diff --git a/MatrixConnection.php b/MatrixConnection.php
index dd04201..1ae1f81 100644
--- a/MatrixConnection.php
+++ b/MatrixConnection.php
@@ -1,4 +1,5 @@
hs = $homeserver;
- $this->at = $access_token;
- }
+ private $hs;
+ private $at;
- function send($room_id, $message) {
- if (!$this->at) {
- error_log("No access token defined");
- return false;
- }
+ function __construct($homeserver, $access_token) {
+ $this->hs = $homeserver;
+ $this->at = $access_token;
+ }
- $send_message = NULL;
- if (!$message) {
- error_log("no message to send");
- return false;
- } elseif(is_array($message)) {
- $send_message = $message;
- } elseif ($message instanceof MatrixMessage) {
- $send_message = $message->get_object();
- } else {
- error_log("message is of not valid type\n");
- return false;
- }
+ function send($room_id, $message) {
+ if (!$this->at) {
+ error_log("No access token defined");
+ return false;
+ }
- $url="https://".$this->hs."/_matrix/client/r0/rooms/"
- . urlencode($room_id) ."/send/m.room.message?access_token=".$this->at;
- $handle = curl_init($url);
- curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($handle, CURLOPT_TIMEOUT, 60);
- curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message));
- curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+ $send_message = NULL;
+ if (!$message) {
+ error_log("no message to send");
+ return false;
+ } elseif (is_array($message)) {
+ $send_message = $message;
+ } elseif ($message instanceof MatrixMessage) {
+ $send_message = $message->get_object();
+ } else {
+ error_log("message is of not valid type\n");
+ return false;
+ }
- $response = $this->exec_curl_request($handle);
- return isset($response["event_id"]);
- }
+ $url = "https://" . $this->hs . "/_matrix/client/r0/rooms/"
+ . urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at;
+ $handle = curl_init($url);
+ curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+ curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+ curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message));
+ curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
- function send_msg($room_id, $message) {
- return $this->send($room_id, array(
- "msgtype" => "m.notice",
- "body" => $message
- )
- );
- }
+ $response = $this->exec_curl_request($handle);
+ return isset($response["event_id"]);
+ }
- function hasUser($username) {
- if (!$username) {
- throw new Exception ("no user given to lookup");
- }
+ function send_msg($room_id, $message) {
+ return $this->send($room_id, array(
+ "msgtype" => "m.notice",
+ "body" => $message
+ )
+ );
+ }
- $url = "https://".$this->hs."/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
- $handle = curl_init($url);
- curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($handle, CURLOPT_TIMEOUT, 60);
- curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+ function hasUser($username) {
+ if (!$username) {
+ throw new Exception("no user given to lookup");
+ }
- $res = $this->exec_curl_request($handle);
- return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN");
- }
+ $url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
+ $handle = curl_init($url);
+ curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+ curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+ curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
- function register($username, $password, $shared_secret) {
- if (!$username) {
- error_log("no username provided");
- }
- if (!$password) {
- error_log("no message to send");
- }
+ $res = $this->exec_curl_request($handle);
+ return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN");
+ }
- $mac = hash_hmac('sha1', $username, $shared_secret);
+ function register($username, $password, $shared_secret) {
+ if (!$username) {
+ error_log("no username provided");
+ }
+ if (!$password) {
+ error_log("no message to send");
+ }
- $data = array(
- "username" => $username,
- "password" => $password,
- "mac" => $mac,
- );
- $url = "https://".$this->hs."/_matrix/client/v2_alpha/register";
- $handle = curl_init($url);
- curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($handle, CURLOPT_TIMEOUT, 60);
- curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
- curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data));
+ $mac = hash_hmac('sha1', $username, $shared_secret);
- return $this->exec_curl_request($handle);
- }
+ $data = array(
+ "username" => $username,
+ "password" => $password,
