aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-04-08 19:55:53 +0000
committerMario <mario@mariovavti.com>2021-04-08 19:55:53 +0000
commit18b6d48944be414acc179fb82f458f996810e5a3 (patch)
tree4f45574a53e74d74293c6421103643249a4bf2b0
parentf3fa09fc91fe4ca2a44ee4f60d11c5ee70fcefad (diff)
downloadvolse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.tar.gz
volse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.tar.bz2
volse-hubzilla-18b6d48944be414acc179fb82f458f996810e5a3.zip
rgister: fixes for registering with invitecode outside of open hours
-rw-r--r--Zotlabs/Module/Regate.php8
-rw-r--r--Zotlabs/Module/Register.php41
-rw-r--r--view/js/mod_register.js15
-rw-r--r--view/tpl/register.tpl17
4 files changed, 48 insertions, 33 deletions
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php
index 24139ed06..0c32ebd25 100644
--- a/Zotlabs/Module/Regate.php
+++ b/Zotlabs/Module/Regate.php
@@ -50,13 +50,14 @@ class Regate extends \Zotlabs\Web\Controller {
$ip = $_SERVER['REMOTE_ADDR'];
$isduty = zar_register_dutystate();
- if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) {
+
+ if (!$_SESSION['zar']['invite_in_progress'] && ($isduty['isduty'] !== false && $isduty['isduty'] != 1)) {
// normally, that should never happen here
// log suitable for fail2ban also
$logmsg = 'ZAR1230S Unexpected registration verification request for '
. get_config('system','sitename') . ' arrived from § ' . $ip . ' §';
zar_log($logmsg);
- goaway(z_root() . '/');
+ goaway(z_root());
}
// do we have a valid dId2 ?
@@ -123,6 +124,7 @@ class Regate extends \Zotlabs\Web\Controller {
);
if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) {
+
$msg .= "\n".t('Last step will be by an instance admin to agree your account request');
$nextpage = 'regate/' . bin2hex($did2) . $didx;
q("COMMIT");
@@ -270,7 +272,7 @@ class Regate extends \Zotlabs\Web\Controller {
$title = t('Register Verification');
// do we have a valid dId2 ?
- if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) {
+ if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) {
$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC",
dbesc($didx),
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index f4aa921c1..c1355eba7 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -164,6 +164,9 @@ class Register extends Controller {
return;
}
+ $salt = random_string(32);
+ $password = $salt . ',' . hash('whirlpool', $salt . $password);
+
// accept tos
if(! x($_POST,'tos')) {
// msg!
@@ -213,34 +216,24 @@ class Register extends Controller {
$reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'",
dbesc($invite_code));
- if ( $reg && count($reg) == 1 ) {
+ if ($reg && count($reg) == 1) {
$reg = $reg[0];
if ($reg['reg_email'] == ($email)) {
if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) {
- // is invitor admin
- $isa = get_account_by_id($reg['reg_uid']);
- $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) );
-
- // approve contra invite by admin
- if ($isa && $policy == REGISTER_APPROVE)
- $flags &= $flags ^ ACCOUNT_PENDING;
-
- // if $flags == 0 ??
-
- // transit ?
+ // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on
+ //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE)
+ // $flags &= $flags ^ ACCOUNT_PENDING;
- // update reg vital 0 off
- //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ",
- //intval($reg['reg_id'])
- //);
+ if ($auto_create) {
+ $reonar['chan.name'] = notags(trim($arr['name']));
+ $reonar['chan.did1'] = notags(trim($arr['nickname']));
+ }
- // update DB flags, password
- // TODO: what else?
- q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'",
- intval($flags),
- dbesc(bin2hex($password)),
+ q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'",
+ dbesc($password),
+ dbesc(json_encode($reonar)),
intval($reg['reg_id'])
);
@@ -249,9 +242,12 @@ class Register extends Controller {
// msg!
info($msg . EOL);
+
// the invitecode has verified us and we have all the info we need
// take the shortcut.
+ $_SESSION['zar']['invite_in_progress'] = true;
+
$mod = new Regate();
$_REQUEST['form_security_token'] = get_form_security_token("regate");
App::$argc = 2;
@@ -383,9 +379,6 @@ class Register extends Controller {
$reonar['chan.did1'] = notags(trim($arr['nickname']));
}
- $salt = random_string(32);
- $password = $salt . ',' . hash('whirlpool', $salt . $password);
-
$reg = q("INSERT INTO register ("
. "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,"
. "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)"
diff --git a/view/js/mod_register.js b/view/js/mod_register.js
index 19be1576f..7ad972c79 100644
--- a/view/js/mod_register.js
+++ b/view/js/mod_register.js
@@ -12,6 +12,21 @@ $(document).ready(function() {
$('#zar014').click( function () { $('#zar015').toggle(); });
+ $('#id_invite_code').blur(function() {
+ if($('#id_invite_code').val() === '')
+ return;
+
+ $('#invite-spinner').show();
+ var zreg_invite = $('#id_invite_code').val();
+ $.get('register/invite_check.json?f=&invite_code=' + encodeURIComponent(zreg_invite),function(data) {
+ if(!data.error) {
+ // FIXME: set email field to required -> $('#help_email')
+ $('#register-form input, #register-form button').removeAttr('disabled');
+ }
+ $('#invite-spinner').hide();
+ });
+ });
+
$('#id_email').change(function() {
tao.zar.form.email = $('#id_email').val();
diff --git a/view/tpl/register.tpl b/view/tpl/register.tpl
index 06e58721a..7940b8945 100644
--- a/view/tpl/register.tpl
+++ b/view/tpl/register.tpl
@@ -29,6 +29,17 @@
{{include file="field_select_grouped.tpl" field=$role}}
{{/if}}
+ {{if $invitations}}
+ <a id="zar014" href="javascript:;" style="display: inline-block;">{{$haveivc}}</a>
+ <div id="zar015" style="display: none;">
+ <div class="position-relative">
+ <div id="invite-spinner" class="spinner-wrapper position-absolute" style="top: 2.5rem; right: 0.5rem;"><div class="spinner s"></div></div>
+ {{include file="field_input.tpl" field=[$invite_code.0,$invite_code.1,"","",""]}}
+ </div>
+ </div>
+ {{/if}}
+
+
<div class="position-relative">
<div id="name-spinner" class="spinner-wrapper position-absolute" style="top: 2.5rem; right: 0.5rem;"><div class="spinner s"></div></div>
{{include file="field_input.tpl" field=[$name.0,$name.1,"","","",$atform]}}
@@ -40,12 +51,6 @@
{{/if}}
<div>
- {{if $invitations}}
- <a id="zar014" href="javascript:;" style="display: inline-block;">{{$haveivc}}</a>
- <div id="zar015" style="display: none;">
- {{include file="field_input.tpl" field=[$invite_code.0,$invite_code.1,"","",""]}}
- </div>
- {{/if}}
{{include file="field_input.tpl" field=$email}}
</div>