JuKu /
JuKuCMS
@@ -27,13 +27,13 @@ |
||
| 27 | 27 | |
| 28 | 28 | class Validator_IP implements Validator_Base { |
| 29 | 29 | |
| 30 | - public function isValide($value): bool { |
|
| 31 | - return filter_var($value, FILTER_VALIDATE_IP) !== FALSE; |
|
| 32 | - } |
|
| 30 | + public function isValide($value): bool { |
|
| 31 | + return filter_var($value, FILTER_VALIDATE_IP) !== FALSE; |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - public function validate($value) { |
|
| 35 | - return filter_var($value, FILTER_VALIDATE_IP); |
|
| 36 | - } |
|
| 34 | + public function validate($value) { |
|
| 35 | + return filter_var($value, FILTER_VALIDATE_IP); |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | 38 | } |
| 39 | 39 | |
@@ -27,11 +27,11 @@ |
||
| 27 | 27 | |
| 28 | 28 | interface ICaptcha { |
| 29 | 29 | |
| 30 | - public function getHeader () : string; |
|
| 30 | + public function getHeader () : string; |
|
| 31 | 31 | |
| 32 | - public function getFormCode () : string; |
|
| 32 | + public function getFormCode () : string; |
|
| 33 | 33 | |
| 34 | - public function verify (array $params = array()) : bool; |
|
| 34 | + public function verify (array $params = array()) : bool; |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -27,11 +27,11 @@ |
||
| 27 | 27 | |
| 28 | 28 | interface ICaptcha { |
| 29 | 29 | |
| 30 | - public function getHeader () : string; |
|
| 30 | + public function getHeader() : string; |
|
| 31 | 31 | |
| 32 | - public function getFormCode () : string; |
|
| 32 | + public function getFormCode() : string; |
|
| 33 | 33 | |
| 34 | - public function verify (array $params = array()) : bool; |
|
| 34 | + public function verify(array $params = array()) : bool; |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -27,21 +27,21 @@ |
||
| 27 | 27 | |
| 28 | 28 | class Captcha { |
| 29 | 29 | |
| 30 | - protected static $instance = null; |
|
| 30 | + protected static $instance = null; |
|
| 31 | 31 | |
| 32 | - public static function isEnabled () : bool { |
|
| 33 | - return Settings::get("captcha_enabled", true); |
|
| 34 | - } |
|
| 32 | + public static function isEnabled () : bool { |
|
| 33 | + return Settings::get("captcha_enabled", true); |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - public static function getInstance () : ICaptcha { |
|
| 37 | - if (self::$instance == null) { |
|
| 38 | - //create new instance |
|
| 39 | - $class_name = Settings::get("captcha_class_name", "ReCaptcha"); |
|
| 40 | - self::$instance = new $class_name(); |
|
| 41 | - } |
|
| 36 | + public static function getInstance () : ICaptcha { |
|
| 37 | + if (self::$instance == null) { |
|
| 38 | + //create new instance |
|
| 39 | + $class_name = Settings::get("captcha_class_name", "ReCaptcha"); |
|
| 40 | + self::$instance = new $class_name(); |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - return self::$instance; |
|
| 44 | - } |
|
| 43 | + return self::$instance; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | 46 | } |
| 47 | 47 | |
@@ -29,11 +29,11 @@ |
||
| 29 | 29 | |
| 30 | 30 | protected static $instance = null; |
| 31 | 31 | |
| 32 | - public static function isEnabled () : bool { |
|
| 32 | + public static function isEnabled() : bool { |
|
| 33 | 33 | return Settings::get("captcha_enabled", true); |
| 34 | 34 | } |
| 35 | 35 | |
| 36 | - public static function getInstance () : ICaptcha { |
|
| 36 | + public static function getInstance() : ICaptcha { |
|
| 37 | 37 | if (self::$instance == null) { |
| 38 | 38 | //create new instance |
| 39 | 39 | $class_name = Settings::get("captcha_class_name", "ReCaptcha"); |
@@ -25,59 +25,59 @@ |
||
| 25 | 25 | |
| 26 | 26 | class ReCaptcha implements ICaptcha { |
| 27 | 27 | |
| 28 | - public function getHeader(): string { |
|
| 29 | - return "<script src='https://www.google.com/recaptcha/api.js'></script>"; |
|
| 30 | - } |
|
| 28 | + public function getHeader(): string { |
|
| 29 | + return "<script src='https://www.google.com/recaptcha/api.js'></script>"; |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | - public function getFormCode(): string { |
|
| 33 | - //get website key |
|
| 34 | - $website_key = Settings::get("recaptcha_website_key", ""); |
|
| 32 | + public function getFormCode(): string { |
|
| 33 | + //get website key |
|
| 34 | + $website_key = Settings::get("recaptcha_website_key", ""); |
|
| 35 | 35 | |
| 36 | - if (empty($website_key)) { |
|
| 37 | - throw new IllegalStateException("reCaptcha wasnt configured right. Administrators: generate a website & secret key by google recaptcha and set them in settings to fix this issue!"); |
|
| 38 | - } |
|
| 36 | + if (empty($website_key)) { |
|
| 37 | + throw new IllegalStateException("reCaptcha wasnt configured right. Administrators: generate a website & secret key by google recaptcha and set them in settings to fix this issue!"); |
|
| 38 | + } |
|
| 39 | 39 | |
| 40 | - return "<div class=\"g-recaptcha\" data-sitekey=\"" . $website_key . "\"></div>"; |
|
| 41 | - } |
|
| 40 | + return "<div class=\"g-recaptcha\" data-sitekey=\"" . $website_key . "\"></div>"; |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - public function verify(array $params = array()): bool { |
|
| 44 | - $secret_key = Settings::get("recaptcha_secret_key", ""); |
|
| 43 | + public function verify(array $params = array()): bool { |
|
| 44 | + $secret_key = Settings::get("recaptcha_secret_key", ""); |
|
| 45 | 45 | |
| 46 | - if (empty($secret_key)) { |
|
| 47 | - throw new IllegalStateException("Cannot verify recaptcha, because no secret key was set, <a href=\"https://www.google.com/recaptcha/admin\">generate a website & secret key by recaptcha</a> and set them in global settings."); |
|
| 48 | - } |
|
| 46 | + if (empty($secret_key)) { |
|
| 47 | + throw new IllegalStateException("Cannot verify recaptcha, because no secret key was set, <a href=\"https://www.google.com/recaptcha/admin\">generate a website & secret key by recaptcha</a> and set them in global settings."); |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - if (!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) { |
|
| 51 | - //no recaptcha response was set |
|
| 52 | - return false; |
|
| 53 | - } |
|
| 50 | + if (!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) { |
|
| 51 | + //no recaptcha response was set |
|
| 52 | + return false; |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - $g_recaptcha_response = $_POST['g-recaptcha-response']; |
|
| 55 | + $g_recaptcha_response = $_POST['g-recaptcha-response']; |
|
| 56 | 56 | |
| 57 | - $params = array( |
|
| 58 | - 'secret' => $secret_key, |
|
| 59 | - 'response' => $g_recaptcha_response//'remoteip' => "" Optional. The user's IP address. |
|
| 60 | - ); |
|
| 57 | + $params = array( |
|
| 58 | + 'secret' => $secret_key, |
|
| 59 | + 'response' => $g_recaptcha_response//'remoteip' => "" Optional. The user's IP address. |
|
| 60 | + ); |
|
