1d403609dSGreg Roach<?php 2d403609dSGreg Roach 3d403609dSGreg Roach/** 4d403609dSGreg Roach * webtrees: online genealogy 5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9d403609dSGreg Roach * (at your option) any later version. 10d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13d403609dSGreg Roach * GNU General Public License for more details. 14d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16d403609dSGreg Roach */ 17fcfa147eSGreg Roach 18d403609dSGreg Roachdeclare(strict_types=1); 19d403609dSGreg Roach 20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 21d403609dSGreg Roach 22d403609dSGreg Roachuse Exception; 23d501c45dSGreg Roachuse Fisharebest\Webtrees\Exceptions\HttpNotFoundException; 24d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 25d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 26d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 27d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 28d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser; 29*70ca9c90SGreg Roachuse Fisharebest\Webtrees\Services\CaptchaService; 30e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService; 31d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 32d403609dSGreg Roachuse Fisharebest\Webtrees\Site; 33d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser; 34d403609dSGreg Roachuse Fisharebest\Webtrees\Tree; 35d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser; 367c4add84SGreg Roachuse Fisharebest\Webtrees\User; 37d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 38256b18b9SGreg Roachuse Illuminate\Support\Str; 39d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 40d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 41f3874e19SGreg Roach 429fa6ab69SGreg Roachuse function view; 4390a2f718SGreg Roach 44d403609dSGreg Roach/** 45d403609dSGreg Roach * Process a user registration. 46d403609dSGreg Roach */ 47d403609dSGreg Roachclass RegisterAction extends AbstractBaseController 48d403609dSGreg Roach{ 49*70ca9c90SGreg Roach /** @var CaptchaService */ 50*70ca9c90SGreg Roach private $captcha_service; 51*70ca9c90SGreg Roach 52*70ca9c90SGreg Roach /** @var EmailService */ 53e381f98dSGreg Roach private $email_service; 54d403609dSGreg Roach 55*70ca9c90SGreg Roach /** @var UserService */ 56d403609dSGreg Roach private $user_service; 57d403609dSGreg Roach 58d403609dSGreg Roach /** 59d403609dSGreg Roach * RegisterController constructor. 60d403609dSGreg Roach * 61*70ca9c90SGreg Roach * @param CaptchaService $captcha_service 62e381f98dSGreg Roach * @param EmailService $email_service 63d403609dSGreg Roach * @param UserService $user_service 64d403609dSGreg Roach */ 65*70ca9c90SGreg Roach public function __construct( 66*70ca9c90SGreg Roach CaptchaService $captcha_service, 67*70ca9c90SGreg Roach EmailService $email_service, 68*70ca9c90SGreg Roach UserService $user_service 69*70ca9c90SGreg Roach ) { 70*70ca9c90SGreg Roach $this->captcha_service = $captcha_service; 71e381f98dSGreg Roach $this->email_service = $email_service; 72d403609dSGreg Roach $this->user_service = $user_service; 73d403609dSGreg Roach } 74d403609dSGreg Roach 75d403609dSGreg Roach /** 76d403609dSGreg Roach * Perform a registration. 77d403609dSGreg Roach * 78d403609dSGreg Roach * @param ServerRequestInterface $request 79d403609dSGreg Roach * 80d403609dSGreg Roach * @return ResponseInterface 81d403609dSGreg Roach */ 82d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 83d403609dSGreg Roach { 849fa6ab69SGreg Roach $tree = $request->getAttribute('tree'); 859fa6ab69SGreg Roach 86d403609dSGreg Roach $this->checkRegistrationAllowed(); 87d403609dSGreg Roach 88b46c87bdSGreg Roach $params = (array) $request->getParsedBody(); 89b46c87bdSGreg Roach 90b46c87bdSGreg Roach $comments = $params['comments'] ?? ''; 91b46c87bdSGreg Roach $email = $params['email'] ?? ''; 92b46c87bdSGreg Roach $password = $params['password'] ?? ''; 93b46c87bdSGreg Roach $realname = $params['realname'] ?? ''; 