Merge branch 'air' of https://framagit.org/hubzilla/core into air

author: Mario <mario@mariovavti.com> 2021-03-22 09:29:23 +0000
committer: Mario <mario@mariovavti.com> 2021-03-22 09:29:23 +0000
commit: 02d4c5ac90b20a2019e3401be233b9d92d41d4e7 (patch)
tree: 76a464e4f055d95b8760b2d8e9e3d4c5cb1fbcc9
parent: a18e297a2650e75ba35d0a81dac4c7222e076f40 (diff)
parent: 13355d42f71e72c67e6cd993ee13f427a69c0eee (diff)
download: volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.tar.gz
volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.tar.bz2
volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.zip
5 files changed, 72 insertions, 30 deletions
diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php
index 18408043c..530eb272a 100644
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -43,6 +43,7 @@ class Site {
 		$maximagesize		=	((x($_POST,'maximagesize'))		? intval(trim($_POST['maximagesize']))				:  0);
 
 		$register_policy	=	((x($_POST,'register_policy'))	? intval(trim($_POST['register_policy']))	:  0);
+		$register_wo_email	=	((x($_POST,'register_wo_email'))	? intval(trim($_POST['register_wo_email']))	:  0);
 		$minimum_age           = ((x($_POST,'minimum_age'))          ? intval(trim($_POST['minimum_age']))    : 13);
 		$access_policy	=	((x($_POST,'access_policy'))	? intval(trim($_POST['access_policy']))	:  0);
 		$reg_autochannel	= ((x($_POST,'auto_channel_create'))		? True	: False);
@@ -194,6 +195,7 @@ class Site {
 		set_config('system','maximagesize', $maximagesize);
 
 		set_config('system','register_policy', $register_policy);
+		set_config('system','register_wo_email', $register_wo_email);
 		set_config('system','minimum_age', $minimum_age);
 		set_config('system','auto_channel_create', $reg_autochannel);
 		set_config('system',self::ivo, $invitation_only);
@@ -359,6 +361,7 @@ class Site {
  					'm' => t('Month(s)') ,
  					'y' => t('Year(s)')
 		);
+		$regdelay_n = $regdelay_u = false;
 		$regdelay = get_config('system','register_delay');
 		if ($regdelay)
 			list($regdelay_n, $regdelay_u) = array(substr($regdelay,0,-1),substr($regdelay,-1));
@@ -372,15 +375,16 @@ class Site {
 			 	'field' => 	array(
 			 		'name'  => 'delay',
 			 		'title' => t('duration up from now'),
-			 		'value' => ($regdelay_n === false ? 90 : $regdelay_n),
+			 		'value' => ($regdelay_n === false ? 0 : $regdelay_n),
 			 		'min'   => '0',
 			 		'max'   => '99',
 			 		'size'  => '2',
-					'default' => ($regdelay_u ? $regdelay_u : 'i')
+					'default' => ($regdelay_u === false ? 'i' : $regdelay_u)
 			 	),
 			 	'rabot'	=> 	$reg_rabots
  			)
 		);
+		$regexpire_n = $regexpire_u = false;
 		$regexpire = get_config('system','register_expire');
 		if ($regexpire)
 			list($regexpire_n, $regexpire_u) = array(substr($regexpire,0,-1),substr($regexpire,-1));
@@ -394,11 +398,11 @@ class Site {
 			 	'field' => 	array(
 			 		'name'  => 'expire',
 			 		'title' => t('duration up from now'),
-			 		'value' => ($regexpire_n === false ? 2 : $regexpire_n),
+			 		'value' => ($regexpire_n === false ? 99 : $regexpire_n),
 			 		'min'  => '0',
 			 		'max'  => '99',
 			 		'size' => '2',
-					'default' => ($regexpire_u ? $regexpire_u : 'i')
+					'default' => ($regexpire_u === false ? 'y' : $regexpire_u)
 			 	),
 			 	'rabot'	=> 	$reg_rabots
 			 )
@@ -449,6 +453,12 @@ class Site {
 				"",
 				$register_choices,
 				'ZAR0820C'),
+			'$register_wo_email' => array('register_wo_email',
+				t("Registration is also possible without having to enter an email address."),
+				get_config('system','register_wo_email'),
+				t("Registration is also supported without requiring an email address from the applicant. Instead of the email address an artificial identification is generated, which has to be confirmed in a separate dialog. The default value is (Off) and corresponds to the registration procedure up to version 5.4.x."),
+				"",	"",	'ZAR0824C'),
+
 			'$register_duty' => array('register_duty',
 				t('Registration office on duty'),
 				$this->register_duty = get_config('system', 'register_duty'),
@@ -458,9 +468,9 @@ class Site {
 				.	t('Several values or ranges are to split by comma') . '. '
 				.	t('From-To ranges are joined with `-`') . '. '
 				.	t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` '
-				. 	' <a id="zar083a" href="javascript:;">' . t('Parse and test your input') . '</a>'. EOL
+				. 	EOL . ' <a id="zar083a" class="zuia btn">' . t('Parse and test your input') . '</a>'. EOL
 				.	t('If left empty, defaults to 24h closed everyday the week.') . ' '
-				.	t('To keep open 24h everyday the week, short is `-:-`.') . ' '
+				.	t('To open 24h everyday the week, short is `-:-`.') . ' '
 				.	t('Note, ranges are specified as open-close pairs and in case of')
 				.	' 0900-1200 '
 				.	t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'),
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php
index 077e5fd54..0d430d68c 100644
--- a/Zotlabs/Module/Regate.php
+++ b/Zotlabs/Module/Regate.php
@@ -61,14 +61,13 @@ class Regate extends \Zotlabs\Web\Controller {
 