+ "mac" => $mac,
+ );
+ $url = "https://" . $this->hs . "/_matrix/client/v2_alpha/register";
+ $handle = curl_init($url);
+ curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+ curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+ curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+ curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data));
- function exec_curl_request($handle) {
- $response = curl_exec($handle);
- if ($response === false) {
- $errno = curl_errno($handle);
- $error = curl_error($handle);
- error_log("Curl returned error $errno: $error\n");
- curl_close($handle);
- return false;
- }
- $http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
- curl_close($handle);
+ return $this->exec_curl_request($handle);
+ }
+
+ function exec_curl_request($handle) {
+ $response = curl_exec($handle);
+ if ($response === false) {
+ $errno = curl_errno($handle);
+ $error = curl_error($handle);
+ error_log("Curl returned error $errno: $error\n");
+ curl_close($handle);
+ return false;
+ }
+ $http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
+ curl_close($handle);
+
+ if ($http_code >= 500) {
+ // do not want to DDOS server if something goes wrong
+ sleep(10);
+ return false;
+ } else if ($http_code != 200) {
+ $response = json_decode($response, true);
+ error_log("Request has failed with error {$response['error']}\n");
+ if ($http_code == 401) {
+ throw new Exception('Invalid access token provided');
+ }
+ } else {
+ $response = json_decode($response, true);
+ }
+ return $response;
+ }
- if ($http_code >= 500) {
- // do not want to DDOS server if something goes wrong
- sleep(10);
- return false;
- } else if ($http_code != 200) {
- $response = json_decode($response, true);
- error_log("Request has failed with error {$response['error']}\n");
- if ($http_code == 401) {
- throw new Exception('Invalid access token provided');
- }
- } else {
- $response = json_decode($response, true);
- }
- return $response;
- }
}
-class MatrixMessage
-{
- private $message;
+class MatrixMessage {
- function __construct() {
- $this->message = ["msgtype" => "m.notice"];
- }
+ private $message;
- function set_type($msgtype) {
- $this->message["msgtype"] = $msgtype;
- }
+ function __construct() {
+ $this->message = ["msgtype" => "m.notice"];
+ }
- function set_format($format) {
- $this->message["format"] = $format;
- }
+ function set_type($msgtype) {
+ $this->message["msgtype"] = $msgtype;
+ }
- function set_body($body) {
- $this->message["body"] = $body;
- }
+ function set_format($format) {
+ $this->message["format"] = $format;
+ }
- function set_formatted_body($fbody, $format="org.matrix.custom.html") {
- $this->message["formatted_body"] = $fbody;
- $this->message["format"] = $format;
- }
+ function set_body($body) {
+ $this->message["body"] = $body;
+ }
+
+ function set_formatted_body($fbody, $format = "org.matrix.custom.html") {
+ $this->message["formatted_body"] = $fbody;
+ $this->message["format"] = $format;
+ }
+
+ function get_object() {
+ return $this->message;
+ }
- function get_object() {
- return $this->message;
- }
}
+
?>
diff --git a/config.sample.php b/config.sample.php
index 6028e67..12152c8 100644
--- a/config.sample.php
+++ b/config.sample.php
@@ -1,26 +1,22 @@
"example.com",
- "access_token" => "To be used for sending the registration notification",
-
- // Which e-mail-adresse shall the bot use to send e-mails?
- "register_email" => 'register_bot@example.com',
- // Where should the bot post registration requests to?
- "register_room" => '$registerRoomID:example.com',
-
- // Where is the public part of the bot located? make sure you have a / at the end
- "webroot" => "https://myregisterdomain.net/",
-
- // optional: Do you have a place where howTo's are located? If not leave this value out
- "howToURL" => "https://my-url-for-storing-howTos.net",
-
- // When you want to collect the password on registration set this to true
- "getPasswordOnRegistration" => false,
-
- // to define where the data should be stored:
- "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
- // credentials for sqlite not used
- "databaseUser" => "dbUser123",
- "databasePass" => "secretPassword",
-]
+ "homeserver" => "example.com",
+ "access_token" => "To be used for sending the registration notification",
+ // Which e-mail-adresse shall the bot use to send e-mails?
+ "register_email" => 'register_bot@example.com',
+ // Where should the bot post registration requests to?
