xref: /webtrees/app/Http/RequestHandlers/RegisterAction.php (revision d501c45d339d4a2d06248f9197d7875a4df14e48) 
1d403609dSGreg Roach<?php
2d403609dSGreg Roach
3d403609dSGreg Roach/**
4d403609dSGreg Roach * webtrees: online genealogy
5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team
6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify
7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by
8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or
9d403609dSGreg Roach * (at your option) any later version.
10d403609dSGreg Roach * This program is distributed in the hope that it will be useful,
11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13d403609dSGreg Roach * GNU General Public License for more details.
14d403609dSGreg Roach * You should have received a copy of the GNU General Public License
15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
16d403609dSGreg Roach */
17fcfa147eSGreg Roach
18d403609dSGreg Roachdeclare(strict_types=1);
19d403609dSGreg Roach
20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers;
21d403609dSGreg Roach
22d403609dSGreg Roachuse Exception;
23*d501c45dSGreg Roachuse Fisharebest\Webtrees\Exceptions\HttpNotFoundException;
24d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages;
25d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController;
26d403609dSGreg Roachuse Fisharebest\Webtrees\I18N;
27d403609dSGreg Roachuse Fisharebest\Webtrees\Log;
28d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser;
29e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService;
30d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService;
31d403609dSGreg Roachuse Fisharebest\Webtrees\Site;
32d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser;
33d403609dSGreg Roachuse Fisharebest\Webtrees\Tree;
34d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser;
357c4add84SGreg Roachuse Fisharebest\Webtrees\User;
36d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB;
37d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface;
38d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface;
39d403609dSGreg Roachuse Ramsey\Uuid\Uuid;
40f3874e19SGreg Roach
419fa6ab69SGreg Roachuse function view;
4290a2f718SGreg Roach
43d403609dSGreg Roach/**
44d403609dSGreg Roach * Process a user registration.
45d403609dSGreg Roach */
46d403609dSGreg Roachclass RegisterAction extends AbstractBaseController
47d403609dSGreg Roach{
48d403609dSGreg Roach    /**
49e381f98dSGreg Roach     * @var EmailService
50d403609dSGreg Roach     */
51e381f98dSGreg Roach    private $email_service;
52d403609dSGreg Roach
53d403609dSGreg Roach    /**
54d403609dSGreg Roach     * @var UserService
55d403609dSGreg Roach     */
56d403609dSGreg Roach    private $user_service;
57d403609dSGreg Roach
58d403609dSGreg Roach    /**
59d403609dSGreg Roach     * RegisterController constructor.
60d403609dSGreg Roach     *
61e381f98dSGreg Roach     * @param EmailService $email_service
62d403609dSGreg Roach     * @param UserService  $user_service
63d403609dSGreg Roach     */
64e381f98dSGreg Roach    public function __construct(EmailService $email_service, UserService $user_service)
65d403609dSGreg Roach    {
66e381f98dSGreg Roach        $this->email_service = $email_service;
67d403609dSGreg Roach        $this->user_service  = $user_service;
68d403609dSGreg Roach    }
69d403609dSGreg Roach
70d403609dSGreg Roach    /**
71d403609dSGreg Roach     * Perform a registration.
