diff options
author | Mario <mario@mariovavti.com> | 2021-04-08 19:55:53 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-04-08 19:55:53 +0000 |
commit | 18b6d48944be414acc179fb82f458f996810e5a3 (patch) | |
tree | 4f45574a53e74d74293c6421103643249a4bf2b0 | |
parent | f3fa09fc91fe4ca2a44ee4f60d11c5ee70fcefad (diff) | |
download | volse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.tar.gz volse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.tar.bz2 volse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.zip |
rgister: fixes for registering with invitecode outside of open hours
-rw-r--r-- | Zotlabs/Module/Regate.php | 8 | ||||
-rw-r--r-- | Zotlabs/Module/Register.php | 41 | ||||
-rw-r--r-- | view/js/mod_register.js | 15 | ||||
-rw-r--r-- | view/tpl/register.tpl | 17 |
4 files changed, 48 insertions, 33 deletions
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 24139ed06..0c32ebd25 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -50,13 +50,14 @@ class Regate extends \Zotlabs\Web\Controller { $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); - if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { + + if (!$_SESSION['zar']['invite_in_progress'] && ($isduty['isduty'] !== false && $isduty['isduty'] != 1)) { // normally, that should never happen here // log suitable for fail2ban also $logmsg = 'ZAR1230S Unexpected registration verification request for ' . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root()); } // do we have a valid dId2 ? @@ -123,6 +124,7 @@ class Regate extends \Zotlabs\Web\Controller { ); if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); @@ -270,7 +272,7 @@ class Regate extends \Zotlabs\Web\Controller { $title = t('Register Verification'); // do we have a valid dId2 ? - if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", dbesc($didx), diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index f4aa921c1..c1355eba7 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -164,6 +164,9 @@ class Register extends Controller { return; } + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + // accept tos if(! x($_POST,'tos')) { // msg! @@ -213,34 +216,24 @@ class Register extends Controller { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", dbesc($invite_code)); - if ( $reg && count($reg) == 1 ) { + if ($reg && count($reg) == 1) { $reg = $reg[0]; if ($reg['reg_email'] == ($email)) { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - // if $flags == 0 ?? - - // transit ? + // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on + //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE) + // $flags &= $flags ^ ACCOUNT_PENDING; - // update reg vital 0 off - //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", - //intval($reg['reg_id']) - //); + if ($auto_create) { + $reonar['chan.name'] = notags(trim($arr['name'])); + $reonar['chan.did1'] = notags(trim($arr['nickname'])); + } - // update DB flags, password - // TODO: what else? - q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", - intval($flags), - dbesc(bin2hex($password)), + q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + dbesc($password), + dbesc(json_encode($reonar)), intval($reg['reg_id']) ); @@ -249,9 +242,12 @@ class Register extends Controller { // msg! info($msg . EOL); + // the invitecode has verified us and we have all the info we need // take the shortcut. + $_SESSION['zar']['invite_in_progress'] = true; + $mod = new Regate(); $_REQUEST['form_security_token'] = get_form_security_token("regate"); App::$argc = 2; @@ -383,9 +379,6 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } - $salt = random_string(32); - $password = $salt . ',' . hash('whirlpool', $salt . $password); - $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" diff --git a/view/js/mod_register.js b/view/js/mod_register.js index 19be1576f..7ad972c79 100644 --- a/view/js/mod_register.js +++ b/view/js/mod_register.js @@ -12,6 +12,21 @@ $(document).ready(function() { $('#zar014').click( function () { $('#zar015').toggle(); }); + $('#id_invite_code').blur(function() { + if($('#id_invite_code').val() === '') + return; + + $('#invite-spinner').show(); + var zreg_invite = $('#id_invite_code').val(); + $.get('register/invite_check.json?f=&invite_code=' + encodeURIComponent(zreg_invite),function(data) { + if(!data.error) { + // FIXME: set email field to required -> $('#help_email') + $('#register-form input, #register-form button').removeAttr('disabled'); + } + $('#invite-spinner').hide(); + }); + }); + $('#id_email').change(function() { tao.zar.form.email = $('#id_email').val(); diff --git a/view/tpl/register.tpl b/view/tpl/register.tpl index 06e58721a..7940b8945 100644 --- a/view/tpl/register.tpl +++ b/view/tpl/register.tpl @@ -29,6 +29,17 @@ {{include file="field_select_grouped.tpl" field=$role}} {{/if}} + {{if $invitations}} + <a id="zar014" href="javascript:;" style="display: inline-block;">{{$haveivc}}</a> + <div id="zar015" style="display: none;"> + <div class="position-relative"> + <div id="invite-spinner" class="spinner-wrapper position-absolute" style="top: 2.5rem; right: 0.5rem;"><div class="spinner s"></div></div> + {{include file="field_input.tpl" field=[$invite_code.0,$invite_code.1,"","",""]}} + </div> + </div> + {{/if}} + + <div class="position-relative"> <div id="name-spinner" class="spinner-wrapper position-absolute" style="top: 2.5rem; right: 0.5rem;"><div class="spinner s"></div></div> {{include file="field_input.tpl" field=[$name.0,$name.1,"","","",$atform]}} @@ -40,12 +51,6 @@ {{/if}} <div> - {{if $invitations}} - <a id="zar014" href="javascript:;" style="display: inline-block;">{{$haveivc}}</a> - <div id="zar015" style="display: none;"> - {{include file="field_input.tpl" field=[$invite_code.0,$invite_code.1,"","",""]}} - </div> - {{/if}} {{include file="field_input.tpl" field=$email}} </div> |