From c1f5f4d4515f4939d27522ebf31763b64f7de9ce Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Sat, 10 Feb 2018 18:01:42 +0100
Subject: [PATCH] first WIP implementation

---
 .gitignore           |   1 +
 MatrixConnection.php |  77 +++++++++++++++++
 config.sample.php    |   6 ++
 functions.php        |  52 +++++++++++
 lang.de.php          |  13 +++
 language.php         |   7 ++
 register.php         | 200 +++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 356 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 MatrixConnection.php
 create mode 100644 config.sample.php
 create mode 100644 functions.php
 create mode 100644 lang.de.php
 create mode 100644 language.php
 create mode 100644 register.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4f4773f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+config.php
diff --git a/MatrixConnection.php b/MatrixConnection.php
new file mode 100644
index 0000000..55c2ee3
--- /dev/null
+++ b/MatrixConnection.php
@@ -0,0 +1,77 @@
+<?php
+class MatrixConnection
+{
+	private $hs;
+	private $at;
+
+	function __construct($homeserver, $access_token) {
+		$this->hs = $homeserver;
+		$this->at = $access_token;
+	}
+
+	function send($room_id, $message) {
+		$send_message = NULL;
+		if (!$message) {
+			error_log("no message to send");
+		} elseif(is_array($message)) {
+			$send_message = $message;
+		} elseif ($message instanceof MatrixMessage) {
+			$sendmessage = $message->get_object();
+		} else {
+			error_log("message is of not valid type\n");
+			return false;
+		}
+
+		$url="https://".$this->hs."/_matrix/client/r0/rooms/"
+			. urlencode($room_id) ."/send/m.room.message?access_token=".$this->at;
+		$handle = curl_init($url);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+		curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($message));
+		curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+
+		return exec_curl_request($handle);
+	}
+
+	function send_msg($room_id, $message) {
+		return $this->send($room_id, array(
+					"msgtype" => "m.notice",
+					"body" => $message
+					)
+				);
+	}
+}
+
+class MatrixMessage
+{
+	private $message;
+
+	function __construct() {
+		$this->message = array(
+				"msgtype" => "m.notice",
+				);
+	}
+
+	function set_type($msgtype) {
+		$this->$message["msgtype"] = $msgtype;
+	}
+
+	function set_format($format) {
+		$this->message["format"] = $format;
+	}
+
+	function set_body($body) {
+		$this->message["body"] = $body;
+	}
+
+	function set_formatted_body($fbody, $format="org.matrix.custom.html") {
+		$this->message["formatted_body"] = $fbody;
+		$this->message["format"] = $format;
+	}
+
+	function get_object() {
+		return $this->message;
+	}
+}
+?>
diff --git a/config.sample.php b/config.sample.php
new file mode 100644
index 0000000..e998fdb
--- /dev/null
+++ b/config.sample.php
@@ -0,0 +1,6 @@
+<?php
+$homeserver = "example.com";
+$access_token = "To be used for sending the registration notification";
+$register_room = "$registerRoomID:example.com";
+$registration_shared_secret = "To be used for actually register the user";
+?>
diff --git a/functions.php b/functions.php
new file mode 100644
index 0000000..949df06
--- /dev/null
+++ b/functions.php
@@ -0,0 +1,52 @@
+<?php
+function abort($msg="Unknown")
+{
+	header("403 Forbidden");
+	$response = array(
+			"success" => false,
+			"message" => $msg
+			);
+	echo json_encode($response);
+	print("\n");
+	exit();
+}
+
+function exec_curl_request($handle)
+{
+	$response = curl_exec($handle);
+
+	if ($response === false) {
+		$errno = curl_errno($handle);
+		$error = curl_error($handle);
+		error_log("Curl returned error $errno: $error\n");
+		curl_close($handle);
+		return false;
+	}
+
+	$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
+	curl_close($handle);
+
+	if ($http_code >= 500) {
+		// do not want to DDOS server if something goes wrong
+		sleep(10);
+		return false;
+	} else if ($http_code != 200) {
+		$response = json_decode($response, true);
+		error_log("Request has failed with error {$response['error']}\n");
+		if ($http_code == 401) {
