abort when e-mail got verified already; remove duplicate / in path

- set Register_Accept to 6 internally as it reflects the same state as PendingSendRequest
- cleanups

.gitignore

@@ -0,0 +1 @@
+config.php

MatrixConnection.php

@@ -0,0 +1,156 @@
+<?php
+class MatrixConnection
+{
+	private $hs;
+	private $at;
+
+	function __construct($homeserver, $access_token) {
+		$this->hs = $homeserver;
+		$this->at = $access_token;
+	}
+
+	function send($room_id, $message) {
+		if (!$this->at) {
+			error_log("No access token defined");
+			return false;
+		}
+
+		$send_message = NULL;
+		if (!$message) {
+			error_log("no message to send");
+		} elseif(is_array($message)) {
+			$send_message = $message;
+		} elseif ($message instanceof MatrixMessage) {
+			$send_message = $message->get_object();
+		} else {
+			error_log("message is of not valid type\n");
+			return false;
+		}
+
+		$url="https://".$this->hs."/_matrix/client/r0/rooms/"
+			. urlencode($room_id) ."/send/m.room.message?access_token=".$this->at;
+		$handle = curl_init($url);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+		curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message));
+		curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+
+		$response = $this->exec_curl_request($handle);
+		return isset($response["event_id"]);
+	}
+
+	function send_msg($room_id, $message) {
+		return $this->send($room_id, array(
+					"msgtype" => "m.notice",
+					"body" => $message
+					)
+				);
+	}
+
+	function hasUser($username) {
+		if (!$username) {
+			throw new Exception ("no user given to lookup");
+		}
+
+		$url = "https://".$this->hs."/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
+		$handle = curl_init($url);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+
+		$res = $this->exec_curl_request($handle);
+		return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN");
+	}
+
+	function register($username, $password, $shared_secret) {
+		if (!$username) {
+			error_log("no username provided");
+		}
+		if (!$password) {
+			error_log("no message to send");
+		}
+
+		$mac = hash_hmac('sha1', $username, $shared_secret);
+
+		$data = array(
+				"username" => $username,
+				"password" => $password,
+				"mac" => $mac,
+			     );
+		$url = "https://".$this->hs."/_matrix/client/v2_alpha/register";
+		$handle = curl_init($url);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($handle, CURLOPT_TIMEOUT, 60);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
+		curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data));
+
+		return $this->exec_curl_request($handle);
+	}
+
+	function exec_curl_request($handle) {
+		$response = curl_exec($handle);
+
+		if ($response === false) {
+			$errno = curl_errno($handle);
+			$error = curl_error($handle);
+			error_log("Curl returned error $errno: $error\n");
+			curl_close($handle);
+			return false;
+		}
+
+		$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
+		curl_close($handle);
+
+		if ($http_code >= 500) {
+			// do not want to DDOS server if something goes wrong
+			sleep(10);
+			return false;
+		} else if ($http_code != 200) {
+			$response = json_decode($response, true);
+			error_log("Request has failed with error {$response['error']}\n");
+			if ($http_code == 401) {
+				throw new Exception('Invalid access token provided');
+			}
+		} else {
+			$response = json_decode($response, true);
+		}
+
+		return $response;
+	}
+}
+
+class MatrixMessage
+{
+	private $message;
+
+	function __construct() {
+		$this->message = array(
+				"msgtype" => "m.notice",
+				);
+	}
+
+	function set_type($msgtype) {
+		$this->message["msgtype"] = $msgtype;
+	}
+
+	function set_format($format) {
+		$this->message["format"] = $format;
+	}
+
+	function set_body($body) {
+		$this->message["body"] = $body;
+	}
+
+	function set_formatted_body($fbody, $format="org.matrix.custom.html") {
+		$this->message["formatted_body"] = $fbody;
+		$this->message["format"] = $format;
+	}
+
+	function get_object() {
+		return $this->message;
+	}
+}
+?>

config.sample.php

@@ -0,0 +1,9 @@
+<?php
+$homeserver = "example.com";
+$access_token = "To be used for sending the registration notification";
+$register_room = '$registerRoomID:example.com';
+$registration_shared_secret = "To be used for actually register the user";
+
+$webroot="https://myregisterdomain.net/";
+$howToURL = "https://my-url-for-storing-howTos.net";
+?>

