summaryrefslogtreecommitdiff
path: root/src/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/index.php')
-rw-r--r--src/index.php159
1 files changed, 112 insertions, 47 deletions
diff --git a/src/index.php b/src/index.php
index c75d112..de46204 100644
--- a/src/index.php
+++ b/src/index.php
@@ -12,6 +12,9 @@ use mystic\forum\orm\UserPermissions;
use mystic\forum\utils\FileUtils;
use mystic\forum\utils\RequestUtils;
use mystic\forum\utils\ValidationUtils;
+use Symfony\Component\Mailer\Transport;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Email;
header_remove("X-Powered-By");
@@ -122,12 +125,15 @@ function env(string $key): ?string {
require_once __DIR__ . "/vendor/autoload.php";
+require_once __DIR__ . "/application/i18n.php";
+i18n_locale("de");
+
$db = null;
try {
$db = new Database(Database::getConnectionString("db", getenv("POSTGRES_USER"), getenv("POSTGRES_PASSWORD"), getenv("POSTGRES_DBNAME")));
} catch (DatabaseConnectionException $ex) {
Messaging::error([
- Messaging::bold("Failed to connect to database!"),
+ Messaging::bold(__("Failed to connect to database!")),
Messaging::italic($ex->getMessage()),
]);
exit;
@@ -175,7 +181,7 @@ $GLOBALS["currentUser"] = &$currentUser;
if ($_action === "auth") {
if ($currentUser) {
- header("Location: " . $_GET["next"] ?? ".");
+ header("Location: " . ($_GET["next"] ?? "."));
exit;
}
@@ -186,17 +192,17 @@ if ($_action === "auth") {
$user = new User();
$user->name = $username;
if (!$db->fetchWhere($user, "name") || !password_verify($password, $user->passwordHash)) {
- RequestUtils::triggerFormError("Username or password incorrect!");
+ RequestUtils::triggerFormError(__("Username or password incorrect!"));
}
if (!$user->activated) {
- RequestUtils::triggerFormError("Please activate your user account first!");
+ RequestUtils::triggerFormError(__("Please activate your user account first!"));
}
RequestUtils::setAuthorizedUser($user);
- header("Location: " . $_GET["next"] ?? ".");
+ header("Location: " . ($_GET["next"] ?? "."));
} else {
- _view("template_start", ["_title" => "Log in"]);
+ _view("template_start", ["_title" => __("Log in")]);
_view("template_navigation_start");
_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
_view("template_navigation_end");
@@ -205,19 +211,19 @@ if ($_action === "auth") {
}
} elseif ($_action === "register") {
if ($currentUser) {
- header("Location: " . $_GET["next"] ?? ".");
+ header("Location: " . ($_GET["next"] ?? "."));
exit;
}
if (!REGISTRATION_ENABLED) {
http_response_code(403);
- Messaging::error("Public registration disabled");
+ Messaging::error(__("Public registration disabled"));
exit;
}
if (RequestUtils::isRequestMethod("POST")) {
$doNotFill = $_POST["username"] ?? null;
- if ($doNotFill !== null) {
+ if (!empty($doNotFill)) {
sleep(10);
http_response_code(204);
exit;
@@ -229,27 +235,27 @@ if ($_action === "auth") {
$displayName = RequestUtils::getRequiredField("display_name");
$captcha = RequestUtils::getRequiredField("captcha");
- if ($captcha !== $_SESSION["captchaPhrase"]) {
- RequestUtils::triggerFormError("Incorrect CAPTCHA text!");
+ if ($captcha !== ($_SESSION["captchaPhrase"] ?? null)) {
+ RequestUtils::triggerFormError(__("Incorrect CAPTCHA text!"));
}
// usernames are always lowercase
$username = strtolower($username);
if ($password !== $passwordRetype) {
- RequestUtils::triggerFormError("Passwords do not match!");
+ RequestUtils::triggerFormError(__("Passwords do not match!"));
}
if (strlen($password) < 8) {
- RequestUtils::triggerFormError("Password too short! Your password must consist of 8 or more characters");
+ RequestUtils::triggerFormError(__("Password too short! Your password must consist of 8 or more characters"));
}
if (!ValidationUtils::isUsernameValid($username)) {
- RequestUtils::triggerFormError("Username has an invalid format");
+ RequestUtils::triggerFormError(__("Username has an invalid format"));
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
- RequestUtils::triggerFormError("Invalid email address");
+ RequestUtils::triggerFormError(__("Invalid email address"));
}
$user = new User();
@@ -257,11 +263,11 @@ if ($_action === "auth") {
$user->email = $email;
if ($db->fetchWhere($user, "name")) {
- RequestUtils::triggerFormError("This username is already taken!");
+ RequestUtils::triggerFormError(__("This username is already taken!"));
}
if ($db->fetchWhere($user, "email")) {
- RequestUtils::triggerFormError("This email address is already in use!");
+ RequestUtils::triggerFormError(__("This email address is already in use!"));
}
// re-create user so we don't forget to clear properties set by the above queries
@@ -278,26 +284,85 @@ if ($_action === "auth") {
$user->activationToken = $db->generateId(12);
$user->created = new \DateTimeImmutable();
- // TODO Send verification email
+ Transport::fromDsn(env("MAILER_DSN"))->send(
+ (new Email())
+ ->from(env("MAILER_FROM"))
+ ->to(new Address($email, $displayName))
+ ->text(__(
+ "Welcome to %forum_title%, %user_display_name%!\n" .
