From 6143a23dd8fedab16328ff9e43e58e515624c78a Mon Sep 17 00:00:00 2001 From: Krombel Date: Mon, 16 Apr 2018 14:29:40 +0200 Subject: [PATCH] autoformat to reduce merge conflicts --- public/index.php | 403 ++++++++++++++++++++-------------------- public/verify.php | 115 ++++++------ public/verify_admin.php | 298 +++++++++++++++-------------- 3 files changed, 404 insertions(+), 412 deletions(-) diff --git a/public/index.php b/public/index.php index ede9a46..af5ebe6 100644 --- a/public/index.php +++ b/public/index.php @@ -13,17 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - // enforce admin via https if (!isset($_SERVER['HTTPS'])) { - header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301); - exit(); + header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301); + exit(); } require_once "../language.php"; if (!file_exists("../config.php")) { - print($language["NO_CONFIGURATION"]); - exit(); + print($language["NO_CONFIGURATION"]); + exit(); } require_once "../config.php"; @@ -36,219 +35,215 @@ if (isset($config["operationMode"]) && $config["operationMode"] === "local") { // currently the case to store the password on our own is the only supported one $storePassword = false; if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] && - isset($config["operationMode"]) && $config["operationMode"] === "synapse") { + isset($config["operationMode"]) && $config["operationMode"] === "synapse") { $storePassword = true; } session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST") { - try { - if (!isset($_SESSION["token"]) || !isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) { - // token not present or invalid - throw new Exception("UNKNOWN_SESSION"); - } - if (!isset($_POST["username"])) { - throw new Exception("UNKNOWN_USERNAME"); - } - if (strlen($_POST["username"] > 20 || strlen($_POST["username"]) < 3)) { - throw new Exception("USERNAME_LENGTH_INVALID"); - } - if (ctype_alnum($_POST['username']) != true) { - throw new Exception("USERNAME_NOT_ALNUM"); - } - if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] && - $_POST["password"] != $_POST["password_confirm"]) { - throw new Exception("PASSWORD_NOT_MATCH"); - } - if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) { - throw new Exception("NOTE_LENGTH_EXEEDED"); - } - if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { - throw new Exception("EMAIL_INVALID_FORMAT"); - } - if ($storeFirstLastName) { - // only require first_name and last_name when we will evaluate them - if (!isset($_POST["first_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) { - throw new Exception("FIRSTNAME_INVALID_FORMAT"); - } - if (!isset($_POST["last_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) { - throw new Exception("SIRNAME_INVALID_FORMAT"); - } - $first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING); - $last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING); - } else { - $first_name = $last_name = ""; - } + try { + if (!isset($_SESSION["token"]) || !isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) { + // token not present or invalid + throw new Exception("UNKNOWN_SESSION"); + } + if (!isset($_POST["username"])) { + throw new Exception("UNKNOWN_USERNAME"); + } + if (strlen($_POST["username"] > 20 || strlen($_POST["username"]) < 3)) { + throw new Exception("USERNAME_LENGTH_INVALID"); + } + if (ctype_alnum($_POST['username']) != true) { + throw new Exception("USERNAME_NOT_ALNUM"); + } + if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] && + $_POST["password"] != $_POST["password_confirm"]) { + throw new Exception("PASSWORD_NOT_MATCH"); + } + if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) { + throw new Exception("NOTE_LENGTH_EXEEDED"); + } + if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { + throw new Exception("EMAIL_INVALID_FORMAT"); + } + if ($storeFirstLastName) { + // only require first_name and last_name when we will evaluate them + if (!isset($_POST["first_name"]) || !preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) { + throw new Exception("FIRSTNAME_INVALID_FORMAT"); + } + if (!isset($_POST["last_name"]) || !preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) { + throw new Exception("SIRNAME_INVALID_FORMAT"); + } + $first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING); + $last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING); + } else { + $first_name = $last_name = ""; + } - $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING); - if ($storePassword && isset($_POST["password"])) { - $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING); - } - $note = filter_var($_POST["note"], FILTER_SANITIZE_STRING); - $email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL); + $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING); + if ($storePassword && isset($_POST["password"])) { + $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING); + } + $note = filter_var($_POST["note"], FILTER_SANITIZE_STRING); + $email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL); - require_once("../database.php"); - $res = $mx_db->addRegistration($first_name, $last_name, $username, $note, $email); + require_once("../database.php"); + $res = $mx_db->addRegistration($first_name, $last_name, $username, $note, $email); - if (!isset($res["verify_token"])) { - error_log("sth. went wrong. registration did not throw but admin_token not set"); - throw Exception ("Unknown Error"); - } - $verify_token = $res["verify_token"]; + if (!isset($res["verify_token"])) { + error_log("sth. went wrong. registration did not throw but admin_token not set"); + throw Exception("Unknown Error"); + } + $verify_token = $res["verify_token"]; - $verify_url = $config["webroot"] . "/verify.php?t=" . $verify_token; - require_once "../mail_templates.php"; - $success = send_mail_pending_verification( - $config["homeserver"], - $storeFirstLastName ? $first_name . " " . $last_name : $username, - $email, - $verify_url); + $verify_url = $config["webroot"] . "/verify.php?t=" . $verify_token; + require_once "../mail_templates.php"; + $success = send_mail_pending_verification( + $config["homeserver"], $storeFirstLastName ? $first_name . " " . $last_name : $username, $email, $verify_url); - $mx_db->setRegistrationStateVerify( - ($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend), - $verify_token); + $mx_db->setRegistrationStateVerify( + ($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend), $verify_token); - print("Erfolgreich"); - print(""); - print("