| 61 | 61 | |
| 62 | - //send POST request |
|
| 63 | - $result = PHPUtils::sendPOSTRequest("https://www.google.com/recaptcha/api/siteverify", $params); |
|
| 62 | + //send POST request |
|
| 63 | + $result = PHPUtils::sendPOSTRequest("https://www.google.com/recaptcha/api/siteverify", $params); |
|
| 64 | 64 | |
| 65 | - if (!$result) { |
|
| 66 | - //coulnd send POST request |
|
| 67 | - throw new IllegalStateException("Couldnt send POST request to verify recaptcha"); |
|
| 68 | - } |
|
| 65 | + if (!$result) { |
|
| 66 | + //coulnd send POST request |
|
| 67 | + throw new IllegalStateException("Couldnt send POST request to verify recaptcha"); |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - $json = json_decode($result, true); |
|
| 70 | + $json = json_decode($result, true); |
|
| 71 | 71 | |
| 72 | - if (isset($json['success']) && $json['success'] == true) { |
|
| 73 | - //validation successfully |
|
| 74 | - return true; |
|
| 75 | - } else { |
|
| 76 | - //for error-message see https://developers.google.com/recaptcha/docs/verify |
|
| 72 | + if (isset($json['success']) && $json['success'] == true) { |
|
| 73 | + //validation successfully |
|
| 74 | + return true; |
|
| 75 | + } else { |
|
| 76 | + //for error-message see https://developers.google.com/recaptcha/docs/verify |
|
| 77 | 77 | |
| 78 | - return false; |
|
| 79 | - } |
|
| 80 | - } |
|
| 78 | + return false; |
|
| 79 | + } |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | 82 | } |
| 83 | 83 | |
@@ -27,28 +27,28 @@ |
||
| 27 | 27 | |
| 28 | 28 | class Validator_Username implements Validator_Base { |
| 29 | 29 | |
| 30 | - public function isValide($value): bool { |
|
| 31 | - //https://stackoverflow.com/questions/4383878/php-username-validation |
|
| 32 | - |
|
| 33 | - if(preg_match("/^[" . Settings::get("username_regex", "a-zA-Z0-9\.\-") . "]{" . Settings::get("username_min_length", 4) . "," . Settings::get("username_max_length", 20) . "}$/", $value)) { // for english chars + numbers only |
|
| 34 | - return true; |
|
| 35 | - } |
|
| 36 | - |
|
| 37 | - return false; |
|
| 38 | - } |
|
| 39 | - |
|
| 40 | - public function validate($value) { |
|
| 41 | - if ($this->isValide($value)) { |
|
| 42 | - return $value; |
|
| 43 | - } else { |
|
| 44 | - throw new SecurityException("username is not valide '" . htmlentities($value) . "'!"); |
|
| 45 | - } |
|
| 46 | - } |
|
| 47 | - |
|
| 48 | - public static function get (string $value) : string { |
|
| 49 | - $obj = new Validator_Username(); |
|
| 50 | - return $obj->validate($value); |
|
| 51 | - } |
|
| 30 | + public function isValide($value): bool { |
|
| 31 | + //https://stackoverflow.com/questions/4383878/php-username-validation |
|
| 32 | + |
|
| 33 | + if(preg_match("/^[" . Settings::get("username_regex", "a-zA-Z0-9\.\-") . "]{" . Settings::get("username_min_length", 4) . "," . Settings::get("username_max_length", 20) . "}$/", $value)) { // for english chars + numbers only |
|
| 34 | + return true; |
|
| 35 | + } |
|
| 36 | + |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 39 | + |
|
| 40 | + public function validate($value) { |
|
| 41 | + if ($this->isValide($value)) { |
|
| 42 | + return $value; |
|
| 43 | + } else { |
|
| 44 | + throw new SecurityException("username is not valide '" . htmlentities($value) . "'!"); |
|
| 45 | + } |
|
| 46 | + } |
|
| 47 | + |
|
| 48 | + public static function get (string $value) : string { |
|
| 49 | + $obj = new Validator_Username(); |
|
| 50 | + return $obj->validate($value); |
|
| 51 | + } |
|
| 52 | 52 | |
| 53 | 53 | } |
| 54 | 54 | |
@@ -30,7 +30,7 @@ discard block |
||
| 30 | 30 | public function isValide($value): bool { |
| 31 | 31 | //https://stackoverflow.com/questions/4383878/php-username-validation |
| 32 | 32 | |
| 33 | - if(preg_match("/^[" . Settings::get("username_regex", "a-zA-Z0-9\.\-") . "]{" . Settings::get("username_min_length", 4) . "," . Settings::get("username_max_length", 20) . "}$/", $value)) { // for english chars + numbers only |
|
| 33 | + if (preg_match("/^[" . Settings::get("username_regex", "a-zA-Z0-9\.\-") . "]{" . Settings::get("username_min_length", 4) . "," . Settings::get("username_max_length", 20) . "}$/", $value)) { // for english chars + numbers only |
|
| 34 | 34 | return true; |
| 35 | 35 | } |
| 36 | 36 | |
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
| 48 | - public static function get (string $value) : string { |
|
| 48 | + public static function get(string $value) : string { |
|
| 49 | 49 | $obj = new Validator_Username(); |
| 50 | 50 | return $obj->validate($value); |
| 51 | 51 | } |
@@ -27,133 +27,133 @@ |
||
| 27 | 27 | |
| 28 | 28 | class LoginPage extends PageType { |
| 29 | 29 | |
| 30 | - public function getContent() : string { |
|
| 31 | - $show_form = !User::current()->isLoggedIn(); |
|
| 32 | - |
|
| 33 | - $template = new Template("pages/login", Registry::singleton()); |
|
| 34 | - |
|
| 35 | - if (isset($_REQUEST['action']) && $_REQUEST['action'] === "login") { |
|
| 36 | - //try to login |
|
| 37 | - |
|
| 38 | - $username_set = false; |
|
| 39 | - $mail_set = false; |
|
| 40 | - $password_set = false; |
|
| 41 | - |
|
| 42 | - if (isset($_POST['username']) && !empty($_POST['username'])) { |
|
| 43 | - $username_set = true; |
|
| 44 | - } |
|
| 45 | - |
|
| 46 | - if (isset($_POST['mail']) && !empty($_POST['mail'])) { |
|
| 47 | - $mail_set = true; |
|
| 48 | - } |
|
| 49 | - |
|
| 50 | - if (isset($_POST['password']) && !empty($_POST['password'])) { |
|
| 51 | - $password_set = true; |
|
| 52 | - } |
|
| 53 | - |
|
| 54 | - if (!$username_set && !$mail_set && !$password_set) { |
|
| 55 | - //form was not submitted |
|
| 56 | - } else { |
|
| 57 | - if (!$username_set && !$mail_set) { |
|
| 58 | - $template->parse("main.no_username"); |
|
| 59 | - $template->parse("main.no_mail"); |
|
| 60 | - } |
|
| 61 | - |
|
| 62 | - if (!$password_set) { |
|
| 63 | - $template->parse("main.no_password"); |
|
| 64 | - } |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - if (($username_set || $mail_set) && $password_set) { |
|
| 68 | - //check CSRF token |
|
| 69 | - if (Security::checkCSRFToken()) { |
|
| 70 | - //check, if user is already logged in |
|
| 71 | - if (User::current()->isLoggedIn()) { |
|
| 72 | - $template->assign("ERROR_TEXT", "User is already logged in!"); |
|
| 73 | - $template->parse("main.error_msg"); |
|
| 74 | - |
|
| 75 | - //dont show form, because user is already logged in |
|
| 76 | - $show_form = false; |
|
| 77 | - } else { |
|
| 78 | - //try to login |
|
| 79 | - $user = User::current(); |
|
| 80 | - |
|
| 81 | - if ($username_set) { |
|
| 82 | - $res = $user->loginByUsername($_REQUEST['username'], $_REQUEST['password']); |
|
| 83 | - } else { |
|
| 84 | - $res = $user->loginByMail($_REQUEST['mail'], $_REQUEST['password']); |
|
| 85 | - } |
|
| 86 | - |
|
| 87 | - if ($res['success'] === true) { |
|
| 88 | - //login successful, show redirect |
