update README to contain missing api endpoints; abort execution when no message should be send

- set Register_Accept to 6 internally as it reflects the same state as PendingSendRequest
- cleanups

MatrixConnection.php

@@ -1,21 +1,6 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-class MatrixConnection {
-
+class MatrixConnection
+{
 	private $hs;
 	private $at;
 
@@ -108,6 +93,7 @@ class MatrixConnection {
 
 	function exec_curl_request($handle) {
 		$response = curl_exec($handle);
+
 		if ($response === false) {
 			$errno = curl_errno($handle);
 			$error = curl_error($handle);
@@ -115,6 +101,7 @@ class MatrixConnection {
 			curl_close($handle);
 			return false;
 		}
+
 		$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
 		curl_close($handle);
 
@@ -131,13 +118,13 @@ class MatrixConnection {
 		} else {
 			$response = json_decode($response, true);
 		}
+
 		return $response;
 	}
-
 }
 
-class MatrixMessage {
-
+class MatrixMessage
+{
 	private $message;
 
 	function __construct() {
@@ -164,7 +151,5 @@ class MatrixMessage {
 	function get_object() {
 		return $this->message;
 	}
-
 }
-
 ?>

README.md

@@ -14,34 +14,17 @@ This is done in several steps:
 
 2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md)
 
-This bot takes care for user accounts. So it stores the credentials itself and provides ways to access them via matrix-synapse-rest-auth or mxisd.
 ## How to install
 
 - Copy `config.sample.php` to `config.php` and configure the bot as you can find there
-- Configure your webserver to publish the folder `public`.
-  The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth or else via a reverse proxy
-- To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
+- Configure your webserver to publish the folder `public` and configure.
+  The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth
+- To integrate with matrix-synapse-rest-auth:
   - `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
-- To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
-
-
+- To integrate with mxisd: Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
 | Key                            | file which handles that       | Description                                          |
 |--------------------------------|-------------------------------|------------------------------------------------------|
 | rest.endpoints.auth            | internal/login.php            | Validate credentials and get user profile            |
 | rest.endpoints.directory       | internal/directory_search.php | Search for users by arbitrary input                  |
 | rest.endpoints.identity.single | internal/identity_single.php  | Endpoint to query a single 3PID                      |
 | rest.endpoints.identity.bulk   | internal/identity_bulk.php    | Endpoint to query a list of 3PID                     |
-
-
-## Implement usage of additional features:
-### Use the ChangePasswortInterceptor:
-
-You need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.
-Here is an example for nginx:
-
-```
-        location /_matrix/client/r0/account/password {
-                proxy_pass http://localhost/mxbot/internal/intercept_change_password.php;
-                proxy_set_header X-Forwarded-For $remote_addr;
-        }
-```

config.sample.php

@@ -1,24 +1,22 @@
 <?php
-
 $config = [
 	"homeserver" => "example.com",
 	"access_token" => "To be used for sending the registration notification",
+
 	// Which e-mail-adresse shall the bot use to send e-mails?
 	"register_email" => 'register_bot@example.com',
 	// Where should the bot post registration requests to?
 	"register_room" => '$registerRoomID:example.com',
+
 	// Where is the public part of the bot located? make sure you have a / at the end
 	"webroot" => "https://myregisterdomain.net/",
+
 	// optional: Do you have a place where howTo's are located? If not leave this value out
 	"howToURL" => "https://my-url-for-storing-howTos.net",
-    // set the mode of operation. Basically this defines where the data is stored:
-    // - synapse (using the register endpoint - so no further auth config necessary
-    // - local (recommended; using a table in the database to store credentials;
-    //   synapse has to be configured to use that)
-    "operationMode" => "local",
+
 	// When you want to collect the password on registration set this to true
-    // only evaluated when operationMode = local
 	"getPasswordOnRegistration" => false,
+
 	// to define where the data should be stored:
 	"databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
 	// credentials for sqlite not used

cron.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 require_once("config.php");
 require_once("mail_templates.php");
 require_once("database.php");
@@ -37,7 +22,10 @@ foreach ($mx_db->query($sql) as $row) {
 			case RegisterState::PendingEmailSend:
 				$verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
 				$success = send_mail_pending_verification(
-                        $config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
+						$config["homeserver"],
+						$row["first_name"] . " " . $row["last_name"],
+						$row["email"],
+						$verify_url);
 
 				if ($success) {
 					$mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);

database.php

@@ -1,26 +1,11 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 require_once("config.php");
 if (!isset($config["databaseURI"])) {
 	throw new Exception ("malformed configuration: databaseURI not defined");
 }
 
