1d403609dSGreg Roach<?php 2d403609dSGreg Roach 3d403609dSGreg Roach/** 4d403609dSGreg Roach * webtrees: online genealogy 5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9d403609dSGreg Roach * (at your option) any later version. 10d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13d403609dSGreg Roach * GNU General Public License for more details. 14d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16d403609dSGreg Roach */ 17fcfa147eSGreg Roach 18d403609dSGreg Roachdeclare(strict_types=1); 19d403609dSGreg Roach 20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 21d403609dSGreg Roach 22d403609dSGreg Roachuse Exception; 23d501c45dSGreg Roachuse Fisharebest\Webtrees\Exceptions\HttpNotFoundException; 24d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 25d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 26d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 27d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 28d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser; 29e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService; 30d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 31d403609dSGreg Roachuse Fisharebest\Webtrees\Site; 32d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser; 33d403609dSGreg Roachuse Fisharebest\Webtrees\Tree; 34d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser; 357c4add84SGreg Roachuse Fisharebest\Webtrees\User; 36d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 37256b18b9SGreg Roachuse Illuminate\Support\Str; 38d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 39d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 40f3874e19SGreg Roach 41256b18b9SGreg Roachuse function md5; 429fa6ab69SGreg Roachuse function view; 4390a2f718SGreg Roach 44d403609dSGreg Roach/** 45d403609dSGreg Roach * Process a user registration. 46d403609dSGreg Roach */ 47d403609dSGreg Roachclass RegisterAction extends AbstractBaseController 48d403609dSGreg Roach{ 49d403609dSGreg Roach /** 50e381f98dSGreg Roach * @var EmailService 51d403609dSGreg Roach */ 52e381f98dSGreg Roach private $email_service; 53d403609dSGreg Roach 54d403609dSGreg Roach /** 55d403609dSGreg Roach * @var UserService 56d403609dSGreg Roach */ 57d403609dSGreg Roach private $user_service; 58d403609dSGreg Roach 59d403609dSGreg Roach /** 60d403609dSGreg Roach * RegisterController constructor. 61d403609dSGreg Roach * 62e381f98dSGreg Roach * @param EmailService $email_service 63d403609dSGreg Roach * @param UserService $user_service 64d403609dSGreg Roach */ 65e381f98dSGreg Roach public function __construct(EmailService $email_service, UserService $user_service) 66d403609dSGreg Roach { 67e381f98dSGreg Roach $this->email_service = $email_service; 68d403609dSGreg Roach $this->user_service = $user_service; 69d403609dSGreg Roach } 70d403609dSGreg Roach 71d403609dSGreg Roach /** 72d403609dSGreg Roach * Perform a registration. 73d403609dSGreg Roach * 74d403609dSGreg Roach * @param ServerRequestInterface $request 75d403609dSGreg Roach * 76d403609dSGreg Roach * @return ResponseInterface 77d403609dSGreg Roach */ 78d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 79d403609dSGreg Roach { 809fa6ab69SGreg Roach $tree = $request->getAttribute('tree'); 819fa6ab69SGreg Roach 82d403609dSGreg Roach $this->checkRegistrationAllowed(); 83d403609dSGreg Roach 84*b46c87bdSGreg Roach $params = (array) $request->getParsedBody(); 85*b46c87bdSGreg Roach 86*b46c87bdSGreg Roach $comments = $params['comments'] ?? ''; 87*b46c87bdSGreg Roach $email = $params['email'] ?? ''; 88*b46c87bdSGreg Roach $password = $params['password'] ?? ''; 89*b46c87bdSGreg Roach $realname = $params['realname'] ?? ''; 90*b46c87bdSGreg Roach $username = $params['username'] ?? ''; 91d403609dSGreg Roach 92d403609dSGreg Roach try { 93d403609dSGreg Roach $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password); 94d403609dSGreg Roach } catch (Exception $ex) { 95d403609dSGreg Roach FlashMessages::addMessage($ex->getMessage(), 'danger'); 96d403609dSGreg Roach 9756f9a9c1SGreg Roach return redirect(route(RegisterPage::class, [ 98d403609dSGreg Roach 'comments' => $comments, 99d403609dSGreg Roach 'email' => $email, 100d403609dSGreg Roach 'realname' => $realname, 101d403609dSGreg Roach 'username' => $username, 102d403609dSGreg Roach ])); 103d403609dSGreg Roach } 104d403609dSGreg Roach 105d403609dSGreg Roach Log::addAuthenticationLog('User registration requested for: ' . $username); 106d403609dSGreg Roach 107d403609dSGreg Roach $user = $this->user_service->create($username, $realname, $email, $password); 108256b18b9SGreg Roach $token = Str::random(32); 109256b18b9SGreg Roach 11065cf5706SGreg Roach $user->setPreference(User::PREF_LANGUAGE, I18N::languageTag()); 1117c4add84SGreg Roach $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, ''); 1127c4add84SGreg Roach $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, ''); 1137c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U')); 114256b18b9SGreg Roach $user->setPreference(User::PREF_VERIFICATION_TOKEN, $token); 1157c4add84SGreg Roach $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2'); 1167c4add84SGreg Roach $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments); 1177c4add84SGreg Roach $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1'); 1187c4add84SGreg Roach $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, ''); 1197c4add84SGreg Roach $user->setPreference(User::PREF_IS_ADMINISTRATOR, ''); 1207c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0'); 121d403609dSGreg Roach 122d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 123d403609dSGreg Roach $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser(); 124d403609dSGreg Roach 125f917a287SGreg Roach $verify_url = route(VerifyEmail::class, [ 126f917a287SGreg Roach 'username' => $user->userName(), 127256b18b9SGreg Roach 'token' => $token, 128f917a287SGreg Roach 'tree' => $tree instanceof Tree ? $tree->name() : null, 129f917a287SGreg Roach ]); 130f917a287SGreg Roach 131d403609dSGreg Roach // Send a verification message to the user. 132d403609dSGreg Roach /* I18N: %s is a server name/URL */ 133e381f98dSGreg Roach $this->email_service->send( 134d403609dSGreg Roach new Siteuser(), 135d403609dSGreg Roach $user, 136d403609dSGreg Roach $reply_to, 137d403609dSGreg Roach I18N::translate('Your registration at %s', $base_url), 138f917a287SGreg Roach view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]), 139f917a287SGreg Roach view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]) 140d403609dSGreg Roach ); 141d403609dSGreg Roach 142d403609dSGreg Roach // Tell the administrators about the registration. 143d403609dSGreg Roach foreach ($this->user_service->administrators() as $administrator) { 1447c4add84SGreg Roach I18N::init($administrator->getPreference(User::PREF_LANGUAGE)); 145d403609dSGreg Roach 146d403609dSGreg Roach /* I18N: %s is a server name/URL */ 147d403609dSGreg Roach $subject = I18N::translate('New registration at %s', $base_url); 148d403609dSGreg Roach 1499fa6ab69SGreg Roach $body_text = view('emails/register-notify-text', [ 1509fa6ab69SGreg Roach 'user' => $user, 1519fa6ab69SGreg Roach 'comments' => $comments, 1529fa6ab69SGreg Roach 'base_url' => $base_url, 1539fa6ab69SGreg Roach 'tree' => $tree, 1549fa6ab69SGreg Roach ]); 1559fa6ab69SGreg Roach 1569fa6ab69SGreg Roach $body_html = view('emails/register-notify-html', [ 1579fa6ab69SGreg Roach 'user' => $user, 1589fa6ab69SGreg Roach 'comments' => $comments, 1599fa6ab69SGreg Roach 'base_url' => $base_url, 1609fa6ab69SGreg Roach 'tree' => $tree, 1619fa6ab69SGreg Roach ]); 