|
| 89 | - |
|
| 90 | - if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) { |
|
| 91 | - //TODO: check for security issues, maybe we should check if redirect_url is a known domain |
|
| 92 | - |
|
| 93 | - header("Location: " . urldecode($_REQUEST['redirect_url'])); |
|
| 94 | - |
|
| 95 | - //flush gzip buffer |
|
| 96 | - ob_end_flush(); |
|
| 97 | - |
|
| 98 | - exit; |
|
| 99 | - } else { |
|
| 100 | - //redirect to index page |
|
| 101 | - |
|
| 102 | - //get domain |
|
| 103 | - $domain = Registry::singleton()->getObject("domain"); |
|
| 104 | - |
|
| 105 | - //generate index url |
|
| 106 | - $index_url = DomainUtils::generateURL($domain->getHomePage()); |
|
| 107 | - |
|
| 108 | - header("Location: " . $index_url); |
|
| 109 | - |
|
| 110 | - //flush gzip buffer |
|
| 111 | - ob_end_flush(); |
|
| 112 | - |
|
| 113 | - exit; |
|
| 114 | - } |
|
| 115 | - |
|
| 116 | - $template->parse("login_successful"); |
|
| 117 | - |
|
| 118 | - Events::throwEvent("page_login_successful"); |
|
| 119 | - |
|
| 120 | - $show_form = false; |
|
| 121 | - } else { |
|
| 122 | - if ($res['error'] === "user_not_exists") { |
|
| 123 | - $template->assign("ERROR_TEXT", /*"Username doesnt exists!"*/"Wrong credentials!"); |
|
| 124 | - $template->parse("main.error_msg"); |
|
| 125 | - } else if ($res['error'] === "wrong_password") { |
|
| 126 | - $template->assign("ERROR_TEXT", /*"Wrong password!"*/"Wrong credentials!"); |
|
| 127 | - $template->parse("main.error_msg"); |
|
| 128 | - } else if ($res['error'] === "mail_not_valide") { |
|
| 129 | - $template->assign("ERROR_TEXT", /*"Mail is not valide!"*/"Wrong credentials!"); |
|
| 130 | - $template->parse("main.error_msg"); |
|
| 131 | - } else { |
|
| 132 | - $template->assign("ERROR_TEXT", "Unknown error message: " . $res['error']); |
|
| 133 | - $template->parse("main.error_msg"); |
|
| 134 | - } |
|
| 135 | - } |
|
| 136 | - } |
|
| 137 | - } else { |
|
| 138 | - $template->assign("ERROR_TEXT", "Wrong CSRF token! Please try to login again!"); |
|
| 139 | - $template->parse("main.error_msg"); |
|
| 140 | - } |
|
| 141 | - } |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - if ($show_form) {//show form |
|
| 145 | - $template->parse("main.form"); |
|
| 146 | - } else if (User::current()->isLoggedIn()) { |
|
| 147 | - $template->assign("USERID", User::current()->getID()); |
|
| 148 | - $template->assign("USERNAME", User::current()->getUsername()); |
|
| 149 | - |
|
| 150 | - $template->parse("main.already_logged_in"); |
|
| 151 | - } |
|
| 152 | - |
|
| 153 | - //get HTML code |
|
| 154 | - $template->parse(); |
|
| 155 | - return $template->getCode(); |
|
| 156 | - } |
|
| 30 | + public function getContent() : string { |
|
| 31 | + $show_form = !User::current()->isLoggedIn(); |
|
| 32 | + |
|
| 33 | + $template = new Template("pages/login", Registry::singleton()); |
|
| 34 | + |
|
| 35 | + if (isset($_REQUEST['action']) && $_REQUEST['action'] === "login") { |
|
| 36 | + //try to login |
|
| 37 | + |
|
| 38 | + $username_set = false; |
|
| 39 | + $mail_set = false; |
|
| 40 | + $password_set = false; |
|
| 41 | + |
|
| 42 | + if (isset($_POST['username']) && !empty($_POST['username'])) { |
|
| 43 | + $username_set = true; |
|
| 44 | + } |
|
| 45 | + |
|
| 46 | + if (isset($_POST['mail']) && !empty($_POST['mail'])) { |
|
| 47 | + $mail_set = true; |
|
| 48 | + } |
|
| 49 | + |
|
| 50 | + if (isset($_POST['password']) && !empty($_POST['password'])) { |
|
| 51 | + $password_set = true; |
|
| 52 | + } |
|
| 53 | + |
|
| 54 | + if (!$username_set && !$mail_set && !$password_set) { |
|
| 55 | + //form was not submitted |
|
| 56 | + } else { |
|
| 57 | + if (!$username_set && !$mail_set) { |
|
| 58 | + $template->parse("main.no_username"); |
|
| 59 | + $template->parse("main.no_mail"); |
|
| 60 | + } |
|
| 61 | + |
|
| 62 | + if (!$password_set) { |
|
| 63 | + $template->parse("main.no_password"); |
|
| 64 | + } |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + if (($username_set || $mail_set) && $password_set) { |
|
| 68 | + //check CSRF token |
|
| 69 | + if (Security::checkCSRFToken()) { |
|
| 70 | + //check, if user is already logged in |
|
| 71 | + if (User::current()->isLoggedIn()) { |
|
| 72 | + $template->assign("ERROR_TEXT", "User is already logged in!"); |
|
| 73 | + $template->parse("main.error_msg"); |
|
| 74 | + |
|
| 75 | + //dont show form, because user is already logged in |
|
| 76 | + $show_form = false; |
|
| 77 | + } else { |
|
| 78 | + //try to login |
|
| 79 | + $user = User::current(); |
|
| 80 | + |
|
| 81 | + if ($username_set) { |
|
| 82 | + $res = $user->loginByUsername($_REQUEST['username'], $_REQUEST['password']); |
|
| 83 | + } else { |
|
| 84 | + $res = $user->loginByMail($_REQUEST['mail'], $_REQUEST['password']); |
|
| 85 | + } |
|
| 86 | + |
|
| 87 | + if ($res['success'] === true) { |
|
| 88 | + //login successful, show redirect |
|
| 89 | + |
|
| 90 | + if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) { |
|
| 91 | + //TODO: check for security issues, maybe we should check if redirect_url is a known domain |
|
| 92 | + |
|
| 93 | + header("Location: " . urldecode($_REQUEST['redirect_url'])); |
|
| 94 | + |
|
| 95 | + //flush gzip buffer |
|
| 96 | + ob_end_flush(); |
|
| 97 | + |
|
| 98 | + exit; |
|
| 99 | + } else { |
|
| 100 | + //redirect to index page |
|
| 101 | + |
|
| 102 | + //get domain |
|
| 103 | + $domain = Registry::singleton()->getObject("domain"); |
|
| 104 | + |
|
| 105 | + //generate index url |
|
| 106 | + $index_url = DomainUtils::generateURL($domain->getHomePage()); |
|
| 107 | + |
|
| 108 | + header("Location: " . $index_url); |
|
| 109 | + |
|
| 110 | + //flush gzip buffer |
|
| 111 | + ob_end_flush(); |
|
| 112 | + |
|
| 113 | + exit; |
|
| 114 | + } |
|
| 115 | + |
|
| 116 | + $template->parse("login_successful"); |
|
| 117 | + |
|
| 118 | + Events::throwEvent("page_login_successful"); |
|
| 119 | + |
|
| 120 | + $show_form = false; |
|
| 121 | + } else { |
|
| 122 | + if ($res['error'] === "user_not_exists") { |
|
| 123 | + $template->assign("ERROR_TEXT", /*"Username doesnt exists!"*/"Wrong credentials!"); |
|
| 124 | + $template->parse("main.error_msg"); |
|
| 125 | + } else if ($res['error'] === "wrong_password") { |
|
| 126 | + $template->assign("ERROR_TEXT", /*"Wrong password!"*/"Wrong credentials!"); |
|
| 127 | + $template->parse("main.error_msg"); |
|
| 128 | + } else if ($res['error'] === "mail_not_valide") { |
|
| 129 | + $template->assign("ERROR_TEXT", /*"Mail is not valide!"*/"Wrong credentials!"); |
|
| 130 | + $template->parse("main.error_msg"); |
|
| 131 | + } else { |
|
| 132 | + $template->assign("ERROR_TEXT", "Unknown error message: " . $res['error']); |
|
| 133 | + $template->parse("main.error_msg"); |
|
| 134 | + } |
|
| 135 | + } |
|
| 136 | + } |
|
| 137 | + } else { |
|
| 138 | + $template->assign("ERROR_TEXT", "Wrong CSRF token! Please try to login again!"); |