94b46c87bdSGreg Roach $username = $params['username'] ?? ''; 95d403609dSGreg Roach 96d403609dSGreg Roach try { 97*70ca9c90SGreg Roach if ($this->captcha_service->isRobot($request)) { 98*70ca9c90SGreg Roach throw new Exception(I18N::translate('Please try again.')); 99*70ca9c90SGreg Roach } 100*70ca9c90SGreg Roach 101d403609dSGreg Roach $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password); 102d403609dSGreg Roach } catch (Exception $ex) { 103d403609dSGreg Roach FlashMessages::addMessage($ex->getMessage(), 'danger'); 104d403609dSGreg Roach 10556f9a9c1SGreg Roach return redirect(route(RegisterPage::class, [ 106d403609dSGreg Roach 'comments' => $comments, 107d403609dSGreg Roach 'email' => $email, 108d403609dSGreg Roach 'realname' => $realname, 109d403609dSGreg Roach 'username' => $username, 110d403609dSGreg Roach ])); 111d403609dSGreg Roach } 112d403609dSGreg Roach 113d403609dSGreg Roach Log::addAuthenticationLog('User registration requested for: ' . $username); 114d403609dSGreg Roach 115d403609dSGreg Roach $user = $this->user_service->create($username, $realname, $email, $password); 116256b18b9SGreg Roach $token = Str::random(32); 117256b18b9SGreg Roach 11865cf5706SGreg Roach $user->setPreference(User::PREF_LANGUAGE, I18N::languageTag()); 1197c4add84SGreg Roach $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, ''); 1207c4add84SGreg Roach $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, ''); 1217c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U')); 122256b18b9SGreg Roach $user->setPreference(User::PREF_VERIFICATION_TOKEN, $token); 1237c4add84SGreg Roach $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2'); 1247c4add84SGreg Roach $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments); 1257c4add84SGreg Roach $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1'); 1267c4add84SGreg Roach $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, ''); 1277c4add84SGreg Roach $user->setPreference(User::PREF_IS_ADMINISTRATOR, ''); 1287c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0'); 129d403609dSGreg Roach 130d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 131d403609dSGreg Roach $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser(); 132d403609dSGreg Roach 133f917a287SGreg Roach $verify_url = route(VerifyEmail::class, [ 134f917a287SGreg Roach 'username' => $user->userName(), 135256b18b9SGreg Roach 'token' => $token, 136f917a287SGreg Roach 'tree' => $tree instanceof Tree ? $tree->name() : null, 137f917a287SGreg Roach ]); 138f917a287SGreg Roach 139d403609dSGreg Roach // Send a verification message to the user. 140d403609dSGreg Roach /* I18N: %s is a server name/URL */ 141e381f98dSGreg Roach $this->email_service->send( 142d403609dSGreg Roach new Siteuser(), 143d403609dSGreg Roach $user, 144d403609dSGreg Roach $reply_to, 145d403609dSGreg Roach I18N::translate('Your registration at %s', $base_url), 146f917a287SGreg Roach view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]), 147f917a287SGreg Roach view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]) 148d403609dSGreg Roach ); 149d403609dSGreg Roach 150d403609dSGreg Roach // Tell the administrators about the registration. 151d403609dSGreg Roach foreach ($this->user_service->administrators() as $administrator) { 1527c4add84SGreg Roach I18N::init($administrator->getPreference(User::PREF_LANGUAGE)); 153d403609dSGreg Roach 154d403609dSGreg Roach /* I18N: %s is a server name/URL */ 155d403609dSGreg Roach $subject = I18N::translate('New registration at %s', $base_url); 156d403609dSGreg Roach 1579fa6ab69SGreg Roach $body_text = view('emails/register-notify-text', [ 1589fa6ab69SGreg Roach 'user' => $user, 1599fa6ab69SGreg Roach 'comments' => $comments, 1609fa6ab69SGreg Roach 'base_url' => $base_url, 1619fa6ab69SGreg Roach 'tree' => $tree, 1629fa6ab69SGreg Roach ]); 1639fa6ab69SGreg Roach 1649fa6ab69SGreg Roach $body_html = view('emails/register-notify-html', [ 1659fa6ab69SGreg