From 4e33985cfc231a8e3055b8c45e12b25b9cb24b80 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Fri, 23 Feb 2018 19:22:14 +0100
Subject: [PATCH] further implement cron.php; autoformat

- set Register_Accept to 6 internally as it reflects the same state as PendingSendRequest
- cleanups
---
 cron.php                |  99 ++++++++++++++++++++--------
 database.php            |   2 +-
 public/verify_admin.php | 139 +++++++++++++++++++++-------------------
 3 files changed, 148 insertions(+), 92 deletions(-)

diff --git a/cron.php b/cron.php
index 0a01e65..4caedad 100644
--- a/cron.php
+++ b/cron.php
@@ -1,9 +1,17 @@
 <?php
 // This file is meant to do tasks that failed on the first attempt
 
+require_once("config.php");
+require_once("mail_templates.php");
+require_once("database.php");
 
-$sql = "SELECT first_name, last_name, username, email, state FROM registrations WHERE admin_token = '" . $token
-. "' AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
+$sql = "SELECT id, first_name, last_name, username, email, state, verify_token FROM registrations "
+."WHERE state = ". RegisterState::PendingEmailSend
+. " OR state = " . RegisterState::PendingAdminSend
+. " OR state = " . RegisterState::PendingRegistration
+. " OR state = " . RegisterState::PendingSendRegistrationMail
+. " OR state = " . RegisterState::RegistrationDeclined
+. " OR state = " . RegisterState::AllDone . ";";
 foreach ($db->query($sql) as $row) {
 	// will only be executed once
 	$first_name = $row["first_name"];
@@ -13,34 +21,75 @@ foreach ($db->query($sql) as $row) {
 	$state = $row["state"];
 
 	try {
-
 		switch ($state) {
-		case RegisterState::RegistrationAccepted:
-			// Registration got accepted but registration failed
+			case RegisterState::PendingEmailSend:
+				$verify_url = $webroot . "/verify.php?t=" . $row["verify_token"];
+				$success = send_mail_pending_verification(
+						$homeserver,
+						$row["first_name"] . " " . $row["last_name"],
+						$row["email"],
+						$row["verify_url"]);
 
-			// register user
-			require_once("MatrixConnection.php");
-			$mxConn = new MatrixConnection($homeserver, $access_token);
-
-			// generate a password with 8 characters
-			$password = bin2hex(openssl_random_pseudo_bytes(4));
-
-			$res = $mxConn->register($username, $password, $shared_secret);
-			if ($res) {
-				// send registration_success
-				send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
-			} else {
-				send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
+				if ($success) {
+					$db->exec("UPDATE registrations SET state = " . RegisterState::PendingEmailVerify)
+						. " WHERE id = " . $row["id"] . ";");
+				} else {
+					throw new Exception("Could not send mail to ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].")");
+				}
+				break;
+			case RegisterState::PendingAdminSend:
+				require_once("../MatrixConnection.php");
+				$adminUrl = $webroot . "/verify_admin.php?t=" . $admin_token;
+				$mxConn = new MatrixConnection($homeserver, $access_token);
 				$mxMsg = new MatrixMessage();
+				$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
+						. $note . "\r\n"
+						. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
+				$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
+						. $note . "<br />"
+						. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
 				$mxMsg->set_type("m.text");
-				$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
-				$mxConn->send($mxMsg);
-				throw new Exception($language["REGISTRATION_FAILED"]);
-			}
-			break;
+				$response = $mxConn->send($register_room, $mxMsg);
 
-		case RegisterState::RegistrationDeclined:
-			break;
+				if ($response) {
+					$db->exec("UPDATE registrations SET state = " . RegisterState::PendingAdminVerify
+							. " WHERE id = " . $row["id"] . "';");
+
+					send_mail_pending_approval($homeserver, $first_name . " " . $last_name, $email);
+				} else {
+					throw new Exception("Could not send notification for ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].") to admins.");
+				}
+				break;
+			case RegisterState::PendingRegistration:
+				// Registration got accepted but registration failed
+
+				// register user
+				require_once("MatrixConnection.php");
+				$mxConn = new MatrixConnection($homeserver, $access_token);
+
+				// generate a password with 8 characters
+				$password = bin2hex(openssl_random_pseudo_bytes(4));
+
+				$res = $mxConn->register($username, $password, $shared_secret);
+				if ($res) {
+					// send registration_success
+					send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
+				} else {
+					send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
+					$mxMsg = new MatrixMessage();
+					$mxMsg->set_type("m.text");
+					$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
+					$mxConn->send($mxMsg);
+					throw new Exception($language["REGISTRATION_FAILED"]);
+				}
+				break;
+			case RegisterState::PendingSendRegistrationMail:
+				print ("Error: Unhandled state: PendingSendRegistrationMail for " . $first_name . " " . $last_name . " (" . $username . ")");
+				break;
+			case RegisterState::RegistrationDeclined:
+			case RegisterState::AllDone:
+				// do reqular cleanup
+				break;
 		}
 	} catch (Exception $e) {
 		print("Error while handling cron for " . $first_name . " " . $last_name . " (" . $username . ")");
diff --git a/database.php b/database.php
index eee73a0..bf57af9 100644
--- a/database.php
+++ b/database.php
@@ -19,7 +19,7 @@ abstract class RegisterState
 
 	// State to allow persisting in the database although an admin declined it.
 	// Will be removed regularly
-	const RegistrationAccepted = 12;
+	const RegistrationAccepted = 6;
 	const RegistrationDeclined = 13;
 