cron.php

@@ -0,0 +1,96 @@
+<?php
+require_once("config.php");
+require_once("mail_templates.php");
+require_once("database.php");
+
+$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations "
+."WHERE state = ". RegisterState::PendingEmailSend
+. " OR state = " . RegisterState::PendingAdminSend
+. " OR state = " . RegisterState::PendingRegistration
+. " OR state = " . RegisterState::PendingSendRegistrationMail
+. " OR state = " . RegisterState::RegistrationDeclined
+. " OR state = " . RegisterState::AllDone . ";";
+foreach ($db->query($sql) as $row) {
+	$first_name = $row["first_name"];
+	$last_name = $row["last_name"];
+	$username = $row["username"];
+	$email = $row["email"];
+	$state = $row["state"];
+
+	try {
+		switch ($state) {
+			case RegisterState::PendingEmailSend:
+				$verify_url = $webroot . "/verify.php?t=" . $row["verify_token"];
+				$success = send_mail_pending_verification(
+						$homeserver,
+						$row["first_name"] . " " . $row["last_name"],
+						$row["email"],
+						$row["verify_url"]);
+
+				if ($success) {
+					$db->exec("UPDATE registrations SET state = " . RegisterState::PendingEmailVerify
+						. " WHERE id = " . $row["id"] . ";");
+				} else {
+					throw new Exception("Could not send mail to ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].")");
+				}
+				break;
+			case RegisterState::PendingAdminSend:
+				require_once("MatrixConnection.php");
+				$adminUrl = $webroot . "/verify_admin.php?t=" . $row["admin_token"];
+				$mxConn = new MatrixConnection($homeserver, $access_token);
+				$mxMsg = new MatrixMessage();
+				$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
+						. $row["note"] . "\r\n"
+						. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
+				$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
+						. $row["note"] . "<br />"
+						. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
+				$mxMsg->set_type("m.text");
+				$response = $mxConn->send($register_room, $mxMsg);
+
+				if ($response) {
+					$db->exec("UPDATE registrations SET state = " . RegisterState::PendingAdminVerify
+							. " WHERE id = " . $row["id"] . ";");
+
+					send_mail_pending_approval($homeserver, $first_name . " " . $last_name, $email);
+				} else {
+					throw new Exception("Could not send notification for ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].") to admins.");
+				}
+				break;
+			case RegisterState::PendingRegistration:
+				// Registration got accepted but registration failed
+
+				// register user
+				require_once("MatrixConnection.php");
+				$mxConn = new MatrixConnection($homeserver, $access_token);
+
+				// generate a password with 8 characters
+				$password = bin2hex(openssl_random_pseudo_bytes(4));
+
+				$res = $mxConn->register($username, $password, $shared_secret);
+				if ($res) {
+					// send registration_success
+					send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
+				} else {
+					send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
+					$mxMsg = new MatrixMessage();
+					$mxMsg->set_type("m.text");
+					$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
+					$mxConn->send($register_room, $mxMsg);
+					throw new Exception($language["REGISTRATION_FAILED"]);
+				}
+				break;
+			case RegisterState::PendingSendRegistrationMail:
+				print ("Error: Unhandled state: PendingSendRegistrationMail for " . $first_name . " " . $last_name . " (" . $username . ")\n");
+				break;
+			case RegisterState::RegistrationDeclined:
+			case RegisterState::AllDone:
+				// do reqular cleanup
+				break;
+		}
+	} catch (Exception $e) {
+		print("Error while handling cron for " . $first_name . " " . $last_name . " (" . $username . ")\n");
+		print($e->getMessage());
+	}
+}
+?>