Erfolgreich

"); - print("

Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.

"); - print("Zur Registrierungsseite"); - } catch (Exception $e) { - print("" . $language["REGISTRATION_REQUEST_FAILED"] . ""); - print(""); - print("

" . $language["REGISTRATION_REQUEST_FAILED"] . "

"); - if (isset($language[$e->getMessage()])) { - print("

" . $language[$e->getMessage()] . "

"); - } else { - print("

" . $e->getMessage() . "

"); - } - print("Zur Registrierungsseite"); - } + print("Erfolgreich"); + print(""); + print("

Erfolgreich

"); + print("

Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.

"); + print("Zur Registrierungsseite"); + } catch (Exception $e) { + print("" . $language["REGISTRATION_REQUEST_FAILED"] . ""); + print(""); + print("

" . $language["REGISTRATION_REQUEST_FAILED"] . "

"); + if (isset($language[$e->getMessage()])) { + print("

" . $language[$e->getMessage()] . "

"); + } else { + print("

" . $e->getMessage() . "

"); + } + print("Zur Registrierungsseite"); + } } else { - $_SESSION["token"] = bin2hex(random_bytes(16)); -?> - Registriere dich für <?php echo $config["homeserver"]; ?> - - - - - - -
-
-
-
-
-

Bitte für registrieren2-Schritt-Registrierung

-
-
-
- -
-
-
- -
-
-
-
- -
-
-
- - -
- -
- -
- -
- -
- -
- -
-
-
- -
-
-
-
- -
-
-
- - "> - - -
-

Hinweis:
- ist ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.
- Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet. - Hinterlasse also bitte einen Hinweis zu dir (der nur den entsprechenden Personen gezeigt wird).
- Liebe Grüße vom Team von -

-
-
-
-
-
- + + + +
+
+
+
+
+

Bitte für registrieren2-Schritt-Registrierung

+
+
+
- var first_name = document.getElementById("first_name"); - first_name.oninvalid = function(event) { - event.target.setCustomValidity("Vorname muss das Format haben"); - } - first_name.onkeyup = function(event) { - event.target.setCustomValidity(""); - } - var last_name = document.getElementById("last_name"); - last_name.oninvalid = function(event) { - event.target.setCustomValidity("Nachname muss das Format haben"); - } - last_name.onkeyup = function(event) { - event.target.setCustomValidity(""); - } +
+
+
+ +
+
+
+
+ +
+
+
+ + +
+ +
+ +
+ +
+ +
+ +
+ +
+
+
+ +
+
+
+
+ +
+
+
+ + "> + + + +

Hinweis:
+ ist ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.
+ Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet. + Hinterlasse also bitte einen Hinweis zu dir (der nur den entsprechenden Personen gezeigt wird).
+ Liebe Grüße vom Team von +