 			// do we have a valid dId2 ?
 			if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2))
-			||   ($didx == 'e') ) {
+			|| ($didx == 'e') || ($didx == 'i')) {
 				// check startup and expiration via [=[register
 				$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) );
 				if ( $r && count($r) == 1 ) {
 					$r = $r[0];
 					// check timeframe
 					if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) {
-
 						if ( isset($_POST['resend']) && $didx == 'e' ) {
 							$re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) );
 							if ( $re && count($re) == 1 ) {
@@ -91,6 +90,8 @@ class Regate extends \Zotlabs\Web\Controller {
 							$acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false);
 						elseif ( $didx == 'e' )
 							$acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false);
+						elseif ( $didx == 'i' )
+							$acpin = $r['reg_hash'];
 						else $acpin = false;
 
 						if ( $acpin && ($r['reg_hash'] == $acpin )) {
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index c25475550..d865b7b49 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -2,6 +2,7 @@
 
 namespace Zotlabs\Module;
 
+use App;
 use Zotlabs\Web\Controller;
 
 require_once('include/security.php');
@@ -216,7 +217,15 @@ class Register extends Controller {
 							// transit ?
 
 							// update reg vital 0 off
-							$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ",
+							//$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ",
+								//intval($reg['reg_id'])
+							//);
+
+							// update DB flags, password
+							// TODO: what else?
+							q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'",
+								intval($flags),
+								dbesc(bin2hex($password)),
 								intval($reg['reg_id'])
 							);
 
@@ -225,8 +234,15 @@ class Register extends Controller {
 							// msg!
 							info($msg . EOL);
 
-							$well = true;
+							// the invitecode has verified us and we have all the info we need
+							// take the shortcut.
 
+							$mod = new Regate();
+							$_REQUEST['form_security_token'] = get_form_security_token("regate");
+							App::$argc = 2;
+							App::$argv[0] = 'regate';
+							App::$argv[1] = bin2hex($reg['reg_did2']) . 'i';
+							return $mod->post();
 
 						} else {
 							// msg!
@@ -309,7 +325,7 @@ class Register extends Controller {
 				$regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years'));
 
 				// handle an email request that will be verified or an ivitation associated with an email address
-				if ( $email > '' && ($email_verify || $icdone) ) {
+				if ($email > '' && $email_verify) {
 					// enforce in case of icdone
 					$flags |= ACCOUNT_UNVERIFIED;
 					$empin = $pass2 = random_string(24);
@@ -353,28 +369,40 @@ class Register extends Controller {
 					$reonar['chan.did1'] = notags(trim($arr['nickname']));
 				}
 