database.php

@@ -0,0 +1,55 @@
+<?php  
+$db_file = dirname(__DIR__)."/db_file.sqlite";
+
+abstract class RegisterState
+{
+	// Sending an E-Mail failed in the first attempt. Will retry later
+	const PendingEmailSend = 0;
+	// User got a mail. We wait for it to verfiy
+	const PendingEmailVerify = 1;
+	// Sending a message to the register room failed on first attempt
+	const PendingAdminSend = 5;
+	// No admin has verified the registration yet
+	const PendingAdminVerify = 6;
+	// Registration failed on first attempt. Will retry
+	const PendingRegistration = 7;
+
+	// in this case we have to reset the password of the user (or should we store it for this case?)
+	const PendingSendRegistrationMail = 8;
+
+	// State to allow persisting in the database although an admin declined it.
+	// Will be removed regularly
+	const RegistrationAccepted = 7;
+	const RegistrationDeclined = 13;
+
+	// User got successfully registered. Will be cleaned up later
+	const AllDone = 100;
+}
+
+// create database file when not existent yet
+if (!file_exists($db_file)) {
+	$db = new PDO('sqlite:' . $db_file);
+	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+	$db->exec("CREATE TABLE registrations(
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		state INT DEFAULT 0,
+		first_name TEXT,
+		last_name TEXT,
+		username TEXT,
+		note TEXT,
+		email TEXT,
+		verify_token TEXT,
+		admin_token TEXT,
+		request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP)");
+}
+else {
+	// establish connection
+	$db = new PDO('sqlite:' . $db_file);
+	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+} 
+
+// set writeable when not set already
+if (!is_writable($db_file)) {
+	chmod($db_file, 0777);
+}
+?>

lang/lang.de-de.php

@@ -0,0 +1,27 @@
+<?php
+$language = array(
+    "NO_CONFIGURATION" => "Es konnte keine Konfiguration gefunden werden.",
+    "UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.",
+    "UNKNOWN_USERNAME" => "Nutzername fehlt",
+    "UNKNOWN_TOKEN" => "Token ist unbekannt",
+    "USERNAME_LENGTH_INVALID" => "Entweder mehr als 20 oder weniger als 3 Zeichen für den Nutzernamen verwendet",
+    "USERNAME_NOT_ALNUM" => "Nutzername ist nicht alphanumerisch",
+    "USERNAME_PENDING_REGISTRATION" => "Dieser Nutzername wurde bereits zur Registrierung vorgemerkt. Versuche es später noch einmal oder wähle einen anderen Nutzernamen",
+    "USERNAME_REGISTERED" => "Dieser Nutzername wurde bereits registriert. Bitte wähle einen anderen Nutzernamen",
+    "PASSWORD_NOT_MATCH" => "Passwörter stimmen nicht überein",
+    "NOTE_LENGTH_EXEEDED" => "Notiz ist länger als die erlaubten 50 Zeichen",
+    "EMAIL_INVALID_FORMAT" => "Keine valide E-Mail-Adresse angegeben",
+    "FIRSTNAME_INVALID_FORMAT" => "Vorname hat ungültiges Format",
+    "SIRNAME_INVALID_FORMAT" => "Nachname hat ungültiges Format",
+    "SEND_MAIL_FAIL" => "Senden der E-Mail fehlgeschlagen",
+    "SEND_MATRIX_FAIL" => "Senden einer Nachricht an die Administratoren fehlgeschlagen",
+    "REGISTRATION_REQUEST_FAILED" => "Registrierungsanfrage ist fehlgeschlagen",
+    "REGISTRATION_FAILED" => "Registrierung ist fehlgeschlagen",
+    "VERIFICATION_SUCEEDED" => "Verifizierung erfolgreich",
+    "VERIFICATION_FAILED" => "Verifizierung fehlgeschlagen",
+    "VERIFICATION_SUCCESS_BODY" => "Vielen Dank. Die Administratoren wurden informiert",
+    "ADMIN_VERIFY_SITE_TITLE" => "Registrierungsanfrage bearbeiten",
+    "ADMIN_REGISTER_ACCEPTED_BODY" => "Die Registrierungsanfrage wurde akzeptiert. Der Nutzer wurde per Mail informiert.",
+    "ADMIN_REGISTER_DECLINED_BODY" => "Die Registrierungsanfrage wurde angelehnt. Der Nutzer wurde per Mail informiert.",
+);
+?>

language.php

@@ -0,0 +1,12 @@
+<?php
+$lang = "de-de";
+if(isset($_GET['lang'])){
+	$lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING);
+}
+$lang_file = dirname(__FILE__) . "/lang/lang.".$lang.".php";
+if (!file_exists($lang_file)) {
+	throw new Exception("Translation for " . $lang . " not found");
+}
+require_once($lang_file);
+unset($lang_file);
+?>

