diff options
Diffstat (limited to 'src/application/actions/register')
-rw-r--r-- | src/application/actions/register/_common.php | 12 | ||||
-rw-r--r-- | src/application/actions/register/get.php | 10 | ||||
-rw-r--r-- | src/application/actions/register/post.php | 98 |
3 files changed, 120 insertions, 0 deletions
diff --git a/src/application/actions/register/_common.php b/src/application/actions/register/_common.php new file mode 100644 index 0000000..8423e72 --- /dev/null +++ b/src/application/actions/register/_common.php @@ -0,0 +1,12 @@ +<?php + +if ($currentUser) { + header("Location: " . ($_GET["next"] ?? ".")); + exit; +} + +if (!REGISTRATION_ENABLED) { + http_response_code(403); + msg_error(__("Public registration disabled")); + exit; +} diff --git a/src/application/actions/register/get.php b/src/application/actions/register/get.php new file mode 100644 index 0000000..914ea4e --- /dev/null +++ b/src/application/actions/register/get.php @@ -0,0 +1,10 @@ +<?php + +use mystic\forum\utils\RequestUtils; + +_view("template_start", ["_title" => __("Register")]); +_view("template_navigation_start"); +_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]); +_view("template_navigation_end"); +_view("form_register"); +_view("template_end", [...getThemeAndLangInfo()]); diff --git a/src/application/actions/register/post.php b/src/application/actions/register/post.php new file mode 100644 index 0000000..f953b88 --- /dev/null +++ b/src/application/actions/register/post.php @@ -0,0 +1,98 @@ +<?php + +use mystic\forum\orm\User; +use mystic\forum\orm\UserPermissions; +use mystic\forum\utils\RequestUtils; +use mystic\forum\utils\ValidationUtils; +use Symfony\Component\Mailer\Transport; +use Symfony\Component\Mime\Address; +use Symfony\Component\Mime\Email; + +$formId = "register"; +$doNotFill = $_POST["username"] ?? null; +if (!empty($doNotFill)) { + sleep(10); + http_response_code(204); + exit; +} +$username = RequestUtils::getRequiredField("df82a9bc21", $formId); +$password = RequestUtils::getRequiredField("password", $formId); +$passwordRetype = RequestUtils::getRequiredField("password_retype", $formId); +$email = trim(RequestUtils::getRequiredField("email", $formId)); +$displayName = RequestUtils::getRequiredField("display_name", $formId); +$captcha = RequestUtils::getRequiredField("captcha", $formId); + +if ($captcha !== ($_SESSION["captchaPhrase"] ?? null)) { + RequestUtils::triggerFormError(__("Incorrect CAPTCHA text!"), $formId); +} + +// usernames are always lowercase +$username = strtolower($username); + +if ($password !== $passwordRetype) { + RequestUtils::triggerFormError(__("Passwords do not match!"), $formId); +} + +if (strlen($password) < 8) { + RequestUtils::triggerFormError(__("Password too short! Your password must consist of 8 or more characters"), $formId); +} + +if (!ValidationUtils::isUsernameValid($username)) { + RequestUtils::triggerFormError(__("Username has an invalid format"), $formId); +} + +if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) { + RequestUtils::triggerFormError(__("Invalid email address"), $formId); +} + +$user = new User(); +$user->name = $username; +$user->email = $email; + +if ($db->fetchWhere($user, "name")) { + RequestUtils::triggerFormError(__("This username is already taken!"), $formId); +} + +if ($db->fetchWhere($user, "email")) { + RequestUtils::triggerFormError(__("This email address is already in use!"), $formId); +} + +// re-create user so we don't forget to clear properties set by the above queries + +$user = new User(); +$user->id = $db->generateId(); +$user->displayName = $displayName; +$user->name = $username; +$user->email = $email; +$user->passwordHash = password_hash($password, PASSWORD_DEFAULT); +$user->permissionMask = UserPermissions::GROUP_USER; +$user->passwordResetRequired = false; +$user->activated = false; +$user->activationToken = $db->generateId(12); +$user->created = new \DateTimeImmutable(); + +Transport::fromDsn(env("MAILER_DSN"))->send( + (new Email()) + ->from(env("MAILER_FROM")) + ->to(new Address($email, $displayName)) + ->text(__( + "Welcome to %forum_title%, %user_display_name%!\n" . + "\n" . + "Please activate your account by clicking the link below:\n" . + "%activation_link%\n" . + "\n" . + "Kind regards,\n" . + "%forum_copyright%", + params: [ + "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"), + "user_display_name" => $displayName, + "activation_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))), + "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum") + ] + )) + ->subject(__("Please activate your account")) +); + +$db->insert($user); + +msg_info(__("Your account has been created!\nPlease check your emails for an activation link!")); |