-abstract class RegisterState {
-
+abstract class RegisterState
+{
 	// Sending an E-Mail failed in the first attempt. Will retry later
 	const PendingEmailSend = 0;
 	// User got a mail. We wait for it to verfiy
@@ -31,19 +16,21 @@ abstract class RegisterState {
 	const PendingAdminVerify = 6;
 	// Registration failed on first attempt. Will retry
 	const PendingRegistration = 7;
+
 	// in this case we have to reset the password of the user (or should we store it for this case?)
 	const PendingSendRegistrationMail = 8;
+
 	// State to allow persisting in the database although an admin declined it.
 	// Will be removed regularly
 	const RegistrationAccepted = 7;
 	const RegistrationDeclined = 13;
+
 	// User got successfully registered. Will be cleaned up later
 	const AllDone = 100;
-
 }
 
-class mxDatabase {
-
+class mxDatabase
+{
 	private $db = NULL;
 
 	/**
@@ -163,7 +150,6 @@ class mxDatabase {
 		}
 		return false;
 	}
-
 	function userRegistered($username) {
 		$sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
 		$res = $this->db->query($sql);
@@ -186,10 +172,12 @@ class mxDatabase {
 	 */
 	function addRegistration($first_name, $last_name, $username, $note, $email) {
 		if ($this->userPendingRegistrations($username)) {
-            throw new Exception("USERNAME_PENDING_REGISTRATION");
+			require_once("language.php");
+			throw new Exception($language["USERNAME_PENDING_REGISTRATION"]." (requested)");
 		}
 		if ($this->userRegistered($username)) {
-            throw new Exception("USERNAME_REGISTERED");
+			require_once("language.php");
+			throw new Exception($language["USERNAME_REGISTERED"] . " (registered)");
 		}
 
 		$verify_token = bin2hex(random_bytes(16));
@@ -215,6 +203,7 @@ class mxDatabase {
 		$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
 			. " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
 		$res = $this->db->query($sql);
+		$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
 
 		if ($res->fetchColumn() > 0) {
 			$sql = "SELECT first_name, last_name, username, note, email FROM registrations"
@@ -239,9 +228,10 @@ class mxDatabase {
 		$sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
 			. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
 		$res = $this->db->query($sql);
+		$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
 
 		if ($res->fetchColumn() > 0) {
-            $sql = "SELECT first_name, last_name, note, email, username, admin_token FROM registrations "
+			$sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
 				. " WHERE verify_token = '" . $verify_token . "'"
 				. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
 			foreach ($this->db->query($sql) as $row) {
@@ -302,24 +292,6 @@ class mxDatabase {
 		return NULL;
 	}
 
-    function updatePassword($localpart, $old_password, $new_password) {
-        $user = $this->getUserForLogin($localpart, $old_password);
-        if ($user == NULL) {
-            throw new Exception("user with that credentials not found");
-        }
-
-        // The credentials were fine. So now set the new password
-        $password_hash = password_hash($new_password, PASSWORD_BCRYPT, ["cost" => 12]);
-
-        $sql = "UPDATE logins SET password_hash = '" . $password_hash . "'"
-                . "WHERE localpart = '" . $localpart . "'";
-
-        if ($this->db->exec($sql)) {
-            return true;
-        }
-        return false;
-    }
-
 	function searchUserByName($search_term) {
 		$term = filter_var($search_term, FILTER_SANITIZE_STRING);
 		$result = array();
@@ -359,7 +331,6 @@ class mxDatabase {
 		}
 		return $result;
 	}
-
 }
 
