summaryrefslogtreecommitdiff
path: root/src/application/actions/register/post.php
diff options
context:
space:
mode:
authorJonas Kohl2024-10-10 17:33:13 +0200
committerJonas Kohl2024-10-10 17:33:13 +0200
commit64b1ec0fabbf7328a79a20ff58502ebfa80fad8b (patch)
tree88f2281295b347bdd3beee5bc45f68314f2051dc /src/application/actions/register/post.php
parent4ffc399a847ce4f328d4f14adebb48d06ad033f9 (diff)
Break up actions into individual files
Diffstat (limited to 'src/application/actions/register/post.php')
-rw-r--r--src/application/actions/register/post.php98
1 files changed, 98 insertions, 0 deletions
diff --git a/src/application/actions/register/post.php b/src/application/actions/register/post.php
new file mode 100644
index 0000000..f953b88
--- /dev/null
+++ b/src/application/actions/register/post.php
@@ -0,0 +1,98 @@
+<?php
+
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+use mystic\forum\utils\ValidationUtils;
+use Symfony\Component\Mailer\Transport;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Email;
+
+$formId = "register";
+$doNotFill = $_POST["username"] ?? null;
+if (!empty($doNotFill)) {
+ sleep(10);
+ http_response_code(204);
+ exit;
+}
+$username = RequestUtils::getRequiredField("df82a9bc21", $formId);
+$password = RequestUtils::getRequiredField("password", $formId);
+$passwordRetype = RequestUtils::getRequiredField("password_retype", $formId);
+$email = trim(RequestUtils::getRequiredField("email", $formId));
+$displayName = RequestUtils::getRequiredField("display_name", $formId);
+$captcha = RequestUtils::getRequiredField("captcha", $formId);
+
+if ($captcha !== ($_SESSION["captchaPhrase"] ?? null)) {
+ RequestUtils::triggerFormError(__("Incorrect CAPTCHA text!"), $formId);
+}
+
+// usernames are always lowercase
+$username = strtolower($username);
+
+if ($password !== $passwordRetype) {
+ RequestUtils::triggerFormError(__("Passwords do not match!"), $formId);
+}
+
+if (strlen($password) < 8) {
+ RequestUtils::triggerFormError(__("Password too short! Your password must consist of 8 or more characters"), $formId);
+}
+
+if (!ValidationUtils::isUsernameValid($username)) {
+ RequestUtils::triggerFormError(__("Username has an invalid format"), $formId);
+}
+
+if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
+ RequestUtils::triggerFormError(__("Invalid email address"), $formId);
+}
+
+$user = new User();
+$user->name = $username;
+$user->email = $email;
+
+if ($db->fetchWhere($user, "name")) {
+ RequestUtils::triggerFormError(__("This username is already taken!"), $formId);
+}
+
+if ($db->fetchWhere($user, "email")) {
+ RequestUtils::triggerFormError(__("This email address is already in use!"), $formId);
+}
+
+// re-create user so we don't forget to clear properties set by the above queries
+
+$user = new User();
+$user->id = $db->generateId();
+$user->displayName = $displayName;
+$user->name = $username;
+$user->email = $email;
+$user->passwordHash = password_hash($password, PASSWORD_DEFAULT);
+$user->permissionMask = UserPermissions::GROUP_USER;
+$user->passwordResetRequired = false;
+$user->activated = false;
+$user->activationToken = $db->generateId(12);
+$user->created = new \DateTimeImmutable();
+
+Transport::fromDsn(env("MAILER_DSN"))->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($email, $displayName))
+ ->text(__(
+ "Welcome to %forum_title%, %user_display_name%!\n" .
+ "\n" .
+ "Please activate your account by clicking the link below:\n" .
+ "%activation_link%\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $displayName,
+ "activation_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))),
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Please activate your account"))
+);
+
+$db->insert($user);
+
+msg_info(__("Your account has been created!\nPlease check your emails for an activation link!"));