mail_templates.php

@@ -0,0 +1,103 @@
+<?php
+
+function send_mail($receiver, $subject, $body) {
+	$headers = "From: registration@cg-s.tk\r\n"
+		. "Content-Type: text/plain;charset=utf-8";
+	return mail($receiver, $subject, $body, $headers);
+}
+
+function send_mail_pending_verification($homeserver, $user, $receiver, $verify_url) {
+	$subject = "Bitte bestätige Registrierung auf $homeserver";
+	$body = "Guten Tag " . $user . ",
+
+Du hast anscheinend versucht dich auf $homeserver zu registrieren.
+Hier gibt es eine zweistufige Registrierung.
+
+Wir möchten dich bitten, dass du kurz bestätigst, dass du die Registrierung durchgeführt hast.
+Gehe dafür auf folgenden Link:
+$verify_url
+
+Erst anschließend werden die Administratoren über deine Registrierungsanfrage informiert.
+
+Hinweis: Du hast ca. 48 Stunden Zeit um die Bestätigung durchzuführen.
+Danach ist eine Re-Registrierung mit deinem gewünschten Nutzernamen für andere wieder möglich.
+
+Vielen Dank für dein Verständnis.
+
+Das Administratoren-Team von " . $homeserver;
+	return send_mail($receiver, $subject, $body );
+}
+
+function send_mail_pending_approval($homeserver, $user, $receiver) {
+	$subject = "Registrierung wartet auf Bestätigung durch Administratoren";
+	$body = "Guten Tag " . $user . ",
+
+Deine Registrierungsanfrage wurde verifiziert und wird nun durch die Administratoren überprüft.
+
+Du bekommst eine weitere E-Mail, sobald deine Registrierung bestätigt oder ablehnt wurde.
+
+Vielen Dank für dein Verständnis.
+
+Das Administratoren-Team von " . $homeserver;
+	return send_mail($receiver, $subject, $body );
+}
+
+function send_mail_registration_allowed_but_failed($homeserver, $user, $receiver) {
+	$subject = "Registrierung auf $homeserver genehmigt.";
+	$body = "Guten Tag " . $user . ",
+
+Deine Registrierungsanfrage wurde durch die Administratoren bestätigt.
+
+Leider ist beim Registrieren ein Fehler aufgetaucht. Der Registrierungversuch wird bald wiederholt.
+Wir hoffen, das Problem ist bald behoben.
+Wir melden uns, wenn die Registrierung erfolgreich war.
+
+Das Administratoren-Team von " . $homeserver;
+	return send_mail($receiver, $subject, $body);
+
+}
+
+function send_mail_registration_success($homeserver, $user, $receiver, $username, $password, $howToURL) {
+	$subject = "Registrierung auf $homeserver erfolgreich.";
+	$body = "Guten Tag " . $user . ",
+
+Deine Registrierungsanfrage wurde durch die Administratoren bestätigt.
+
+Zum Anmelden kannst du folgende Zugangsdaten verwenden:
+Nutzername: $username
+Passwort: $password
+
+Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung.
+Es wird zwar von unserer Seite nicht gespeichert, doch fremde könnten Zugriff auf diese E-Mail
+erhalten und so deinen Account kompromittieren.
+";
+if (!empty($howToURL)) {
+	$body .= "
+Zu weiteren Hilfestellungen findest du hier eine Auflistung von verschiedenen
+Anleitungen zu verschiedenen Clients:
+$howToURL\n";
+}
+	$body .= "
+Viel Spaß bei der Verwendung von $homeserver.
+Bei Fragen findest du nach der Anmeldung ein paar Räume in denen du sie stellen kannst.
+
+Das Administratoren-Team von " . $homeserver;
+	return send_mail($receiver, $subject, $body);
+
+}
+function send_mail_registration_decline($homeserver, $user, $receiver, $reason) {
+	$subject = "Registrierung auf $homeserver abgelehnt.";
+	$body = "Guten Tag " . $user . ",
+
+Deine Registrierungsanfrage wurde durch die Administratoren abgelehnt.\n";
+
+	if (empty($reason)) {
+		$body .= "\nEs wurde kein Grund angegeben\n";
+	} else {
+		$body .= "\nAls Grund wurde folgendes angegeben:\n$reason\n";
+	}
+
+	$body .= "\nDas Administratoren-Team von " . $homeserver;
+	return send_mail($receiver, $subject, $body );
+}
+?>