72d403609dSGreg Roach     *
73d403609dSGreg Roach     * @param ServerRequestInterface $request
74d403609dSGreg Roach     *
75d403609dSGreg Roach     * @return ResponseInterface
76d403609dSGreg Roach     */
77d403609dSGreg Roach    public function handle(ServerRequestInterface $request): ResponseInterface
78d403609dSGreg Roach    {
799fa6ab69SGreg Roach        $tree = $request->getAttribute('tree');
809fa6ab69SGreg Roach
81d403609dSGreg Roach        $this->checkRegistrationAllowed();
82d403609dSGreg Roach
83d403609dSGreg Roach        $comments  = $request->getParsedBody()['comments'] ?? '';
84d403609dSGreg Roach        $email     = $request->getParsedBody()['email'] ?? '';
85d403609dSGreg Roach        $password  = $request->getParsedBody()['password'] ?? '';
86d403609dSGreg Roach        $realname  = $request->getParsedBody()['realname'] ?? '';
87d403609dSGreg Roach        $username  = $request->getParsedBody()['username'] ?? '';
88d403609dSGreg Roach
89d403609dSGreg Roach        try {
90d403609dSGreg Roach            $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password);
91d403609dSGreg Roach        } catch (Exception $ex) {
92d403609dSGreg Roach            FlashMessages::addMessage($ex->getMessage(), 'danger');
93d403609dSGreg Roach
9456f9a9c1SGreg Roach            return redirect(route(RegisterPage::class, [
95d403609dSGreg Roach                'comments' => $comments,
96d403609dSGreg Roach                'email'    => $email,
97d403609dSGreg Roach                'realname' => $realname,
98d403609dSGreg Roach                'username' => $username,
99d403609dSGreg Roach            ]));
100d403609dSGreg Roach        }
101d403609dSGreg Roach
102d403609dSGreg Roach        Log::addAuthenticationLog('User registration requested for: ' . $username);
103d403609dSGreg Roach
104d403609dSGreg Roach        $user = $this->user_service->create($username, $realname, $email, $password);
10565cf5706SGreg Roach        $user->setPreference(User::PREF_LANGUAGE, I18N::languageTag());
1067c4add84SGreg Roach        $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, '');
1077c4add84SGreg Roach        $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, '');
1087c4add84SGreg Roach        $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U'));
1097c4add84SGreg Roach        $user->setPreference(User::PREF_VERIFICATION_TOKEN, md5(Uuid::uuid4()->toString()));
1107c4add84SGreg Roach        $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2');
1117c4add84SGreg Roach        $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments);
1127c4add84SGreg Roach        $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1');
1137c4add84SGreg Roach        $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, '');
1147c4add84SGreg Roach        $user->setPreference(User::PREF_IS_ADMINISTRATOR, '');
1157c4add84SGreg Roach        $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0');
116d403609dSGreg Roach
117d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
118d403609dSGreg Roach        $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser();
119d403609dSGreg Roach
120f917a287SGreg Roach        $verify_url = route(VerifyEmail::class, [
121f917a287SGreg Roach            'username' => $user->userName(),
122f917a287SGreg Roach            'token' => $user->getPreference(User::PREF_VERIFICATION_TOKEN),
123f917a287SGreg Roach            'tree' => $tree instanceof Tree ? $tree->name() : null,
124f917a287SGreg Roach        ]);
125f917a287SGreg Roach
126d403609dSGreg Roach        // Send a verification message to the user.
127d403609dSGreg Roach        /* I18N: %s is a server name/URL */
128e381f98dSGreg Roach        $this->email_service->send(
129d403609dSGreg Roach            new Siteuser(),
130d403609dSGreg Roach            $user,
131d403609dSGreg Roach            $reply_to,
132d403609dSGreg Roach            I18N::translate('Your registration at %s', $base_url),
133f917a287SGreg Roach            view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url]),
134f917a287SGreg Roach            view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'verify_url' => $verify_url])
135d403609dSGreg Roach        );
136d403609dSGreg Roach
137d403609dSGreg Roach        // Tell the administrators about the registration.
