1d403609dSGreg Roach<?php 2d403609dSGreg Roach 3d403609dSGreg Roach/** 4d403609dSGreg Roach * webtrees: online genealogy 5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9d403609dSGreg Roach * (at your option) any later version. 10d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13d403609dSGreg Roach * GNU General Public License for more details. 14d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16d403609dSGreg Roach */ 17d403609dSGreg Roachdeclare(strict_types=1); 18d403609dSGreg Roach 19d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 20d403609dSGreg Roach 21d403609dSGreg Roachuse Exception; 22d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 23d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 24d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 25d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 26d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser; 27d403609dSGreg Roachuse Fisharebest\Webtrees\Services\MailService; 28d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 29d403609dSGreg Roachuse Fisharebest\Webtrees\Site; 30d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser; 31d403609dSGreg Roachuse Fisharebest\Webtrees\Tree; 32d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser; 33d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 34d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 35d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 36d403609dSGreg Roachuse Ramsey\Uuid\Uuid; 37d403609dSGreg Roachuse Symfony\Component\HttpKernel\Exception\NotFoundHttpException; 38d403609dSGreg Roach 39d403609dSGreg Roach/** 40d403609dSGreg Roach * Process a user registration. 41d403609dSGreg Roach */ 42d403609dSGreg Roachclass RegisterAction extends AbstractBaseController 43d403609dSGreg Roach{ 44d403609dSGreg Roach /** 45d403609dSGreg Roach * @var MailService 46d403609dSGreg Roach */ 47d403609dSGreg Roach private $mail_service; 48d403609dSGreg Roach 49d403609dSGreg Roach /** 50d403609dSGreg Roach * @var UserService 51d403609dSGreg Roach */ 52d403609dSGreg Roach private $user_service; 53d403609dSGreg Roach 54d403609dSGreg Roach /** 55d403609dSGreg Roach * RegisterController constructor. 56d403609dSGreg Roach * 57d403609dSGreg Roach * @param MailService $mail_service 58d403609dSGreg Roach * @param UserService $user_service 59d403609dSGreg Roach */ 60d403609dSGreg Roach public function __construct(MailService $mail_service, UserService $user_service) 61d403609dSGreg Roach { 62d403609dSGreg Roach $this->mail_service = $mail_service; 63d403609dSGreg Roach $this->user_service = $user_service; 64d403609dSGreg Roach } 65d403609dSGreg Roach 66d403609dSGreg Roach /** 67d403609dSGreg Roach * Perform a registration. 68d403609dSGreg Roach * 69d403609dSGreg Roach * @param ServerRequestInterface $request 70d403609dSGreg Roach * 71d403609dSGreg Roach * @return ResponseInterface 72d403609dSGreg Roach */ 73d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 74d403609dSGreg Roach { 75d403609dSGreg Roach $tree = $request->getAttribute('tree'); 76d403609dSGreg Roach 77d403609dSGreg Roach $this->checkRegistrationAllowed(); 78d403609dSGreg Roach 79d403609dSGreg Roach $comments = $request->getParsedBody()['comments'] ?? ''; 80d403609dSGreg Roach $email = $request->getParsedBody()['email'] ?? ''; 81d403609dSGreg Roach $password = $request->getParsedBody()['password'] ?? ''; 82d403609dSGreg Roach $realname = $request->getParsedBody()['realname'] ?? ''; 83d403609dSGreg Roach $username = $request->getParsedBody()['username'] ?? ''; 84d403609dSGreg Roach 85d403609dSGreg Roach try { 86d403609dSGreg Roach $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password); 87d403609dSGreg Roach } catch (Exception $ex) { 88d403609dSGreg Roach FlashMessages::addMessage($ex->getMessage(), 'danger'); 89d403609dSGreg Roach 90*56f9a9c1SGreg Roach return redirect(route(RegisterPage::class, [ 91d403609dSGreg Roach 'comments' => $comments, 92d403609dSGreg Roach 'email' => $email, 93d403609dSGreg Roach 'realname' => $realname, 94d403609dSGreg Roach 'username' => $username, 95d403609dSGreg Roach ])); 96d403609dSGreg Roach } 97d403609dSGreg Roach 98d403609dSGreg Roach Log::addAuthenticationLog('User registration requested for: ' . $username); 99d403609dSGreg Roach 100d403609dSGreg Roach $user = $this->user_service->create($username, $realname, $email, $password); 101d403609dSGreg Roach $user 102d403609dSGreg Roach ->setPreference('language', WT_LOCALE) 103d403609dSGreg Roach ->setPreference('verified', '0') 104d403609dSGreg Roach ->setPreference('verified_by_admin', '0') 105d403609dSGreg Roach ->setPreference('reg_timestamp', date('U')) 106d403609dSGreg Roach ->setPreference('reg_hashcode', md5(Uuid::uuid4()->toString())) 107d403609dSGreg Roach ->setPreference('contactmethod', 'messaging2') 108d403609dSGreg Roach ->setPreference('comment', $comments) 109d403609dSGreg Roach ->setPreference('visibleonline', '1') 110d403609dSGreg Roach ->setPreference('auto_accept', '0') 111d403609dSGreg Roach ->setPreference('canadmin', '0') 112d403609dSGreg Roach ->setPreference('sessiontime', '0'); 113d403609dSGreg Roach 114d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 115d403609dSGreg Roach $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser(); 116d403609dSGreg Roach 117d403609dSGreg Roach // Send a verification message to the user. 118d403609dSGreg Roach /* I18N: %s is a server name/URL */ 119d403609dSGreg Roach $this->mail_service->send( 120d403609dSGreg Roach new Siteuser(), 121d403609dSGreg Roach $user, 122d403609dSGreg Roach $reply_to, 123d403609dSGreg Roach I18N::translate('Your registration at %s', $base_url), 124d403609dSGreg Roach view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url]), 125d403609dSGreg Roach view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url]) 126d403609dSGreg Roach ); 127d403609dSGreg Roach 128d403609dSGreg Roach // Tell the administrators about the registration. 129d403609dSGreg Roach foreach ($this->user_service->administrators() as $administrator) { 130d403609dSGreg Roach I18N::init($administrator->getPreference('language')); 131d403609dSGreg Roach 132d403609dSGreg Roach /* I18N: %s is a server name/URL */ 133d403609dSGreg Roach $subject = I18N::translate('New registration at %s', $base_url); 134d403609dSGreg Roach 135d403609dSGreg Roach /* I18N: %s is a server name/URL */ 136d403609dSGreg Roach $this->mail_service->send( 137d403609dSGreg Roach new SiteUser(), 138d403609dSGreg Roach $administrator, 139d403609dSGreg Roach new NoReplyUser(), 140d403609dSGreg Roach $subject, 141d403609dSGreg Roach view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]), 142d403609dSGreg Roach view('emails/register-notify-html', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]) 143d403609dSGreg Roach ); 144d403609dSGreg Roach 145d403609dSGreg Roach $mail1_method = $administrator->getPreference('contact_method'); 146d403609dSGreg Roach if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') { 147d403609dSGreg Roach DB::table('message')->insert([ 148d403609dSGreg Roach 'sender' => $user->email(), 149d403609dSGreg Roach 'ip_address' => $request->getAttribute('client_ip'), 150d403609dSGreg Roach 'user_id' => $administrator->id(), 151d403609dSGreg Roach 'subject' => $subject, 152d403609dSGreg Roach 'body' => view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]), 153d403609dSGreg Roach ]); 154d403609dSGreg Roach } 155d403609dSGreg Roach } 156d403609dSGreg Roach 157d403609dSGreg Roach $title = I18N::translate('Request a new user account'); 158d403609dSGreg Roach 159d403609dSGreg Roach return $this->viewResponse('register-success-page', [ 160d403609dSGreg Roach 'title' => $title, 161d403609dSGreg Roach 'user' => $user, 162d403609dSGreg Roach ]); 163d403609dSGreg Roach } 164d403609dSGreg Roach 165d403609dSGreg Roach /** 166d403609dSGreg Roach * Check that visitors are allowed to register on this site. 167d403609dSGreg Roach * 168d403609dSGreg Roach * @return void 169d403609dSGreg Roach * @throws NotFoundHttpException 170d403609dSGreg Roach */ 171d403609dSGreg Roach private function checkRegistrationAllowed(): void 172d403609dSGreg Roach { 173d403609dSGreg Roach if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') { 174d403609dSGreg Roach throw new NotFoundHttpException(); 175d403609dSGreg Roach } 176d403609dSGreg Roach } 177d403609dSGreg Roach 178d403609dSGreg Roach /** 179d403609dSGreg Roach * Check the registration details. 180d403609dSGreg Roach * 181d403609dSGreg Roach * @param ServerRequestInterface $request 182d403609dSGreg Roach * @param string $username 183d403609dSGreg Roach * @param string $email 184d403609dSGreg Roach * @param string $realname 185d403609dSGreg Roach * @param string $comments 186d403609dSGreg Roach * @param string $password 187d403609dSGreg Roach * 188d403609dSGreg Roach * @return void 189d403609dSGreg Roach * @throws Exception 190d403609dSGreg Roach */ 191d403609dSGreg Roach private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void 192d403609dSGreg Roach { 193d403609dSGreg Roach // All fields are required 194d403609dSGreg Roach if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') { 195d403609dSGreg Roach throw new Exception(I18N::translate('All fields must be completed.')); 196d403609dSGreg Roach } 197d403609dSGreg Roach 198d403609dSGreg Roach // Username already exists 199d403609dSGreg Roach if ($this->user_service->findByUserName($username) !== null) { 200d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); 201d403609dSGreg Roach } 202d403609dSGreg Roach 203d403609dSGreg Roach // Email already exists 204d403609dSGreg Roach if ($this->user_service->findByEmail($email) !== null) { 205d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.')); 206d403609dSGreg Roach } 207d403609dSGreg Roach 208d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 209d403609dSGreg Roach 210d403609dSGreg Roach // No external links 211d403609dSGreg Roach if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) { 212d403609dSGreg Roach throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1]))); 213d403609dSGreg Roach } 214d403609dSGreg Roach } 215d403609dSGreg Roach} 216