Implement decline with reason (now with radio buttons)

.gitignore

@@ -1,2 +1,5 @@
 config.php
 db_file.sqlite
+
+# do not track sources which will be built by composer
+/vendor/

MatrixConnection.php

@@ -14,6 +14,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
+require_once(__DIR__ . "/helpers.php");
+
 class MatrixConnection {
 
     private $hs;
@@ -45,12 +48,8 @@ class MatrixConnection {
 
         $url = "https://" . $this->hs . "/_matrix/client/r0/rooms/"
                 . urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at;
-        $handle = curl_init($url);
+        $handle = getCurlHandle($url);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
-        curl_setopt($handle, CURLOPT_TIMEOUT, 60);
         curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message));
-        curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
 
         $response = $this->exec_curl_request($handle);
         return isset($response["event_id"]);
@@ -70,37 +69,51 @@ class MatrixConnection {
         }
 
         $url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
-        $handle = curl_init($url);
+        $handle = getCurlHandle($url);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
-        curl_setopt($handle, CURLOPT_TIMEOUT, 60);
-        curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
 
         $res = $this->exec_curl_request($handle);
         return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN");
     }
 
+    function getRegisterNonce() {
+        $url = "https://" . $this->hs . "/_matrix/client/r0/admin/register";
+        $handle = getCurlHandle($url);
+
+        try {
+            $response = $this->exec_curl_request($handle);
+            if (is_array($response) && isset($response["nonce"])) {
+                return $response["nonce"];
+            }
+            throw new Exception("INVALID_RESPONSE_FROM_SERVER");
+        } catch (Exception $e) {
+            if (strcmp("AUTHENTICATION_FAILED", $e->getMessage()) == 0) {
+                throw new Exception("WRONG_REGISTRATION_SHARED_SECRET");
+            } else {
+                throw $e;
+            }
+        }
+    }
+
     function register($username, $password, $shared_secret) {
         if (!$username) {
             error_log("no username provided");
         }
         if (!$password) {
-            error_log("no message to send");
+            error_log("no password provided");
         }
-
+        $nonce = $this->getRegisterNonce();
-        $mac = hash_hmac('sha1', $username, $shared_secret);
+        //TODO allow registering of admin.
+        $hmac_content = $nonce . "\x00" . $username . "\x00" . $password . "\x00notadmin";
+        $mac = hash_hmac('sha1', $hmac_content, $shared_secret);
 
         $data = array(
+            "nonce" => $nonce,
             "username" => $username,
             "password" => $password,
             "mac" => $mac,
         );
-        $url = "https://" . $this->hs . "/_matrix/client/v2_alpha/register";
+        $url = "https://" . $this->hs . "/_matrix/client/r0/admin/register";
-        $handle = curl_init($url);
+        $handle = getCurlHandle($url);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
-        curl_setopt($handle, CURLOPT_TIMEOUT, 60);
-        curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
         curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data));
 
         try {
@@ -172,7 +185,6 @@ class MatrixMessage {
     function get_object() {
         return $this->message;
     }
-
 }
 
 ?>

README.md

@@ -14,29 +14,39 @@ This is done in several steps:
   - sends them to the user
   - stores them encrypted in own databas or uses that as initial password for registration
 
-To configure synapse so that the users can login that were created via this bot you can either 
+There are two operation modes available:
-- set `operationMode=synapse` so the bot uses the register api to push the new users to synapse or 
+- `operationMode=synapse`
-- integrate it via [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth#integrate) by configuring your system to point at `internal/login.php`.
+    - No adjustments on your running environment are required. This bot uses the the [Shared-Secret Registration of synapse](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/register_api.rst) to register the users.
-
+- `operationMode=local`:
-When using `operationMode=local` you can have the following benefits (some require [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/stores/rest.md))
+    - Bot handles user management. Therefore it stores the user-data and uses [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth#integrate) to authenticate the users.
-- Automatically set the display name based on first and last name on first login
+    - This way it is possible to set the display name of a user on first login (first- and lastname instead of username)
-- Use the 3PID lookup for other users (only email)
+    - The email address of the user can be used to implement third party lookup (requires [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/stores/rest.md))
-- Search for users that you have not seen yet
+    - search for users you have not seen yet but are available on the server
 
