1d403609dSGreg Roach<?php 2d403609dSGreg Roach 3d403609dSGreg Roach/** 4d403609dSGreg Roach * webtrees: online genealogy 5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9d403609dSGreg Roach * (at your option) any later version. 10d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13d403609dSGreg Roach * GNU General Public License for more details. 14d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16d403609dSGreg Roach */ 17fcfa147eSGreg Roach 18d403609dSGreg Roachdeclare(strict_types=1); 19d403609dSGreg Roach 20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 21d403609dSGreg Roach 22d403609dSGreg Roachuse Exception; 2390a2f718SGreg Roachuse Fisharebest\Localization\Locale\LocaleInterface; 24d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 25d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 26d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 27d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 28d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser; 29e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService; 30d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 31d403609dSGreg Roachuse Fisharebest\Webtrees\Site; 32d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser; 33d403609dSGreg Roachuse Fisharebest\Webtrees\Tree; 34d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser; 357c4add84SGreg Roachuse Fisharebest\Webtrees\User; 36d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 37d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 38d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 39d403609dSGreg Roachuse Ramsey\Uuid\Uuid; 40d403609dSGreg Roachuse Symfony\Component\HttpKernel\Exception\NotFoundHttpException; 41f3874e19SGreg Roach 4290a2f718SGreg Roachuse function assert; 4390a2f718SGreg Roach 44d403609dSGreg Roach/** 45d403609dSGreg Roach * Process a user registration. 46d403609dSGreg Roach */ 47d403609dSGreg Roachclass RegisterAction extends AbstractBaseController 48d403609dSGreg Roach{ 49d403609dSGreg Roach /** 50e381f98dSGreg Roach * @var EmailService 51d403609dSGreg Roach */ 52e381f98dSGreg Roach private $email_service; 53d403609dSGreg Roach 54d403609dSGreg Roach /** 55d403609dSGreg Roach * @var UserService 56d403609dSGreg Roach */ 57d403609dSGreg Roach private $user_service; 58d403609dSGreg Roach 59d403609dSGreg Roach /** 60d403609dSGreg Roach * RegisterController constructor. 61d403609dSGreg Roach * 62e381f98dSGreg Roach * @param EmailService $email_service 63d403609dSGreg Roach * @param UserService $user_service 64d403609dSGreg Roach */ 65e381f98dSGreg Roach public function __construct(EmailService $email_service, UserService $user_service) 66d403609dSGreg Roach { 67e381f98dSGreg Roach $this->email_service = $email_service; 68d403609dSGreg Roach $this->user_service = $user_service; 69d403609dSGreg Roach } 70d403609dSGreg Roach 71d403609dSGreg Roach /** 72d403609dSGreg Roach * Perform a registration. 73d403609dSGreg Roach * 74d403609dSGreg Roach * @param ServerRequestInterface $request 75d403609dSGreg Roach * 76d403609dSGreg Roach * @return ResponseInterface 77d403609dSGreg Roach */ 78d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 79d403609dSGreg Roach { 8090a2f718SGreg Roach $locale = $request->getAttribute('locale'); 8190a2f718SGreg Roach assert($locale instanceof LocaleInterface); 8290a2f718SGreg Roach 83d403609dSGreg Roach $this->checkRegistrationAllowed(); 84d403609dSGreg Roach 85a49d0e3fSGreg Roach $tree = $request->getAttribute('tree'); 86d403609dSGreg Roach $comments = $request->getParsedBody()['comments'] ?? ''; 87d403609dSGreg Roach $email = $request->getParsedBody()['email'] ?? ''; 88d403609dSGreg Roach $password = $request->getParsedBody()['password'] ?? ''; 89d403609dSGreg Roach $realname = $request->getParsedBody()['realname'] ?? ''; 90d403609dSGreg Roach $username = $request->getParsedBody()['username'] ?? ''; 91d403609dSGreg Roach 92d403609dSGreg Roach try { 93d403609dSGreg Roach $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password); 94d403609dSGreg Roach } catch (Exception $ex) { 95d403609dSGreg Roach FlashMessages::addMessage($ex->getMessage(), 'danger'); 96d403609dSGreg Roach 9756f9a9c1SGreg Roach return redirect(route(RegisterPage::class, [ 98d403609dSGreg Roach 'comments' => $comments, 99d403609dSGreg Roach 'email' => $email, 100d403609dSGreg Roach 'realname' => $realname, 101d403609dSGreg Roach 'username' => $username, 102d403609dSGreg Roach ])); 103d403609dSGreg Roach } 104d403609dSGreg Roach 105d403609dSGreg Roach Log::addAuthenticationLog('User registration requested for: ' . $username); 106d403609dSGreg Roach 107d403609dSGreg Roach $user = $this->user_service->create($username, $realname, $email, $password); 1087c4add84SGreg Roach $user->setPreference(User::PREF_LANGUAGE, $locale->languageTag()); 1097c4add84SGreg Roach $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, ''); 1107c4add84SGreg Roach $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, ''); 1117c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U')); 1127c4add84SGreg Roach $user->setPreference(User::PREF_VERIFICATION_TOKEN, md5(Uuid::uuid4()->toString())); 1137c4add84SGreg Roach $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2'); 1147c4add84SGreg Roach $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments); 1157c4add84SGreg Roach $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1'); 1167c4add84SGreg Roach $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, ''); 1177c4add84SGreg Roach $user->setPreference(User::PREF_IS_ADMINISTRATOR, ''); 1187c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0'); 119d403609dSGreg Roach 120d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 121d403609dSGreg Roach $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser(); 122d403609dSGreg Roach 123d403609dSGreg Roach // Send a verification message to the user. 124d403609dSGreg Roach /* I18N: %s is a server name/URL */ 125e381f98dSGreg Roach $this->email_service->send( 126d403609dSGreg Roach new Siteuser(), 127d403609dSGreg Roach $user, 128d403609dSGreg Roach $reply_to, 129d403609dSGreg Roach I18N::translate('Your registration at %s', $base_url), 130*07ef9328SGreg Roach view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'tree' => $tree]), 131*07ef9328SGreg Roach view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'tree' => $tree]) 132d403609dSGreg Roach ); 133d403609dSGreg Roach 134d403609dSGreg Roach // Tell the administrators about the registration. 135d403609dSGreg Roach foreach ($this->user_service->administrators() as $administrator) { 1367c4add84SGreg Roach I18N::init($administrator->getPreference(User::PREF_LANGUAGE)); 137d403609dSGreg Roach 138d403609dSGreg Roach /* I18N: %s is a server name/URL */ 139d403609dSGreg Roach $subject = I18N::translate('New registration at %s', $base_url); 140d403609dSGreg Roach 141d403609dSGreg Roach /* I18N: %s is a server name/URL */ 142e381f98dSGreg Roach $this->email_service->send( 143d403609dSGreg Roach new SiteUser(), 144d403609dSGreg Roach $administrator, 145d403609dSGreg Roach new NoReplyUser(), 146d403609dSGreg Roach $subject, 147d403609dSGreg Roach view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]), 148d403609dSGreg Roach view('emails/register-notify-html', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]) 149d403609dSGreg Roach ); 150d403609dSGreg Roach 1517c4add84SGreg Roach $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD); 152d403609dSGreg Roach if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') { 153d403609dSGreg Roach DB::table('message')->insert([ 154d403609dSGreg Roach 'sender' => $user->email(), 1554874f72dSGreg Roach 'ip_address' => $request->getAttribute('client-ip'), 156d403609dSGreg Roach 'user_id' => $administrator->id(), 157d403609dSGreg Roach 'subject' => $subject, 158d403609dSGreg Roach 'body' => view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]), 159d403609dSGreg Roach ]); 160d403609dSGreg Roach } 161d403609dSGreg Roach } 162d403609dSGreg Roach 163d403609dSGreg Roach $title = I18N::translate('Request a new user account'); 164d403609dSGreg Roach 165d403609dSGreg Roach return $this->viewResponse('register-success-page', [ 166d403609dSGreg Roach 'title' => $title, 167d403609dSGreg Roach 'user' => $user, 168d403609dSGreg Roach ]); 169d403609dSGreg Roach } 170d403609dSGreg Roach 171d403609dSGreg Roach /** 172d403609dSGreg Roach * Check that visitors are allowed to register on this site. 173d403609dSGreg Roach * 174d403609dSGreg Roach * @return void 175d403609dSGreg Roach * @throws NotFoundHttpException 176d403609dSGreg Roach */ 177d403609dSGreg Roach private function checkRegistrationAllowed(): void 178d403609dSGreg Roach { 179d403609dSGreg Roach if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') { 180d403609dSGreg Roach throw new NotFoundHttpException(); 181d403609dSGreg Roach } 182d403609dSGreg Roach } 183d403609dSGreg Roach 184d403609dSGreg Roach /** 185d403609dSGreg Roach * Check the registration details. 186d403609dSGreg Roach * 187d403609dSGreg Roach * @param ServerRequestInterface $request 188d403609dSGreg Roach * @param string $username 189d403609dSGreg Roach * @param string $email 190d403609dSGreg Roach * @param string $realname 191d403609dSGreg Roach * @param string $comments 192d403609dSGreg Roach * @param string $password 193d403609dSGreg Roach * 194d403609dSGreg Roach * @return void 195d403609dSGreg Roach * @throws Exception 196d403609dSGreg Roach */ 197d403609dSGreg Roach private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void 198d403609dSGreg Roach { 199d403609dSGreg Roach // All fields are required 200d403609dSGreg Roach if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') { 201d403609dSGreg Roach throw new Exception(I18N::translate('All fields must be completed.')); 202d403609dSGreg Roach } 203d403609dSGreg Roach 204d403609dSGreg Roach // Username already exists 205d403609dSGreg Roach if ($this->user_service->findByUserName($username) !== null) { 206d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); 207d403609dSGreg Roach } 208d403609dSGreg Roach 209d403609dSGreg Roach // Email already exists 210d403609dSGreg Roach if ($this->user_service->findByEmail($email) !== null) { 211d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.')); 212d403609dSGreg Roach } 213d403609dSGreg Roach 214d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 215d403609dSGreg Roach 216d403609dSGreg Roach // No external links 217d403609dSGreg Roach if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) { 218d403609dSGreg Roach throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1]))); 219d403609dSGreg Roach } 220d403609dSGreg Roach } 221d403609dSGreg Roach} 222