+
+
+
+
+
+ + - + diff --git a/public/verify.php b/public/verify.php index b46b900..605e528 100644 --- a/public/verify.php +++ b/public/verify.php @@ -15,82 +15,81 @@ */ require_once "../language.php"; if (!file_exists("../config.php")) { - print($language["NO_CONFIGURATION"]); - exit(); + print($language["NO_CONFIGURATION"]); + exit(); } require_once "../config.php"; require_once "../mail_templates.php"; // enforce admin via https if (!isset($_SERVER['HTTPS'])) { - header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301); - exit(); + header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301); + exit(); } session_start(); try { - if ($_SERVER["REQUEST_METHOD"] != "GET") { - throw new Exception("Method not allowed"); - } - if (!isset($_GET["t"])) { - throw new Exception("UNKNOWN_TOKEN"); - } - $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING); + if ($_SERVER["REQUEST_METHOD"] != "GET") { + throw new Exception("Method not allowed"); + } + if (!isset($_GET["t"])) { + throw new Exception("UNKNOWN_TOKEN"); + } + $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING); - require_once("../database.php"); + require_once("../database.php"); - $user = $mx_db->getUserForVerify($token); - if ($user == NULL) { - throw new Exception("UNKNOWN_TOKEN"); - } - $first_name = $user["first_name"]; - $last_name = $user["last_name"]; - $username = $user["username"]; - $note = $user["note"]; - $email = $user["email"]; - $admin_token = $user["admin_token"]; + $user = $mx_db->getUserForVerify($token); + if ($user == NULL) { + throw new Exception("UNKNOWN_TOKEN"); + } + $first_name = $user["first_name"]; + $last_name = $user["last_name"]; + $username = $user["username"]; + $note = $user["note"]; + $email = $user["email"]; + $admin_token = $user["admin_token"]; - require_once("../MatrixConnection.php"); - $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token; - $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]); - $mxMsg = new MatrixMessage(); - $mxMsg->set_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username) - . " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n" - . $note . "\r\n" - . "Zum Bearbeiten hier klicken:\r\n" . $adminUrl); - $mxMsg->set_formatted_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username) - . " möchte sich registrieren und hat folgende Notiz hinterlassen:
" - . $note . "
" - . "Zum Bearbeiten hier klicken"); - $mxMsg->set_type("m.text"); - $response = $mxConn->send($config["register_room"], $mxMsg); + require_once("../MatrixConnection.php"); + $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token; + $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]); + $mxMsg = new MatrixMessage(); + $mxMsg->set_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username) + . " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n" + . $note . "\r\n" + . "Zum Bearbeiten hier klicken:\r\n" . $adminUrl); + $mxMsg->set_formatted_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username) + . " möchte sich registrieren und hat folgende Notiz hinterlassen:
" + . $note . "
" + . "Zum Bearbeiten hier klicken"); + $mxMsg->set_type("m.text"); + $response = $mxConn->send($config["register_room"], $mxMsg); - if ($response) { - $message = $language["SEND_MATRIX_FAIL"]; - } - $mx_db->setRegistrationStateVerify( - ($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), - $token); + if ($response) { + $message = $language["SEND_MATRIX_FAIL"]; + } + $mx_db->setRegistrationStateVerify( + ($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token); - send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email); + send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email); - print("" . $language["VERIFICATION_SUCEEDED"] . ""); - print(""); - print("

" . $language["VERIFICATION_SUCEEDED"] . "

"); - print("

" . $language["VERIFICATION_SUCCESS_BODY"] . "

"); - print("Zur Registrierungsseite"); + print("" . $language["VERIFICATION_SUCEEDED"] . ""); + print(""); + print("

" . $language["VERIFICATION_SUCEEDED"] . "

"); + print("

" . $language["VERIFICATION_SUCCESS_BODY"] . "

"); + print("Zur Registrierungsseite"); } catch (Exception $e) { - print("" . $language["VERIFICATION_FAILED"] . ""); - print(""); - print("

" . $language["VERIFICATION_FAILED"] . "

"); - if (isset($language[$e->getMessage()])) { - print("

" . $language[$e->getMessage()] . "

"); - } else { - print("

" . $e->getMessage() . "

"); - } - print("Zur Registrierungsseite"); + print("" . $language["VERIFICATION_FAILED"] . ""); + print(""); + print("

" . $language["VERIFICATION_FAILED"] . "

"); + if (isset($language[$e->getMessage()])) { + print("

" . $language[$e->getMessage()] . "

"); + } else { + print("

" . $e->getMessage() . "

