xref: /webtrees/app/Http/RequestHandlers/RegisterAction.php (revision a49d0e3f7d5d6400af7be7d1e718b56f3b490f38)
1d403609dSGreg Roach<?php
2d403609dSGreg Roach
3d403609dSGreg Roach/**
4d403609dSGreg Roach * webtrees: online genealogy
5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team
6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify
7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by
8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or
9d403609dSGreg Roach * (at your option) any later version.
10d403609dSGreg Roach * This program is distributed in the hope that it will be useful,
11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13d403609dSGreg Roach * GNU General Public License for more details.
14d403609dSGreg Roach * You should have received a copy of the GNU General Public License
15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
16d403609dSGreg Roach */
17fcfa147eSGreg Roach
18d403609dSGreg Roachdeclare(strict_types=1);
19d403609dSGreg Roach
20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers;
21d403609dSGreg Roach
22d403609dSGreg Roachuse Exception;
23d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages;
24d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController;
25d403609dSGreg Roachuse Fisharebest\Webtrees\I18N;
26d403609dSGreg Roachuse Fisharebest\Webtrees\Log;
27d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser;
28d403609dSGreg Roachuse Fisharebest\Webtrees\Services\MailService;
29d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService;
30d403609dSGreg Roachuse Fisharebest\Webtrees\Site;
31d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser;
32d403609dSGreg Roachuse Fisharebest\Webtrees\Tree;
33d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser;
34d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB;
35d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface;
36d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface;
37d403609dSGreg Roachuse Ramsey\Uuid\Uuid;
38d403609dSGreg Roachuse Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
39f3874e19SGreg Roach
40d403609dSGreg Roach/**
41d403609dSGreg Roach * Process a user registration.
42d403609dSGreg Roach */
43d403609dSGreg Roachclass RegisterAction extends AbstractBaseController
44d403609dSGreg Roach{
45d403609dSGreg Roach    /**
46d403609dSGreg Roach     * @var MailService
47d403609dSGreg Roach     */
48d403609dSGreg Roach    private $mail_service;
49d403609dSGreg Roach
50d403609dSGreg Roach    /**
51d403609dSGreg Roach     * @var UserService
52d403609dSGreg Roach     */
53d403609dSGreg Roach    private $user_service;
54d403609dSGreg Roach
55d403609dSGreg Roach    /**
56d403609dSGreg Roach     * RegisterController constructor.
57d403609dSGreg Roach     *
58d403609dSGreg Roach     * @param MailService $mail_service
59d403609dSGreg Roach     * @param UserService $user_service
60d403609dSGreg Roach     */
61d403609dSGreg Roach    public function __construct(MailService $mail_service, UserService $user_service)
62d403609dSGreg Roach    {
63d403609dSGreg Roach        $this->mail_service = $mail_service;
64d403609dSGreg Roach        $this->user_service = $user_service;
65d403609dSGreg Roach    }
66d403609dSGreg Roach
67d403609dSGreg Roach    /**
68d403609dSGreg Roach     * Perform a registration.
69d403609dSGreg Roach     *
70d403609dSGreg Roach     * @param ServerRequestInterface $request
71d403609dSGreg Roach     *
72d403609dSGreg Roach     * @return ResponseInterface
73d403609dSGreg Roach     */
74d403609dSGreg Roach    public function handle(ServerRequestInterface $request): ResponseInterface
75d403609dSGreg Roach    {
76d403609dSGreg Roach        $this->checkRegistrationAllowed();
77d403609dSGreg Roach
78*a49d0e3fSGreg Roach        $tree     = $request->getAttribute('tree');
79d403609dSGreg Roach        $comments = $request->getParsedBody()['comments'] ?? '';
80d403609dSGreg Roach        $email    = $request->getParsedBody()['email'] ?? '';
81d403609dSGreg Roach        $password = $request->getParsedBody()['password'] ?? '';
82d403609dSGreg Roach        $realname = $request->getParsedBody()['realname'] ?? '';
83d403609dSGreg Roach        $username = $request->getParsedBody()['username'] ?? '';
84d403609dSGreg Roach
85d403609dSGreg Roach        try {
86d403609dSGreg Roach            $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password);
87d403609dSGreg Roach        } catch (Exception $ex) {
88d403609dSGreg Roach            FlashMessages::addMessage($ex->getMessage(), 'danger');
89d403609dSGreg Roach
9056f9a9c1SGreg Roach            return redirect(route(RegisterPage::class, [
91d403609dSGreg Roach                'comments' => $comments,
92d403609dSGreg Roach                'email'    => $email,
93d403609dSGreg Roach                'realname' => $realname,
94d403609dSGreg Roach                'username' => $username,
95d403609dSGreg Roach            ]));
96d403609dSGreg Roach        }
97d403609dSGreg Roach
98d403609dSGreg Roach        Log::addAuthenticationLog('User registration requested for: ' . $username);
99d403609dSGreg Roach
100d403609dSGreg Roach        $user = $this->user_service->create($username, $realname, $email, $password);
101d403609dSGreg Roach        $user
102d403609dSGreg Roach            ->setPreference('language', WT_LOCALE)
103d403609dSGreg Roach            ->setPreference('verified', '0')
104d403609dSGreg Roach            ->setPreference('verified_by_admin', '0')
105d403609dSGreg Roach            ->setPreference('reg_timestamp', date('U'))
106d403609dSGreg Roach            ->setPreference('reg_hashcode', md5(Uuid::uuid4()->toString()))
107d403609dSGreg Roach            ->setPreference('contactmethod', 'messaging2')
108d403609dSGreg Roach            ->setPreference('comment', $comments)
109d403609dSGreg Roach            ->setPreference('visibleonline', '1')
110d403609dSGreg Roach            ->setPreference('auto_accept', '0')
111d403609dSGreg Roach            ->setPreference('canadmin', '0')
112d403609dSGreg Roach            ->setPreference('sessiontime', '0');
113d403609dSGreg Roach
114d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
115d403609dSGreg Roach        $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser();
116d403609dSGreg Roach
117d403609dSGreg Roach        // Send a verification message to the user.