public/register.php

@@ -0,0 +1,225 @@
+<html>
+	<head>
+<?php
+require_once "../language.php";
+if (!file_exists("../config.php")) {
+	print($language["NO_CONFIGURATION"]);
+	exit();
+}
+require_once "../config.php";
+require_once "../mail_templates.php";
+
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
+}
+
+session_start();
+
+require_once("../database.php");
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+	try {
+		if (!isset($_SESSION["token"]) || !isset($_POST["token"]) || $_SESSION["token"] != $_POST["token"]) {
+			// token not present or invalid
+			throw new Exception($language["UNKNOWN_SESSION"]);
+		}
+		if (!isset($_POST["username"])) {
+			throw new Exception($language["UNKNOWN_USERNAME"]);
+		}
+		if (strlen($_POST["username"] > 20 || strlen($_POST["username"]) < 3)) {
+			throw new Exception($language["USERNAME_LENGTH_INVALID"]);
+		}
+		if (ctype_alnum($_POST['username']) != true) {
+			throw new Exception($language["USERNAME_NOT_ALNUM"]);
+		}
+		if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) {
+			throw new Exception($language["NOTE_LENGTH_EXEEDED"]);
+		}
+		if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+			throw new Exception($language["EMAIL_INVALID_FORMAT"]);
+		}
+		if (isset($_POST["first_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
+			throw new Exception($language["FIRSTNAME_INVALID_FORMAT"]);
+		}
+		if (isset($_POST["last_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
+			throw new Exception($language["SIRNAME_INVALID_FORMAT"]);
+		}
+
+		// check valid password
+		$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
+		$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
+		$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
+		$note   = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
+		$email  = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
+		$verify_token = bin2hex(random_bytes(16));
+		$admin_token = bin2hex(random_bytes(16));
+
+		#	$first="test"; $last="test2"; $user="test3"; $note="empty"; $email="mail+test1@matthias-kesler.de";
+
+		$sql = "SELECT COUNT(*) FROM registrations WHERE username = '" . $username . "' AND NOT state = "
+		       . RegisterState::RegistrationDeclined . " LIMIT 1;";
+		$res = $db->query($sql);
+		if ($res->fetchColumn() > 0) {
+			throw new Exception($language["USERNAME_PENDING_REGISTRATION"]);
+		}
+		require_once("../MatrixConnection.php");
+		$mxConn = new MatrixConnection($homeserver, $access_token);
+		if ($mxConn->hasUser($username)) {
+			throw new Exception($language["USERNAME_REGISTERED"]);
+		}
+
+		$db->exec('INSERT INTO registrations
+			(first_name, last_name, username, note, email, verify_token, admin_token)
+			VALUES ("' . $first_name.'","' . $last_name . '","' . $username . '","'	. $note . '","'
+			. $email.'","'	.$verify_token.'","'	.$admin_token.'")');
+		#		$ins_stmt->bindValue(':first_name', $first);
+		#		$ins_stmt->bindValue(':last_lame', $last);
+		#		$ins_stmt->bindValue(':username', $user);
+		#		$ins_stmt->bindValue(':note', $note);
+		#		$ins_stmt->bindValue(':email', $email);
+		#		$ins_stmt->bindValue(':verify_token', $vToken);
+		#		$ins_stmt->bindValue(':admin_token', $adminToken);
+		#		$ins_stmt->bindValue(':now', date('Y-m-d H:i:s'));
+		#
+		#		$ins_stmt->execute();
+
+		$verify_url = $webroot . "/verify.php?t=" . $verify_token;
+		$success = send_mail_pending_verification(
+			$homeserver,
+			$first_name . " " . $last_name,
+			$email,
+			$verify_url);
+
+		$db->exec("UPDATE registrations SET state = " .
+			($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend)
+			. " WHERE verify_token = \"" . $verify_token. "\";");
+
+		print("<title>Erfolgreich</title>");
+		print("</head><body>");
+		print("<h1>Erfolgreich</h1>");
+		print("<p>Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.</p>");
+		print("<a href=\"" . "/register.php" . "\">Zur Registrierungsseite</a>");
+	} catch (Exception $e) {
+		print("<title>" . $language["REGISTRATION_REQUEST_FAILED"] . "</title>");
+		print("</head><body>");
+		print("<h1>" . $language["REGISTRATION_REQUEST_FAILED"] . "</h1>");