Roach 'user' => $user, 1669fa6ab69SGreg Roach 'comments' => $comments, 1679fa6ab69SGreg Roach 'base_url' => $base_url, 1689fa6ab69SGreg Roach 'tree' => $tree, 1699fa6ab69SGreg Roach ]); 1709fa6ab69SGreg Roach 1719fa6ab69SGreg Roach 172d403609dSGreg Roach /* I18N: %s is a server name/URL */ 173e381f98dSGreg Roach $this->email_service->send( 174d403609dSGreg Roach new SiteUser(), 175d403609dSGreg Roach $administrator, 176d403609dSGreg Roach new NoReplyUser(), 177d403609dSGreg Roach $subject, 1789fa6ab69SGreg Roach $body_text, 1799fa6ab69SGreg Roach $body_html 180d403609dSGreg Roach ); 181d403609dSGreg Roach 1827c4add84SGreg Roach $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD); 183d403609dSGreg Roach if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') { 184d403609dSGreg Roach DB::table('message')->insert([ 185d403609dSGreg Roach 'sender' => $user->email(), 1864874f72dSGreg Roach 'ip_address' => $request->getAttribute('client-ip'), 187d403609dSGreg Roach 'user_id' => $administrator->id(), 188d403609dSGreg Roach 'subject' => $subject, 1899fa6ab69SGreg Roach 'body' => $body_text, 190d403609dSGreg Roach ]); 191d403609dSGreg Roach } 192d403609dSGreg Roach } 193d403609dSGreg Roach 194d403609dSGreg Roach $title = I18N::translate('Request a new user account'); 195d403609dSGreg Roach 196d403609dSGreg Roach return $this->viewResponse('register-success-page', [ 197d403609dSGreg Roach 'title' => $title, 1989fa6ab69SGreg Roach 'tree' => $tree, 199d403609dSGreg Roach 'user' => $user, 200d403609dSGreg Roach ]); 201d403609dSGreg Roach } 202d403609dSGreg Roach 203d403609dSGreg Roach /** 204d403609dSGreg Roach * Check that visitors are allowed to register on this site. 205d403609dSGreg Roach * 206d403609dSGreg Roach * @return void 207d501c45dSGreg Roach * @throws HttpNotFoundException 208d403609dSGreg Roach */ 209d403609dSGreg Roach private function checkRegistrationAllowed(): void 210d403609dSGreg Roach { 211d403609dSGreg Roach if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') { 212d501c45dSGreg Roach throw new HttpNotFoundException(); 213d403609dSGreg Roach } 214d403609dSGreg Roach } 215d403609dSGreg Roach 216d403609dSGreg Roach /** 217d403609dSGreg Roach * Check the registration details. 218d403609dSGreg Roach * 219d403609dSGreg Roach * @param ServerRequestInterface $request 220d403609dSGreg Roach * @param string $username 221d403609dSGreg Roach * @param string $email 222d403609dSGreg Roach * @param string $realname 223d403609dSGreg Roach * @param string $comments 224d403609dSGreg Roach * @param string $password 225d403609dSGreg Roach * 226d403609dSGreg Roach * @return void 227d403609dSGreg Roach * @throws Exception 228d403609dSGreg Roach */ 229d403609dSGreg Roach private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void 230d403609dSGreg Roach { 231d403609dSGreg Roach // All fields are required 232d403609dSGreg Roach if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') { 233d403609dSGreg Roach throw new Exception(I18N::translate('All fields must be completed.')); 234d403609dSGreg Roach } 235d403609dSGreg Roach 236d403609dSGreg Roach // Username already exists 237d403609dSGreg Roach if ($this->user_service->findByUserName($username) !== null) { 238d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); 239d403609dSGreg Roach } 240d403609dSGreg Roach 241d403609dSGreg Roach // Email already exists 242d403609dSGreg Roach if ($this->user_service->findByEmail($email) !== null) { 243d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.')); 244d403609dSGreg Roach } 245d403609dSGreg Roach 246d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 247d403609dSGreg Roach 248d403609dSGreg Roach // No external links 249d403609dSGreg Roach if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) { 250d403609dSGreg Roach throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1]))); 251d403609dSGreg Roach } 252d403609dSGreg Roach } 253d403609dSGreg Roach} 254