From 64b1ec0fabbf7328a79a20ff58502ebfa80fad8b Mon Sep 17 00:00:00 2001
From: Jonas Kohl
Date: Thu, 10 Oct 2024 17:33:13 +0200
Subject: Break up actions into individual files

---
 src/application/actions/register/_common.php | 12 ++++
 src/application/actions/register/get.php     | 10 +++
 src/application/actions/register/post.php    | 98 ++++++++++++++++++++++++++++
 3 files changed, 120 insertions(+)
 create mode 100644 src/application/actions/register/_common.php
 create mode 100644 src/application/actions/register/get.php
 create mode 100644 src/application/actions/register/post.php

(limited to 'src/application/actions/register')

diff --git a/src/application/actions/register/_common.php b/src/application/actions/register/_common.php
new file mode 100644
index 0000000..8423e72
--- /dev/null
+++ b/src/application/actions/register/_common.php
@@ -0,0 +1,12 @@
+<?php
+
+if ($currentUser) {
+    header("Location: " . ($_GET["next"] ?? "."));
+    exit;
+}
+
+if (!REGISTRATION_ENABLED) {
+    http_response_code(403);
+    msg_error(__("Public registration disabled"));
+    exit;
+}
diff --git a/src/application/actions/register/get.php b/src/application/actions/register/get.php
new file mode 100644
index 0000000..914ea4e
--- /dev/null
+++ b/src/application/actions/register/get.php
@@ -0,0 +1,10 @@
+<?php
+
+use mystic\forum\utils\RequestUtils;
+
+_view("template_start", ["_title" => __("Register")]);
+_view("template_navigation_start");
+_view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
+_view("template_navigation_end");
+_view("form_register");
+_view("template_end", [...getThemeAndLangInfo()]);
diff --git a/src/application/actions/register/post.php b/src/application/actions/register/post.php
new file mode 100644
index 0000000..f953b88
--- /dev/null
+++ b/src/application/actions/register/post.php
@@ -0,0 +1,98 @@
+<?php
+
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+use mystic\forum\utils\ValidationUtils;
+use Symfony\Component\Mailer\Transport;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\Mime\Email;
+
+$formId = "register";
+$doNotFill = $_POST["username"] ?? null;
+if (!empty($doNotFill)) {
+    sleep(10);
+    http_response_code(204);
+    exit;
+}
+$username = RequestUtils::getRequiredField("df82a9bc21", $formId);
+$password = RequestUtils::getRequiredField("password", $formId);
+$passwordRetype = RequestUtils::getRequiredField("password_retype", $formId);
+$email = trim(RequestUtils::getRequiredField("email", $formId));
+$displayName = RequestUtils::getRequiredField("display_name", $formId);
+$captcha = RequestUtils::getRequiredField("captcha", $formId);
+
+if ($captcha !== ($_SESSION["captchaPhrase"] ?? null)) {
+    RequestUtils::triggerFormError(__("Incorrect CAPTCHA text!"), $formId);
+}
+
+// usernames are always lowercase
+$username = strtolower($username);
+
+if ($password !== $passwordRetype) {
+    RequestUtils::triggerFormError(__("Passwords do not match!"), $formId);
+}
+
+if (strlen($password) < 8) {
+    RequestUtils::triggerFormError(__("Password too short! Your password must consist of 8 or more characters"), $formId);
+}
+
+if (!ValidationUtils::isUsernameValid($username)) {
+    RequestUtils::triggerFormError(__("Username has an invalid format"), $formId);
+}
+
+if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
+    RequestUtils::triggerFormError(__("Invalid email address"), $formId);
+}
+
+$user = new User();
+$user->name = $username;
+$user->email = $email;
+
+if ($db->fetchWhere($user, "name")) {
+    RequestUtils::triggerFormError(__("This username is already taken!"), $formId);
+}
+
+if ($db->fetchWhere($user, "email")) {
+    RequestUtils::triggerFormError(__("This email address is already in use!"), $formId);
+}
+
+// re-create user so we don't forget to clear properties set by the above queries
+
+$user = new User();
+$user->id = $db->generateId();
+$user->displayName = $displayName;
+$user->name = $username;
+$user->email = $email;
+$user->passwordHash = password_hash($password, PASSWORD_DEFAULT);
+$user->permissionMask = UserPermissions::GROUP_USER;
+$user->passwordResetRequired = false;
+$user->activated = false;
+$user->activationToken = $db->generateId(12);
+$user->created = new \DateTimeImmutable();
+
+Transport::fromDsn(env("MAILER_DSN"))->send(
+    (new Email())
+        ->from(env("MAILER_FROM"))
+        ->to(new Address($email, $displayName))
+        ->text(__(
+            "Welcome to %forum_title%, %user_display_name%!\n" .
+            "\n" .
+            "Please activate your account by clicking the link below:\n" .
+            "%activation_link%\n" .
+            "\n" .
+            "Kind regards,\n" .
+            "%forum_copyright%",
+            params: [
+                "forum_title" => (env("MYSTIC_FORUM_TITLE") ?? "Forum"),
+                "user_display_name" => $displayName,
+                "activation_link" => env("PUBLIC_URL") . "?_action=verifyemail&token=" . urlencode($user->activationToken) . "&sig=" . urlencode(base64_encode(hash("sha256", env("SECRET") . $user->activationToken . $user->id, true))),
+                "forum_copyright" => (env("MYSTIC_FORUM_COPYRIGHT") ?? env("MYSTIC_FORUM_TITLE") ?? "Forum")
+            ]
+        ))
+        ->subject(__("Please activate your account"))
+);
+
+$db->insert($user);
+
+msg_info(__("Your account has been created!\nPlease check your emails for an activation link!"));
-- 
cgit v1.2.3