1d403609dSGreg Roach<?php 2d403609dSGreg Roach 3d403609dSGreg Roach/** 4d403609dSGreg Roach * webtrees: online genealogy 5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9d403609dSGreg Roach * (at your option) any later version. 10d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13d403609dSGreg Roach * GNU General Public License for more details. 14d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16d403609dSGreg Roach */ 17fcfa147eSGreg Roach 18d403609dSGreg Roachdeclare(strict_types=1); 19d403609dSGreg Roach 20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 21d403609dSGreg Roach 22d403609dSGreg Roachuse Exception; 23d501c45dSGreg Roachuse Fisharebest\Webtrees\Exceptions\HttpNotFoundException; 24d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 25d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 26d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 27d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 28d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser; 29e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService; 30d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 31d403609dSGreg Roachuse Fisharebest\Webtrees\Site; 32d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser; 33d403609dSGreg Roachuse Fisharebest\Webtrees\Tree; 34d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser; 357c4add84SGreg Roachuse Fisharebest\Webtrees\User; 36d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 37*256b18b9SGreg Roachuse Illuminate\Support\Str; 38d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 39d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 40f3874e19SGreg Roach 41*256b18b9SGreg Roachuse function md5; 429fa6ab69SGreg Roachuse function view; 4390a2f718SGreg Roach 44d403609dSGreg Roach/** 45d403609dSGreg Roach * Process a user registration. 46d403609dSGreg Roach */ 47d403609dSGreg Roachclass RegisterAction extends AbstractBaseController 48d403609dSGreg Roach{ 49d403609dSGreg Roach /** 50e381f98dSGreg Roach * @var EmailService 51d403609dSGreg Roach */ 52e381f98dSGreg Roach private $email_service; 53d403609dSGreg Roach 54d403609dSGreg Roach /** 55d403609dSGreg Roach * @var UserService 56d403609dSGreg Roach */ 57d403609dSGreg Roach private $user_service; 58d403609dSGreg Roach 59d403609dSGreg Roach /** 60d403609dSGreg Roach * RegisterController constructor. 61d403609dSGreg Roach * 62e381f98dSGreg Roach * @param EmailService $email_service 63d403609dSGreg Roach * @param UserService $user_service 64d403609dSGreg Roach */ 65e381f98dSGreg Roach public function __construct(EmailService $email_service, UserService $user_service) 66d403609dSGreg Roach { 67e381f98dSGreg Roach $this->email_service = $email_service; 68d403609dSGreg Roach $this->user_service = $user_service; 69d403609dSGreg Roach } 70d403609dSGreg Roach 71d403609dSGreg Roach /** 72d403609dSGreg Roach * Perform a registration. 73d403609dSGreg Roach * 74d403609dSGreg Roach * @param ServerRequestInterface $request 75d403609dSGreg Roach * 76d403609dSGreg Roach * @return ResponseInterface 77d403609dSGreg Roach */ 78d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 79d403609dSGreg Roach { 809fa6ab69SGreg Roach $tree = $request->getAttribute('tree'); 819fa6ab69SGreg Roach 82d403609dSGreg Roach $this->checkRegistrationAllowed(); 83d403609dSGreg Roach 84d403609dSGreg Roach $comments = $request->getParsedBody()['comments'] ?? ''; 85d403609dSGreg Roach $email = $request->getParsedBody()['email'] ?? ''; 86d403609dSGreg Roach $password = $request->getParsedBody()['password'] ?? ''; 87d403609dSGreg Roach $realname = $request->getParsedBody()['realname'] ?? ''; 88d403609dSGreg Roach $username = $request->getParsedBody()['username'] ?? ''; 89d403609dSGreg Roach 90d403609dSGreg Roach try { 91d403609dSGreg