1629fa6ab69SGreg Roach 1639fa6ab69SGreg Roach 164d403609dSGreg Roach /* I18N: %s is a server name/URL */ 165e381f98dSGreg Roach $this->email_service->send( 166d403609dSGreg Roach new SiteUser(), 167d403609dSGreg Roach $administrator, 168d403609dSGreg Roach new NoReplyUser(), 169d403609dSGreg Roach $subject, 1709fa6ab69SGreg Roach $body_text, 1719fa6ab69SGreg Roach $body_html 172d403609dSGreg Roach ); 173d403609dSGreg Roach 1747c4add84SGreg Roach $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD); 175d403609dSGreg Roach if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') { 176d403609dSGreg Roach DB::table('message')->insert([ 177d403609dSGreg Roach 'sender' => $user->email(), 1784874f72dSGreg Roach 'ip_address' => $request->getAttribute('client-ip'), 179d403609dSGreg Roach 'user_id' => $administrator->id(), 180d403609dSGreg Roach 'subject' => $subject, 1819fa6ab69SGreg Roach 'body' => $body_text, 182d403609dSGreg Roach ]); 183d403609dSGreg Roach } 184d403609dSGreg Roach } 185d403609dSGreg Roach 186d403609dSGreg Roach $title = I18N::translate('Request a new user account'); 187d403609dSGreg Roach 188d403609dSGreg Roach return $this->viewResponse('register-success-page', [ 189d403609dSGreg Roach 'title' => $title, 1909fa6ab69SGreg Roach 'tree' => $tree, 191d403609dSGreg Roach 'user' => $user, 192d403609dSGreg Roach ]); 193d403609dSGreg Roach } 194d403609dSGreg Roach 195d403609dSGreg Roach /** 196d403609dSGreg Roach * Check that visitors are allowed to register on this site. 197d403609dSGreg Roach * 198d403609dSGreg Roach * @return void 199d501c45dSGreg Roach * @throws HttpNotFoundException 200d403609dSGreg Roach */ 201d403609dSGreg Roach private function checkRegistrationAllowed(): void 202d403609dSGreg Roach { 203d403609dSGreg Roach if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') { 204d501c45dSGreg Roach throw new HttpNotFoundException(); 205d403609dSGreg Roach } 206d403609dSGreg Roach } 207d403609dSGreg Roach 208d403609dSGreg Roach /** 209d403609dSGreg Roach * Check the registration details. 210d403609dSGreg Roach * 211d403609dSGreg Roach * @param ServerRequestInterface $request 212d403609dSGreg Roach * @param string $username 213d403609dSGreg Roach * @param string $email 214d403609dSGreg Roach * @param string $realname 215d403609dSGreg Roach * @param string $comments 216d403609dSGreg Roach * @param string $password 217d403609dSGreg Roach * 218d403609dSGreg Roach * @return void 219d403609dSGreg Roach * @throws Exception 220d403609dSGreg Roach */ 221d403609dSGreg Roach private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void 222d403609dSGreg Roach { 223d403609dSGreg Roach // All fields are required 224d403609dSGreg Roach if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') { 225d403609dSGreg Roach throw new Exception(I18N::translate('All fields must be completed.')); 226d403609dSGreg Roach } 227d403609dSGreg Roach 228d403609dSGreg Roach // Username already exists 229d403609dSGreg Roach if ($this->user_service->findByUserName($username) !== null) { 230d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); 231d403609dSGreg Roach } 232d403609dSGreg Roach 233d403609dSGreg Roach // Email already exists 234d403609dSGreg Roach if ($this->user_service->findByEmail($email) !== null) { 235d403609dSGreg Roach throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.')); 236d403609dSGreg Roach } 237d403609dSGreg Roach 238d403609dSGreg Roach $base_url = $request->getAttribute('base_url'); 239d403609dSGreg Roach 240d403609dSGreg Roach // No external links 241d403609dSGreg Roach if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) { 242d403609dSGreg Roach throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1]))); 243d403609dSGreg Roach } 244d403609dSGreg Roach } 245d403609dSGreg Roach} 246