implement hasUser(localpart), RegisterState add verify{_admin}.php

- fixes

public/verify_admin.php

@@ -0,0 +1,164 @@
+<html>
+	<head>
+<?php
+require_once "../language.php";
+if (!file_exists("../config.php")) {
+	print($language["NO_CONFIGURATION"]);
+	exit();
+}
+require_once "../config.php";
+require_once "../mail_templates.php";
+
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
+}
+
+session_start();
+
+try {
+	if ($_SERVER["REQUEST_METHOD"] == "GET") {
+		throw new Exception("Method not allowed");
+	}
+	if (!isset($_GET["t"])) {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+	$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
+
+	$action = NULL;
+	if (isset($_GET("allow")) {
+		$action = RegisterState::RegistrationAccepted;
+	}
+	if (isset($_GET("deny")) {
+		$action = RegisterState::RegistrationDeclined;
+	}
+
+	require_once("../database.php");
+
+	$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $token . "' LIMIT 1;";
+	$res = $db->query($sql);
+
+	$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
+
+	if ($res->fetchColumn() > 0) {
+		$sql = "SELECT first_name, last_name, username, note, email FROM registrations WHERE admin_token = '" . $token . "' LIMIT 1;";
+		foreach ($db->query($sql) as $row) {
+			// will only be executed once
+			$first_name = $row["first_name"];
+			$last_name = $row["last_name"];
+			$username = $row["username"];
+			$note = $row["note"];
+			$email = $row["email"];
+		}
+	} else {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+
+	if ($action == RegisterState::RegistrationAccepted) {
+		$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted)
+			. " WHERE admin_token = \"" . $token. "\";");
+
+		// register user
+		require_once("MatrixConnection.php");
+		$mxConn = new MatrixConnection($homeserver, $access_token);
+
+		// generate a password with 8 characters
+		$password = bin2hex(openssl_random_pseudo_bytes(4));
+
+		$res = $mxConn->register($username, $password, $shared_secret);
+
+		// send registration_success
+		send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL)
+	} elseif ($action == RegisterState::RegistrationDeclined) {
+		$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationAccepted)
+			. " WHERE admin_token = \"" . $token. "\";");
+	}
+
+	$adminUrl = $webroot . "/admin_verify.php?t=" . $admin_token;
+	print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
+?>
+		<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
+		<style>
+body{
+	background-color: #525252;
+}
+.centered-form{
+	margin-top: 60px;
+}
+
+.centered-form .panel{
+	background: rgba(255, 255, 255, 0.8);
+	box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
+}
+		</style>
+		<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
+		<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
+	</head>
+	<body>
+		<div class="container">
+			<div class="row centered-form">
+				<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
+					<div class="panel panel-default">
+						<div class="panel-heading">
+							<h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"] ; ?></h3>
+						</div>
+						<div class="panel-body">
+							<form name="appForm" role="form" action="verify_admin.php" method="GET">
+								<div class="row">
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" id="first_name" class="form-control input-sm"
+											value="<?php echo $first_name; ?>" disabled=true>
+										</div>
+									</div>
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" id="last_name" class="form-control input-sm"
+											value="<?php echo $last_name; ?>" disabled=true>
+										</div>
+									</div>
+								</div>
+
+								<div class="form-group">
+								<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
+								</div>
+
+								<div class="form-group">
+									<input type="text" id="username" class="form-control input-sm"
+									value="<?php echo $username; ?>" disabled=true>
+								</div>
+								<input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
+								<input type="submit" name="allow" value="Bestätigen" class="btn btn-info btn-block">
+								<input type="submit" name="deny" value="Ablehnen" class="btn btn-info btn-block">
+
+							</form>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+ <script type="text/javascript">
+
+	if ($response) {
+		$message = $language["SEND_MATRIX_FAIL"];
+	}
+	$db->exec("UPDATE registrations SET state = " .
+		($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend)
+		. " WHERE verify_token = \"" . $verify_token. "\";");
+
+	print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>");
+	print("</head><body>");
+	print("<h1>" . $language["VERIFICATION_SUCEEDED"] . "</h1>");
+	print("<p>" . $language["VERIFICATION_SUCCESS_BODY"] . "</p>");
+	print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
+} catch (Exception $e) {
+	print("<title>" . $language["VERIFICATION_FAILED"] . "</title>");
+	print("</head><body>");
+	print("<h1>" . $language["VERIFICATION_FAILED"] . "</h1>");
+	print("<p>" . $e->getMessage() . "</p>");
+	print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
+}
+?>
+	</body>
+</html>