+			throw new Exception('Invalid access token provided');
+		}
+		return false;
+	} else {
+		$response = json_decode($response, true);
+		if (isset($response["event_id"])) {
+			$response = true;
+		} else {
+			$response = false;
+		}
+	}
+
+	return $response;
+
+}
+?>
diff --git a/lang.de.php b/lang.de.php
new file mode 100644
index 0000000..c1f4489
--- /dev/null
+++ b/lang.de.php
@@ -0,0 +1,13 @@
+<?php
+$language = array(
+"UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.",
+"UNKNOWN_USER_OR_PASSWORD" => "Nutzername und/oder Passwort(-Wiederholung) fehlen",
+"USERNAME_LENGTH_INVALID" => "Entweder mehr als 20 oder weniger als 3 Zeichen für den Nutzernamen verwendet",
+"USERNAME_NOT_ALNUM" => "Nutzername ist nicht alphanumerisch",
+"PASSWORD_NOT_MATCH" => "Passwörter stimmen nicht überein",
+"NOTE_LENGTH_EXEEDED" => "Notiz ist länger als die erlaubten 50 Zeichen",
+"EMAIL_INVALID_FORMAT" => "Keine valide E-Mail-Adresse angegeben",
+"FIRSTNAME_INVALID_FORMAT" => "Vorname hat ungültiges Format",
+"SIRNAME_INVALID_FORMAT" => "Nachname hat ungültiges Format",
+);
+?>
diff --git a/language.php b/language.php
new file mode 100644
index 0000000..17c3004
--- /dev/null
+++ b/language.php
@@ -0,0 +1,7 @@
+<?php
+$lang = "en";
+if(isset($_GET['lang'])){
+	$lang = $_GET['lang'];
+}
+require_once("lang.".$lang.".php");
+?>
diff --git a/register.php b/register.php
new file mode 100644
index 0000000..92683dd
--- /dev/null
+++ b/register.php
@@ -0,0 +1,200 @@
+<html>
+	<head>
+<?php
+include config.php;
+include language.php;
+
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
+}
+
+session_start();
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+	$success = false;
+	if (!isset($_SESSION["token"]) || !isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
+		// token not present or invalid
+		$message = $language["UNKNOWN_SESSION"];
+	}
+	elseif (!isset($_POST["username"], $_POST["password"], $_POST["password_confirm"])) {
+		$message = $language["UNKNOWN_USER_OR_PASSWORD"];
+	}
+	elseif (strlen($_POST["username"] > 20 || strlen($_POST["username"]) < 3)) {
+		$message = $language["USERNAME_LENGTH_INVALID"];
+	}
+	elseif (ctype_alnum($_POST['username']) != true) {
+		$message = $language["USERNAME_NOT_ALNUM"];
+	}
+	elseif ($_POST["password"] != $_POST["password_confirm"]) {
+		$message = $language["PASSWORD_NOT_MATCH"];
+	}
+	elseif (isset($_POST["note"]) && strlen($_POST["note"]) > 50) {
+		$message = $language["NOTE_LENGTH_EXEEDED"];
+	}
+	elseif (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+		$message = $language["EMAIL_INVALID_FORMAT"];
+	}
+	elseif (isset($_POST["first_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
+		$message = $language["FIRSTNAME_INVALID_FORMAT"];
+	}
+	elseif (isset($_POST["last_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
+		$message = $language["SIRNAME_INVALID_FORMAT"];
+	}
+	else {
+	// check valid password
+
+		$first = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
+		$last  = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
+		$user  = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
+		$pass  = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
+		$email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
+		$note  = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
+
+
+		$success = true;
+	}
+	if ($success) {
+		print("<title>Erfolgreich</title>");
+		print("</head><body>");
+		print("<h1>Erfolgreich</h1>");
+		print("<p>Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.</p>");
+		print("<a href=\"" . "/register.php" . "\">Zur Registrierungsseite</a>");
+	} else {
+		print("<title>".$message."</title>");
+		print("</head><body>");
+		print("<h1>" . $message . "</h1>");
+		print("<a href=\"" . "/register.php" . "\">Zur Registrierungsseite</a>");
+	}
+} else {
+	$_SESSION["token"] = bin2hex(random_bytes(16));
+?>
+		<title>Registriere dich für cg-s.tk</title>
+		<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
+		<style>
+body{
+	background-color: #525252;
+}
+.centered-form{
+	margin-top: 60px;