+				if($password_result['error']) {
+					$msg = $password_result['message'];
+					notice($msg);
+					zar_log($msg . ' ' . $did2);
+					goaway('register');
+				}
+
+				$salt = random_string(32);
+				$password = $salt . ',' . hash('whirlpool', $salt . $password);
+
 				$reg = q("INSERT INTO register ("
-				. "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,"
-				. "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)"
-				. " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
-						intval($flags),
-						dbesc($didx),
-						dbesc($did2),
-						dbesc($pass2),
-						dbesc($now),
-						dbesc($regdelay),
-						dbesc($regexpire),
-						dbesc($email),
-						dbesc(bin2hex($password)),
-						dbesc(substr(get_best_language(),0,2)),
-						dbesc($ip),
-						dbesc(json_encode( $reonar ))
-					);
+					. "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,"
+					. "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)"
+					. " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+					intval($flags),
+					dbesc($didx),
+					dbesc($did2),
+					dbesc($pass2),
+					dbesc($now),
+					dbesc($regdelay),
+					dbesc($regexpire),
+					dbesc($email),
+					dbesc($password),
+					dbesc(substr(get_best_language(),0,2)),
+					dbesc($ip),
+					dbesc(json_encode( $reonar ))
+				);
 
 				if ($didx == 'a') {
 
 					$lid = q("SELECT reg_id FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' AND reg_pass = '%s' ",
-						 	dbesc($did2), dbesc(bin2hex($password)) );
+						dbesc($did2),
+						dbesc($password)
+					);
 
 					if ($lid && count($lid) == 1 ) {
 
diff --git a/include/account.php b/include/account.php
index c3c7d26b7..858c915e0 100644
--- a/include/account.php
+++ b/include/account.php
@@ -327,8 +327,9 @@ function create_account_from_register($arr) {
 		$roles = ACCOUNT_ROLE_ADMIN;
 	}
 
-	$salt = random_string(32);
-	$password_encoded = hash('whirlpool', $salt . (hex2bin($register[0]['reg_pass'])));
+	$password_parts = explode(',', $register[0]['reg_pass']);
+	$salt = $password_parts[0];
+	$password_encoded = $password_parts[1];
 
 	$ri = q(
 		"INSERT INTO account ("
diff --git a/view/tpl/admin_site.tpl b/view/tpl/admin_site.tpl
index 6af867e8c..0fff7029a 100644
--- a/view/tpl/admin_site.tpl
+++ b/view/tpl/admin_site.tpl
@@ -33,6 +33,7 @@
 	{{include file="field_input.tpl" field=$register_text}}
 	{{include file="field_select_grouped.tpl" field=$role}}
 	{{include file="field_select.tpl" field=$register_policy}}
+	{{include file="field_checkbox.tpl" field=$register_wo_email}}
 	{{include file="register_duty.tpl" field=$register_duty}}
 	{{include file="field_input.tpl" field=$register_perday}}
 	{{include file="field_input.tpl" field=$register_sameip}}
@@ -131,6 +132,7 @@
 	  '<style> '+
  		'  .zuiqmid { font-weight: normal; font-family: monospace; }'+
   		'  .zui_n  	{ width: 5em; text-align: center; }'+
+  		'  .zuia  	{ cursor: pointer; font-weight: bold; }'+
 	  '</style>');
 	// <-hilmar]
 </script>
author	Mario <mario@mariovavti.com>	2021-03-22 09:29:23 +0000
committer	Mario <mario@mariovavti.com>	2021-03-22 09:29:23 +0000
commit	02d4c5ac90b20a2019e3401be233b9d92d41d4e7 (patch)
tree	76a464e4f055d95b8760b2d8e9e3d4c5cb1fbcc9
parent	a18e297a2650e75ba35d0a81dac4c7222e076f40 (diff)
parent	13355d42f71e72c67e6cd993ee13f427a69c0eee (diff)
download	volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.tar.gz volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.tar.bz2 volse-hubzilla-02d4c5ac90b20a2019e3401be233b9d92d41d4e7.zip