 ## Requirements
 
 - Working PHP environment with
   - database connection provider \[one of sqlite, mysql, postgres\]
-  - curl extension to notify admins and register users (in `operationMode=synapse`)
+  - curl extension
-  - mail capability to interact with the users (Verification, Approval (+ initial password), Notifications)
+  - mail capability to interact with the users (verification, approval (+ initial password), notifications)
-- matrix-synapse-rest-auth when using `operationMode=local`
+      - either via sendmail or with credentials
-- some PHP capable webserver which makes the folder `public` accessible to the public and propably `internal` for server-internal access
+- [composer](https://getcomposer.org) installed
+- [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth) when using `operationMode=local`
 
 ## How to install
 
-- Copy `config.sample.php` to `config.php` and configure the bot as you can find there
+```
+git clone https://github.com/krombel/matrix-register-bot
+cd matrix-register-bot
+composer install
+cp config.sample.php config.php
+editor config.php
+```
 - Configure your webserver to have the folder `public` accessible via web.
-  The folder `internal` contains files that only provide API access. They can be accessed by mxisd or matrix-synapse-rest-auth 
+
+
+When running `operationMode=local`:
+- Configure your webserver to provide the folder `internal` internally. This is only meant to be accessible by mxisd and matrix-synapse-rest-auth 
 - To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
   - `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
 - To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs of mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/stores/rest.md) and apply as follows:
@@ -71,3 +81,4 @@ Here is an example for nginx:
 ### The bot postpones some actions
 There is a cron.php which implements retries and database cleanups (e.g. to remove a username claim)
 For this run cron.php regularly with your system of choice.
+A suggested interval is once per day

composer.json

@@ -0,0 +1,15 @@
+{
+    "name": "krombel/matrix-register-bot",
+    "description": "Register-Bot which implements a 2-factor registration for synapse servers to take part on matrix-communication",
+    "type": "project",
+    "require": {
+        "phpmailer/phpmailer": "^6.0"
+    },
+    "license": "Apache-2.0",
+    "authors": [
+        {
+            "name": "Krombel",
+            "email": "krombel@krombel.de"
+        }
+    ]
+}

composer.lock

@@ -0,0 +1,84 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "6d67203b6e9fc952ae681c538683a497",
+    "packages": [
+        {
+            "name": "phpmailer/phpmailer",
+            "version": "v6.0.6",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/PHPMailer/PHPMailer.git",
+                "reference": "8190d73eb5def11a43cfb020b7f36db65330698c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/8190d73eb5def11a43cfb020b7f36db65330698c",
+                "reference": "8190d73eb5def11a43cfb020b7f36db65330698c",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ctype": "*",
+                "ext-filter": "*",
+                "php": ">=5.5.0"
+            },
+            "require-dev": {
+                "doctrine/annotations": "1.2.*",
+                "friendsofphp/php-cs-fixer": "^2.2",
+                "phpdocumentor/phpdocumentor": "2.*",
+                "phpunit/phpunit": "^4.8 || ^5.7",
+                "zendframework/zend-eventmanager": "3.0.*",
+                "zendframework/zend-i18n": "2.7.3",
+                "zendframework/zend-serializer": "2.7.*"
+            },
+            "suggest": {
+                "ext-mbstring": "Needed to send email in multibyte encoding charset",
+                "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication",
+                "league/oauth2-google": "Needed for Google XOAUTH2 authentication",
+                "psr/log": "For optional PSR-3 debug logging",
+                "stevenmaguire/oauth2-microsoft": "Needed for Microsoft XOAUTH2 authentication",
+                "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "PHPMailer\\PHPMailer\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-2.1"
+            ],
+            "authors": [
+                {
+                    "name": "Jim Jagielski",
+                    "email": "jimjag@gmail.com"
+                },
+                {
+                    "name": "Marcus Bointon",
+                    "email": "phpmailer@synchromedia.co.uk"
+                },
+                {
+                    "name": "Andy Prevost",
+                    "email": "codeworxtech@users.sourceforge.net"
+                },
+                {
+                    "name": "Brent R. Matzelle"
+                }
+            ],
+            "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
+            "time": "2018-11-16T00:41:32+00:00"
+        }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": [],
+    "platform-dev": []
+}

config.sample.php

@@ -5,6 +5,18 @@ $config = [
 
     // Which e-mail-adresse shall the bot use to send e-mails?
     "register_email" => 'register_bot@example.com',
+
+    // which settings should be used to send via SMTP Gateway?
+    "smtp" => [
+        "host" => "localhost",
+        "port" => "25",
+        // use authentication?
+        "user" => "register@example.com",
+        "password" => "SecretEMailPassword",
+        // Use some encryption to SMTP-Server? [ssl, tls] or unset
+        "encryption" => False
+    ],
+
     // Where should the bot post registration requests to?
     "register_room" => '$registerRoomID:example.com',
 

