12 20:43:29 +00:00
$o = replace_macros ( Theme :: get_template ( 'register.tpl' ), [
2021-12-02 23:02:31 +00:00
'$form_security_token' => get_form_security_token ( " register " ),
'$title' => t ( 'Registration' ),
'$reg_is' => $registration_is ,
'$registertext' => bbcode ( get_config ( 'system' , 'register_text' )),
'$other_sites' => (( $other_sites ) ? t ( '<a href="sites">Show affiliated sites - some of which may allow registration.</a>' ) : EMPTY_STR ),
'$invitations' => $invitations ,
'$invite_code' => $invite_code ,
'$auto_create' => $auto_create ,
'$name' => $name ,
'$role' => $role ,
'$default_role' => $default_role ,
'$nickname' => $nickname ,
'$enable_tos' => $enable_tos ,
'$tos' => $tos ,
'$email' => $email ,
'$pass1' => $password ,
'$pass2' => $password2 ,
'$submit' => t ( 'Register' ),
'$verify_note' => (( $email_verify ) ? t ( 'This site requires email verification. After completing this form, please check your email for further instructions.' ) : '' ),
]);
return $o ;
}
2016-04-19 03:38:38 +00:00
}