 if (!isset($mx_db)) {

helpers.php

@@ -1,33 +0,0 @@
-<?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-function stripLocalpart($mxid) {
-    $localpart = NULL;
-    if (!empty($mxid)) {
-        // A mxid would start with an @ so we start at the 2. position
-        $sepPos = strpos($mxid, ':', 1);
-        if ($sepPos === false) {
-            // : not found. Assume mxid is localpart
-            // TODO: further checks
-            $localpart = $mxid;
-        } else {
-            $localpart = substr($mxid, 1, strpos($mxid, ':') - 1);
-        }
-    }
-    return $localpart;
-}
-
-?>

internal/directory_search.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 require_once("../database.php");
 $response=[
     "limited" => false,
@@ -40,11 +25,12 @@ try {
             $response["result"] = $mx_db->searchUserByEmail($input["search_term"]);
             break;
         default:
-            throw new Exception('unknown type for "by" param');
+            throw new Exception("unknown type for \"by\" param");
     }
+    
 } catch (Exception $e) {
     error_log("failed with error: " . $e->getMessage());
     $response["error"] = $e->getMessage();
 }
-print (json_encode($response, JSON_PRETTY_PRINT));
+print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
 ?>

internal/identity_bulk.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 require_once("../database.php");
 $response = [
     "lookup" => []
@@ -38,7 +23,7 @@ try {
         if (!isset($lookup["address"])) {
             throw new Exception('"lookup.address" is not defined');
         }
-        $res2 = NULL;
+        $res2 = array();
         switch ($lookup["medium"]) {
             case "email":
                 $res2 = $mx_db->searchUserByEmail($lookup["address"]);
@@ -55,16 +40,14 @@ try {
                 }
 		break;
             case "msisdn":
-                // This is reserved for number lookups
-                throw new Exception("unimplemented lookup medium");
                 break;
             default:
-                throw new Exception("unknown lookup medium");
+                throw new Exception("unknown type for \"by\" param");
         }
     }
 } catch (Exception $e) {
     error_log("ídentity_bulk failed with error: " . $e->getMessage());
     $response["error"] = $e->getMessage();
 }
-print (json_encode($response, JSON_PRETTY_PRINT));
+print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
 ?>

internal/identity_single.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 require_once("../database.php");
 $response = new stdClass;
 try {
@@ -31,7 +16,7 @@ try {
     if (!isset($input["lookup"]["address"])) {
         throw new Exception('"lookup.address" is not defined');
     }
-    $res2 = NULL;
+    $res2 = array();
     switch ($input["lookup"]["medium"]) {
         case "email":
             $res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]);
@@ -47,19 +32,15 @@ try {
                     ]
                 ];
             }
-            break;
-        case "msisdn":
-            // This is reserved for number lookups
-            throw new Exception("unimplemented lookup medium");
+            
+
             break;
         default:
-            throw new Exception("unknown lookup medium");
+            throw new Exception("unknown type for \"by\" param");
     }
 } catch (Exception $e) {
-    error_log("ídentity_single failed with error: " . $e->getMessage());
-    $response = [
-        "error" => $e->getMessage()
-    ];
+    error_log("ídentity_bulk failed with error: " . $e->getMessage());
+    $response["error"] = $e->getMessage();
 }
-print (json_encode($response, JSON_PRETTY_PRINT));
+print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
 ?>