+ "register_room" => '$registerRoomID:example.com',
+ // Where is the public part of the bot located? make sure you have a / at the end
+ "webroot" => "https://myregisterdomain.net/",
+ // optional: Do you have a place where howTo's are located? If not leave this value out
+ "howToURL" => "https://my-url-for-storing-howTos.net",
+ // When you want to collect the password on registration set this to true
+ "getPasswordOnRegistration" => false,
+ // to define where the data should be stored:
+ "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
+ // credentials for sqlite not used
+ "databaseUser" => "dbUser123",
+ "databasePass" => "secretPassword",
+ ]
?>
diff --git a/cron.php b/cron.php
index 1ef0ec0..ad6dd77 100644
--- a/cron.php
+++ b/cron.php
@@ -1,4 +1,5 @@
query($sql) as $row) {
- $first_name = $row["first_name"];
- $last_name = $row["last_name"];
- $username = $row["username"];
- $email = $row["email"];
- $state = $row["state"];
+ $first_name = $row["first_name"];
+ $last_name = $row["last_name"];
+ $username = $row["username"];
+ $email = $row["email"];
+ $state = $row["state"];
- try {
- switch ($state) {
- case RegisterState::PendingEmailSend:
- $verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
- $success = send_mail_pending_verification(
- $config["homeserver"],
- $row["first_name"] . " " . $row["last_name"],
- $row["email"],
- $verify_url);
+ try {
+ switch ($state) {
+ case RegisterState::PendingEmailSend:
+ $verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
+ $success = send_mail_pending_verification(
+ $config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
- if ($success) {
- $mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);
- } else {
- throw new Exception("Could not send mail to ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].")");
- }
- break;
- case RegisterState::PendingAdminSend:
- require_once("MatrixConnection.php");
- $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $row["admin_token"];
- $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
- $mxMsg = new MatrixMessage();
- $mxMsg->set_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
- . $row["note"] . "\r\n"
- . "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
- $mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:
"
- . $row["note"] . "
"
- . "Zum Bearbeiten hier klicken");
- $mxMsg->set_type("m.text");
- $response = $mxConn->send($config["register_room"], $mxMsg);
+ if ($success) {
+ $mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);
+ } else {
+ throw new Exception("Could not send mail to " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ")");
+ }
+ break;
+ case RegisterState::PendingAdminSend:
+ require_once("MatrixConnection.php");
+ $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $row["admin_token"];
+ $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
+ $mxMsg = new MatrixMessage();
+ $mxMsg->set_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
+ . $row["note"] . "\r\n"
+ . "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
+ $mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:
"
+ . $row["note"] . "
"
+ . "Zum Bearbeiten hier klicken");
+ $mxMsg->set_type("m.text");
+ $response = $mxConn->send($config["register_room"], $mxMsg);
- if ($response) {
- $mx_db->setRegistrationStateById(RegisterState::PendingAdminVerify, $row["id"]);
+ if ($response) {
+ $mx_db->setRegistrationStateById(RegisterState::PendingAdminVerify, $row["id"]);
- send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
- } else {
- throw new Exception("Could not send notification for ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].") to admins.");
- }
- break;
- case RegisterState::PendingRegistration:
- // Registration got accepted but registration failed
+ send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
+ } else {
+ throw new Exception("Could not send notification for " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ") to admins.");
+ }
+ break;
+ case RegisterState::PendingRegistration:
+ // Registration got accepted but registration failed
- $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["email"]);
- if ($password != NULL) {
- // send registration_success
- $res = send_mail_registration_success($config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]);
- if ($res) {
- $mx_db->setRegistrationStateById(RegisterState::AllDone, $row["id"]);
- } else {
- $mx_db->setRegistrationStateById(RegisterState::PendingSendRegistrationMail, $row["id"]);
- }
- } else {
- send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email);
- $mxMsg = new MatrixMessage();
- $mxMsg->set_type("m.text");
- $mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
- $mxConn->send($config["register_room"], $mxMsg);
- throw new Exception($language["REGISTRATION_FAILED"]);
- }
- break;
- case RegisterState::PendingSendRegistrationMail:
- print ("Error: Unhandled state: PendingSendRegistrationMail for " . $first_name . " " . $last_name . " (" . $username . ")\n");