|
| 139 | + $template->parse("main.error_msg"); |
|
| 140 | + } |
|
| 141 | + } |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + if ($show_form) {//show form |
|
| 145 | + $template->parse("main.form"); |
|
| 146 | + } else if (User::current()->isLoggedIn()) { |
|
| 147 | + $template->assign("USERID", User::current()->getID()); |
|
| 148 | + $template->assign("USERNAME", User::current()->getUsername()); |
|
| 149 | + |
|
| 150 | + $template->parse("main.already_logged_in"); |
|
| 151 | + } |
|
| 152 | + |
|
| 153 | + //get HTML code |
|
| 154 | + $template->parse(); |
|
| 155 | + return $template->getCode(); |
|
| 156 | + } |
|
| 157 | 157 | |
| 158 | 158 | } |
| 159 | 159 | |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | |
| 28 | 28 | class Mail_Verification { |
| 29 | 29 | |
| 30 | - public static function sendMail (int $userID, string $username, string $mail) { |
|
| 30 | + public static function sendMail(int $userID, string $username, string $mail) { |
|
| 31 | 31 | //generate token |
| 32 | 32 | $token = PHPUtils::randomString(64); |
| 33 | 33 | |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | MailApi::sendHTMLMail($mail, "Mail Verification " . Settings::get("website_name", ""), $message); |
| 58 | 58 | } |
| 59 | 59 | |
| 60 | - public static function checkToken (string $token) : bool { |
|
| 60 | + public static function checkToken(string $token) : bool { |
|
| 61 | 61 | $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
| 62 | 62 | |
| 63 | 63 | if ($row === false) { |
@@ -73,7 +73,7 @@ discard block |
||
| 73 | 73 | } |
| 74 | 74 | } |
| 75 | 75 | |
| 76 | - public static function removeToken (string $token) { |
|
| 76 | + public static function removeToken(string $token) { |
|
| 77 | 77 | Database::getInstance()->execute("DELETE FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
| 78 | 78 | } |
| 79 | 79 | |
@@ -27,55 +27,55 @@ |
||
| 27 | 27 | |
| 28 | 28 | class Mail_Verification { |
| 29 | 29 | |
| 30 | - public static function sendMail (int $userID, string $username, string $mail) { |
|
| 31 | - //generate token |
|
| 32 | - $token = PHPUtils::randomString(64); |
|
| 30 | + public static function sendMail (int $userID, string $username, string $mail) { |
|
| 31 | + //generate token |
|
| 32 | + $token = PHPUtils::randomString(64); |
|
| 33 | 33 | |
| 34 | - Database::getInstance()->execute("INSERT INTO `{praefix}register_mail_verification` ( |
|
| 34 | + Database::getInstance()->execute("INSERT INTO `{praefix}register_mail_verification` ( |
|
| 35 | 35 | `userID`, `token` |
| 36 | 36 | ) VALUES ( |
| 37 | 37 | :userID, :token |
| 38 | 38 | ) ON DUPLICATE KEY UPDATE `token` = :token; ", array( |
| 39 | - 'userID' => $userID, |
|
| 40 | - 'token' => $token |
|
| 41 | - )); |
|
| 42 | - |
|
| 43 | - //send mail |
|
| 44 | - $template = new DwooTemplate(STORE_PATH . "templates/mail/verify_mail.tpl"); |
|
| 45 | - |
|
| 46 | - //assign variables |
|
| 47 | - $template->assign("token", $token); |
|
| 48 | - $template->assign("userID", $userID); |
|
| 49 | - $template->assign("username", $username); |
|
| 50 | - $template->assign("verify_url", DomainUtils::generateURL("user/verify_mail", array('token' => $token, 'username' => $username))); |
|
| 51 | - $template->assign("base_url", DomainUtils::getBaseURL()); |
|
| 52 | - $template->assign("mail", $mail); |
|
| 53 | - |
|
| 54 | - $message = $template->getCode(); |
|
| 55 | - |
|
| 56 | - //send mail |
|
| 57 | - MailApi::sendHTMLMail($mail, "Mail Verification " . Settings::get("website_name", ""), $message); |
|
| 58 | - } |
|
| 59 | - |
|
| 60 | - public static function checkToken (string $token) : bool { |
|
| 61 | - $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
|
| 62 | - |
|
| 63 | - if ($row === false) { |
|
| 64 | - return false; |
|
| 65 | - } else { |
|
| 66 | - //activate user |
|
| 67 | - Database::getInstance()->execute("UPDATE `{praefix}user` SET `activated` = '1' WHERE `userID` = :userID AND `activated` = '2'; ", array('userID' => $row['userID'])); |
|
| 68 | - |
|
| 69 | - //remove token |
|
| 70 | - self::removeToken($token); |
|
| 71 | - |
|
| 72 | - return true; |
|
| 73 | - } |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - public static function removeToken (string $token) { |
|
| 77 | - Database::getInstance()->execute("DELETE FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
|
| 78 | - } |
|
| 39 | + 'userID' => $userID, |
|
| 40 | + 'token' => $token |
|
| 41 | + )); |
|
| 42 | + |
|
| 43 | + //send mail |
|
| 44 | + $template = new DwooTemplate(STORE_PATH . "templates/mail/verify_mail.tpl"); |
|
| 45 | + |
|
| 46 | + //assign variables |
|
| 47 | + $template->assign("token", $token); |
|
| 48 | + $template->assign("userID", $userID); |
|
| 49 | + $template->assign("username", $username); |
|
| 50 | + $template->assign("verify_url", DomainUtils::generateURL("user/verify_mail", array('token' => $token, 'username' => $username))); |
|
| 51 | + $template->assign("base_url", DomainUtils::getBaseURL()); |
|
| 52 | + $template->assign("mail", $mail); |
|
| 53 | + |
|
| 54 | + $message = $template->getCode(); |
|
| 55 | + |
|
| 56 | + //send mail |
|
| 57 | + MailApi::sendHTMLMail($mail, "Mail Verification " . Settings::get("website_name", ""), $message); |
|
| 58 | + } |
|
| 59 | + |
|
| 60 | + public static function checkToken (string $token) : bool { |
|
| 61 | + $row = Database::getInstance()->getRow("SELECT * FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
|
| 62 | + |
|
| 63 | + if ($row === false) { |
|
| 64 | + return false; |
|
| 65 | + } else { |
|
| 66 | + //activate user |
|
| 67 | + Database::getInstance()->execute("UPDATE `{praefix}user` SET `activated` = '1' WHERE `userID` = :userID AND `activated` = '2'; ", array('userID' => $row['userID'])); |
|
| 68 | + |
|
| 69 | + //remove token |
|
| 70 | + self::removeToken($token); |
|
| 71 | + |
|
| 72 | + return true; |
|
| 73 | + } |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + public static function removeToken (string $token) { |
|
| 77 | + Database::getInstance()->execute("DELETE FROM `{praefix}register_mail_verification` WHERE `token` = :token; ", array('token' => $token)); |
|
| 78 | + } |
|
| 79 | 79 | |
| 80 | 80 | } |
| 81 | 81 | |
@@ -27,46 +27,46 @@ |
||
| 27 | 27 | |
| 28 | 28 | class MailApi { |
| 29 | 29 | |
| 30 | - public static function sendPlainMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 31 | - if (!Settings::get("send_mails_enabled", true)) { |
|
| 32 | - //send mails is not enabled |
|
| 33 | - return false; |
|
| 34 | - } |
|
| 30 | + public static function sendPlainMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 31 | + if (!Settings::get("send_mails_enabled", true)) { |
|
| 32 | + //send mails is not enabled |
|
| 33 | + return false; |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - return self::getClass()->sendPlainMail($to, $subject, $message, $options, $from, $reply_to); |