internal/intercept_change_password.php

@@ -1,69 +0,0 @@
-<?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-// URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
-
-header('Access-Control-Allow-Origin: *');
-header('Access-Control-Allow-Methods: POST, OPTIONS');
-header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
-if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
-    print ("{}");
-    // return with success
-    exit();
-}
-$response = new stdClass;
-try {
-    $inputJSON = file_get_contents('php://input');
-    $input = json_decode($inputJSON, TRUE);
-    if (empty($input)) {
-        throw new Exception('no valid json as input present');
-    }
-    if (!isset($input["auth"])) {
-        throw new Exception('"auth" is not defined');
-    }
-    if (!isset($input["auth"]["user"]) || !isset($input["auth"]["password"])) {
-        throw new Exception('"auth.user" or "auth.password" is not defined');
-    }
-    if (!isset($input["auth"]["type"]) || $input["auth"]["type"] !== "m.login.password") {
-        throw new Exception('no or unknown auth.type');
-    }
-    if (!isset($input["new_password"])) {
-        throw new Exception('"new_password" is not defined');
-    }
-
-    require_once("../helpers.php");
-    $localpart = stripLocalpart($input["auth"]["user"]);
-
-    if (empty($localpart)) {
-        throw new Exception("localpart cannot be identified");
-    }
-
-    require_once("../database.php");
-    if (!$mx_db->updatePassword(
-                    $localpart, $input["auth"]["password"], $input["new_password"]
-            )) {
-        throw new Exception("invalid credentials or another error while updating");
-    }
-} catch (Exception $e) {
-    header("HTTP/1.0 500 Internal Error");
-    error_log("failed with error: " . $e->getMessage());
-    $response = [
-        "errorcode" => "M_UNKNOWN",
-        "error" => $e->getMessage(),
-    ];
-}
-print (json_encode($response, JSON_PRETTY_PRINT));
-?>

internal/login.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 $response = [
     "auth" => [
         "success" => false,
@@ -21,21 +6,18 @@ $response = [
 ];
 
 require_once("../database.php");
-
 abstract class LoginRequester {
-
     const UNDEFINED = 0;
     const MXISD = 1;
     const RestAuth = 2;
-
 }
-
 $loginRequester = LoginRequester::UNDEFINED;
 
 try {
     $inputJSON = file_get_contents('php://input');
     $input = json_decode($inputJSON, TRUE);
-    $mxid = $localpart = NULL;
+    $mxid = NULL;
+    $localpart = NULL;
     if (isset($input["user"])) {
         if (isset($input["user"]["localpart"])) {
             $localpart = $input["user"]["localpart"];
@@ -49,15 +31,20 @@ try {
             $mxid = $input["user"]["mxid"];
             $loginRequester = LoginRequester::MXISD;
         }
-    } else {
-        throw new Exception('"user" not in request body');
     }
 
     // prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
     // we have to parse it on our own
-    if (empty($localpart)) {
-        require_once("../helpers.php");
-        $localpart = stripLocalpart($mxid);
+    if (empty($localpart) && !empty($mxid)) {
+        // A mxid would start with an @ so we start at the 2. position
+        $sepPos = strpos($mxid,':', 1);
+        if ($sepPos === false) {
+            // : not found. Assume mxid is localpart
+            // TODO: further checks
+            $localpart = $mxid;
+        } else {
+            $localpart = substr($mxid, 1, strpos($mxid,':') - 1 );
+        }
     }
     
     if (empty($localpart)) {
@@ -65,7 +52,7 @@ try {
     }
     
     $password = NULL;
-    if (isset($input["user"]["password"])) {
+    if (isset($input["user"]) && isset($input["user"]["password"])) {
         $password = $input["user"]["password"];
     }
     if (empty($password)) {
@@ -101,12 +88,11 @@ try {
             // only return that it was successful.
             // we do not know how the data shall be transmitted so we do nothing with it
             $response["auth"]["success"] = false;
-            $response["auth"]["error"] = "unidentified requester";
             break;
     }    
 } catch (Exception $e) {
     error_log("Auth failed with error: " . $e->getMessage());
     $response["auth"]["error"] = $e->getMessage();
 }
-print (json_encode($response, JSON_PRETTY_PRINT));
+print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
 ?>

lang/lang.de-de.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 $language = array(
     "NO_CONFIGURATION" => "Es konnte keine Konfiguration gefunden werden.",
     "UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.",

language.php

@@ -1,19 +1,4 @@
 <?php
-
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 $lang = "de-de";
 if(isset($_GET['lang'])){
 	$lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING);

mail_templates.php

@@ -1,19 +1,5 @@
 <?php
 
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 function send_mail($receiver, $subject, $body) {
 	include("config.php");
 	$headers = "From: " . $config["register_email"] . "\r\n"
@@ -69,6 +55,7 @@ Wir melden uns, wenn die Registrierung erfolgreich war.
 
