krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

only allow actions (admin) when in right state; prepare decline reason

Browse Source 
- fixes on path's and varnames
This commit is contained in:
Matthias
2018-02-23 17:43:08 +01:00
parent e88eb13d91
commit e38d201ec1
6 changed files with 57 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
public/verify_admin.php
View File

@@ -18,7 +18,7 @@ if (!isset($_SERVER['HTTPS'])) {
session_start();
try {
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if ($_SERVER["REQUEST_METHOD"] != "GET") {
throw new Exception("Method not allowed");
}
if (!isset($_GET["t"])) {
@@ -26,23 +26,28 @@ try {
}
$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
$action = NULL;
if (isset($_GET("allow")) {
$action = RegisterState::RegistrationAccepted;
}
if (isset($_GET("deny")) {
$action = RegisterState::RegistrationDeclined;
}
require_once("../database.php");
$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $token . "' LIMIT 1;";
$res = $db->query($sql);
$action = NULL;
if (isset($_GET["allow"])) {
$action = RegisterState::RegistrationAccepted;
}
$decline_reason = "Noch nicht implementiert";
if (isset($_GET["deny"])) {
$action = RegisterState::RegistrationDeclined;
if (isset($_GET["reason"])) {
$decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING);
}
}
$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $token
. "' AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
$res = $db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, username, note, email FROM registrations WHERE admin_token = '" . $token . "' LIMIT 1;";
$sql = "SELECT first_name, last_name, username, note, email FROM registrations WHERE admin_token = '" . $token
. "' AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
foreach ($db->query($sql) as $row) {
// will only be executed once
$first_name = $row["first_name"];
@@ -56,26 +61,43 @@ try {
}
if ($action == RegisterState::RegistrationAccepted) {
$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted)
$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted
. " WHERE admin_token = \"" . $token. "\";");
// register user
require_once("MatrixConnection.php");
require_once("../MatrixConnection.php");
$mxConn = new MatrixConnection($homeserver, $access_token);
// generate a password with 8 characters
$password = bin2hex(openssl_random_pseudo_bytes(4));
$res = $mxConn->register($username, $password, $shared_secret);
$res = $mxConn->register($username, $password, $registration_shared_secret);
if ($res) {
// send registration_success
send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
} else {
send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
$mxMsg = new MatrixMessage();
$mxMsg->set_type("m.text");
$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
$mxConn->send($register_room, $mxMsg);
throw new Exception($language["REGISTRATION_FAILED"]);
}
// send registration_success
send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL)
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
print("</head><body>");
print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
} elseif ($action == RegisterState::RegistrationDeclined) {
$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted)
$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationDeclined
. " WHERE admin_token = \"" . $token. "\";");
}
send_mail_registration_decline($homeserver, $first_name . " " . $last_name, $email, $decline_reason);
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
print("</head><body>");
print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
print("<p>" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "</p>");
} else {
$adminUrl = $webroot . "/admin_verify.php?t=" . $admin_token;
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
?>
<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
@@ -140,22 +162,12 @@ body{
</div>
<script type="text/javascript">
if ($response) {
$message = $language["SEND_MATRIX_FAIL"];
}
$db->exec("UPDATE registrations SET state = " .
($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend)
. " WHERE verify_token = \"" . $verify_token. "\";");
print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>");
print("</head><body>");
print("<h1>" . $language["VERIFICATION_SUCEEDED"] . "</h1>");
print("<p>" . $language["VERIFICATION_SUCCESS_BODY"] . "</p>");
print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
<?php
} // else - no action provided
} catch (Exception $e) {
print("<title>" . $language["VERIFICATION_FAILED"] . "</title>");
print("<title>" . $language["REGISTRATION_FAILED"] . "</title>");
print("</head><body>");
print("<h1>" . $language["VERIFICATION_FAILED"] . "</h1>");
print("<h1>" . $language["REGISTRATION_FAILED"] . "</h1>");
print("<p>" . $e->getMessage() . "</p>");
print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
}