- break;
- case RegisterState::RegistrationDeclined:
- case RegisterState::AllDone:
- // do reqular cleanup
- break;
- }
- } catch (Exception $e) {
- print("Error while handling cron for " . $first_name . " " . $last_name . " (" . $username . ")\n");
- print($e->getMessage());
- }
+ $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["email"]);
+ if ($password != NULL) {
+ // send registration_success
+ $res = send_mail_registration_success($config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]);
+ if ($res) {
+ $mx_db->setRegistrationStateById(RegisterState::AllDone, $row["id"]);
+ } else {
+ $mx_db->setRegistrationStateById(RegisterState::PendingSendRegistrationMail, $row["id"]);
+ }
+ } else {
+ send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email);
+ $mxMsg = new MatrixMessage();
+ $mxMsg->set_type("m.text");
+ $mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
+ $mxConn->send($config["register_room"], $mxMsg);
+ throw new Exception($language["REGISTRATION_FAILED"]);
+ }
+ break;
+ case RegisterState::PendingSendRegistrationMail:
+ print ("Error: Unhandled state: PendingSendRegistrationMail for " . $first_name . " " . $last_name . " (" . $username . ")\n");
+ break;
+ case RegisterState::RegistrationDeclined:
+ case RegisterState::AllDone:
+ // do reqular cleanup
+ break;
+ }
+ } catch (Exception $e) {
+ print("Error while handling cron for " . $first_name . " " . $last_name . " (" . $username . ")\n");
+ print($e->getMessage());
+ }
}
?>
diff --git a/database.php b/database.php
index 537a07d..d654c66 100644
--- a/database.php
+++ b/database.php
@@ -1,4 +1,5 @@
db = new PDO($db_input, $user, $password);
- $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $this->db->exec("CREATE TABLE IF NOT EXISTS registrations(
+ private $db = NULL;
+
+ /**
+ * Creates mxDatabase object
+ * @param config object which has following members:
+ * databaseURI: path to the sqlite file where the credentials should be stored
+ * or a param which can be used to connect to a database with PDO
+ * databaseUser and databasePass when authentication is required
+ * register_email which email does the register bot have (here used for providing lookup)
+ */
+ function __construct($config) {
+ if (empty($config)) {
+ throw new Exception("config is empty");
+ }
+ if (!isset($config["databaseURI"])) {
+ throw new Exception("'databaseURI' not defined");
+ }
+ $db_input = $config["databaseURI"];
+ $user = '';
+ $password = '';
+ if (isset($config["databaseUser"]) && isset($config["databasePass"])) {
+ // only use it when both are defined
+ $user = $config["databaseUser"];
+ $password = $config["databasePass"];
+ }
+ // create database file when not existent yet
+ $this->db = new PDO($db_input, $user, $password);
+ $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ $this->db->exec("CREATE TABLE IF NOT EXISTS registrations(
id SERIAL PRIMARY KEY,
state INT DEFAULT 0,
first_name TEXT,
@@ -86,7 +85,7 @@ class mxDatabase
admin_token TEXT,
request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)");
- $this->db->exec("CREATE TABLE IF NOT EXISTS logins (
+ $this->db->exec("CREATE TABLE IF NOT EXISTS logins (
id SERIAL PRIMARY KEY,
active INT DEFAULT 1,
first_name TEXT,
@@ -97,271 +96,273 @@ class mxDatabase
create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_modified TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)");
- // make sure the bot is allowed to login
- if (!$this->userRegistered("register_bot")) {
- $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
- $config["register_password"] = $password;
- $myfile = fopen(dirname(__FILE__) . "/config.json", "w");
- fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
- fclose($myfile);
- }
+ // make sure the bot is allowed to login
+ if (!$this->userRegistered("register_bot")) {
+ $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
+ $config["register_password"] = $password;
+ $myfile = fopen(dirname(__FILE__) . "/config.json", "w");
+ fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
+ fclose($myfile);
+ }
- // set writeable when not set already
- if (strpos($db_input, "sqlite") === 0) {
- $sqlite_file = substr($db_input, strlen("sqlite:"));
- if (!is_writable($sqlite_file)) {
- chmod($sqlite_file, 0660);
- }
- unset($sqlite_file);
- }
- }
+ // set writeable when not set already
+ if (strpos($db_input, "sqlite") === 0) {
+ $sqlite_file = substr($db_input, strlen("sqlite:"));
+ if (!is_writable($sqlite_file)) {
+ chmod($sqlite_file, 0660);
+ }
+ unset($sqlite_file);
+ }
+ }
- /**
- * WARNING: This allows accessing the database directly.
- * This was only be added for convenience. You are advised to not use this function extensively
- *
- * @param sql String wich will be passed directly to the database
- * @return Response of PDO::query()
- */
- function query($sql) {
- return $this->db->query($sql);
- }
+ /**
+ * WARNING: This allows accessing the database directly.