 Das Administratoren-Team von " . $homeserver;
 	return send_mail($receiver, $subject, $body);
+
 }
 
 function send_mail_registration_success($homeserver, $user, $receiver, $username, $password, $howToURL) {
@@ -81,8 +68,8 @@ Zum Anmelden kannst du folgende Zugangsdaten verwenden:
 Nutzername: $username
 Passwort: $password
 
-Hinweis: Das Passwort kannst du aktuell über die App selbst ändern. Auch wenn das Passwort nirgends
-im Klartext gespeichert wird, kann jemand Zugriff auf diese Mail erlangen und so den Zugriff bekommen.
+Hinweis: Aktuell ist es nicht möglich, das Passwort selbst zu ändern. Sobald die Funktionalität zur
+Verfügung steht, gibt es aber einen Hinweis.
 ";
 /*
 Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung.
@@ -101,8 +88,8 @@ Bei Fragen findest du nach der Anmeldung ein paar Räume in denen du sie stellen
 
 Das Administratoren-Team von " . $homeserver;
 	return send_mail($receiver, $subject, $body);
-}
 
+}
 function send_mail_registration_decline($homeserver, $user, $receiver, $reason) {
 	$subject = "Registrierung auf $homeserver abgelehnt.";
 	$body = "Guten Tag " . $user . ",
@@ -118,5 +105,4 @@ Deine Registrierungsanfrage wurde durch die Administratoren abgelehnt.\n";
 	$body .= "\nDas Administratoren-Team von " . $homeserver;
 	return send_mail($receiver, $subject, $body );
 }
-
 ?>

public/index.php

@@ -1,25 +1,6 @@
-<html><head><?php
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// enforce admin via https
-if (!isset($_SERVER['HTTPS'])) {
-	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
-	exit();
-}
-
+<html>
+	<head>
+<?php
 require_once "../language.php";
 if (!file_exists("../config.php")) {
 	print($language["NO_CONFIGURATION"]);
@@ -27,61 +8,50 @@ if (!file_exists("../config.php")) {
 }
 require_once "../config.php";
 
-// this values will not be used when using the register operation type
-$storeFirstLastName = false;
-if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
-    $storeFirstLastName = true;
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
 }
 
-// currently the case to store the password on our own is the only supported one
-$storePassword = false;
-if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
-         isset($config["operationMode"]) && $config["operationMode"] === "synapse") {
-    $storePassword = true;
-}
 session_start();
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
 	try {
 		if (!isset($_SESSION["token"]) || !isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
 			// token not present or invalid
-			throw new Exception("UNKNOWN_SESSION");
+			throw new Exception($language["UNKNOWN_SESSION"]);
 		}
 		if (!isset($_POST["username"])) {
-			throw new Exception("UNKNOWN_USERNAME");
+			throw new Exception($language["UNKNOWN_USERNAME"]);
 		}
 		if (strlen($_POST["username"] > 20 || strlen($_POST["username"]) < 3)) {
-			throw new Exception("USERNAME_LENGTH_INVALID");
+			throw new Exception($language["USERNAME_LENGTH_INVALID"]);
 		}
 		if (ctype_alnum($_POST['username']) != true) {
-			throw new Exception("USERNAME_NOT_ALNUM");
+			throw new Exception($language["USERNAME_NOT_ALNUM"]);
 		}
 		if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
 			$_POST["password"] != $_POST["password_confirm"]) {
-			throw new Exception("PASSWORD_NOT_MATCH");
+			throw new Exception($language["PASSWORD_NOT_MATCH"]);
 		}
 		if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) {
-			throw new Exception("NOTE_LENGTH_EXEEDED");
+			throw new Exception($language["NOTE_LENGTH_EXEEDED"]);
 		}
 		if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
-			throw new Exception("EMAIL_INVALID_FORMAT");
+			throw new Exception($language["EMAIL_INVALID_FORMAT"]);
 		}
-                if ($storeFirstLastName) {
-                    // only require first_name and last_name when we will evaluate them
-                    if (!isset($_POST["first_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
-                            throw new Exception("FIRSTNAME_INVALID_FORMAT");
+		if (isset($_POST["first_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
+			throw new Exception($language["FIRSTNAME_INVALID_FORMAT"]);
 		}
-                    if (!isset($_POST["last_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
-                            throw new Exception("SIRNAME_INVALID_FORMAT");
-                    }
-                    $first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
-                    $last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
-                } else {
-                    $first_name = $last_name = "";
+		if (isset($_POST["last_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
+			throw new Exception($language["SIRNAME_INVALID_FORMAT"]);
 		}
 