+ "\n" .
+ "Please activate your account by clicking the link below:\n" .
+ "%activation_link%\n" .
+ "\n" .
+ "Kind regards,\n" .
+ "%forum_copyright%",
+ params: [
+ "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+ "user_display_name" => $displayName,
+ "activation_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))),
+ "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+ ]
+ ))
+ ->subject("Please activate your account")
+ );
$db->insert($user);
- Messaging::info([
- "Your account has been created!",
- //"Please check your emails for an activation link!",
- Messaging::html('<p>Please click <a href="?_action=auth">here</a> to log in!</p>'),
- ]);
+ Messaging::info(
+ Messaging::html(nl2br(htmlentities(__("Your account has been created!\nPlease check your emails for an activation link!"), true)))
+ );
} else {
- _view("template_start", ["_title" => "Register"]);
+ _view("template_start", ["_title" => __("Register")]);
_view("template_navigation_start");
_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
_view("template_navigation_end");
_view("form_register");
_view("template_end");
}
+} elseif ($_action === "verifyemail") {
+ RequestUtils::ensureRequestMethod("GET");
+ $token = $_GET["token"] ?? throw new Exception("Missing token");
+ $sig = $_GET["sig"] ?? throw new Exception("Missing signature");
+
+ $user = new User();
+ $user->activated = false;
+ $user->activationToken = $token;
+
+ if (!$db->fetchWhere($user, [ "activated", "activation_token" ])) {
+ http_response_code(400);
+ Messaging::error(__("Invalid token"));
+ exit;
+ }
+
+ $expectedSignature = base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true));
+
+ if ($expectedSignature !== $sig) {
+ http_response_code(400);
+ Messaging::error(__("Invalid signature."));
+ exit;
+ }
+
+ $user->activated = true;
+ $user->activationToken = "";
+
+ if (!$db->update($user)) {
+ http_response_code(400);
+ Messaging::error(__("Failed to update user"));
+ exit;
+ }
+
+ Messaging::info([
+ Messaging::html(nl2br(__(
+ "Your account has been activated!\nPlease click %link%here%/link% to log in!",
+ [
+ "link" => '<a href="?_action=auth">',
+ "/link" => '</a>',
+ ]
+ )), true),
+ ]);
} elseif ($_action === "logout") {
RequestUtils::unsetAuthorizedUser();
- header("Location: " . $_GET["next"] ?? ".");
+ header("Location: " . ($_GET["next"] ?? "."));
} elseif ($_action === "viewtopic") {
$topicId = $_GET["topic"] ?? throw new Exception("Missing topic id");
$topic = new Topic();
@@ -318,19 +383,19 @@ if ($_action === "auth") {
$attachments = reArrayFiles($_FILES["files"]);
if (count($attachments) > MAX_ATTACHMENT_COUNT)
- RequestUtils::triggerFormError("Too many attachments");
+ RequestUtils::triggerFormError(__("Too many attachments"));
// check all attachments before saving one
foreach ($attachments as $att) {
if ($att["size"] > MAX_ATTACHMENT_SIZE) {
- RequestUtils::triggerFormError("Individual file size exceeded");
+ RequestUtils::triggerFormError(__("Individual file size exceeded"));
}
}
$message = trim(RequestUtils::getRequiredField("message"));
if (strlen($message) < 1 || strlen($message) > 0x8000) {
- RequestUtils::triggerFormError("Message too short or too long!");
+ RequestUtils::triggerFormError(__("Message too short or too long!"));
}
$post = new Post();
@@ -425,21 +490,21 @@ if ($_action === "auth") {
$attachments = reArrayFiles($_FILES["files"]);
if (count($attachments) > MAX_ATTACHMENT_COUNT)
- RequestUtils::triggerFormError("Too many attachments");
+ RequestUtils::triggerFormError(__("Too many attachments"));
// check all attachments before saving one
foreach ($attachments as $att) {
if ($att["size"] > MAX_ATTACHMENT_SIZE) {
- RequestUtils::triggerFormError("Individual file size exceeded");
+ RequestUtils::triggerFormError(__("Individual file size exceeded"));
}
}
if (strlen($title) < 1 || strlen($title) > 255) {
- RequestUtils::triggerFormError("Title too short or too long!");
+ RequestUtils::triggerFormError(__("Title too short or too long!"));
}
if (strlen($message) < 1 || strlen($message) > 0x8000) {
- RequestUtils::triggerFormError("Message too short or too long!");
+ RequestUtils::triggerFormError(__("Message too short or too long!"));
}
$topic = new Topic();