+ * This was only be added for convenience. You are advised to not use this function extensively
+ *
+ * @param sql String wich will be passed directly to the database
+ * @return Response of PDO::query()
+ */
+ function query($sql) {
+ return $this->db->query($sql);
+ }
- function setRegistrationStateVerify($state, $token) {
- $sql = "UPDATE registrations SET state = " . $state
- . " WHERE verify_token = '" . $token . "';";
+ function setRegistrationStateVerify($state, $token) {
+ $sql = "UPDATE registrations SET state = " . $state
+ . " WHERE verify_token = '" . $token . "';";
- return $this->db->exec($sql);
- }
+ return $this->db->exec($sql);
+ }
- function setRegistrationStateById($state, $id) {
- $sql = "UPDATE registrations SET state = " . $state
- . " WHERE id = '" . $id . "';";
+ function setRegistrationStateById($state, $id) {
+ $sql = "UPDATE registrations SET state = " . $state
+ . " WHERE id = '" . $id . "';";
- return $this->db->exec($sql);
- }
+ return $this->db->exec($sql);
+ }
- function setRegistrationStateAdmin($state, $token) {
- $sql = "UPDATE registrations SET state = " . $state
- . " WHERE admin_token = '" . $token . "';";
+ function setRegistrationStateAdmin($state, $token) {
+ $sql = "UPDATE registrations SET state = " . $state
+ . " WHERE admin_token = '" . $token . "';";
- return $this->db->exec($sql);
- }
+ return $this->db->exec($sql);
+ }
- function setRegistrationState($state, $token) {
- $sql = "UPDATE registrations SET state = " . $state
- . " WHERE verify_token = '" . $token . "' OR admin_token = '" . $token . "';";
+ function setRegistrationState($state, $token) {
+ $sql = "UPDATE registrations SET state = " . $state
+ . " WHERE verify_token = '" . $token . "' OR admin_token = '" . $token . "';";
- return $this->db->exec($sql);
- }
+ return $this->db->exec($sql);
+ }
- function userPendingRegistrations($username) {
- $sql = "SELECT COUNT(*) FROM registrations WHERE username = '" . $username . "' AND NOT state = "
- . RegisterState::RegistrationDeclined . " LIMIT 1;";
- $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- return true;
- }
- return false;
- }
- function userRegistered($username) {
- $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
- $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- return true;
- }
- return false;
- }
+ function userPendingRegistrations($username) {
+ $sql = "SELECT COUNT(*) FROM registrations WHERE username = '" . $username . "' AND NOT state = "
+ . RegisterState::RegistrationDeclined . " LIMIT 1;";
+ $res = $this->db->query($sql);
+ if ($res->fetchColumn() > 0) {
+ return true;
+ }
+ return false;
+ }
- /**
- * Adds user to the database. Next steps should be sending a verify-mail to the user
- * @param first_name First name of the user
- * @param last_name Sirname of the user
- * @param username the future localpart of that user
- * @param note Note the user typed in to give a hint
- * @param email E-Mail-Adress which will be stored into the database.
- * This will be send to the server on first login
- *
- * @return ["verify_token"]
- */
- function addRegistration($first_name, $last_name, $username, $note, $email) {
- if ($this->userPendingRegistrations($username)) {
- throw new Exception("USERNAME_PENDING_REGISTRATION");
- }
- if ($this->userRegistered($username)) {
- throw new Exception("USERNAME_REGISTERED");
- }
+ function userRegistered($username) {
+ $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
+ $res = $this->db->query($sql);
+ if ($res->fetchColumn() > 0) {
+ return true;
+ }
+ return false;
+ }
- $verify_token = bin2hex(random_bytes(16));
- $admin_token = bin2hex(random_bytes(16));
+ /**
+ * Adds user to the database. Next steps should be sending a verify-mail to the user
+ * @param first_name First name of the user
+ * @param last_name Sirname of the user
+ * @param username the future localpart of that user
+ * @param note Note the user typed in to give a hint
+ * @param email E-Mail-Adress which will be stored into the database.
+ * This will be send to the server on first login
+ *
+ * @return ["verify_token"]
+ */
+ function addRegistration($first_name, $last_name, $username, $note, $email) {
+ if ($this->userPendingRegistrations($username)) {
+ throw new Exception("USERNAME_PENDING_REGISTRATION");
+ }
+ if ($this->userRegistered($username)) {
+ throw new Exception("USERNAME_REGISTERED");
+ }
- $this->db->exec("INSERT INTO registrations
+ $verify_token = bin2hex(random_bytes(16));
+ $admin_token = bin2hex(random_bytes(16));
+
+ $this->db->exec("INSERT INTO registrations
(first_name, last_name, username, note, email, verify_token, admin_token)
- VALUES ('" . $first_name."','" . $last_name . "','" . $username . "','" . $note . "','"
- . $email."','" .$verify_token."','" .$admin_token."')");
+ VALUES ('" . $first_name . "','" . $last_name . "','" . $username . "','" . $note . "','"
+ . $email . "','" . $verify_token . "','" . $admin_token . "')");
- return [
- "verify_token"=> $verify_token,
- ];
- }
+ return [
+ "verify_token" => $verify_token,
+ ];
+ }
- /**
- * Gets the user for the verify_admin page.