|
| 37 | - } |
|
| 36 | + return self::getClass()->sendPlainMail($to, $subject, $message, $options, $from, $reply_to); |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - public static function sendHTMLMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 40 | - if (!Settings::get("send_mails_enabled", true)) { |
|
| 41 | - //send mails is not enabled |
|
| 42 | - return false; |
|
| 43 | - } |
|
| 39 | + public static function sendHTMLMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 40 | + if (!Settings::get("send_mails_enabled", true)) { |
|
| 41 | + //send mails is not enabled |
|
| 42 | + return false; |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - return self::getClass()->sendHTMLMail($to, $subject, $message, $options, $from, $reply_to); |
|
| 46 | - } |
|
| 45 | + return self::getClass()->sendHTMLMail($to, $subject, $message, $options, $from, $reply_to); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - protected static function getClass () : MailSender { |
|
| 49 | - //get setting |
|
| 50 | - $class_name = Settings::get("sendmail_method", "PHPMail"); |
|
| 48 | + protected static function getClass () : MailSender { |
|
| 49 | + //get setting |
|
| 50 | + $class_name = Settings::get("sendmail_method", "PHPMail"); |
|
| 51 | 51 | |
| 52 | - $obj = new $class_name(); |
|
| 52 | + $obj = new $class_name(); |
|
| 53 | 53 | |
| 54 | - if (!($obj instanceof MailSender)) { |
|
| 55 | - throw new IllegalStateException("setting sendmail_method isnt a valide class which implements interface 'MailSender'."); |
|
| 56 | - } |
|
| 54 | + if (!($obj instanceof MailSender)) { |
|
| 55 | + throw new IllegalStateException("setting sendmail_method isnt a valide class which implements interface 'MailSender'."); |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - return $obj; |
|
| 59 | - } |
|
| 58 | + return $obj; |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - public static function getSignature () : string { |
|
| 62 | - $signature = Settings::get("mail_signature", ""); |
|
| 61 | + public static function getSignature () : string { |
|
| 62 | + $signature = Settings::get("mail_signature", ""); |
|
| 63 | 63 | |
| 64 | - Events::throwEvent("get_mail_signature", array( |
|
| 65 | - 'signature' => &$signature |
|
| 66 | - )); |
|
| 64 | + Events::throwEvent("get_mail_signature", array( |
|
| 65 | + 'signature' => &$signature |
|
| 66 | + )); |
|
| 67 | 67 | |
| 68 | - return $signature; |
|
| 69 | - } |
|
| 68 | + return $signature; |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | 71 | } |
| 72 | 72 | |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | |
| 28 | 28 | class MailApi { |
| 29 | 29 | |
| 30 | - public static function sendPlainMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 30 | + public static function sendPlainMail($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 31 | 31 | if (!Settings::get("send_mails_enabled", true)) { |
| 32 | 32 | //send mails is not enabled |
| 33 | 33 | return false; |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | return self::getClass()->sendPlainMail($to, $subject, $message, $options, $from, $reply_to); |
| 37 | 37 | } |
| 38 | 38 | |
| 39 | - public static function sendHTMLMail ($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 39 | + public static function sendHTMLMail($to, string $subject, string $message, array $options = array(), string $from = "", string $reply_to = "") : bool { |
|
| 40 | 40 | if (!Settings::get("send_mails_enabled", true)) { |
| 41 | 41 | //send mails is not enabled |
| 42 | 42 | return false; |
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | return self::getClass()->sendHTMLMail($to, $subject, $message, $options, $from, $reply_to); |
| 46 | 46 | } |
| 47 | 47 | |
| 48 | - protected static function getClass () : MailSender { |
|
| 48 | + protected static function getClass() : MailSender { |
|
| 49 | 49 | //get setting |
| 50 | 50 | $class_name = Settings::get("sendmail_method", "PHPMail"); |
| 51 | 51 | |
@@ -58,7 +58,7 @@ discard block |
||
| 58 | 58 | return $obj; |
| 59 | 59 | } |
| 60 | 60 | |
| 61 | - public static function getSignature () : string { |
|
| 61 | + public static function getSignature() : string { |
|
| 62 | 62 | $signature = Settings::get("mail_signature", ""); |
| 63 | 63 | |
| 64 | 64 | Events::throwEvent("get_mail_signature", array( |
@@ -27,296 +27,296 @@ |
||
| 27 | 27 | |
| 28 | 28 | class RegisterPage extends PageType { |
| 29 | 29 | |
| 30 | - public function getAdditionalHeaderCode(): string { |
|
| 31 | - //check, if captcha is enabled |
|
| 32 | - if (!Captcha::isEnabled()) { |
|
| 33 | - return ""; |
|
| 34 | - } |
|
| 35 | - |
|
| 36 | - //get code between <head> and </head> |
|
| 37 | - return Captcha::getInstance()->getHeader(); |
|
| 38 | - } |
|
| 39 | - |
|
| 40 | - public function getContent(): string { |
|
| 41 | - $template = new DwooTemplate("pages/register"); |
|
| 42 | - |
|
| 43 | - $registration_enabled = Settings::get("registration_enabled", false); |
|
| 44 | - |
|
| 45 | - if (!$registration_enabled) { |
|
| 46 | - //registration is not enabled |
|
| 47 | - $template->assign("registration_enabled", false); |
|
| 48 | - } else { |
|
| 49 | - $template->assign("registration_enabled", true); |
|
| 50 | - $template->assign("action_url", DomainUtils::generateURL($this->getPage()->getAlias())); |
|
| 51 | - |
|
| 52 | - $fields = array(); |
|
| 53 | - |
|
| 54 | - //add fields |
|
| 55 | - $fields[] = array( |
|
| 56 | - 'name' => "username", |
|
| 57 | - 'title' => "Username", |
|
| 58 | - 'type' => "text", |
|
| 59 | - 'placeholder' => "Username", |
|
| 60 | - 'required' => true, |
|
| 61 | - 'value' => (isset($_REQUEST['username']) && !empty($_REQUEST['username']) ? str_replace("\"", "", $_REQUEST['username']) : ""), |
|
| 62 | - 'custom_html' => false, |
|
| 63 | - 'text_behind', |
|
| 64 | - 'text_behind' => "", |
|
| 65 | - 'validator' => "Validator_Username" |
|
| 66 | - ); |
|
| 67 | - |
|
| 68 | - $fields[] = array( |
|
| 69 | - 'name' => "mail", |
|
| 70 | - 'title' => "E-Mail", |
|
| 71 | - 'type' => "email", |
|
| 72 | - 'placeholder' => "[email protected]", |
|
| 73 | - 'required' => true, |
|
| 74 | - 'value' => (isset($_REQUEST['mail']) && !empty($_REQUEST['mail']) ? str_replace("\"", "", $_REQUEST['mail']) : ""), |
|
| 75 | - 'custom_html' => false, |
|
| 76 | - 'text_behind' => "", |
|
| 77 | - 'validator' => "Validator_Mail" |
|
| 78 | - ); |
|
| 79 | - |
|
| 80 | - $fields[] = array( |
|
| 81 | - 'name' => "password", |
|
| 82 | - 'title' => "Password", |
|
| 83 | - 'type' => "password", |
|
| 84 | - 'placeholder' => "Password", |
|
| 85 | - 'required' => true, |
|
| 86 | - 'value' => "", |
|
| 87 | - 'custom_html' => false, |
|
| 88 | - 'text_behind' => "", |
|
| 89 | - 'validator' => "Validator_Password", |
|