Roach $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password); 92d403609dSGreg Roach } catch (Exception $ex) { 93d403609dSGreg Roach FlashMessages::addMessage($ex->getMessage(), 'danger'); 94d403609dSGreg Roach 9556f9a9c1SGreg Roach return redirect(route(RegisterPage::class, [ 96d403609dSGreg Roach 'comments' => $comments, 97d403609dSGreg Roach 'email' => $email, 98d403609dSGreg Roach 'realname' => $realname, 99d403609dSGreg Roach 'username' => $username, 100d403609dSGreg Roach ])); 101d403609dSGreg Roach } 102d403609dSGreg Roach 103d403609dSGreg Roach Log::addAuthenticationLog('User registration requested for: ' . $username); 104d403609dSGreg Roach 105d403609dSGreg Roach $user = $this->user_service->create($username, $realname, $email, $password); 106*256b18b9SGreg Roach $token = Str::random(32); 107*256b18b9SGreg Roach 10865cf5706SGreg Roach $user->setPreference(User::PREF_LANGUAGE, I18N::languageTag()); 1097c4add84SGreg Roach $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, ''); 1107c4add84SGreg Roach $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, ''); 1117c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U')); 112*256b18b9SGreg Roach $user->setPreference(User::PREF_VERIFICATION_TOKEN, $token); 1137c4add84SGreg Roach $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2'); 1147c4add84SGreg Roach $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments); 1157c4add84SGreg Roach $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1'); 1167c4add84SGreg Roach $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, ''); 1177c4add84SGreg Roach $user->setPreference(User::PREF_IS_ADMINISTRATOR, ''); 1187c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0'); 119d403609dSGreg Roach 120d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 121d403609dSGreg Roach $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser(); 122d403609dSGreg Roach 123f917a287SGreg Roach $verify_url = route(VerifyEmail::class, [ 124f917a287SGreg Roach 'username' => $user->userName(), 125*256b18b9SGreg Roach 'token' => $token, 126f917a287SGreg Roach 'tree' => $tree instanceof Tree ? $tree->name() : null, 127f917a287SGreg Roach ]); 128f917a287SGreg Roach 129d403609dSGreg Roach // Send a verification message to the user. 130d403609dSGreg Roach /* I18N: %s is a server name/URL */ 131e381f98dSGreg Roach $this->email_service->send( 132d403609dSGreg Roach new Siteuser(), 133d403609dSGreg Roach $user, 134d403609dSGreg Roach $reply_to, 135d403609dSGreg Roach I18N::translate('Your registration at %s', $base_url), 136f917a287SGreg Roach view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]), 137f917a287SGreg Roach view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]) 138d403609dSGreg Roach ); 139d403609dSGreg Roach 140d403609dSGreg Roach // Tell the administrators about the registration. 141d403609dSGreg Roach foreach ($this->user_service->administrators() as $administrator) { 1427c4add84SGreg Roach I18N::init($administrator->getPreference(User::PREF_LANGUAGE)); 143d403609dSGreg Roach 144d403609dSGreg Roach /* I18N: %s is a server name/URL */ 145d403609dSGreg Roach $subject = I18N::translate('New registration at %s', $base_url); 146d403609dSGreg Roach 1479fa6ab69SGreg Roach $body_text = view('emails/register-notify-text', [ 1489fa6ab69SGreg Roach 'user' => $user, 1499fa6ab69SGreg Roach 'comments' => $comments, 1509fa6ab69SGreg Roach 'base_url' => $base_url, 1519fa6ab69SGreg Roach 'tree' => $tree, 1529fa6ab69SGreg Roach ]); 1539fa6ab69SGreg Roach 1549fa6ab69SGreg Roach $body_html = view('emails/register-notify-html', [ 1559fa6ab69SGreg Roach 'user' => $user, 1569fa6ab69SGreg Roach 'comments' => $comments, 1579fa6ab69SGreg Roach 'base_url' => $base_url, 1589fa6ab69SGreg Roach 'tree' => $tree, 