helpers.php

@@ -30,4 +30,13 @@ function stripLocalpart($mxid) {
     return $localpart;
 }
 
+function getCurlHandle($url) {
+    $handle = curl_init($url);
+    curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+    curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+    curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+    return $handle;
+}
+
 ?>

lang/lang.de-de.php

@@ -17,6 +17,9 @@
 $language = array(
     "ACCEPT" => "Akzeptieren",
     "DECLINE" => "Ablehnen",
+    "DECLINE_REASON" => "Grund für die Ablehnung",
+    "SUBMIT" => "Abschicken",
+    "MAKE_A_SELECTION" => "Treffe eine Auswahl",
     "SUCCESS" => "Erfolgreich",
     "FIRST_NAME" => "Vorname",
     "LAST_NAME" => "Nachname",
@@ -33,7 +36,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token ist unbekannt",
     "AUTHENTICATION_FAILED" => "Authentifizierung fehlgeschlagen",
     "WRONG_REGISTRATION_SHARED_SECRET" => "registration_shared_secret fehlerhaft",
-    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben bestehen",
+    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben und Zahlen bestehen",
     "USERNAME_NOT_ALNUM" => "Nutzername ist nicht alphanumerisch",
     "USERNAME_PENDING_REGISTRATION" => "Dieser Nutzername wurde bereits zur Registrierung vorgemerkt. Versuche es später noch einmal oder wähle einen anderen Nutzernamen",
     "USERNAME_REGISTERED" => "Dieser Nutzername wurde bereits registriert. Bitte wähle einen anderen Nutzernamen",

lang/lang.en-gb.php

@@ -17,6 +17,9 @@
 $language = array(
     "ACCEPT" => "Accept",
     "DECLINE" => "Decline",
+    "DECLINE_REASON" => "Reason for declining",
+    "SUBMIT" => "Submit",
+    "MAKE_A_SELECTION" => "Make a selection",
     "SUCCESS" => "Success",
     "FIRST_NAME" => "First name",
     "LAST_NAME" => "Last name",
@@ -33,7 +36,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token is unknown",
     "AUTHENTICATION_FAILED" => "Authentication failed",
     "WRONG_REGISTRATION_SHARED_SECRET" => "wrong registration_shared_secret",
-    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters",
+    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters and numbers",
     "USERNAME_NOT_ALNUM" => "Username is not alphanumeric",
     "USERNAME_PENDING_REGISTRATION" => "This username is locked for registration. Try again later or try again with a different username",
     "USERNAME_REGISTERED" => "This username is already registered. Please try again with another username",

lang/mail.de-de.php

@@ -14,13 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-function send_mail($receiver, $subject, $body) {
-    include(__DIR__ . "/../config.php");
-    $headers = "From: " . $config["register_email"] . "\r\n"
-            . "Content-Type: text/plain;charset=utf-8";
-    return mail($receiver, $subject, $body, $headers);
-}
-
 function send_mail_pending_verification($homeserver, $user, $receiver, $verify_url) {
     $subject = "Bitte bestätige Registrierung auf $homeserver";
     $body = "Guten Tag " . $user . ",

lang/mail.en-gb.php

@@ -14,13 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-function send_mail($receiver, $subject, $body) {
-    include(__DIR__ . "/../config.php");
-    $headers = "From: " . $config["register_email"] . "\r\n"
-            . "Content-Type: text/plain;charset=utf-8";
-    return mail($receiver, $subject, $body, $headers);
-}
-
 function send_mail_pending_verification($homeserver, $user, $receiver, $verify_url) {
     $subject = "Pleast approve your registration request on $homeserver";
     $body = "Dear " . $user . ",