| 90 | - 'hints' => "All characters are allowed, min length: 8, max length: 64" |
|
| 91 | - ); |
|
| 92 | - |
|
| 93 | - $fields[] = array( |
|
| 94 | - 'name' => "password_repeat", |
|
| 95 | - 'title' => "Repeat password", |
|
| 96 | - 'type' => "password", |
|
| 97 | - 'placeholder' => "Password", |
|
| 98 | - 'required' => true, |
|
| 99 | - 'value' => "", |
|
| 100 | - 'custom_html' => false, |
|
| 101 | - 'text_behind' => "", |
|
| 102 | - 'validator' => "Validator_Password", |
|
| 103 | - 'hints' => "All characters are allowed, min length: 8, max length: 64" |
|
| 104 | - ); |
|
| 105 | - |
|
| 106 | - $fields[] = array( |
|
| 107 | - 'name' => "agb", |
|
| 108 | - 'title' => "Terms of use", |
|
| 109 | - 'type' => "checkbox", |
|
| 110 | - 'placeholder' => "", |
|
| 111 | - 'required' => true, |
|
| 112 | - 'value' => "checked", |
|
| 113 | - 'custom_html' => false, |
|
| 114 | - 'text_behind' => "<br />I have read and agree with the <a href=\"" . DomainUtils::generateURL(Settings::get("agb_page", "agb")) . "\" target=\"_blank\">terms of use</a>", |
|
| 115 | - 'validator' => null |
|
| 116 | - ); |
|
| 117 | - |
|
| 118 | - Events::throwEvent("register_fields", array( |
|
| 119 | - 'fields' => &$fields, |
|
| 120 | - 'template' => &$template |
|
| 121 | - )); |
|
| 122 | - |
|
| 123 | - //array with all validated values of fields |
|
| 124 | - $field_values = array(); |
|
| 125 | - |
|
| 126 | - //add captcha field, if captcha enabled |
|
| 127 | - if (Captcha::isEnabled()) { |
|
| 128 | - $fields[] = array( |
|
| 129 | - 'name' => "captcha", |
|
| 130 | - 'title' => "Captcha", |
|
| 131 | - 'type' => "", |
|
| 132 | - 'placeholder' => "", |
|
| 133 | - 'required' => true, |
|
| 134 | - 'value' => "captcha", |
|
| 135 | - 'custom_html' => "<input type=\"hidden\" name=\"captcha\" value=\"captcha\" />" . Captcha::getInstance()->getFormCode(), |
|
| 136 | - 'validator' => null |
|
| 137 | - ); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - if (isset($_REQUEST['submit']) && !empty($_REQUEST['submit'])) { |
|
| 141 | - $validate = true; |
|
| 142 | - $error_msg_array = array(); |
|
| 143 | - |
|
| 144 | - //check CSRF token |
|
| 145 | - if (!Security::checkCSRFToken()) { |
|
| 146 | - $validate = false; |
|
| 147 | - $error_msg_array[] = "Wrong CSRF token!"; |
|
| 148 | - } |
|
| 149 | - |
|
| 150 | - //check fields |
|
| 151 | - foreach ($fields as $field) { |
|
| 152 | - //check, if field is required |
|
| 153 | - if ($field['required']) { |
|
| 154 | - if (!isset($_POST[$field['name']]) || empty($_POST[$field['name']])) { |
|
| 155 | - $validate = false; |
|
| 156 | - $error_msg_array[] = "Field '" . $field['title'] . "' wasnt filled!"; |
|
| 157 | - } |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - //validate fields |
|
| 161 | - if (isset($_POST[$field['name']])) { |
|
| 162 | - $validator = $field['validator']; |
|
| 163 | - |
|
| 164 | - if (!is_null($validator) && !empty($validator)) { |
|
| 165 | - $obj = new $validator; |
|
| 166 | - |
|
| 167 | - if (!$obj->isValide($_POST[$field['name']])) { |
|
| 168 | - $validate = false; |
|
| 169 | - $error_msg_array[] = "Field '" . $field['title'] . "' is not valide! " . (isset($field['hints']) ? $field['hints'] : ""); |
|
| 170 | - } else { |
|
| 171 | - //set validated value |
|
| 172 | - $field_values[$field['name']] = $obj->validate($_POST[$field['name']]); |
|
| 173 | - } |
|
| 174 | - } |
|
| 175 | - } |
|
| 176 | - } |
|
| 177 | - |
|
| 178 | - //check, if username already exists |
|
| 179 | - if (isset($_POST['username']) && !empty($_POST['username'])) { |
|
| 180 | - $username = $_POST['username']; |
|
| 181 | - |
|
| 182 | - if (User::existsUsername($username)) { |
|
| 183 | - $validate = false; |
|
| 184 | - $error_msg_array[] = "Username '" . htmlentities($_POST['username']) . "' already exists! Choose another username!"; |
|
| 185 | - } |
|
| 186 | - } |
|
| 187 | - |
|
| 188 | - //check, if mail already exists |
|
| 189 | - if (isset($_POST['mail']) && !empty($_POST['mail'])) { |
|
| 190 | - $mail = $_POST['mail']; |
|
| 191 | - |
|
| 192 | - if (User::existsMail($mail)) { |
|
| 193 | - $validate = false; |
|
| 194 | - $error_msg_array[] = "Mail '" . htmlentities($_POST['mail']) . "' already exists in system! Maybe you are already registered? Choose another mail address or login!"; |
|
| 195 | - } |
|
| 196 | - } |
|
| 197 | - |
|
| 198 | - //check, if passwords are equals |
|
| 199 | - if (isset($_POST['password']) && isset($_POST['password_repeat']) && !PHPUtils::strEqs($_POST['password'], $_POST['password_repeat'])) { |
|
| 200 | - $validate = false; |
|
| 201 | - $error_msg_array[] = "Repeated password isnt the same!"; |
|
| 202 | - } |
|
| 203 | - |
|
| 204 | - //check, if agb is checked |
|
| 205 | - if (!isset($_POST['agb']) || $_POST['agb'] !== "checked") { |
|
| 206 | - $validate = false; |
|
| 207 | - $error_msg_array[] = "Please agree to AGB and fillout checkbox!"; |
|
| 208 | - } |
|
| 209 | - |
|
| 210 | - //check captcha, if enabled |
|
| 211 | - if (Captcha::isEnabled()) { |
|
| 212 | - if (!Captcha::getInstance()->verify()) { |
|
| 213 | - $validate = false; |
|
| 214 | - $error_msg_array[] = "Wrong captcha!"; |
|
| 215 | - } |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - Events::throwEvent("register_validate", array( |
|
| 219 | - 'valide' => &$validate, |
|
| 220 | - 'fields' => &$fields, |
|
| 221 | - 'field_values' => &$field_values, |
|
| 222 | - 'error_msg_array' => &$error_msg_array |
|
| 223 | - )); |
|
| 224 | - |
|
| 225 | - if ($validate) { |
|
| 226 | - $text = ""; |
|
| 227 | - |
|
| 228 | - //get activation method |
|
| 229 | - $activation_method = Settings::get("register_activation_method", "auto"); |
|
| 230 | - |
|
| 231 | - $activated = 2; |
|
| 232 | - |
|
| 233 | - if ($activation_method === "auto") { |
|
| 234 | - $activated = 1; |
|
| 235 | - } |
|
| 236 | - |
|
| 237 | - //get fields |
|
| 238 | - $username = $field_values['username']; |
|
| 239 | - $password = $_POST['password']; |
|
| 240 | - $mail = $field_values['mail']; |
|
| 241 | - |
|
| 242 | - //get IP address of user |
|
| 243 | - $ip = PHPUtils::getClientIP(); |
|
| 244 | - |
|
| 245 | - $main_group = 2; |
|
| 246 | - |
|
| 247 | - //create new user |
|
| 248 | - $res = User::create($username, $password, $mail, $ip, $main_group, "", $activated); |
|
| 249 | - |
|
| 250 | - if ($res === true || $res['success'] === true) { |
|
| 251 | - //throw event for custom registration fields |
|
| 252 | - Events::throwEvent("register_execute", array( |
|
| 253 | - 'field_values' => $field_values, |
|
| 254 | - 'text' => &$text |
|
| 255 | - )); |
|
| 256 | - |
|
| 257 | - switch ($activation_method) { |
|
| 258 | - case "auto": |
|
| 259 | - //login user automatically |
|
| 260 | - User::current()->loginByID($res['userID']); |
|
| 261 | - |
|
| 262 | - //redirect user to home page |
|
| 263 | - //header("Location: " . DomainUtils::generateURL(Domain::getCurrent()->getHomePage())); |