@@ -479,7 +544,7 @@ if ($_action === "auth") {
header("Location: ?_action=viewtopic&topic=" . urlencode($topic->id));
} else {
- _view("template_start", ["_title" => "New topic"]);
+ _view("template_start", ["_title" => __("New topic")]);
_view("template_navigation_start");
_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
_view("template_navigation_end");
@@ -495,7 +560,7 @@ if ($_action === "auth") {
if (!$db->fetchWhere($user, "name")) {
http_response_code(404);
- Messaging::error("No user with name @$userHandle");
+ Messaging::error(__("No user with name @%user_handle%", [ "user_handle" => $userHandle ]));
exit;
}
@@ -506,7 +571,7 @@ if ($_action === "auth") {
$user->id = $userId;
if (!$db->fetch($user)) {
http_response_code(404);
- Messaging::error("No user exists with this id");
+ Messaging::error(__("No user exists with this id"));
exit;
}
@@ -531,12 +596,12 @@ if ($_action === "auth") {
if ($userName !== $user->name) {
if ($lastNameChangeTooRecent) {
- RequestUtils::triggerFormError("You can only change your username every 30 days!");
+ RequestUtils::triggerFormError(__("You can only change your username every 30 days!"));
} else {
if (!ValidationUtils::isUsernameValid($userName))
- RequestUtils::triggerFormError("Invalid username!");
+ RequestUtils::triggerFormError(__("Invalid username!"));
if (!ValidationUtils::isUsernameAvailable($db, $userName))
- RequestUtils::triggerFormError("This username is already taken!");
+ RequestUtils::triggerFormError(__("This username is already taken!"));
$user->name = $userName;
$user->nameLastChanged = new DateTimeImmutable();
}
@@ -551,13 +616,13 @@ if ($_action === "auth") {
break;
case "replace": {
if (!isset($_FILES["pfp"]) || $_FILES["pfp"]["error"] !== UPLOAD_ERR_OK) {
- RequestUtils::triggerFormError("Please upload an image to change your profile picture");
+ RequestUtils::triggerFormError(__("Please upload an image to change your profile picture"));
}
$im = @imagecreatefromjpeg($_FILES["pfp"]["tmp_name"]);
if ($im === false)
$im = @imagecreatefrompng($_FILES["pfp"]["tmp_name"]);
if ($im === false)
- RequestUtils::triggerFormError("Please upload a valid PNG or JPEG file");
+ RequestUtils::triggerFormError(__("Please upload a valid PNG or JPEG file"));
/** @var \GdImage $im */
$thumb = imagecreatetruecolor(64, 64);
imagecopyresampled($thumb, $im, 0, 0, 0, 0, 64, 64, imagesx($im), imagesy($im));
@@ -575,7 +640,7 @@ if ($_action === "auth") {
}
if (!$db->update($user))
- RequestUtils::triggerFormError("Failed to save changes");
+ RequestUtils::triggerFormError(__("Failed to save changes", context: "Update profile"));
header("Location: $_SERVER[REQUEST_URI]");
} else {
@@ -605,7 +670,7 @@ if ($_action === "auth") {
} elseif ($_action === "attachment") {
if (!$currentUser) {
http_response_code(403);
- Messaging::error("You must be logged in to view attachments");
+ Messaging::error(__("You must be logged in to view attachments"));
exit;
}
@@ -614,7 +679,7 @@ if ($_action === "auth") {
$attachment->id = $attId;
if (!$db->fetch($attachment)) {
http_response_code(404);
- Messaging::error("No attachment exists with this id");
+ Messaging::error(__("No attachment exists with this id"));
exit;
}
@@ -645,7 +710,7 @@ if ($_action === "auth") {
$user->id = $userId;
if (!$db->fetch($user)) {
http_response_code(404);
- Messaging::error("No user exists with this id");
+ Messaging::error(__("No user exists with this id"));
exit;
}
@@ -682,13 +747,13 @@ if ($_action === "auth") {
$attachment->id = $attId;
if (!$db->fetch($attachment)) {
http_response_code(404);
- Messaging::error("No attachment exists with this id");
+ Messaging::error(__("No attachment exists with this id"));
exit;
}
if (!str_starts_with($attachment->mimeType, "image/")) {
http_response_code(400);
- Messaging::error("Attachment is not an image");
+ Messaging::error(__("Attachment is not an image"));
exit;
}
@@ -805,7 +870,7 @@ if ($_action === "auth") {
header("Location: ?_action=viewtopic&topic=" . urlencode($post->topicId));
} else {
- _view("template_start", ["_title" => "Delete post"]);
+ _view("template_start", ["_title" => __("Delete post")]);
_view("template_navigation_start");
_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
_view("template_navigation_end");