+		$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
+		$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
 		$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
-		if ($storePassword && isset($_POST["password"])) {
+		if (isset($_POST["password"])) {
 			$password  = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
 		}
 		$note   = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
@@ -100,7 +70,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		require_once "../mail_templates.php";
 		$success = send_mail_pending_verification(
 			$config["homeserver"],
-			$storeFirstLastName ? $first_name . " " . $last_name : $username,
+			$first_name . " " . $last_name,
 			$email,
 			$verify_url);
 
@@ -117,11 +87,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		print("<title>" . $language["REGISTRATION_REQUEST_FAILED"] . "</title>");
 		print("</head><body>");
 		print("<h1>" . $language["REGISTRATION_REQUEST_FAILED"] . "</h1>");
-		if (isset($language[$e->getMessage()])) {
-			print("<p>" . $language[$e->getMessage()] . "</p>");
-		} else {
 		print("<p>" . $e->getMessage() . "</p>");
-		}
 		print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
 	}
 } else {
@@ -155,7 +121,6 @@ body{
 						</div>
 						<div class="panel-body">
 							<form name="regForm" role="form" action="index.php" method="post">
-                                                            <?php if ($storeFirstLastName) { ?>
 								<div class="row">
 									<div class="col-xs-6 col-sm-6 col-md-6">
 										<div class="form-group">
@@ -170,7 +135,6 @@ body{
 										</div>
 									</div>
 								</div>
-                                                            <?php } ?>
 
 								<div class="form-group">
 									<input type="email" name="email" id="email" class="form-control input-sm" placeholder="E-Mail-Adresse" required>
@@ -184,7 +148,7 @@ body{
 									<input type="text" name="username" id="username" class="form-control input-sm"
 										placeholder="Nutzername (für den Login)" pattern="[a-z1-9]{3,20}" required>
 								</div>
-                                                            <?php if ($storePassword) { ?>
+<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
 								<div class="row">
 									<div class="col-xs-6 col-sm-6 col-md-6">
 										<div class="form-group">
@@ -214,14 +178,6 @@ body{
 			</div>
 		</div>
  <script type="text/javascript">
-	var user_name = document.getElementById("username");
-	user_name.oninvalid = function(event) {
-		event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
-	}
-	user_name.onkeyup = function (event) {
-		event.target.setCustomValidity("");
-	}
-<?php if ($storeFirstLastName) { ?>
  var first_name = document.getElementById("first_name");
 	first_name.oninvalid = function(event) {
 		event.target.setCustomValidity("Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
@@ -236,7 +192,14 @@ body{
 	last_name.onkeyup = function(event) {
 		event.target.setCustomValidity("");
 	}
-<?php } if ($storePassword) { ?>
+	var user_name = document.getElementById("username");
+	user_name.oninvalid = function(event) {
+		event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
+	}
+	user_name.onkeyup = function (event) {
+		event.target.setCustomValidity("");
+	}
+<?php	if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
 	var password = document.getElementById("password")
 		, confirm_password = document.getElementById("password_confirm");
 	function validatePassword(){
@@ -251,4 +214,5 @@ body{
 <?php	} ?>
 </script>
 		<?php } ?>
-</body></html>
+	</body>
+</html>

public/verify.php

@@ -1,18 +1,6 @@
-<html><head><?php
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+<html>
+	<head>
+<?php
 require_once "../language.php";
 if (!file_exists("../config.php")) {
 	print($language["NO_CONFIGURATION"]);
@@ -34,7 +22,7 @@ try {
 		throw new Exception("Method not allowed");
 	}
 	if (!isset($_GET["t"])) {
-		throw new Exception("UNKNOWN_TOKEN");
+		throw new Exception($language["UNKNOWN_TOKEN"]);
 	}
 	$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
 