- *
- * @return ArrayOfUser|NULL Array with "first_name, last_name, username, note and email"
- * as members
- */
- function getUserForApproval($admin_token) {
- $sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
- . " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
- $res = $this->db->query($sql);
+ /**
+ * Gets the user for the verify_admin page.
+ *
+ * @return ArrayOfUser|NULL Array with "first_name, last_name, username, note and email"
+ * as members
+ */
+ function getUserForApproval($admin_token) {
+ $sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
+ . " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
+ $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- $sql = "SELECT first_name, last_name, username, note, email FROM registrations"
- . " WHERE admin_token = '" . $admin_token . "'"
- . " AND state = " . RegisterState::PendingAdminVerify
- . " LIMIT 1;";
- foreach ($this->db->query($sql) as $row) {
- // will only be executed once
- return $row;
- }
- }
- return NULL;
- }
+ if ($res->fetchColumn() > 0) {
+ $sql = "SELECT first_name, last_name, username, note, email FROM registrations"
+ . " WHERE admin_token = '" . $admin_token . "'"
+ . " AND state = " . RegisterState::PendingAdminVerify
+ . " LIMIT 1;";
+ foreach ($this->db->query($sql) as $row) {
+ // will only be executed once
+ return $row;
+ }
+ }
+ return NULL;
+ }
- /**
- * Gets the user when it opens the page to verify its mail
- *
- * @return ArrayOfUser|NULL Array with "first_name, last_name, note, email and admin_token"
- * as members
- */
- function getUserForVerify($verify_token) {
- $sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
- . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
- $res = $this->db->query($sql);
+ /**
+ * Gets the user when it opens the page to verify its mail
+ *
+ * @return ArrayOfUser|NULL Array with "first_name, last_name, note, email and admin_token"
+ * as members
+ */
+ function getUserForVerify($verify_token) {
+ $sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
+ . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
+ $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- $sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
- . " WHERE verify_token = '" . $verify_token . "'"
- . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
- foreach ($this->db->query($sql) as $row) {
- // will only be executed once
- return $row;
- }
- }
- return NULL;
- }
+ if ($res->fetchColumn() > 0) {
+ $sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
+ . " WHERE verify_token = '" . $verify_token . "'"
+ . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
+ foreach ($this->db->query($sql) as $row) {
+ // will only be executed once
+ return $row;
+ }
+ }
+ return NULL;
+ }
- function getUserForLogin($localpart, $password) {
- $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $localpart
- . "' AND active = 1 LIMIT 1;";
- $res = $this->db->query($sql);
+ function getUserForLogin($localpart, $password) {
+ $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $localpart
+ . "' AND active = 1 LIMIT 1;";
+ $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- $sql = "SELECT first_name, last_name, email, password_hash FROM logins "
- . " WHERE localpart = '" . $localpart . "' AND active = 1 LIMIT 1;";
- foreach ($this->db->query($sql) as $row) {
- if (password_verify($password, $row["password_hash"])) {
- return $row;
- }
- }
- }
- return NULL;
- }
+ if ($res->fetchColumn() > 0) {
+ $sql = "SELECT first_name, last_name, email, password_hash FROM logins "
+ . " WHERE localpart = '" . $localpart . "' AND active = 1 LIMIT 1;";
+ foreach ($this->db->query($sql) as $row) {
+ if (password_verify($password, $row["password_hash"])) {
+ return $row;
+ }
+ }
+ }
+ return NULL;
+ }
- /**
- * adds User to be able to login afterwards.
- * @param first_name First name of the user
- * @param last_name Sirname of the user
- * @param username the future localpart of that user
- * @param email E-Mail-Adress which will be stored into the database.
- * This will be send to the server on first login
- *
- * @return password|NULL with member password as this method generates a
- * password and saves that into the database
- * NULL when failed
- *
- */
- function addUser($first_name, $last_name, $username, $email) {
- // check if user already exists and abort in that case
- if ($this->userRegistered($username)) {
- return NULL;
- }
+ /**
+ * adds User to be able to login afterwards.