+		print("<p>" . $e->getMessage() . "</p>");
+		print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
+	}
+} else {
+	$_SESSION["token"] = bin2hex(random_bytes(16));
+?>
+		<title>Registriere dich für <?php echo $homeserver; ?></title>
+		<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
+		<style>
+body{
+	background-color: #525252;
+}
+.centered-form{
+	margin-top: 60px;
+}
+
+.centered-form .panel{
+	background: rgba(255, 255, 255, 0.8);
+	box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
+}
+		</style>
+		<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
+		<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
+	</head>
+	<body>
+		<div class="container">
+			<div class="row centered-form">
+				<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
+					<div class="panel panel-default">
+						<div class="panel-heading">
+							<h3 class="panel-title">Bitte für <?php echo $homeserver; ?> registrieren<small>2-Schritt-Registrierung</small></h3>
+						</div>
+						<div class="panel-body">
+							<form name="regForm" role="form" action="register.php" method="post">
+								<div class="row">
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" name="first_name" id="first_name" class="form-control input-sm"
+								placeholder="Vorname" pattern="[A-Z][a-z]+">
+										</div>
+									</div>
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="text" name="last_name" id="last_name" class="form-control input-sm"
+							      placeholder="Nachname" pattern="[A-Z][a-z]+">
+										</div>
+									</div>
+								</div>
+
+								<div class="form-group">
+									<input type="email" name="email" id="email" class="form-control input-sm" placeholder="E-Mail-Adresse" required>
+								</div>
+
+								<div class="form-group">
+									<input type="text" name="note" id="note" class="form-control input-sm" placeholder="Notiz zu dir (max. 50 Zeichen)">
+								</div>
+
+								<div class="form-group">
+									<input type="text" name="username" id="username" class="form-control input-sm"
+							  placeholder="Nutzername (für den Login)"
+	 pattern="[a-z1-9]{3,20}"
+  required>
+								</div>
+<?php /**
+<div class="row">
+<div class="col-xs-6 col-sm-6 col-md-6">
+<div class="form-group">
+<input type="password" name="password" id="password" class="form-control input-sm" placeholder="Passwort" required>
+</div>
+</div>
+<div class="col-xs-6 col-sm-6 col-md-6">
+<div class="form-group">
+<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="Passwort bestätigen" required>
+</div>
+</div>
+</div>
+ */ ?>
+								<input type="hidden" name="token" id="token" value="<?php echo $_SESSION["token"]; ?>">
+								<input type="submit" value="Registrieren" class="btn btn-info btn-block">
+
+							</form>
+							<p>Hinweis: <br />
+							cg-s.tk is ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.<br />
+							Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet.
+							Hinterlasse also bitte einen Hinweis zu dir (der nur den entsprechenden Personen gezeigt wird).<br />
+							Liebe Grüße vom Team von cg-s.tk
+							</p>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+ <script type="text/javascript">
+ var first_name = document.getElementById("first_name");
+	first_name.oninvalid = function(event) {
+		event.target.setCustomValidity("Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
+	}
+	first_name.onkeyup = function(event) {
+		event.target.setCustomValidity("");
+	}
+	var last_name = document.getElementById("last_name");
+	last_name.oninvalid = function(event) {
+		event.target.setCustomValidity("Nachname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
+	}
+	last_name.onkeyup = function(event) {
+		event.target.setCustomValidity("");
+	}
+	var user_name = document.getElementById("username");
+	user_name.oninvalid = function(event) {
+		event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
+	}
+	user_name.onkeyup = function (event) {
+		event.target.setCustomValidity("");
+	}
+	</script>
+		<?php } ?>
+	</body>
+</html>