1599fa6ab69SGreg Roach ]); 1609fa6ab69SGreg Roach 1619fa6ab69SGreg Roach 162d403609dSGreg Roach /* I18N: %s is a server name/URL */ 163e381f98dSGreg Roach $this->email_service->send( 164d403609dSGreg Roach new SiteUser(), 165d403609dSGreg Roach $administrator, 166d403609dSGreg Roach new NoReplyUser(), 167d403609dSGreg Roach $subject, 1689fa6ab69SGreg Roach $body_text, 1699fa6ab69SGreg Roach $body_html 170d403609dSGreg Roach ); 171d403609dSGreg Roach 1727c4add84SGreg Roach $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD); 173d403609dSGreg Roach if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') { 174d403609dSGreg Roach DB::table('message')->insert([ 175d403609dSGreg Roach 'sender' => $user->email(), 1764874f72dSGreg Roach 'ip_address' => $request->getAttribute('client-ip'), 177d403609dSGreg Roach 'user_id' => $administrator->id(), 178d403609dSGreg Roach 'subject' => $subject, 1799fa6ab69SGreg Roach 'body' => $body_text, 180d403609dSGreg Roach ]); 181d403609dSGreg Roach } 182d403609dSGreg Roach } 183d403609dSGreg Roach 184d403609dSGreg Roach $title = I18N::translate('Request a new user account'); 185d403609dSGreg Roach 186d403609dSGreg Roach return $this->viewResponse('register-success-page', [ 187d403609dSGreg Roach 'title' => $title, 1889fa6ab69SGreg Roach 'tree' => $tree, 189d403609dSGreg Roach 'user' => $user, 190d403609dSGreg Roach ]); 191d403609dSGreg Roach } 192d403609dSGreg Roach 193d403609dSGreg Roach /** 194d403609dSGreg Roach * Check that visitors are allowed to register on this site. 195d403609dSGreg Roach * 196d403609dSGreg Roach * @return void 197d501c45dSGreg Roach * @throws HttpNotFoundException 198d403609dSGreg Roach */ 199d403609dSGreg Roach private function checkRegistrationAllowed(): void 200d403609dSGreg Roach { 201d403609dSGreg Roach if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') { 202d501c45dSGreg Roach throw new HttpNotFoundException(); 203d403609dSGreg Roach } 204d403609dSGreg Roach } 205d403609dSGreg Roach 206d403609dSGreg Roach /** 207d403609dSGreg Roach * Check the registration details. 208d403609dSGreg Roach * 209d403609dSGreg Roach * @param ServerRequestInterface $request 210d403609dSGreg Roach * @param string $username 211d403609dSGreg Roach * @param string $email 212d403609dSGreg Roach * @param string $realname 213d403609dSGreg Roach * @param string $comments 214d403609dSGreg Roach * @param string $password 215d403609dSGreg Roach * 216d403609dSGreg Roach * @return void 217d403609dSGreg Roach * @throws Exception 218d403609dSGreg Roach */ 219d403609dSGreg Roach private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void 220d403609dSGreg Roach { 221d403609dSGreg Roach // All fields are required 222d403609dSGreg Roach if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') { 223d403609dSGreg Roach throw new Exception(I18N::translate('All fields must be completed.')); 224d403609dSGreg Roach } 225d403609dSGreg Roach 226d403609dSGreg Roach // Username already exists 227d403609dSGreg Roach if ($this->user_service->findByUserName($username) !== null) { 228d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); 229d403609dSGreg Roach } 230d403609dSGreg Roach 231d403609dSGreg Roach // Email already exists 232d403609dSGreg Roach if ($this->user_service->findByEmail($email) !== null) { 233d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.')); 234d403609dSGreg Roach } 235d403609dSGreg Roach 236d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 237d403609dSGreg Roach 238d403609dSGreg Roach // No external links 239d403609dSGreg Roach if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) { 240d403609dSGreg Roach throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1]))); 241d403609dSGreg Roach } 242d403609dSGreg Roach } 243d403609dSGreg Roach} 244