 	// User got successfully registered. Will be cleaned up later
diff --git a/public/verify_admin.php b/public/verify_admin.php
index 0b56954..7ba51fd 100644
--- a/public/verify_admin.php
+++ b/public/verify_admin.php
@@ -1,5 +1,5 @@
 <html>
-	<head>
+<head>
 <?php
 require_once "../language.php";
 if (!file_exists("../config.php")) {
@@ -61,8 +61,8 @@ try {
 	}
 
 	if ($action == RegisterState::RegistrationAccepted) {
-		$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted
-			. " WHERE admin_token = \"" . $token. "\";");
+		$db->exec("UPDATE registrations SET state = " . RegisterState::PendingRegistration
+				. " WHERE admin_token = '" . $token. "';");
 
 		// register user
 		require_once("../MatrixConnection.php");
@@ -74,7 +74,14 @@ try {
 		$res = $mxConn->register($username, $password, $registration_shared_secret);
 		if ($res) {
 			// send registration_success
-			send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
+			$res = send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
+			if ($res) {
+				$db->exec("UPDATE registrations SET state = " . RegisterState::AllDone
+						. " WHERE admin_token = '" . $token. "';");
+			} else {
+				$db->exec("UPDATE registrations SET state = " . RegisterState::PendingSendRegistrationMail
+						. " WHERE admin_token = '" . $token. "';");
+			}
 		} else {
 			send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
 			$mxMsg = new MatrixMessage();
@@ -90,7 +97,7 @@ try {
 		print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
 	} elseif ($action == RegisterState::RegistrationDeclined) {
 		$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationDeclined
-			. " WHERE admin_token = \"" . $token. "\";");
+				. " WHERE admin_token = '" . $token. "';");
 		send_mail_registration_decline($homeserver, $first_name . " " . $last_name, $email, $decline_reason);
 		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
 		print("</head><body>");
@@ -98,71 +105,71 @@ try {
 		print("<p>" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "</p>");
 	} else {
 
-	print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
-?>
-		<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
-		<style>
-body{
-	background-color: #525252;
-}
-.centered-form{
-	margin-top: 60px;
-}
+		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
+		?>
+			<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
+			<style>
+			body{
+				background-color: #525252;
+			}
+		.centered-form{
+			margin-top: 60px;
+		}
 
-.centered-form .panel{
-	background: rgba(255, 255, 255, 0.8);
-	box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
-}
+		.centered-form .panel{
+background: rgba(255, 255, 255, 0.8);
+	    box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
+		}
 		</style>
-		<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
-	</head>
-	<body>
-		<div class="container">
+			<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
+			<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
+			</head>
+			<body>
+			<div class="container">
 			<div class="row centered-form">
-				<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
-					<div class="panel panel-default">
-						<div class="panel-heading">
-							<h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"] ; ?></h3>
-						</div>
-						<div class="panel-body">
-							<form name="appForm" role="form" action="verify_admin.php" method="GET">
-								<div class="row">
-									<div class="col-xs-6 col-sm-6 col-md-6">
-										<div class="form-group">
-											<input type="text" id="first_name" class="form-control input-sm"
-											value="<?php echo $first_name; ?>" disabled=true>
-										</div>
-									</div>
-									<div class="col-xs-6 col-sm-6 col-md-6">
-										<div class="form-group">
-											<input type="text" id="last_name" class="form-control input-sm"
-											value="<?php echo $last_name; ?>" disabled=true>
-										</div>
-									</div>
-								</div>
-
-								<div class="form-group">
-								<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
-								</div>
-
-								<div class="form-group">
-									<input type="text" id="username" class="form-control input-sm"
-									value="<?php echo $username; ?>" disabled=true>
-								</div>
-								<input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
-								<input type="submit" name="allow" value="Bestätigen" class="btn btn-info btn-block">
-								<input type="submit" name="deny" value="Ablehnen" class="btn btn-info btn-block">
-
-							</form>
-						</div>
-					</div>
-				</div>
+			<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
+			<div class="panel panel-default">
+			<div class="panel-heading">
+			<h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"] ; ?></h3>
+			</div>
+			<div class="panel-body">
+			<form name="appForm" role="form" action="verify_admin.php" method="GET">
+			<div class="row">
+			<div class="col-xs-6 col-sm-6 col-md-6">
+			<div class="form-group">
+			<input type="text" id="first_name" class="form-control input-sm"
+			value="<?php echo $first_name; ?>" disabled=true>
+			</div>
+			</div>
+			<div class="col-xs-6 col-sm-6 col-md-6">
+			<div class="form-group">
+			<input type="text" id="last_name" class="form-control input-sm"
+			value="<?php echo $last_name; ?>" disabled=true>
+			</div>
+			</div>
 			</div>
-		</div>
- <script type="text/javascript">
 
-<?php
+			<div class="form-group">
+			<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
+			</div>
+
+			<div class="form-group">
+			<input type="text" id="username" class="form-control input-sm"
+			value="<?php echo $username; ?>" disabled=true>
+			</div>
+			<input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
+			<input type="submit" name="allow" value="Bestätigen" class="btn btn-info btn-block">
+			<input type="submit" name="deny" value="Ablehnen" class="btn btn-info btn-block">
+
+			</form>
+			</div>
+			</div>
+			</div>
+			</div>
+			</div>
+			<script type="text/javascript">
+
+			<?php
 	} // else - no action provided
 } catch (Exception $e) {
 	print("<title>" . $language["REGISTRATION_FAILED"] . "</title>");
@@ -172,5 +179,5 @@ body{
 	print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
 }
 ?>
-	</body>
+</body>
 </html>