public/verify.php

@@ -0,0 +1,88 @@
+<html>
+	<head>
+<?php
+require_once "../language.php";
+if (!file_exists("../config.php")) {
+	print($language["NO_CONFIGURATION"]);
+	exit();
+}
+require_once "../config.php";
+require_once "../mail_templates.php";
+
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
+}
+
+session_start();
+
+try {
+	if ($_SERVER["REQUEST_METHOD"] != "GET") {
+		throw new Exception("Method not allowed");
+	}
+	if (!isset($_GET["t"])) {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+	$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
+
+	require_once("../database.php");
+
+	$sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $token . "'"
+		. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
+	$res = $db->query($sql);
+
+	$first_name = NULL; $last_name = NULL; $note = NULL; $email = NULL; $admin_token = NULL;
+
+	if ($res->fetchColumn() > 0) {
+		$sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations WHERE verify_token = '" . $token . "'"
+			. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
+		foreach ($db->query($sql) as $row) {
+			// will only be executed once
+			$first_name = $row["first_name"];
+			$last_name = $row["last_name"];
+			$note = $row["note"];
+			$email = $row["email"];
+			$admin_token = $row["admin_token"];
+		}
+	} else {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+
+	require_once("../MatrixConnection.php");
+	$adminUrl = $webroot . "verify_admin.php?t=" . $admin_token;
+	$mxConn = new MatrixConnection($homeserver, $access_token);
+	$mxMsg = new MatrixMessage();
+	$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
+		. $note . "\r\n"
+		. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
+	$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
+		. $note . "<br />"
+		. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
+	$mxMsg->set_type("m.text");
+	$response = $mxConn->send($register_room, $mxMsg);
+
+	if ($response) {
+		$message = $language["SEND_MATRIX_FAIL"];
+	}
+	$db->exec("UPDATE registrations SET state = " .
+		($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend)
+		. " WHERE verify_token = \"" . $token. "\";");
+
+	send_mail_pending_approval($homeserver, $first_name . " " . $last_name, $email);
+
+	print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>");
+	print("</head><body>");
+	print("<h1>" . $language["VERIFICATION_SUCEEDED"] . "</h1>");
+	print("<p>" . $language["VERIFICATION_SUCCESS_BODY"] . "</p>");
+	print("<a href=\"" . $webroot . "register.php" . "\">Zur Registrierungsseite</a>");
+} catch (Exception $e) {
+	print("<title>" . $language["VERIFICATION_FAILED"] . "</title>");
+	print("</head><body>");
+	print("<h1>" . $language["VERIFICATION_FAILED"] . "</h1>");
+	print("<p>" . $e->getMessage() . "</p>");
+	print("<a href=\"" . $webroot . "register.php" . "\">Zur Registrierungsseite</a>");
+}
+?>
+	</body>
+</html>