138d403609dSGreg Roach        foreach ($this->user_service->administrators() as $administrator) {
1397c4add84SGreg Roach            I18N::init($administrator->getPreference(User::PREF_LANGUAGE));
140d403609dSGreg Roach
141d403609dSGreg Roach            /* I18N: %s is a server name/URL */
142d403609dSGreg Roach            $subject = I18N::translate('New registration at %s', $base_url);
143d403609dSGreg Roach
1449fa6ab69SGreg Roach            $body_text = view('emails/register-notify-text', [
1459fa6ab69SGreg Roach                'user'     => $user,
1469fa6ab69SGreg Roach                'comments' => $comments,
1479fa6ab69SGreg Roach                'base_url' => $base_url,
1489fa6ab69SGreg Roach                'tree'     => $tree,
1499fa6ab69SGreg Roach            ]);
1509fa6ab69SGreg Roach
1519fa6ab69SGreg Roach            $body_html = view('emails/register-notify-html', [
1529fa6ab69SGreg Roach                'user'     => $user,
1539fa6ab69SGreg Roach                'comments' => $comments,
1549fa6ab69SGreg Roach                'base_url' => $base_url,
1559fa6ab69SGreg Roach                'tree'     => $tree,
1569fa6ab69SGreg Roach            ]);
1579fa6ab69SGreg Roach
1589fa6ab69SGreg Roach
159d403609dSGreg Roach            /* I18N: %s is a server name/URL */
160e381f98dSGreg Roach            $this->email_service->send(
161d403609dSGreg Roach                new SiteUser(),
162d403609dSGreg Roach                $administrator,
163d403609dSGreg Roach                new NoReplyUser(),
164d403609dSGreg Roach                $subject,
1659fa6ab69SGreg Roach                $body_text,
1669fa6ab69SGreg Roach                $body_html
167d403609dSGreg Roach            );
168d403609dSGreg Roach
1697c4add84SGreg Roach            $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD);
170d403609dSGreg Roach            if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') {
171d403609dSGreg Roach                DB::table('message')->insert([
172d403609dSGreg Roach                    'sender'     => $user->email(),
1734874f72dSGreg Roach                    'ip_address' => $request->getAttribute('client-ip'),
174d403609dSGreg Roach                    'user_id'    => $administrator->id(),
175d403609dSGreg Roach                    'subject'    => $subject,
1769fa6ab69SGreg Roach                    'body'       => $body_text,
177d403609dSGreg Roach                ]);
178d403609dSGreg Roach            }
179d403609dSGreg Roach        }
180d403609dSGreg Roach
181d403609dSGreg Roach        $title = I18N::translate('Request a new user account');
182d403609dSGreg Roach
183d403609dSGreg Roach        return $this->viewResponse('register-success-page', [
184d403609dSGreg Roach            'title' => $title,
1859fa6ab69SGreg Roach            'tree'  => $tree,
186d403609dSGreg Roach            'user'  => $user,
187d403609dSGreg Roach        ]);
188d403609dSGreg Roach    }
189d403609dSGreg Roach
190d403609dSGreg Roach    /**
191d403609dSGreg Roach     * Check that visitors are allowed to register on this site.
192d403609dSGreg Roach     *
193d403609dSGreg Roach     * @return void
194*d501c45dSGreg Roach     * @throws HttpNotFoundException
195d403609dSGreg Roach     */
196d403609dSGreg Roach    private function checkRegistrationAllowed(): void
197d403609dSGreg Roach    {
198d403609dSGreg Roach        if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') {
199*d501c45dSGreg Roach            throw new HttpNotFoundException();
200d403609dSGreg Roach        }
201d403609dSGreg Roach    }
202d403609dSGreg Roach
203d403609dSGreg Roach    /**
204d403609dSGreg Roach     * Check the registration details.
205d403609dSGreg Roach     *
206d403609dSGreg Roach     * @param ServerRequestInterface $request
207d403609dSGreg Roach     * @param string                 $username
208d403609dSGreg Roach     * @param string                 $email
209d403609dSGreg Roach     * @param string                 $realname
210d403609dSGreg Roach     * @param string                 $comments
211d403609dSGreg Roach     * @param string                 $password
212d403609dSGreg Roach     *
213d403609dSGreg Roach     * @return void
214d403609dSGreg Roach     * @throws Exception
215d403609dSGreg Roach     */
216d403609dSGreg Roach    private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void
217d403609dSGreg Roach    {
218d403609dSGreg Roach        // All fields are required
219d403609dSGreg Roach        if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') {
220d403609dSGreg Roach            throw new Exception(I18N::translate('All fields must be completed.'));
221d403609dSGreg Roach        }
222d403609dSGreg Roach
223d403609dSGreg Roach        // Username already exists
224d403609dSGreg Roach        if ($this->user_service->findByUserName($username) !== null) {
225d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
226d403609dSGreg Roach        }
227d403609dSGreg Roach
228d403609dSGreg Roach        // Email already exists
229d403609dSGreg Roach        if ($this->user_service->findByEmail($email) !== null) {
230d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.'));
231d403609dSGreg Roach        }
232d403609dSGreg Roach
233d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
234d403609dSGreg Roach
235d403609dSGreg Roach        // No external links
236d403609dSGreg Roach        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) {
237d403609dSGreg Roach            throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1])));
238d403609dSGreg Roach        }
239d403609dSGreg Roach    }
240d403609dSGreg Roach}
241