summaryrefslogtreecommitdiff
path: root/src/application/actions/register
diff options
context:
space:
mode:
Diffstat (limited to 'src/application/actions/register')
-rw-r--r--src/application/actions/register/_common.php12
-rw-r--r--src/application/actions/register/get.php10
-rw-r--r--src/application/actions/register/post.php98
3 files changed, 120 insertions, 0 deletions
diff --git a/src/application/actions/register/_common.php b/src/application/actions/register/_common.php
new file mode 100644
index 0000000..8423e72
--- /dev/null
+++ b/src/application/actions/register/_common.php
@@ -0,0 +1,12 @@
+<?php
+
+if ($currentUser) {
+ header("Location: " . ($_GET["next"] ?? "."));
+ exit;
+}
+
+if (!REGISTRATION_ENABLED) {
+ http_response_code(403);
+ msg_error(__("Public registration disabled"));
+ exit;
+}
diff --git a/src/application/actions/register/get.php b/src/application/actions/register/get.php
new file mode 100644
index 0000000..914ea4e
--- /dev/null
+++ b/src/application/actions/register/get.php
@@ -0,0 +1,10 @@
+<?php
+
+use mystic\forum\utils\RequestUtils;
+
+_view("template_start", ["_title" => __("Register")]);
+_view("template_navigation_start");
+_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
+_view("template_navigation_end");
+_view("form_register");
+_view("template_end", [...getThemeAndLangInfo()]);
diff --git a/src/application/actions/register/post.php b/src/application/actions/register/post.php
new file mode 100644
index 0000000..f953b88
--- /dev/null
+++ b/src/application/actions/register/post.php
@@ -0,0 +1,98 @@
+<?php
+
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+use mystic\forum\utils\ValidationUtils;
+use Symfony\Component\Mailer\Transport;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Email;
+
+$formId = "register";
+$doNotFill = $_POST["username"] ?? null;
+if (!empty($doNotFill)) {
+ sleep(10);
+ http_response_code(204);
+ exit;
+}
+$username = RequestUtils::getRequiredField("df82a9bc21", $formId);
+$password = RequestUtils::getRequiredField("password", $formId);
+$passwordRetype = RequestUtils::getRequiredField("password_retype", $formId);
+$email = trim(RequestUtils::getRequiredField("email", $formId));
+$displayName = RequestUtils::getRequiredField("display_name", $formId);
+$captcha = RequestUtils::getRequiredField("captcha", $formId);
+
+if ($captcha !== ($_SESSION["captchaPhrase"] ?? null)) {
+ RequestUtils::triggerFormError(__("Incorrect CAPTCHA text!"), $formId);
+}
+
+// usernames are always lowercase
+$username = strtolower($username);
+
+if ($password !== $passwordRetype) {
+ RequestUtils::triggerFormError(__("Passwords do not match!"), $formId);
+}
+
+if (strlen($password) < 8) {
+ RequestUtils::triggerFormError(__("Password too short! Your password must consist of 8 or more characters"), $formId);
+}
+
+if (!ValidationUtils::isUsernameValid($username)) {
+ RequestUtils::triggerFormError(__("Username has an invalid format"), $formId);
+}
+
+if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
+ RequestUtils::triggerFormError(__("Invalid email address"), $formId);
+}
+
+$user = new User();
+$user->name = $username;
+$user->email = $email;
+
+if ($db->fetchWhere($user, "name")) {
+ RequestUtils::triggerFormError(__("This username is already taken!"), $formId);
+}
+
+if ($db->fetchWhere($user, "email")) {
+ RequestUtils::triggerFormError(__("This email address is already in use!"), $formId);
+}
+
+// re-create user so we don't forget to clear properties set by the above queries
+
+$user = new User();
+$user->id = $db->generateId();
+$user->displayName = $displayName;
+$user->name = $username;
+$user->email = $email;
+$user->passwordHash = password_hash($password, PASSWORD_DEFAULT);
+$user->permissionMask = UserPermissions::GROUP_USER;
+$user->passwordResetRequired = false;
+$user->activated = false;
+$user->activationToken = $db->generateId(12);
+$user->created = new \DateTimeImmutable();
+
+Transport::fromDsn(env("MAILER_DSN"))->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($email, $displayName))
+ ->text(__(
+ "Welcome to %forum_title%, %user_display_name%!\n" .
+ "\n" .
+ "Please activate your account by clicking the link below:\n" .
+ "%activation_link%\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $displayName,
+ "activation_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))),
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject(__("Please activate your account"))
+);
+
+$db->insert($user);
+
+msg_info(__("Your account has been created!\nPlease check your emails for an activation link!"));