+ * @param first_name First name of the user
+ * @param last_name Sirname of the user
+ * @param username the future localpart of that user
+ * @param email E-Mail-Adress which will be stored into the database.
+ * This will be send to the server on first login
+ *
+ * @return password|NULL with member password as this method generates a
+ * password and saves that into the database
+ * NULL when failed
+ *
+ */
+ function addUser($first_name, $last_name, $username, $email) {
+ // check if user already exists and abort in that case
+ if ($this->userRegistered($username)) {
+ return NULL;
+ }
- // generate a password with 10 characters
- $password = bin2hex(openssl_random_pseudo_bytes(5));
- $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost"=>12]);
+ // generate a password with 10 characters
+ $password = bin2hex(openssl_random_pseudo_bytes(5));
+ $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]);
- $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
- . "('" . $first_name."','" . $last_name . "','" . $username . "','"
- . $password_hash . "','" . $email . "');";
+ $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
+ . "('" . $first_name . "','" . $last_name . "','" . $username . "','"
+ . $password_hash . "','" . $email . "');";
- if ($this->db->exec($sql)) {
- return $password;
- }
- return NULL;
- }
+ if ($this->db->exec($sql)) {
+ return $password;
+ }
+ return NULL;
+ }
- function updatePassword($localpart, $old_password, $new_password) {
- $user = $this->getUserForLogin($localpart, $old_password);
- if ($user == NULL) {
- throw new Exception ("user with that credentials not found");
- }
+ function updatePassword($localpart, $old_password, $new_password) {
+ $user = $this->getUserForLogin($localpart, $old_password);
+ if ($user == NULL) {
+ throw new Exception("user with that credentials not found");
+ }
- // The credentials were fine. So now set the new password
- $password_hash = password_hash($new_password, PASSWORD_BCRYPT, ["cost"=>12]);
+ // The credentials were fine. So now set the new password
+ $password_hash = password_hash($new_password, PASSWORD_BCRYPT, ["cost" => 12]);
- $sql = "UPDATE logins SET password_hash = '" . $password_hash . "'"
- . "WHERE localpart = '" . $localpart . "'";
+ $sql = "UPDATE logins SET password_hash = '" . $password_hash . "'"
+ . "WHERE localpart = '" . $localpart . "'";
- if ($this->db->exec($sql)) {
- return true;
- }
- return false;
- }
+ if ($this->db->exec($sql)) {
+ return true;
+ }
+ return false;
+ }
- function searchUserByName($search_term) {
- $term = filter_var($search_term, FILTER_SANITIZE_STRING);
- $result = array();
- $sql = "SELECT COUNT(*) FROM logins WHERE"
- . " localpart LIKE '" . $term . "%' AND active = 1;";
- $res = $this->db->query($sql);
+ function searchUserByName($search_term) {
+ $term = filter_var($search_term, FILTER_SANITIZE_STRING);
+ $result = array();
+ $sql = "SELECT COUNT(*) FROM logins WHERE"
+ . " localpart LIKE '" . $term . "%' AND active = 1;";
+ $res = $this->db->query($sql);
- if ($res->fetchColumn() > 0) {
- $sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
- . " localpart LIKE '" . $term . "%' AND active = 1;";
- foreach ($this->db->query($sql) as $row) {
- array_push($result, [
- "display_name" => $row["first_name"] . " " . $row["last_name"],
- "user_id" => $row["localpart"],
- ]);
- }
- }
- return $result;
- }
+ if ($res->fetchColumn() > 0) {
+ $sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
+ . " localpart LIKE '" . $term . "%' AND active = 1;";
+ foreach ($this->db->query($sql) as $row) {
+ array_push($result, [
+ "display_name" => $row["first_name"] . " " . $row["last_name"],
+ "user_id" => $row["localpart"],
+ ]);
+ }
+ }
+ return $result;
+ }
- function searchUserByEmail($search_term) {
- $term = filter_var($search_term, FILTER_SANITIZE_STRING);
- $result = array();
- $sql = "SELECT COUNT(*) FROM logins WHERE"
- . " email = '" . $term . "' AND active = 1;";
- $res = $this->db->query($sql);
+ function searchUserByEmail($search_term) {