118d403609dSGreg Roach        /* I18N: %s is a server name/URL */
119d403609dSGreg Roach        $this->mail_service->send(
120d403609dSGreg Roach            new Siteuser(),
121d403609dSGreg Roach            $user,
122d403609dSGreg Roach            $reply_to,
123d403609dSGreg Roach            I18N::translate('Your registration at %s', $base_url),
124d403609dSGreg Roach            view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url]),
125d403609dSGreg Roach            view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url])
126d403609dSGreg Roach        );
127d403609dSGreg Roach
128d403609dSGreg Roach        // Tell the administrators about the registration.
129d403609dSGreg Roach        foreach ($this->user_service->administrators() as $administrator) {
130d403609dSGreg Roach            I18N::init($administrator->getPreference('language'));
131d403609dSGreg Roach
132d403609dSGreg Roach            /* I18N: %s is a server name/URL */
133d403609dSGreg Roach            $subject = I18N::translate('New registration at %s', $base_url);
134d403609dSGreg Roach
135d403609dSGreg Roach            /* I18N: %s is a server name/URL */
136d403609dSGreg Roach            $this->mail_service->send(
137d403609dSGreg Roach                new SiteUser(),
138d403609dSGreg Roach                $administrator,
139d403609dSGreg Roach                new NoReplyUser(),
140d403609dSGreg Roach                $subject,
141d403609dSGreg Roach                view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]),
142d403609dSGreg Roach                view('emails/register-notify-html', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url])
143d403609dSGreg Roach            );
144d403609dSGreg Roach
145d403609dSGreg Roach            $mail1_method = $administrator->getPreference('contact_method');
146d403609dSGreg Roach            if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') {
147d403609dSGreg Roach                DB::table('message')->insert([
148d403609dSGreg Roach                    'sender'     => $user->email(),
1494874f72dSGreg Roach                    'ip_address' => $request->getAttribute('client-ip'),
150d403609dSGreg Roach                    'user_id'    => $administrator->id(),
151d403609dSGreg Roach                    'subject'    => $subject,
152d403609dSGreg Roach                    'body'       => view('emails/register-notify-text', ['user' => $user, 'comments' => $comments, 'base_url' => $base_url]),
153d403609dSGreg Roach                ]);
154d403609dSGreg Roach            }
155d403609dSGreg Roach        }
156d403609dSGreg Roach
157d403609dSGreg Roach        $title = I18N::translate('Request a new user account');
158d403609dSGreg Roach
159d403609dSGreg Roach        return $this->viewResponse('register-success-page', [
160d403609dSGreg Roach            'title' => $title,
161d403609dSGreg Roach            'user'  => $user,
162d403609dSGreg Roach        ]);
163d403609dSGreg Roach    }
164d403609dSGreg Roach
165d403609dSGreg Roach    /**
166d403609dSGreg Roach     * Check that visitors are allowed to register on this site.
167d403609dSGreg Roach     *
168d403609dSGreg Roach     * @return void
169d403609dSGreg Roach     * @throws NotFoundHttpException
170d403609dSGreg Roach     */
171d403609dSGreg Roach    private function checkRegistrationAllowed(): void
172d403609dSGreg Roach    {
173d403609dSGreg Roach        if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') {
174d403609dSGreg Roach            throw new NotFoundHttpException();
175d403609dSGreg Roach        }
176d403609dSGreg Roach    }
177d403609dSGreg Roach
178d403609dSGreg Roach    /**
179d403609dSGreg Roach     * Check the registration details.
180d403609dSGreg Roach     *
181d403609dSGreg Roach     * @param ServerRequestInterface $request
182d403609dSGreg Roach     * @param string                 $username
183d403609dSGreg Roach     * @param string                 $email
184d403609dSGreg Roach     * @param string                 $realname
185d403609dSGreg Roach     * @param string                 $comments
186d403609dSGreg Roach     * @param string                 $password
187d403609dSGreg Roach     *
188d403609dSGreg Roach     * @return void
189d403609dSGreg Roach     * @throws Exception
190d403609dSGreg Roach     */
191d403609dSGreg Roach    private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void
192d403609dSGreg Roach    {
193d403609dSGreg Roach        // All fields are required
194d403609dSGreg Roach        if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') {
195d403609dSGreg Roach            throw new Exception(I18N::translate('All fields must be completed.'));
196d403609dSGreg Roach        }
197d403609dSGreg Roach
198d403609dSGreg Roach        // Username already exists
199d403609dSGreg Roach        if ($this->user_service->findByUserName($username) !== null) {
200d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
201d403609dSGreg Roach        }
202d403609dSGreg Roach
203d403609dSGreg Roach        // Email already exists
204d403609dSGreg Roach        if ($this->user_service->findByEmail($email) !== null) {
205d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.'));
206d403609dSGreg Roach        }
207d403609dSGreg Roach
208d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
209d403609dSGreg Roach
210d403609dSGreg Roach        // No external links
211d403609dSGreg Roach        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) {
212d403609dSGreg Roach            throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1])));
213d403609dSGreg Roach        }
214d403609dSGreg Roach    }
215d403609dSGreg Roach}
216