"); + } + print("Zur Registrierungsseite"); } ?> - + diff --git a/public/verify_admin.php b/public/verify_admin.php index 6235ed7..8cdc928 100644 --- a/public/verify_admin.php +++ b/public/verify_admin.php @@ -15,177 +15,175 @@ */ require_once "../language.php"; if (!file_exists("../config.php")) { - print($language["NO_CONFIGURATION"]); - exit(); + print($language["NO_CONFIGURATION"]); + exit(); } require_once "../config.php"; require_once "../mail_templates.php"; // enforce admin via https if (!isset($_SERVER['HTTPS'])) { - header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301); - exit(); + header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301); + exit(); } session_start(); try { - if ($_SERVER["REQUEST_METHOD"] != "GET") { - throw new Exception("Method not allowed"); - } - if (!isset($_GET["t"])) { - throw new Exception("UNKNOWN_TOKEN"); - } - $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING); + if ($_SERVER["REQUEST_METHOD"] != "GET") { + throw new Exception("Method not allowed"); + } + if (!isset($_GET["t"])) { + throw new Exception("UNKNOWN_TOKEN"); + } + $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING); - require_once("../database.php"); + require_once("../database.php"); - $action = NULL; - if (isset($_GET["allow"])) { - $action = RegisterState::RegistrationAccepted; - } - $decline_reason = NULL; - if (isset($_GET["deny"])) { - $action = RegisterState::RegistrationDeclined; - if (isset($_GET["reason"])) { - $decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING); - } - } + $action = NULL; + if (isset($_GET["allow"])) { + $action = RegisterState::RegistrationAccepted; + } + $decline_reason = NULL; + if (isset($_GET["deny"])) { + $action = RegisterState::RegistrationDeclined; + if (isset($_GET["reason"])) { + $decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING); + } + } - $user = $mx_db->getUserForApproval($token); - if ($user == NULL) { - throw new Exception("UNKNOWN_TOKEN"); - } + $user = $mx_db->getUserForApproval($token); + if ($user == NULL) { + throw new Exception("UNKNOWN_TOKEN"); + } - $first_name = $user["first_name"]; - $last_name = $user["last_name"]; - $username = $user["username"]; - $note = $user["note"]; - $email = $user["email"]; + $first_name = $user["first_name"]; + $last_name = $user["last_name"]; + $username = $user["username"]; + $note = $user["note"]; + $email = $user["email"]; - if ($action == RegisterState::RegistrationAccepted) { - $mx_db->setRegistrationStateAdmin(RegisterState::PendingRegistration, $token); + if ($action == RegisterState::RegistrationAccepted) { + $mx_db->setRegistrationStateAdmin(RegisterState::PendingRegistration, $token); - // register user - require_once("../MatrixConnection.php"); - $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]); + // register user + require_once("../MatrixConnection.php"); + $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]); - // generate a password with 8 characters - $password = $mx_db->addUser($first_name, $last_name, $username, $email); - if ($password != NULL) { - // send registration_success - $res = send_mail_registration_success($config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]); - if ($res) { - $mx_db->setRegistrationStateAdmin(RegisterState::AllDone, $token); - } else { - $mx_db->setRegistrationStateAdmin(RegisterState::PendingSendRegistrationMail, $token); - } - } else { - send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email); - $mxMsg = new MatrixMessage(); - $mxMsg->set_type("m.text"); - $mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . "."); - $mxConn->send($config["register_room"], $mxMsg); - throw new Exception("REGISTRATION_FAILED"); - } + // generate a password with 8 characters + $password = $mx_db->addUser($first_name, $last_name, $username, $email); + if ($password != NULL) { + // send registration_success + $res = send_mail_registration_success($config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]); + if ($res) { + $mx_db->setRegistrationStateAdmin(RegisterState::AllDone, $token); + } else { + $mx_db->setRegistrationStateAdmin(RegisterState::PendingSendRegistrationMail, $token); + } + } else { + send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email); + $mxMsg = new MatrixMessage(); + $mxMsg->set_type("m.text"); + $mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . "."); + $mxConn->send($config["register_room"], $mxMsg); + throw new Exception("REGISTRATION_FAILED"); + } - print("" . $language["ADMIN_VERIFY_SITE_TITLE"] . ""); - print(""); - print("

" . $language["ADMIN_VERIFY_SITE_TITLE"] . "

"); - print("

" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "

"); - } elseif ($action == RegisterState::RegistrationDeclined) { - $mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token); - send_mail_registration_decline( - $config["homeserver"], - strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username, - $email, - $decline_reason - ); - print("" . $language["ADMIN_VERIFY_SITE_TITLE"] . ""); - print(""); - print("

" . $language["ADMIN_VERIFY_SITE_TITLE"] . "

"); - print("

" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "

"); - } else { + print("" . $language["ADMIN_VERIFY_SITE_TITLE"] . ""); + print(""); + print("

" . $language["ADMIN_VERIFY_SITE_TITLE"] . "

"); + print("

" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "

"); + } elseif ($action == RegisterState::RegistrationDeclined) { + $mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token); + send_mail_registration_decline( + $config["homeserver"], strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username, $email, $decline_reason + ); + print("" . $language["ADMIN_VERIFY_SITE_TITLE"] . ""); + print(""); + print("

" . $language["ADMIN_VERIFY_SITE_TITLE"] . "

"); + print("

" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "

"); + } else { - print("" . $language["ADMIN_VERIFY_SITE_TITLE"] . ""); - ?> - - - - - - -
-
-
-
-
-

-
-
-
- -
-
-
- -
-
-
-
- -
-
-
- -
- -
+ .centered-form .panel{ + background: rgba(255, 255, 255, 0.8); + box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px; + } + + + + + +
+
+
+
+
+

+
+
+ + +
+
+
+ +
+
+
+
+ +
+
+
+ +
+ +
-
- -
- - - +
+ +
+ + + - -
-
-
-
-
-