@@ -42,11 +30,10 @@ try {
 
 	$user = $mx_db->getUserForVerify($token);
 	if ($user == NULL) {
-		throw new Exception("UNKNOWN_TOKEN");
+		throw new Exception($language["UNKNOWN_TOKEN"]);
 	}
 	$first_name = $user["first_name"];
 	$last_name = $user["last_name"];
-	$username = $user["username"];
 	$note = $user["note"];
 	$email = $user["email"];
 	$admin_token = $user["admin_token"];
@@ -55,12 +42,10 @@ try {
 	$adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token;
 	$mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
 	$mxMsg = new MatrixMessage();
-	$mxMsg->set_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username)
-		. " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
+	$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
 		. $note . "\r\n"
 		. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
-	$mxMsg->set_formatted_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username)
-		. " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
+	$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
 		. $note . "<br />"
 		. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
 	$mxMsg->set_type("m.text");
@@ -84,11 +69,7 @@ try {
 	print("<title>" . $language["VERIFICATION_FAILED"] . "</title>");
 	print("</head><body>");
 	print("<h1>" . $language["VERIFICATION_FAILED"] . "</h1>");
-	if (isset($language[$e->getMessage()])) {
-		print("<p>" . $language[$e->getMessage()] . "</p>");
-	} else {
 	print("<p>" . $e->getMessage() . "</p>");
-	}
 	print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
 }
 ?>

public/verify_admin.php

@@ -1,18 +1,6 @@
-<html><head><?php
-/**
- * Copyright 2018 Matthias Kesler
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+<html>
+<head>
+<?php
 require_once "../language.php";
 if (!file_exists("../config.php")) {
 	print($language["NO_CONFIGURATION"]);
@@ -34,7 +22,7 @@ try {
 		throw new Exception("Method not allowed");
 	}
 	if (!isset($_GET["t"])) {
-		throw new Exception("UNKNOWN_TOKEN");
+		throw new Exception($language["UNKNOWN_TOKEN"]);
 	}
 	$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
 
@@ -54,7 +42,7 @@ try {
 
 	$user = $mx_db->getUserForApproval($token);
 	if ($user == NULL) {
-		throw new Exception("UNKNOWN_TOKEN");
+		throw new Exception($language["UNKNOWN_TOKEN"]);
 	}
 
 	$first_name = $user["first_name"];
@@ -86,7 +74,7 @@ try {
 			$mxMsg->set_type("m.text");
 			$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
 			$mxConn->send($config["register_room"], $mxMsg);
-			throw new Exception("REGISTRATION_FAILED");
+			throw new Exception($language["REGISTRATION_FAILED"]);
 		}
 
 		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
@@ -95,12 +83,7 @@ try {
 		print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
 	} elseif ($action == RegisterState::RegistrationDeclined) {
 		$mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token);
-		send_mail_registration_decline(
-			$config["homeserver"],
-			strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username,
-			$email,
-			$decline_reason
-		);
+		send_mail_registration_decline($config["homeserver"], $first_name . " " . $last_name, $email, $decline_reason);
 		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
 		print("</head><body>");
 		print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
@@ -136,8 +119,6 @@ background: rgba(255, 255, 255, 0.8);
 			</div>
 			<div class="panel-body">
 			<form name="appForm" role="form" action="verify_admin.php" method="GET">
-                        <?php if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
-                            // this values will not be used when using the register operation type ?>
 			<div class="row">
 			<div class="col-xs-6 col-sm-6 col-md-6">
 			<div class="form-group">
@@ -152,7 +133,7 @@ background: rgba(255, 255, 255, 0.8);
 			</div>
 			</div>
 			</div>
-                        <?php } ?>
+
 			<div class="form-group">
 			<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
 			</div>
@@ -179,11 +160,7 @@ background: rgba(255, 255, 255, 0.8);
 	print("<title>" . $language["REGISTRATION_FAILED"] . "</title>");
 	print("</head><body>");
 	print("<h1>" . $language["REGISTRATION_FAILED"] . "</h1>");
-	if (isset($language[$e->getMessage()])) {
-		print("<p>" . $language[$e->getMessage()] . "</p>");
-	} else {
 	print("<p>" . $e->getMessage() . "</p>");
-	}
 	print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
 }
 ?>