|
| 264 | - //exit; |
|
| 265 | - |
|
| 266 | - $text .= "You are automatically logged-in now. <a href=\"" . DomainUtils::generateURL(Domain::getCurrent()->getHomePage()) . "\">Homepage</a>"; |
|
| 267 | - |
|
| 268 | - break; |
|
| 269 | - |
|
| 270 | - case "mail_verification": |
|
| 271 | - //send verification mail |
|
| 272 | - Mail_Verification::sendMail($res['userID'], $res['username'], $res['mail']); |
|
| 273 | - |
|
| 274 | - $text .= "Before you can login you have to verify your mail address! For this we have send you a mail with a link, please click on this link!"; |
|
| 275 | - |
|
| 276 | - break; |
|
| 277 | - |
|
| 278 | - case "manual_verification": |
|
| 279 | - |
|
| 280 | - //TODO: inform administrator |
|
| 281 | - |
|
| 282 | - $text .= "An Administrator has to activate your account manually now."; |
|
| 283 | - |
|
| 284 | - break; |
|
| 285 | - |
|
| 286 | - default: |
|
| 287 | - throw new IllegalStateException("Unknown activation method: " . $activation_method); |
|
| 288 | - break; |
|
| 289 | - } |
|
| 290 | - |
|
| 291 | - $template->assign("error", !$validate); |
|
| 292 | - $template->assign("error_msg_array", $error_msg_array); |
|
| 293 | - $template->assign("success", $validate); |
|
| 294 | - $template->assign("additional_success_text", $text); |
|
| 295 | - } else { |
|
| 296 | - $template->assign("error", true); |
|
| 297 | - $template->assign("error_msg_array", array("Couldnt create user. Please contact the administrator of this website!")); |
|
| 298 | - $template->assign("success", false); |
|
| 299 | - } |
|
| 300 | - } else { |
|
| 301 | - $template->assign("error", !$validate); |
|
| 302 | - $template->assign("error_msg_array", $error_msg_array); |
|
| 303 | - $template->assign("success", $validate); |
|
| 304 | - } |
|
| 305 | - } else { |
|
| 306 | - $template->assign("error", false); |
|
| 307 | - } |
|
| 30 | + public function getAdditionalHeaderCode(): string { |
|
| 31 | + //check, if captcha is enabled |
|
| 32 | + if (!Captcha::isEnabled()) { |
|
| 33 | + return ""; |
|
| 34 | + } |
|
| 35 | + |
|
| 36 | + //get code between <head> and </head> |
|
| 37 | + return Captcha::getInstance()->getHeader(); |
|
| 38 | + } |
|
| 39 | + |
|
| 40 | + public function getContent(): string { |
|
| 41 | + $template = new DwooTemplate("pages/register"); |
|
| 42 | + |
|
| 43 | + $registration_enabled = Settings::get("registration_enabled", false); |
|
| 44 | + |
|
| 45 | + if (!$registration_enabled) { |
|
| 46 | + //registration is not enabled |
|
| 47 | + $template->assign("registration_enabled", false); |
|
| 48 | + } else { |
|
| 49 | + $template->assign("registration_enabled", true); |
|
| 50 | + $template->assign("action_url", DomainUtils::generateURL($this->getPage()->getAlias())); |
|
| 51 | + |
|
| 52 | + $fields = array(); |
|
| 53 | + |
|
| 54 | + //add fields |
|
| 55 | + $fields[] = array( |
|
| 56 | + 'name' => "username", |
|
| 57 | + 'title' => "Username", |
|
| 58 | + 'type' => "text", |
|
| 59 | + 'placeholder' => "Username", |
|
| 60 | + 'required' => true, |
|
| 61 | + 'value' => (isset($_REQUEST['username']) && !empty($_REQUEST['username']) ? str_replace("\"", "", $_REQUEST['username']) : ""), |
|
| 62 | + 'custom_html' => false, |
|
| 63 | + 'text_behind', |
|
| 64 | + 'text_behind' => "", |
|
| 65 | + 'validator' => "Validator_Username" |
|
| 66 | + ); |
|
| 67 | + |
|
| 68 | + $fields[] = array( |
|
| 69 | + 'name' => "mail", |
|
| 70 | + 'title' => "E-Mail", |
|
| 71 | + 'type' => "email", |
|
| 72 | + 'placeholder' => "[email protected]", |
|
| 73 | + 'required' => true, |
|
| 74 | + 'value' => (isset($_REQUEST['mail']) && !empty($_REQUEST['mail']) ? str_replace("\"", "", $_REQUEST['mail']) : ""), |
|
| 75 | + 'custom_html' => false, |
|
| 76 | + 'text_behind' => "", |
|
| 77 | + 'validator' => "Validator_Mail" |
|
| 78 | + ); |
|
| 79 | + |
|
| 80 | + $fields[] = array( |
|
| 81 | + 'name' => "password", |
|
| 82 | + 'title' => "Password", |
|
| 83 | + 'type' => "password", |
|
| 84 | + 'placeholder' => "Password", |
|
| 85 | + 'required' => true, |
|
| 86 | + 'value' => "", |
|
| 87 | + 'custom_html' => false, |
|
| 88 | + 'text_behind' => "", |
|
| 89 | + 'validator' => "Validator_Password", |
|
| 90 | + 'hints' => "All characters are allowed, min length: 8, max length: 64" |
|
| 91 | + ); |
|
| 92 | + |
|
| 93 | + $fields[] = array( |
|
| 94 | + 'name' => "password_repeat", |
|
| 95 | + 'title' => "Repeat password", |
|
| 96 | + 'type' => "password", |
|
| 97 | + 'placeholder' => "Password", |
|
| 98 | + 'required' => true, |
|
| 99 | + 'value' => "", |
|
| 100 | + 'custom_html' => false, |
|
| 101 | + 'text_behind' => "", |
|
| 102 | + 'validator' => "Validator_Password", |
|
| 103 | + 'hints' => "All characters are allowed, min length: 8, max length: 64" |
|
| 104 | + ); |
|
| 105 | + |
|
| 106 | + $fields[] = array( |
|
| 107 | + 'name' => "agb", |
|
| 108 | + 'title' => "Terms of use", |
|
| 109 | + 'type' => "checkbox", |
|
| 110 | + 'placeholder' => "", |
|
| 111 | + 'required' => true, |
|
| 112 | + 'value' => "checked", |
|
| 113 | + 'custom_html' => false, |
|
| 114 | + 'text_behind' => "<br />I have read and agree with the <a href=\"" . DomainUtils::generateURL(Settings::get("agb_page", "agb")) . "\" target=\"_blank\">terms of use</a>", |
|
| 115 | + 'validator' => null |
|
| 116 | + ); |
|
| 117 | + |
|
| 118 | + Events::throwEvent("register_fields", array( |
|
| 119 | + 'fields' => &$fields, |
|
| 120 | + 'template' => &$template |
|
| 121 | + )); |
|
| 122 | + |
|
| 123 | + //array with all validated values of fields |
|
| 124 | + $field_values = array(); |
|
| 125 | + |
|
| 126 | + //add captcha field, if captcha enabled |
|
| 127 | + if (Captcha::isEnabled()) { |
|
| 128 | + $fields[] = array( |
|
| 129 | + 'name' => "captcha", |
|
| 130 | + 'title' => "Captcha", |
|
| 131 | + 'type' => "", |
|
| 132 | + 'placeholder' => "", |
|
| 133 | + 'required' => true, |
|
| 134 | + 'value' => "captcha", |
|
| 135 | + 'custom_html' => "<input type=\"hidden\" name=\"captcha\" value=\"captcha\" />" . Captcha::getInstance()->getFormCode(), |
|
| 136 | + 'validator' => null |
|
| 137 | + ); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + if (isset($_REQUEST['submit']) && !empty($_REQUEST['submit'])) { |
|
| 141 | + $validate = true; |
|
| 142 | + $error_msg_array = array(); |
|
| 143 | + |
|
| 144 | + //check CSRF token |
|
| 145 | + if (!Security::checkCSRFToken()) { |
|
| 146 | + $validate = false; |
|
| 147 | + $error_msg_array[] = "Wrong CSRF token!"; |
|
| 148 | + } |
|
| 149 | + |
|
| 150 | + //check fields |
|
| 151 | + foreach ($fields as $field) { |
|
| 152 | + //check, if field is required |
|
| 153 | + if ($field['required']) { |
|
| 154 | + if (!isset($_POST[$field['name']]) || empty($_POST[$field['name']])) { |
|
| 155 | + $validate = false; |
|
