diff --git a/cron.php b/cron.php index cc7b2e0..8c5aba8 100644 --- a/cron.php +++ b/cron.php @@ -19,7 +19,9 @@ require_once(__DIR__ . "/language.php"); require_once(__DIR__ . "/mail_templates.php"); require_once(__DIR__ . "/database.php"); -$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations " +$sql = "SELECT id, first_name, last_name, username, password, email," + . " state, note, verify_token, admin_token " + . "FROM registrations " . "WHERE state = " . RegisterState::PendingEmailSend . " OR state = " . RegisterState::PendingAdminSend . " OR state = " . RegisterState::PendingRegistration @@ -87,7 +89,7 @@ foreach ($mx_db->query($sql) as $row) { break; case "local": // register by adding a user to the local database - $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["email"]); + $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["password"], $row["email"]); break; default: throw new Exception("Unknown operationMode"); diff --git a/database.php b/database.php index f53a5be..d42f902 100644 --- a/database.php +++ b/database.php @@ -98,7 +98,7 @@ class mxDatabase { )"); // make sure the bot is allowed to login if (!$this->userRegistered("register_bot")) { - $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]); + $password = $this->addUser("Register", "Bot", "register_bot", NULL, $config["register_email"]); $config["register_password"] = $password; $myfile = fopen(dirname(__FILE__) . "/config.json", "w"); fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT)); @@ -283,14 +283,16 @@ class mxDatabase { * NULL when failed * */ - function addUser($first_name, $last_name, $username, $email) { + function addUser($first_name, $last_name, $username, $password, $email) { // check if user already exists and abort in that case if ($this->userRegistered($username)) { return NULL; } - // generate a password with 10 characters - $password = bin2hex(openssl_random_pseudo_bytes(5)); + if ($password == NULL) { + // generate a password with 10 characters + $password = bin2hex(openssl_random_pseudo_bytes(5)); + } $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]); $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES " diff --git a/public/verify_admin.php b/public/verify_admin.php index 3028eee..e3c6b09 100644 --- a/public/verify_admin.php +++ b/public/verify_admin.php @@ -72,16 +72,16 @@ try { $password = NULL; $use_db_password = (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]); + if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) { + $password = $user["password"]; + } else { + $use_db_password = false; + // generate a password with 10 characters + $password = bin2hex(openssl_random_pseudo_bytes(5)); + } switch ($config["operationMode"]) { case "synapse": // register with registration_shared_secret - if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) { - $password = $user["password"]; - } else { - $use_db_password = false; - // generate a password with 10 characters - $password = bin2hex(openssl_random_pseudo_bytes(5)); - } $res = $mxConn->register($username, $password, $config["registration_shared_secret"]); if (!$res) { // something went wrong while registering @@ -90,8 +90,7 @@ try { break; case "local": // register by adding a user to the local database - $use_db_password = false; // requires restructure to use db-provided pw - $password = $mx_db->addUser($first_name, $last_name, $username, $email); + $password = $mx_db->addUser($first_name, $last_name, $username, $password, $email); break; default: throw new Exception("Unknown operationMode");