mail_templates.php

@@ -15,6 +15,54 @@
  * limitations under the License.
  */
 require_once(__DIR__ . "/config.php");
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+require_once(__DIR__ . "/vendor/autoload.php");
+
+// standard mail implementation
+function send_mail($receiver, $subject, $body) {
+    // somehow $config is not available when called again => reinit here
+    include(__DIR__ . "/config.php");
+
+    $mail = new PHPMailer(true);
+    try {
+        $mail->CharSet = 'utf-8';                             // Enable utf-8 support for umlauts
+
+        if (is_array($config["smtp"])) {
+            $smtp_conf = $config["smtp"];
+            $mail->isSMTP();                                  // Set mailer to use SMTP
+            $mail->Host = $smtp_conf["host"];                 // Specify main and backup SMTP servers
+            $mail->Port = $smtp_conf["port"];                 // TCP port to connect to
+            if (!empty($smtp_conf["user"])) {
+                $mail->SMTPAuth = true;                       // Enable SMTP authentication
+                $mail->Username = $smtp_conf["user"];         // SMTP username
+                if (!empty($smtp_conf["password"])) {
+                    $mail->Password = $smtp_conf["password"]; // SMTP password
+                }
+            }
+            if (!empty($smtp_conf["encryption"])) {
+                $mail->SMTPSecure = $smtp_conf["encryption"]; // Enable TLS encryption, `ssl` also accepted
+            }
+        } else {
+            // fallback to sendmail functionality (as before)
+            $mail->isSendmail();
+        }
+
+        //Recipients
+        $mail->setFrom($config["register_email"], 'Register Service');
+        $mail->addAddress($receiver);
+        $mail->Subject = $subject;
+        $mail->Body    = $body;
+
+        $mail->send();
+        return True;
+    } catch (Exception $e) {
+        error_log('Message could not be sent. Mailer Error: ' . $mail->ErrorInfo);
+        return False;
+    }
+}
+
 $lang = $config["defaultLanguage"];
 if (isset($_GET['lang'])) {
     $lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING);

public/index.php

@@ -20,7 +20,7 @@ if (!isset($_SERVER['HTTPS'])) {
 }
 
 require_once(__DIR__ . "/../language.php");
-if (!file_exists("../config.php")) {
+if (!file_exists(__DIR__ . "/../config.php")) {
     print($language["NO_CONFIGURATION"]);
     exit();
 }
@@ -46,17 +46,19 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             // token not present or invalid
             throw new Exception("UNKNOWN_SESSION");
         }
-        if (!isset($_POST["username"])) {
+        $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
+        if (empty($username)) {
             throw new Exception("UNKNOWN_USERNAME");
         }
-        if (strlen($_POST["username"]) > 20 ||
+        if (strlen($username) > 20 || strlen($username) < 3) {
-                strlen($_POST["username"]) < 3 ||
-                !ctype_lower($_POST["username"])) {
             throw new Exception("USERNAME_INVALID");
         }
-        if (ctype_alnum($_POST['username']) != true) {
+        if (!ctype_alnum($username)) {
             throw new Exception("USERNAME_NOT_ALNUM");
         }
+        if (strcmp($username, strtolower($username)) !== 0) {
+            throw new Exception("USERNAME_INVALID");
+        }
         if ($storePassword && (!isset($_POST["password"]) || !isset($_POST["password_confirm"]))) {
                 throw new Exception("PASSWORD_NOT_PROVIDED");
         }
@@ -83,7 +85,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             $first_name = $last_name = "";
         }
 
-        $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
         $password = "";
         if ($storePassword && isset($_POST["password"])) {
             $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);

public/verify.php

@@ -51,18 +51,21 @@ try {
     $email = $user["email"];
     $admin_token = $user["admin_token"];
 
+    // we have 2 cases: first and last name or just the username
+    $call_name = strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username;
+
     require_once(__DIR__ . "/../MatrixConnection.php");
     $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token;
     $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
     $mxMsg = new MatrixMessage();
     $mxMsg->set_body(strtr($language["MSG_USER_WANTS_REGISTER"], [
-        "@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
+        "@name" => $call_name,
         "@note" => $note,
         "@adminUrl" => $adminUrl
     ]));
     if (isset($language["MSG_USER_WANTS_REGISTER_FORMATTED"])) {
         $mxMsg->set_formatted_body(strtr($language["MSG_USER_WANTS_REGISTER_FORMATTED"], [
-            "@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
+            "@name" => $call_name,
             "@note" => $note,
             "@adminUrl" => $adminUrl
         ]));
@@ -76,7 +79,7 @@ try {
     $mx_db->setRegistrationStateVerify(
             ($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token);
 
-    send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
+    send_mail_pending_approval($config["homeserver"], $call_name, $email);
 
     print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>");
     print("</head><body>");

public/verify_admin.php

@@ -33,23 +33,19 @@ try {
     if ($_SERVER["REQUEST_METHOD"] != "GET") {
         throw new Exception("Method not allowed");
     }
-    if (!isset($_GET["t"])) {
+    $token = filter_input(INPUT_GET, "t", FILTER_SANITIZE_STRING);
+    if (empty($token)) {
         throw new Exception("UNKNOWN_TOKEN");
     }
-    $token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
 
     require_once(__DIR__ . "/../database.php");
 