+}
+
+.centered-form .panel{
+	background: rgba(255, 255, 255, 0.8);
+	box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
+}
+		</style>
+		<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
+		<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
+	</head>
+	<body>
+		<div class="container">
+			<div class="row centered-form">
+				<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
+					<div class="panel panel-default">
+						<div class="panel-heading">
+							<h3 class="panel-title">Bitte für <?php echo $homeserver; ?> registrieren<small>2-Schritt-Registrierung</small></h3>
+						</div>
+						<div class="panel-body">
+							<form name="regForm" role="form" action="register.php" method="post">
+								<div class="row">
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" name="first_name" id="first_name" class="form-control input-sm"
+								placeholder="Vorname" pattern="[A-Z][a-z]+">
+										</div>
+									</div>
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" name="last_name" id="last_name" class="form-control input-sm"
+							      placeholder="Nachname" pattern="[A-Z][a-z]+">
+										</div>
+									</div>
+								</div>
+
+								<div class="form-group">
+									<input type="email" name="email" id="email" class="form-control input-sm" placeholder="E-Mail-Adresse" required>
+								</div>
+
+								<div class="form-group">
+									<input type="text" name="note" id="note" class="form-control input-sm" placeholder="Notiz zu dir (max. 50 Zeichen)">
+								</div>
+
+								<div class="form-group">
+									<input type="text" name="username" id="username" class="form-control input-sm"
+							  placeholder="Nutzername (für den Login)"
+	 pattern="[a-z1-9]{3,20}"
+  required>
+								</div>
+<?php /**
+								<div class="row">
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="password" name="password" id="password" class="form-control input-sm" placeholder="Passwort" required>
+										</div>
+									</div>
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="Passwort bestätigen" required>
+										</div>
+									</div>
+								</div>
+ */ ?>
+								<input type="hidden" name="token" id="token" value="<?php echo $_SESSION["token"]; ?>">
+								<input type="submit" value="Registrieren" class="btn btn-info btn-block">
+
+							</form>
+							<p>Hinweis: <br />
+							cg-s.tk is ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.<br />
+							Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet.
+							Hinterlasse also bitte einen Hinweis zu dir (der nur den entsprechenden Personen gezeigt wird).<br />
+							Liebe Grüße vom Team von cg-s.tk
+							</p>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+		<script type="text/javascript">
+var first_name = document.getElementById("first_name");
+first_name.oninvalid = function(event) {
+	event.target.setCustomValidity("Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
+}
+first_name.onkeyup = function(event) {
+	event.target.setCustomValidity("");
+}
+var last_name = document.getElementById("last_name");
+last_name.oninvalid = function(event) {
+	event.target.setCustomValidity("Nachname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
+}
+last_name.onkeyup = function(event) {
+	event.target.setCustomValidity("");
+}
+var user_name = document.getElementById("username");
+user_name.oninvalid = function(event) {
+	event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
+}
+user_name.onkeyup = function (event) {
+	event.target.setCustomValidity("");
+}
+<?php
+/** var password = document.getElementById("password")
+, confirm_password = document.getElementById("password_confirm");
+
+function validatePassword(){
+	if(password.value != confirm_password.value) {
+		confirm_password.setCustomValidity("Passwörter stimmen nicht überein");
+	} else {
+		confirm_password.setCustomValidity('');
+	}
+}
+
+password.onchange = validatePassword;
+confirm_password.onkeyup = validatePassword;
+*/
+} /* close METHOD != POST */
+?>
+		</script>
+	</body>
+</html>