| 156 | + $error_msg_array[] = "Field '" . $field['title'] . "' wasnt filled!"; |
|
| 157 | + } |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + //validate fields |
|
| 161 | + if (isset($_POST[$field['name']])) { |
|
| 162 | + $validator = $field['validator']; |
|
| 163 | + |
|
| 164 | + if (!is_null($validator) && !empty($validator)) { |
|
| 165 | + $obj = new $validator; |
|
| 166 | + |
|
| 167 | + if (!$obj->isValide($_POST[$field['name']])) { |
|
| 168 | + $validate = false; |
|
| 169 | + $error_msg_array[] = "Field '" . $field['title'] . "' is not valide! " . (isset($field['hints']) ? $field['hints'] : ""); |
|
| 170 | + } else { |
|
| 171 | + //set validated value |
|
| 172 | + $field_values[$field['name']] = $obj->validate($_POST[$field['name']]); |
|
| 173 | + } |
|
| 174 | + } |
|
| 175 | + } |
|
| 176 | + } |
|
| 177 | + |
|
| 178 | + //check, if username already exists |
|
| 179 | + if (isset($_POST['username']) && !empty($_POST['username'])) { |
|
| 180 | + $username = $_POST['username']; |
|
| 181 | + |
|
| 182 | + if (User::existsUsername($username)) { |
|
| 183 | + $validate = false; |
|
| 184 | + $error_msg_array[] = "Username '" . htmlentities($_POST['username']) . "' already exists! Choose another username!"; |
|
| 185 | + } |
|
| 186 | + } |
|
| 187 | + |
|
| 188 | + //check, if mail already exists |
|
| 189 | + if (isset($_POST['mail']) && !empty($_POST['mail'])) { |
|
| 190 | + $mail = $_POST['mail']; |
|
| 191 | + |
|
| 192 | + if (User::existsMail($mail)) { |
|
| 193 | + $validate = false; |
|
| 194 | + $error_msg_array[] = "Mail '" . htmlentities($_POST['mail']) . "' already exists in system! Maybe you are already registered? Choose another mail address or login!"; |
|
| 195 | + } |
|
| 196 | + } |
|
| 197 | + |
|
| 198 | + //check, if passwords are equals |
|
| 199 | + if (isset($_POST['password']) && isset($_POST['password_repeat']) && !PHPUtils::strEqs($_POST['password'], $_POST['password_repeat'])) { |
|
| 200 | + $validate = false; |
|
| 201 | + $error_msg_array[] = "Repeated password isnt the same!"; |
|
| 202 | + } |
|
| 203 | + |
|
| 204 | + //check, if agb is checked |
|
| 205 | + if (!isset($_POST['agb']) || $_POST['agb'] !== "checked") { |
|
| 206 | + $validate = false; |
|
| 207 | + $error_msg_array[] = "Please agree to AGB and fillout checkbox!"; |
|
| 208 | + } |
|
| 209 | + |
|
| 210 | + //check captcha, if enabled |
|
| 211 | + if (Captcha::isEnabled()) { |
|
| 212 | + if (!Captcha::getInstance()->verify()) { |
|
| 213 | + $validate = false; |
|
| 214 | + $error_msg_array[] = "Wrong captcha!"; |
|
| 215 | + } |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + Events::throwEvent("register_validate", array( |
|
| 219 | + 'valide' => &$validate, |
|
| 220 | + 'fields' => &$fields, |
|
| 221 | + 'field_values' => &$field_values, |
|
| 222 | + 'error_msg_array' => &$error_msg_array |
|
| 223 | + )); |
|
| 224 | + |
|
| 225 | + if ($validate) { |
|
| 226 | + $text = ""; |
|
| 227 | + |
|
| 228 | + //get activation method |
|
| 229 | + $activation_method = Settings::get("register_activation_method", "auto"); |
|
| 230 | + |
|
| 231 | + $activated = 2; |
|
| 232 | + |
|
| 233 | + if ($activation_method === "auto") { |
|
| 234 | + $activated = 1; |
|
| 235 | + } |
|
| 236 | + |
|
| 237 | + //get fields |
|
| 238 | + $username = $field_values['username']; |
|
| 239 | + $password = $_POST['password']; |
|
| 240 | + $mail = $field_values['mail']; |
|
| 241 | + |
|
| 242 | + //get IP address of user |
|
| 243 | + $ip = PHPUtils::getClientIP(); |
|
| 244 | + |
|
| 245 | + $main_group = 2; |
|
| 246 | + |
|
| 247 | + //create new user |
|
| 248 | + $res = User::create($username, $password, $mail, $ip, $main_group, "", $activated); |
|
| 249 | + |
|
| 250 | + if ($res === true || $res['success'] === true) { |
|
| 251 | + //throw event for custom registration fields |
|
| 252 | + Events::throwEvent("register_execute", array( |
|
| 253 | + 'field_values' => $field_values, |
|
| 254 | + 'text' => &$text |
|
| 255 | + )); |
|
| 256 | + |
|
| 257 | + switch ($activation_method) { |
|
| 258 | + case "auto": |
|
| 259 | + //login user automatically |
|
| 260 | + User::current()->loginByID($res['userID']); |
|
| 261 | + |
|
| 262 | + //redirect user to home page |
|
| 263 | + //header("Location: " . DomainUtils::generateURL(Domain::getCurrent()->getHomePage())); |
|
| 264 | + //exit; |
|
| 265 | + |
|
| 266 | + $text .= "You are automatically logged-in now. <a href=\"" . DomainUtils::generateURL(Domain::getCurrent()->getHomePage()) . "\">Homepage</a>"; |
|
| 267 | + |
|
| 268 | + break; |
|
| 269 | + |
|
| 270 | + case "mail_verification": |
|
| 271 | + //send verification mail |
|
| 272 | + Mail_Verification::sendMail($res['userID'], $res['username'], $res['mail']); |
|
| 273 | + |
|
| 274 | + $text .= "Before you can login you have to verify your mail address! For this we have send you a mail with a link, please click on this link!"; |
|
| 275 | + |
|
| 276 | + break; |
|
| 277 | + |
|
| 278 | + case "manual_verification": |
|
| 279 | + |
|
| 280 | + //TODO: inform administrator |
|
| 281 | + |
|
| 282 | + $text .= "An Administrator has to activate your account manually now."; |
|
| 283 | + |
|
| 284 | + break; |
|
| 285 | + |
|
| 286 | + default: |
|
| 287 | + throw new IllegalStateException("Unknown activation method: " . $activation_method); |
|
| 288 | + break; |
|
| 289 | + } |
|
| 290 | + |
|
| 291 | + $template->assign("error", !$validate); |
|
| 292 | + $template->assign("error_msg_array", $error_msg_array); |
|
| 293 | + $template->assign("success", $validate); |
|
| 294 | + $template->assign("additional_success_text", $text); |
|
| 295 | + } else { |
|
| 296 | + $template->assign("error", true); |
|
| 297 | + $template->assign("error_msg_array", array("Couldnt create user. Please contact the administrator of this website!")); |
|
| 298 | + $template->assign("success", false); |
|
| 299 | + } |
|
| 300 | + } else { |
|
| 301 | + $template->assign("error", !$validate); |
|
| 302 | + $template->assign("error_msg_array", $error_msg_array); |
|
| 303 | + $template->assign("success", $validate); |
|
| 304 | + } |
|
| 305 | + } else { |
|
| 306 | + $template->assign("error", false); |
|
| 307 | + } |
|
| 308 | 308 | |
| 309 | - $template->assign("fields", $fields); |
|
| 309 | + $template->assign("fields", $fields); |
|
| 310 | 310 | |
| 311 | - //TODO: add code here |
|
| 312 | - } |
|
| 311 | + //TODO: add code here |
|
| 312 | + } |
|
| 313 | 313 | |
| 314 | - return $template->getCode(); |
|
| 315 | - } |
|
| 314 | + return $template->getCode(); |
|
| 315 | + } |
|
| 316 | 316 | |
| 317 | - public function listRequiredPermissions(): array { |
|
| 318 | - return array("not_logged_in"); |
|
| 319 | - } |
|
| 317 | + public function listRequiredPermissions(): array { |
|
| 318 | + return array("not_logged_in"); |
|
| 319 | + } |
|
| 320 | 320 | |
| 321 | 321 | } |
| 322 | 322 | |