+ $term = filter_var($search_term, FILTER_SANITIZE_STRING);
+ $result = array();
+ $sql = "SELECT COUNT(*) FROM logins WHERE"
+ . " email = '" . $term . "' AND active = 1;";
+ $res = $this->db->query($sql);
+
+ if ($res->fetchColumn() > 0) {
+ $sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
+ . " email = '" . $term . "' AND active = 1;";
+ foreach ($this->db->query($sql) as $row) {
+ array_push($result, [
+ "display_name" => $row["first_name"] . " " . $row["last_name"],
+ "user_id" => $row["localpart"],
+ ]);
+ }
+ }
+ return $result;
+ }
- if ($res->fetchColumn() > 0) {
- $sql = "SELECT first_name, last_name, localpart FROM logins WHERE"
- . " email = '" . $term . "' AND active = 1;";
- foreach ($this->db->query($sql) as $row) {
- array_push($result, [
- "display_name" => $row["first_name"] . " " . $row["last_name"],
- "user_id" => $row["localpart"],
- ]);
- }
- }
- return $result;
- }
}
if (!isset($mx_db)) {
- $mx_db = new mxDatabase($config);
+ $mx_db = new mxDatabase($config);
}
?>
diff --git a/helpers.php b/helpers.php
index 8eb32a4..c48846c 100644
--- a/helpers.php
+++ b/helpers.php
@@ -1,18 +1,33 @@
\ No newline at end of file
diff --git a/internal/directory_search.php b/internal/directory_search.php
index 1201c50..d6419cd 100644
--- a/internal/directory_search.php
+++ b/internal/directory_search.php
@@ -1,4 +1,5 @@
false,
"result" => [],
];
@@ -23,7 +24,7 @@ try {
$inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE);
if (empty($input)) {
- throw new Exception('no valid json as input present');
+ throw new Exception('no valid json as input present');
}
if (!isset($input["by"])) {
throw new Exception('"by" is not defined');
@@ -41,7 +42,6 @@ try {
default:
throw new Exception('unknown type for "by" param');
}
-
} catch (Exception $e) {
error_log("failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
diff --git a/internal/identity_bulk.php b/internal/identity_bulk.php
index 47341cf..120871e 100644
--- a/internal/identity_bulk.php
+++ b/internal/identity_bulk.php
@@ -1,4 +1,5 @@
searchUserByEmail($lookup["address"]);
if (!empty($res2)) {
array_push($response["lookup"], [
- "medium" => $lookup["medium"],
- "address" => $lookup["address"],
- "id" => [
- "type" => "localpart",
- "value" => $res2[0]["user_id"],
- ]
+ "medium" => $lookup["medium"],
+ "address" => $lookup["address"],
+ "id" => [
+ "type" => "localpart",
+ "value" => $res2[0]["user_id"],
]
+ ]
);
}
- break;
+ break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
diff --git a/internal/identity_single.php b/internal/identity_single.php
index f6ae628..8a317d9 100644
--- a/internal/identity_single.php
+++ b/internal/identity_single.php
@@ -1,4 +1,5 @@
updatePassword(
- $localpart,
- $input["auth"]["password"],
- $input["new_password"]
- )) {
- throw new Exception("invalid credentials or another error while updating");
- }
+ require_once("../database.php");
+ if (!$mx_db->updatePassword(
+ $localpart, $input["auth"]["password"], $input["new_password"]
+ )) {
+ throw new Exception("invalid credentials or another error while updating");
+ }
} catch (Exception $e) {
- header("HTTP/1.0 500 Internal Error");
- error_log("failed with error: " . $e->getMessage());
- $response = [
- "errorcode" => "M_UNKNOWN",
- "error" => $e->getMessage(),
- ];
+ header("HTTP/1.0 500 Internal Error");
+ error_log("failed with error: " . $e->getMessage());
+ $response = [
+ "errorcode" => "M_UNKNOWN",
+ "error" => $e->getMessage(),
+ ];
}
print (json_encode($response, JSON_PRETTY_PRINT));
?>
diff --git a/internal/login.php b/internal/login.php
index a178b39..57d7685 100644
--- a/internal/login.php
+++ b/internal/login.php
@@ -1,4 +1,5 @@
getUserForLogin($localpart, $password);
diff --git a/lang/lang.de-de.php b/lang/lang.de-de.php
index cd2c310..3dd390b 100644
--- a/lang/lang.de-de.php
+++ b/lang/lang.de-de.php
@@ -1,4 +1,5 @@
+?>
\ No newline at end of file
diff --git a/mail_templates.php b/mail_templates.php
index 951d94c..72e1400 100644
--- a/mail_templates.php
+++ b/mail_templates.php
@@ -1,4 +1,5 @@