-    $action = NULL;
+    $param_action = filter_input(INPUT_GET, "d", FILTER_SANITIZE_STRING);
-    if (isset($_GET["allow"])) {
+    if ($param_action == "allow") {
         $action = RegisterState::RegistrationAccepted;
-    }
+    } elseif ($param_action == "deny") {
-    $decline_reason = NULL;
-    if (isset($_GET["deny"])) {
         $action = RegisterState::RegistrationDeclined;
-        if (isset($_GET["reason"])) {
+        $decline_reason = filter_input(INPUT_GET, "decline_reason", FILTER_SANITIZE_STRING);
-            $decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING);
-        }
     }
 
     $user = $mx_db->getUserForApproval($token);
@@ -60,6 +56,9 @@ try {
     $first_name = $user["first_name"];
     $last_name = $user["last_name"];
     $username = $user["username"];
+    // we have 2 cases: first and last name or just the username
+    $call_name = strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username;
+
     $note = $user["note"];
     $email = $user["email"];
 
@@ -99,7 +98,7 @@ try {
             // send registration_success
             $res = send_mail_registration_success(
                     $config["homeserver"],
-                    $first_name . " " . $last_name,
+                    $call_name,
                     $email,
                     $username,
                     // only send password when auto-created
@@ -112,11 +111,11 @@ try {
                 $mx_db->setRegistrationStateAdmin(RegisterState::PendingSendRegistrationMail, $token);
             }
         } else {
-            send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email);
+            send_mail_registration_allowed_but_failed($config["homeserver"], $call_name, $email);
             $mxMsg = new MatrixMessage();
             $mxMsg->set_type("m.text");
             $mxMsg->set_body(strtr($language["REGISTRATION_FAILED_FOR"], [
-                "@name" => strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username,
+                "@name" => $call_name,
             ]));
             $mxConn->send($config["register_room"], $mxMsg);
             throw new Exception("REGISTRATION_FAILED");
@@ -129,14 +128,13 @@ try {
     } elseif ($action == RegisterState::RegistrationDeclined) {
         $mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token);
         send_mail_registration_decline(
-                $config["homeserver"], strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username, $email, $decline_reason
+                $config["homeserver"], $call_name, $email, $decline_reason
         );
         print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
         print("</head><body>");
         print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
         print("<p>" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "</p>");
     } else {
-
         print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
         ?>
         <link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
@@ -165,7 +163,7 @@ try {
                             <h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"]; ?></h3>
                         </div>
                         <div class="panel-body">
-                            <form name="appForm" role="form" action="verify_admin.php" method="GET">
+                            <form name="appForm" role="form" onsubmit="return submitForm()" action="verify_admin.php" method="GET">
                                 <?php
                                 if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
                                     // this values will not be used when using the register operation type
@@ -193,9 +191,16 @@ try {
                                     <input type="text" id="username" class="form-control input-sm"
                                            value="<?php echo $username; ?>" disabled=true>
                                 </div>
+                                <div class="form-group">
+                                    <input type="hidden" name="decline_reason" class="form-control input-sm"
+                                           placeholder="<?php echo $language["DECLINE_REASON"]; ?>">
+                                </div>
                                 <input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
-                                <input type="submit" name="allow" value="<?php echo $language["ACCEPT"]; ?>" class="btn btn-info btn-block">
+                                <div class="form-group">
-                                <input type="submit" name="deny" value="<?php echo $language["DECLINE"]; ?>" class="btn btn-info btn-block">
+                                    <input type="radio" name="d" value="allow"><?php echo $language["ACCEPT"]; ?>
+                                    <input type="radio" name="d" value="deny"><?php echo $language["DECLINE"]; ?>
+                                </div>
+                                <input type="submit" value="<?php echo $language["SUBMIT"]; ?>" class="btn btn-info btn-block">
                             </form>
                         </div>
                     </div>
@@ -203,7 +208,30 @@ try {
             </div>
         </div>
         <script type="text/javascript">
-
+            var rad = document.appForm.d;
+            function isSelected() {
+                for (var i=0; i<rad.length; i++)
+                    if (rad[i].checked)
+                        return true;
+                return false;
+            }
+            function submitForm() {
+                if (isSelected()) {
+                    return true;
+                }
+                alert("<?php echo $language["MAKE_A_SELECTION"];?>");
+                return false;
+            }
+            for(var i = 0; i < rad.length; i++) {
+                rad[i].onclick = function() {
+                    if (this.value === "deny") {
+                        document.appForm.decline_reason.type = "text";
+                    } else {
+                        document.appForm.decline_reason.type = "hidden";
+                    }
+                };
+            }
+        </script>
             <?php
         } // else - no action provided
     } catch (Exception $e) {