public/verify_admin.php

@@ -0,0 +1,183 @@
+<html>
+<head>
+<?php
+require_once "../language.php";
+if (!file_exists("../config.php")) {
+	print($language["NO_CONFIGURATION"]);
+	exit();
+}
+require_once "../config.php";
+require_once "../mail_templates.php";
+
+// enforce admin via https
+if (!isset($_SERVER['HTTPS'])) {
+	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
+	exit();
+}
+
+session_start();
+
+try {
+	if ($_SERVER["REQUEST_METHOD"] != "GET") {
+		throw new Exception("Method not allowed");
+	}
+	if (!isset($_GET["t"])) {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+	$token = filter_var($_GET["t"], FILTER_SANITIZE_STRING);
+
+	require_once("../database.php");
+
+	$action = NULL;
+	if (isset($_GET["allow"])) {
+		$action = RegisterState::RegistrationAccepted;
+	}
+	$decline_reason = "Noch nicht implementiert";
+	if (isset($_GET["deny"])) {
+		$action = RegisterState::RegistrationDeclined;
+		if (isset($_GET["reason"])) {
+			$decline_reason = filter_var($_GET["reason"], FILTER_SANITIZE_STRING);
+		}
+	}
+
+	$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $token
+		. "' AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
+	$res = $db->query($sql);
+	$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
+
+	if ($res->fetchColumn() > 0) {
+		$sql = "SELECT first_name, last_name, username, note, email FROM registrations WHERE admin_token = '" . $token
+			. "' AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
+		foreach ($db->query($sql) as $row) {
+			// will only be executed once
+			$first_name = $row["first_name"];
+			$last_name = $row["last_name"];
+			$username = $row["username"];
+			$note = $row["note"];
+			$email = $row["email"];
+		}
+	} else {
+		throw new Exception($language["UNKNOWN_TOKEN"]);
+	}
+
+	if ($action == RegisterState::RegistrationAccepted) {
+		$db->exec("UPDATE registrations SET state = " . RegisterState::PendingRegistration
+				. " WHERE admin_token = '" . $token. "';");
+
+		// register user
+		require_once("../MatrixConnection.php");
+		$mxConn = new MatrixConnection($homeserver, $access_token);
+
+		// generate a password with 8 characters
+		$password = bin2hex(openssl_random_pseudo_bytes(4));
+
+		$res = $mxConn->register($username, $password, $registration_shared_secret);
+		if ($res) {
+			// send registration_success
+			$res = send_mail_registration_success($homeserver, $first_name . " " . $last_name, $email, $username, $password, $howToURL);
+			if ($res) {
+				$db->exec("UPDATE registrations SET state = " . RegisterState::AllDone
+						. " WHERE admin_token = '" . $token. "';");
+			} else {
+				$db->exec("UPDATE registrations SET state = " . RegisterState::PendingSendRegistrationMail
+						. " WHERE admin_token = '" . $token. "';");
+			}
+		} else {
+			send_mail_registration_allowed_but_failed($homeserver, $first_name . " " . $last_name, $email);
+			$mxMsg = new MatrixMessage();
+			$mxMsg->set_type("m.text");
+			$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
+			$mxConn->send($register_room, $mxMsg);
+			throw new Exception($language["REGISTRATION_FAILED"]);
+		}
+
+		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
+		print("</head><body>");
+		print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
+		print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
+	} elseif ($action == RegisterState::RegistrationDeclined) {
+		$db->exec("UPDATE registrations SET state = " . RegisterState::RegistrationDeclined
+				. " WHERE admin_token = '" . $token. "';");
+		send_mail_registration_decline($homeserver, $first_name . " " . $last_name, $email, $decline_reason);
+		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
+		print("</head><body>");
+		print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
+		print("<p>" . $language["ADMIN_REGISTER_DECLINED_BODY"] . "</p>");
+	} else {
+
+		print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
+		?>
+			<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
+			<style>
+			body{
+				background-color: #525252;
+			}
+		.centered-form{
+			margin-top: 60px;
+		}
+
+		.centered-form .panel{
+background: rgba(255, 255, 255, 0.8);
+	    box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
+		}
+		</style>
+			<script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script>
+			<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.1.0/js/bootstrap.min.js"></script>
+			</head>
+			<body>
+			<div class="container">
+			<div class="row centered-form">
+			<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
+			<div class="panel panel-default">
+			<div class="panel-heading">
+			<h3 class="panel-title"><?php echo $language["ADMIN_VERIFY_SITE_TITLE"] ; ?></h3>
+			</div>
+			<div class="panel-body">
+			<form name="appForm" role="form" action="verify_admin.php" method="GET">
+			<div class="row">
+			<div class="col-xs-6 col-sm-6 col-md-6">
+			<div class="form-group">
+			<input type="text" id="first_name" class="form-control input-sm"
+			value="<?php echo $first_name; ?>" disabled=true>
+			</div>
+			</div>
+			<div class="col-xs-6 col-sm-6 col-md-6">
+			<div class="form-group">
+			<input type="text" id="last_name" class="form-control input-sm"
+			value="<?php echo $last_name; ?>" disabled=true>
+			</div>
+			</div>
+			</div>
+
+			<div class="form-group">
+			<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
+			</div>
+
+			<div class="form-group">
+			<input type="text" id="username" class="form-control input-sm"
+			value="<?php echo $username; ?>" disabled=true>
+			</div>
+			<input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
+			<input type="submit" name="allow" value="Bestätigen" class="btn btn-info btn-block">
+			<input type="submit" name="deny" value="Ablehnen" class="btn btn-info btn-block">
+
+			</form>
+			</div>
+			</div>
+			</div>
+			</div>
+			</div>
+			<script type="text/javascript">
+
+			<?php
+	} // else - no action provided
+} catch (Exception $e) {
+	print("<title>" . $language["REGISTRATION_FAILED"] . "</title>");
+	print("</head><body>");
+	print("<h1>" . $language["REGISTRATION_FAILED"] . "</h1>");
+	print("<p>" . $e->getMessage() . "</p>");
+	print("<a href=\"" . $webroot . "/register.php" . "\">Zur Registrierungsseite</a>");
+}
+?>
+</body>
+</html>